Converge? I thought you were "spoken for." What happens when the truth is exposed?

Too late for you if you were typing this in, on MSIE in windows... it probably noticed what you were typing and "called home" using reverse-engineered alien technology.

Maybe the hardware has OOB communication, RFID, tracking, or other extra hardware.

Yeah! There we go. I think I saw another zombie is wearing a tinfoil hat as we type!

Oh. You are taking this seriously? You are trying to ruin my spell before it is complete? Bungholio! I even used the "]:>" to signify I was being mischievous.

Ok. Fine. I'll try to play the "Devil's Advocate" here and be serious. :-P

No. Detection of a person violating copyright in the way suggested above does not clear anyone. In this case, it may only find some of the people.

When Law Enforcement can't find certain criminals, but know there are non-cooperative people that can reach them, sting operations have been created where someone pretending they were running a contest claims the criminal-on-the-loose has won a [microwave|washer|car|toaster oven|.*] but must, "come down to claim it." Some criminals come down, and some do not. Just because the do not come down, does not "clear" them.

Prisons are full of people that thought they would never get caught, and I am sure there are software pirates that think they will never get caught too, and as a result be sloppy with the evidence they leave available.

With your, "passport," and authentication, it is possible for MS to track IPs used during sign-in, to see how a particular UserName/passport is used, and from what IP Addresses.
Say a user has a, "passport," and has signed into MSN Messenger, and is using MS Windows Update, and there is a determination that the system is a pirated copy of Windows, and MSN Messenger's Passport ID is one that claimed the thumb drive. Do we have an indication that the holder of that passport is using pirated software? Sure. With an address, would we have a starting point for looking for the person? Sure.
Will all people be sloppy and order from home? Probably not, but I would bet most people (pirates or otherwise) that order this devces, will order for delivery to a place that is conveinient.
If there are limits of "one per address" then the "work address" may work for one person.

In building a case, the more evidence that they have of a person committing a crime, the better their chances of success in court.

Sure doubt can be created through other means... "I share my Passport ID with other people," or 'someone stole my passport account" or other similar ideas. However, if they show you logged in from only a handful of locations (work, home, friends' houses) that you frequent, but no other locations, that can work in their favor to diminish the effects of such doubt.

They do not have to have a strong case in order to threaten to take a person to court unless they buy or remove the software.
Going further, if they send a notice, and then find the same machine still appears to be a pirated copy of windows then what? If they find that suddenly the machine is no longer claiming it is a pirated copy of windows, they have some indication the snail mail letter "worked."

A conspiracy is technically, a group of people working together to commit (usually) an illegal act or subversion.
I chose that word to make the original funnier. It would not be a conspiracy if Microsoft worked within the law.

In such cases, they can perform two legal operations. The first one is like a request for an identity from the ISP, and after the identity is known, then legal charges or lawsuit can be the next step.

I wonder how many people remain signed in with their passport ID through MSN Messenger while they perform Windows Updates.

Now... stop interfering with my spell! How can you expect the zombies to wear tinfoil hats if this spell does not work? ]:>

... shhh.

Doh! Mistook that for the Horny cowboy with a goatee emoticon .. definately changes the meaning of the post...

ok.. but only if I can play the devil and Sadam bottoms.

Fair enough .. my point was that there are certainly other more effective, less expensive means to accomplish this, so why this.

..but software piracy is on a slightly different level and for the most part, 99% or pirates will not be caught or pursued.. generally a handful of high profile cases are enough to keep the straights straight, the friends of pirates straighter, and the pirates pirating ... rrr Generally being called on this results from stealing large amounts or high profile software. .. or otherwise being the hub/provider of copyrighted IP (whether for money or traded freely)

I know many a folk that have used pirated software from the BBS days on (not hardcore enough to hang with generations preceding) .. I can honestly say that most to none of them have been questioned.. a friend from days past got his FTP busted.. but thats because he was running a major FTP on the campus network and draining their resources with it...

All truth.. but this is a growing pile of conditions that have to be met.. considerably narrowing the effectiveness of the tactic.

1) Must prove user is on their own pirated system when submitting (assumption of running MSN may mitigate .. but broad assumption) .. or otherwise operating a pirated system in coordination with signup.
2) Must prove user has some form of residence at the address they shipped to, as sending a legal letter to someone elses address, to someone using an alias probably won't get them very far.
3) Must prove user is on their own network, or similarly using their computer on someone elses network... otherwise ISP verification is pretty useless .. other trickery would include DHCP from cable connections, proxies, shells, and such. There is nothing specifying that I can't submit from a system in Russia.
4) Must prove user signed up for their passport (ultra difficult process) and is using or otherwise running in coordination with that.. user did not obtain passport by other means.. or snagging someone elses.
... my brain hurts and this is running out of fun.. will return to zombie theory soon..

Yes, and most people sticking the devices into their pirated Windows system will not think about what contents are on the drive.. now.. a trojan that disables portions of the pirated os/software .. that would be nifty.

Yeah, definately. .. I guess my whole 'serious' diversion is just to point out that the likelyhood Microsoft would devote these resources to pinpoint, investigate, and ostensibly catch a handful of college kids that didn't pay for versions.. probably pretty unlikely. Now, the possibility they are using it to flush out workplaces and schools that are cheating on volume licensing and other OEM fauxs.. that could be a possibility.

.. but it would be if you consider the Alien technology the bought from the Chinese that was stolen from the Arabs to force Bill Clintron to lie in Office...


Not really.. I mean, possibly in some cases.. but most ISPs, for legal reasons, will not ID customers or otherwise provide information to third parties without an existing subpeona for a specific charge. Complaints to abuse about IP are investaged and ousted if found to be true.. but the whole track and smack concept really doesn't work that way.. Otherwise ISPs would be opening themselves to legal repurcussions on cases where an Identity was given out to another organization, often violating their own privacy policies.

That would actually be interesting to know.. or better, how many pirates even use MSN with their jacked system... Many forums I have read in the past (Whistler beta days) show people spending endless efforts to fully remove IE and MSN from their systems

I block your spell with my white wizard shield and redirect it to your tinfoil underwear!

Even if you use Firefox's "View this page in IE" extension?

YeeeHaw! Oh wait. I mean, that was a devil.

Evidence is cumulative. The greater the number of indications that you have, which narrow the scope of possibility to a single individual, the more difficult it is to create doubt.

It is no secret (as covered at previous Defcon and through admissions of officers) that Local LeO and Feds don't want to deal with computer crimes, unless the value in damages is at least $10,000. Though it is possible for high profile cases with damages less than $10,000 to come up, these seem to be exceptions.

Evidence of software piracy for a single piece of software (say $50-$200) is insufficient for the wheels of justice to crush "casual" criminals, but this will change with time.

Here is the future I see:
CPS, anti-child-pornography groups, PAC and aggressive lobying by the MPAA, RIAA teamed up with the Software Industry and DRM enforcers will cooperate to allow for broad-enforcement of laws by making each and every one of the above groups special interests available for prosecution upon discovery in a search warrant.
Right now, search warrants for data found on computer systems are supposed to be specific enough to target the laws being investigated. In this way, if there is a search warrant for evidence of illegal accounting, if examples of copyright violation are found, those examples will probably not be admissible in court, and any attempt to bring new charges by using that copyrighted material would be at risk for failure.
If copyright infringement and kiddie porn violations are grouped together, then we could actually see investigations where a pirated OS leads to the finding of multiple DVD titles, and MP3/OGG songs on the same system. Any search for one could lead to charges for the other and the other way around too.
Even if Kiddie Porn violations are not joined with broad-copyright violations, having all copyright violations found on a machine be included in a single charge will allow even "small time offenders" to have total values of illegally copied data exceed $10,000.
Add PDF scans of books, PDF copies from original "limited" eBooks, OS, Games, DVD, and MP3/OGG from audio CD, and then consider video broadcasts (TV/Cable) where the video file shows evidence that it was not recorded locally, with callsign, or channel logo overlayed in a corner, and totals can easily exceed $10,000.

I know of 2 people from the early 90's who were questioned about software piracy. One was a software pirate who had about $4000 in software. He hired a lawyer and it never went to court, but he did have to pay for the lawyer. However, most everyone I know has or uses some copyrighted data illegally. I know of a woman who uses P2P software to get movies and songs. She has about 200 movies on her computer, and thousands of songs. She is at risk for being tagged and having a case brought against her if her system ever gets examined.

It is not a growing list of conditions, it is a growling list of exhibits that can be entered in as evidence to remove doubt that, "it was someone else who was doing it" or other doubt.) Cases can be lost based only on circumstantial evidence-- especially when there is a lot of it. Physical evidence is often much stronger.)

Depends. Is the copyrighted material considered "stolen property" ?

If so, it does not matter who was on the machine, whoever is in possession of stolen merchandise is at risk.

If the offer is limited, "one per residence," sending snailmail to another person's address means that other person can't get a USB drive though.

Again, this is an additive effect. If the address of delivery is the same as the address the ISP has, we have more evidence it was someone in the house.

Will delivery require someone to sign for the package? ]:>
(Probably not, but if it did, someone will need to sign a paper to accept delivery.)

Proxies, and things like tor can help you hide your identity. Dependiong on the ISP, DHCP logs may be retained to show leases and association to MAC addresses with dates/times. If the ISP uses broadband, and have VLAN-like builds for different parts of town or locations, then physical location for a lease can be narrowed, even if the user mods their MAC address. (Even then, forensic evidence might show what users in a neighborhood did not drop their lease, and by exclusion of present users, reveal that no other users on that segment dropped their lease, but that the potential target did drop their lease and renew.

And, if the user does not know how DHCP works, and did not take precautions, then dropping their lease, changing ther MAC, and renewing their lease may still result in a request for use of the previously leased IP address, which is logged, and then denied by most DHCP servers (giving them a new IP instead) for sake of efficiency in return of the MAC that dropped lease, or for obfuscation/denial-of-service to customers wanting to provide services. Then, dropping their lease, and reverting their MAC, may still result in a request for the IP address used by the "fake MAC" which will probably be denied and if the ISP built their DHCP servers to be efficient, the original IP address will instead be reassigned.

Evidence could still exist, and this is just one example where a user that may know to chage their MAC may not know about DHCP, and if they know about DHCP and MAC address changes, then do they know if the ISP has enabled any kind of port use/tracking or RMON/stats for use and what data they are collecting? (Most "mom and pop" ISP do not have the resources to dedicate to such things, but larger ISP have an interest in logging things to find cases of customer abuse.

The passport is used as a method to narrow the scope of search, and is used in conjunction with other evidence.
How do you address something in court when:
1) A passport has only been used from your home computer (MS logs show it was only used from a few IP addresses)
2) There is evidence of if being logged in from your computer
3) The same computer does contain the pirated software specified in the search warrant
4) That passport was entered as the ID for the snail mail address of residence
(more)

The first point is that not everyone will be wise enuough to consider the evidence they leave behind. The second point is, that it all adds up.

Some say, "possession is 9/10ths of the law," with zombine and possession, we certainly have an "undead" theme going on here. ]:>

That might be possible, but I think it is unlikely. After the Sony DRM/Driver issue and the costs involved with that, added to the long term damages for their reputation, and it would seem that MS people would not be so unwise as to try this.
(The likelyhood they would try this, is part of the reason I decided to originally have fun with this topic in my, "aluminum hat wearing conspiracy theorist zobie" post.
Not that I would not inspect a drive on a non-MS system, but that is another story.)

About as likely as them shipping trojan or software on a USB key to break into an OS they made-- an OS to which they could have easily added back doors when they created it, or as part of a security fix, if they really wanted to do so.

Small shops that don't have a proxy/relay that stores updates will give themselves away when they update.

Bill Clinton was not involved directly, the Ghost of Elvis had posessed his body-- it was not his fault.

The RIAA has (ab)used legal requests for discovery, in order to find the identity of an ISP customer before. If you would like example links, let me know, but this was covered one or more times on slashdot.

Yes. The RIAA used this to discover the name of customers so they could go with (or threaten) a civil case. The law used for this discovery was meant to be used with criminal cases, but the RIAA people skip that step once they have a name and address to contact with civil issues, and/or just to send a "bill" in the mail.

http://www.theregister.co.uk/2004/01...limits_effect/

Perhaps some people do. Many of the non-techie pirates I've met do not take such effort, and use MSIE as their default browser. There are many non-techie pirates out there. Based only on observation, I would say very small percent of "end user" pirates have even installed there own OS.

The days when the few software pirates knew how to use a BBS, perform Kermit/x/y/z-Modem downloads/uploads and generally knew what IRQs were, and IO port settings? -- Yeah. Long gone.

I have the Amulet of Yendor-- your shield disintigrates to a pile of dust.

You ... you can't mean that .. you don't mean that do you? I was told that this would live on in our hearts and minds.. forever... I'm so confused. I'm gonna go drink .. well.. I was gonna do that already.. but I'll go have a better drink now.


As for the thread, I'll let the subject sink or swim with others.. but I thought it might be fun to bring up points outside of the realm of a crappy stick of usb memory. We now return you to your regularly scheduled zombies.

We don't live forever, our hearts and minds are part of us, therefore... ]:>

Still on topic, eh? Zombies, posession and now spirits? Sheesh.

The forums are like zombies... and no matter how many brains be have, we still want more.

This thread has evolved like many others in the past, and seems good to me. Compared to 2 years ago, a thread like this one would have been considered remarkable when the item of topic (USB drive) was still being discussed on the 21st post.

...I get a stiffy?

I thought ya'll got married. At any rate: Z modem ruled!
Just nostalgic because you had to mention that era.

Al

It was a slow process to convert my commodore text files over to IBM by using ASCII upload. I still have one, but it sure looks funky - the character set was shifted in the process. Readable, but a bit odd looking.

Don't look a gift trojan horse in the mouth.

Not to be a spoil sport and ruin a perfectly good conspiracy theory but what if the offer is exactly what Micro$oft says it is, a free pen drive loaded with advertising about Bubba Bill's up and coming crap? I took a shot at it (as everything I run is legal anyway), so when I receive the pen I'll pop it in and find out what it's all about. No tin foil hat but I'll have a Zombie anyway...

Zombie

Ingredients:

Light Rum
Dark Rum
Pineapple Juice
Orange Juice
Lemon Juice
Powdered Sugar
Overproof Rum ("151")
Ice
Pineapple Slice
Cherry
Directions:

1. Shake ¾ oz. Light Rum, ¾ oz. Dark Rum, 1 oz. Pineapple Juice, 1 oz. Orange Juice, 1 oz. Lemmon Juice, and 1 tsp. Powdered Sugar with Ice.

2. Strain into a tall glass (with or without ice).

3. Float a dash of Overproof Rum on top

4. Garnish with a Pineapple Slice and/or a Cherry.

Yes it did. "Resume" made crappy connecctions useable for large downloads.

As I wrote above, it is unlikely that MS would purposefully backdoor their own OS with a USB key they give away. (There are easier ways for an OS manufacturer to do this if that is what they want.)
As I also wrote above, it is also unlikely that they are doing this to track users for lawsuits or legal action. (I was hoping the amount of silliness in those posts combined with emoticons would indicate I was not being serious.)

It is far more likely for a MS document on the key to be infected with some common virus/worm, by accident than either of the two above.

I need to find a better way to indicate when I am not being serious. Maybe I'll go with something like:
=============not==being==serious=============
]:>

=============not==being==serious=============*
A zombie made out of spirits? What is this world coming to?

(*-Sorry. I could not resist.)

Aaaahhhh, The good 'ol days of waiting hours for something to slowly drip in only to have the connection drop 36K from the finish line. Thank the lord for "Resume".

In any case, you guys wear far larger tinfoil hats than I ever dreamed.

Now that I am good and paranoid, I'll be examining the little bastard in my OS X box and I'll prolly even take it apart. If G4 can put a webserver up some guys ass what's to stop MS from putting a rootkit/spyware on a ROM that piggybacks on this little drive??? Pretty much nothing, right??? Not saying they would do something like that, oh no siree....

I work on kermit these days, I support a software called HYMS, basically SuperDOS 7, lots of fun (tongue in cheek)

Oh well....