US Publishing Industry Might Soon Be Infecting eBook Pirates with Malware

[Judy Koot]

I just read this article:
US Publishing Industry Might Soon Be Infecting eBook Pirates with Malware

It certainly raises a lot of questions.
What do you guys think?

 

[amergina]

Here's the direct link for folks like me who are shortened-link phobic:

http://goodereader.com/blog/comment...soon-be-infecting-ebook-pirates-with-malware/

ETA: And here's the actual report mentioned in the article:

http://www.ipcommission.org/report/IP_Commission_Report_052213.pdf

From what I gather, this is more about IP such as software and files containing proprietary data (i.e., about corporate espionage and hacking to steal IP) than about ebooks.

I think the blog post is rather sensational and making huge leaps of supposition.

It's probably worth noting that you're pretty darn likely to find malware in pirated ebooks now, put in by hackers rather than publishers.

Pirated anything is a great vector for infecting your computer with all kinds of nasty things.

 

[AW Admin]

Here's the direct link for folks like me who are shortened-link phobic:

http://goodereader.com/blog/comment...soon-be-infecting-ebook-pirates-with-malware/

We actually have a policy against link shortners:


FAQ: How to Create Links and Why We Don't Allow Shorteners

 

[Little Ming]

I just read this article:
US Publishing Industry Might Soon Be Infecting eBook Pirates with Malware

It certainly raises a lot of questions.
What do you guys think?

Because rootkit worked so well?

 

[Samsonet]

Wait, I don't understand. The reporter is saying that people who download pirated books will ruin their computers by doing so? How does that work? And will it also affect the pirate as well?

 

[Roly]

Whoa....not sure what else to add...

 

[veinglory]

Th report being discussed does not seem to be a mainstream publishing whitepaper. I don't even know who is behind the group that write it?

 

[James D. Macdonald]

Cow Might Jump Over Moon, too.

 

[Judy Koot]

We actually have a policy against link shortners:


FAQ: How to Create Links and Why We Don't Allow Shorteners

Sorry, I didn't know, will keep that in mind for the future.
Thanks for changing the link.

 

[Judy Koot]

Th report being discussed does not seem to be a mainstream publishing whitepaper. I don't even know who is behind the group that write it?

http://www.nbr.org/default.aspx#.UaXV9UB62So

 

[Judy Koot]

ETA: And here's the actual report mentioned in the article:

http://www.ipcommission.org/report/IP_Commission_Report_052213.pdf

From what I gather, this is more about IP such as software and files containing proprietary data (i.e., about corporate espionage and hacking to steal IP) than about ebooks.

I think the blog post is rather sensational and making huge leaps of supposition.

Thanks for the report link. I agree, the article is quite sensational and the writer does make some huge assumptions.
The report does mention copyright infringement though (chapter 7 is dedicated to it).

The blog article gives the impression that US publishers will probably take drastic anti-piracy measures, and that they will do it soon.
From what I gather, the commision behind the report does give recommendations (to general companies and the government), but also mentions legal aspects and poses questions (esp. in chapter 13: Cyber Solutions & 14: Potential Future Measures).
The blogger's conclusion that publishers will follow certain extreme recommendations seems far-fetched.

Personally, I don't think much is going to happen in the near future, b/c of all the legal complications (not to mention the time and money it will cost), but one could wonder how it will develop in the end.

 

[Wiskel]

There are some creative ways the computer games industry used sneaky little programs that would be termed malware to great sucess. You don't have to destroy someone's computer to create security.


One game managed to spawn a giant crab monster that followed you around and killed you repeatedly if you had a pirated copy, making the game unplayable.

One game, though not for pirated copies, just for "fun" reportedly accessed your email account and if your first name was fairly common there was a chance your computer would start whispering your name if you were playing this particular game late at night.

I'm sure our creative programmers could come up with something fun, unpleasant but basically harmless around ebooks. Imagine a nice little app that deleted all the vowels in the book, or that substituted words at random.


Craig

 

[Torgo]

There are some creative ways the computer games industry used sneaky little programs that would be termed malware to great sucess. You don't have to destroy someone's computer to create security.

My favourite prank along these lines was the recent one with a game called Game Dev Tycoon, a sim game about running a games developer. They seeded copies on the Pirate Bay which were slightly altered so that you couldn't actually make any money selling your games, because of in-game piracy.

I'm sure our creative programmers could come up with something fun, unpleasant but basically harmless around ebooks. Imagine a nice little app that deleted all the vowels in the book, or that substituted words at random.

I don't think it'd work, to be honest. It's possible to embed malware in ebooks, but I think it would be easy for pirate ebook aggregators to filter out - much easier than it is for games devs, who can do sneaky stuff that doesn't trip the alarm on virus scanners.

Unlike Judy, I'm concerned that - despite what the proponents of this idea say - it will inevitably end up being used against common-or-garden file-sharers; just because everything along these lines always does. Things like terrorism, espionage and paedophilia are always used as the justification for extending control over our comms and devices, and then when they are brought in the RIAA suddenly says, hey, OUR intellectual property is really valuable too! And the law is pretty broadly drawn! Next thing you know ICE is seizing some guy's rap blog for embedding old Youtube clips and the feds are pressuring New Zealand into illegal spying to shut down a cyberlocker.

Here's another thing: remember Sony's CD rootkit debacle? They loaded music CDs with a program that silently installed malware on your machine if you play them using a PC. This malware hid itself from the user pretty effectively, and tried to thwart copying. (Remember: this was a legally purchased CD.) The mal- part of the situation (beyond the essential maliciousness of installing a rootkit without asking) was that it left a gaping security hole that a malicious third party could exploit to run botnets or, well, anything.

Malware is intrinsically a bad thing. If you are legally allowed to deploy it against Bad People, it has the potential for really bad unintended consequences for good people.

 

[CrastersBabies]

What kind of makes me chuckle is that these pirates probably have some hacking skills, no? Especially if they are using the ebook as credit card and identity theft bait. So, I'm going to guess that the majority of them will be able to scan and detect malware embedded into a file, no? I mean, isn't that kind of like picking a fight with a boxer? Unless you think you have better, the only thing I can see happening here is that a few stupid hackers in China get malware (because nobody's going to go after them from here in the U.S.A.) and people who purchase the pirated books off the bait-site will get nailed, too.

So, maybe I'm just not seeing the right techie-things, but this is my first impression.

 

[veinglory]

http://www.nbr.org/default.aspx#.UaXV9UB62So

Um, the National Bureau of Asian Research?

I will assume it is a similar gov think tank, and a pretty weird one if they are advocating doing things that are currently 100% illegal.

I personally would not start a hacking/malware war with pirates. They would win.

 

[KTC]

I, for one, wish this would happen. I've been pirated on more than one occasion. I would no more pirate a book than I would steal from Walmart. People who do purchase (or get for free) pirated ebooks deserve to have their system crash. And obviously I would be thrilled if the pirates crashed too.

AND I would also be thrilled if the cow were to jump over the moon.

 

[Jamesaritchie]

It would be great, if it could be done safely, and with no unintended consequences, but I wouldn't bet on this being the case.

 

[James D. Macdonald]

In a world where publishers are already dropping DRM, how likely is it that they'll add a needless expense for no possible gain that runs a risk of opening them to huge (PR, if no other) losses?

Anything that might be added by publishers would instantly (if not sooner) be added to viruses; the regular anti-virus companies would start scanning for it, and that would be the end of the situation. So: Huge expense, great risk, no gain, and quickly thwarted.

I don't see an upside to this ridiculous scheme. (Which, so far as I am aware, despite the blue-skying of this "research" group with no ties to the industry, no publisher is currently contemplating.)

 

[Deleted member 42]

I don't see an upside to this ridiculous scheme. (Which, so far as I am aware, despite the blue-skying of this "research" group with no ties to the industry, no publisher is currently contemplating.)

1. To go beyond DRM or lockouts and install actual malware violates Federal and International laws.

2. It would be detected and defeated within days of release. I worry that it would also be subverted for a truly malicious payload.

3. It's a really stupid idea, and the "Commission" is a bunch of people who put up a Website. They aren't appointed or official or anything else.

 

[James D. Macdonald]

3. It's a really stupid idea, and the "Commission" is a bunch of people who put up a Website. They aren't appointed or official or anything else.

Don't hold back, Medi. Tell us what you really think.

Just wait for the lawsuit when malware developed by Random House turns up on Aunt Suzie's Heart/Lung machine at a hospital (and an incredible number of biotech devices have malware on them ... see: Computer Viruses Are "Rampant" on Medical Devices in Hospitals) and she dies. Particularly if the malware shut down her heart/lung machine and took a picture of her as she convulsed. The jury will love that.

 

[veinglory]

The commission is, as far as I can tell, a product of the US Federal Government--which means they are fruitloops with influence (albeit still fruitloops).

 

[Deleted member 42]

Personally, I don't think much is going to happen in the near future, b/c of all the legal complications (not to mention the time and money it will cost), but one could wonder how it will develop in the end.

I expect more publishers will follow Tor and Baen and go DRMless.

 

[Alessandra Kelley]

There are some creative ways the computer games industry used sneaky little programs that would be termed malware to great sucess. You don't have to destroy someone's computer to create security.


One game managed to spawn a giant crab monster that followed you around and killed you repeatedly if you had a pirated copy, making the game unplayable.

One game, though not for pirated copies, just for "fun" reportedly accessed your email account and if your first name was fairly common there was a chance your computer would start whispering your name if you were playing this particular game late at night.

I'm sure our creative programmers could come up with something fun, unpleasant but basically harmless around ebooks. Imagine a nice little app that deleted all the vowels in the book, or that substituted words at random.


Craig

Or you could get what happened to me. A perfectly legal, bought and paid for game from the developers became unplayable through a corrupted file that made attempts to use it a misery.

Cute, clever, viciously stupid malware deliberately installed into software is likely to backfire against innocent and legal customs far more than it will deter pirates.

1. To go beyond DRM or lockouts and install actual malware violets Federal and International laws.

2. It would be detected and defeated within days of release. I worry that it would also be subverted for a truly malicious payload.

3. It's a really stupid idea, and the "Commission" is a bunch of people who put up a Website. They aren't appointed or official or anything else.

It really is the worst idea I've ever heard about ebooks. Even if it were not illegal, how glitchproof could it be?

It sounds more like a revenge fantasy than a plan to me, the sort of thing people love to daydream about without facing the possible consequences if it were to come about.

 

[Deleted member 42]

The commission is, as far as I can tell, a product of the US Federal Government--which means they are fruitloops with influence (albeit still fruitloops).

No; it's people who used to work for varies Federal entities, but it is:

The Commission on the Theft of American Intellectual Property is an independent and bipartisan initiative of leading Americans from the private sector, public service in national security and foreign affairs, academe, and politics.

So they aren't really anyone.

And they wouldn't know a line of code from a text string; they're amateurs. Sort of like Sonny Bono, the well-intentioned dweeb who gave us the idiocy of the DMCA.

 

[jjdebenedictis]

One game managed to spawn a giant crab monster that followed you around and killed you repeatedly if you had a pirated copy, making the game unplayable.

One game, though not for pirated copies, just for "fun" reportedly accessed your email account and if your first name was fairly common there was a chance your computer would start whispering your name if you were playing this particular game late at night.

I am twisted enough to find those completely awesome.

Imagine a nice little app that deleted all the vowels in the book, or that substituted words at random.

Ooh, I forget which website it is now--but I remember coming across one that "disemvoweled" anyone who left a sufficiently nasty post on the site. It worked surprisingly well to rob trolls and drama llamas of their shock value--no one's offended by words that are unreadable.