Customer Reviews

Software Piracy Exposed

5 star:		(0)
4 star:		(3)
3 star:		(1)
2 star:		(1)
1 star:		(1)

 

 

First, I ran across this book in the bookstore, went home, got a
better price, and read it cover to cover. The book was entertaining
as hell. The only part I didn't particularly care for was the
inclusion in the appendix of what was clearly an overview of
current virus, popup, firewalls and other softwares, which I
considered way off the book's subject.

The problem with the book is that it seems entirely unproofed
(unproofread). Spelling errors are rampant, and the author
appeared to lose control of the book in places, writing

"Sentinel was discovered by the FBI in late 1999, who then
called the FBI"

The various clerical errors could have been overlooked. However,
there were so many technical errors and distortions, I was left
wondering if the author was reporting on what he had witnessed
in the "scene" accurately. He reports again and again that
crackers can defeat any program in minutes or hours, then later
relates on programs that remain uncracked. Which is it ? There
are pronouncements about how certain programs cannot be cracked
when they make windows calls, leading to the conclusion that
the author is not aware that even the Windows kernel can be
debugged. The author talks about dongles being "enveloped",
as a "small deciphering machine". It appears that he wasn't
aware that a dongle can have an onboard CPU, or be a simple
ROM accessible by the main computer. The text reads like
an effort to dance around the fact that he didn't
understand the difference.

The other errors, or if you will, "affectations" of the book
are just annoying. The term "ISO" is used many times in the
book as the term for a CD-ROM image on a computer. The author
does, at one point, give the definition of ISO = International
Organization for Standardization, but never gives the full
definition of "ISO 9660" (or similar). Calling a disk image
an "ISO" is like calling an apple "A grocery" because that's
where you got the apple. ISO has hundreds, if not thousands of
standards. I do realize that such misuse of terms is common
on the internet, but I would expect better from a reporter.

The term "warez" is explained: (exaggerated plural derivative
of software). Not bad, but the author repeats this expansion
over and over again like a bad Saturday Night Live skit.

I liked the book, but would warn that there are better books
to really learn how to protect applications against piracy.
My current favorite is "reversing", but Eldad Eilam, but I have
three books on the subject so far, and I unfortunately find I
know more about it than the writers of these books (and not
because I know more than average).

With all the hype currently being generated about digital piracy, I decided it might be interesting to read Software Piracy Exposed by Paul Craig and Mark Burnett. There's an interesting subculture there that's unlike anything I've ever known, and it's not quite what I expected...

Craig spent some time working himself into a position of trust with a number of significant players in the piracy scene. While not participating in the activities himself, he was able to see how cracking and distribution organizations are structured, and what drives the individuals to do what they do. Surprisingly for software piracy, it's not necessarily being able to have and use the software you crack. Mainly it's the bragging rights to say you were the first to crack and distribute the package, or that you have the largest collection and distribution network. I got the distinct impression that most of the hardcore players in this culture don't even have the time to use the software. Since these groups are competing against each other, minutes can be critical in breaking a package open and getting it out first on a network. And as soon as one is done, the next one is waiting. If you spend days cracking something complex and then get beat out by another group by a few minutes, you (and your group) don't get credit for the hack and all the work was wasted. It seems like music and movies are less intense so far as breaking encryption, but a bigger deal to get it out early. Morals and ethics aside, it's a rare look into a strange lifestyle...

While the book is pretty good, it did suffer from some bad basic editing. Acronyms were inconsistently spelled (MP3, Mp3, etc.), and I got tired of seeing the parenthetical description of "warez" showing up time after time. Explain it once at the beginning, and then move on. There were even a couple of times when the explanation of the acronym was just plain wrong. I feel if you're going to publish a technical book, you need to pay attention to these things. Otherwise, it looks shoddy, unprofessional, and rushed. While it wasn't enough to make me dislike the book, it did detract somewhat from what would have been a very good volume otherwise.

Editing aside, it's a worthy read in order to understand the mindset and reality of the piracy and cracking subculture. Software piracy does have a financial effect on copyright owners, but it's not a case of "every copy is a lost sale"...

This is the kind of book that is unique, original, and yet, seems as if it was accepted by the publisher as a first draft. The author makes clearly obvious factual errors every three pages or so. Case in point, he claims P2P is shorthand for "person-to-person". Another doozy: "less than 10 percent of Altair owners never paid for their copy of BASIC" (the exact opposite is true). Some sections of the book, particularly those on internet hacking and usage of firewalls, are completely pointless and out of place. This book was clearly rushed to market. Shame on Syngress for screwing this one up.

Software Piracy Exposed is riddled with factual and grammatical errors and contradictory information. The book also contains a completely unrelated and unnecessary chapter on basic computer security. Avoid this book.

I loved Software Piracy Exposed (SPE), despite the lack of good technical review, copyediting, and proofreading. I liked SPE because the author did original investigative reporting to gain the trust of the pirate underground. By infiltrating the scene, he brought an unprecedented level of access to the common reader. That is real threat reporting, which for me compensates for rough presentation.

SPE is surprising on multiple levels. In one respect, the book shatters myths held by most outsiders. For example, I was shocked to learn that digital pirates hate those who distribute content over peer-to-peer networks. Almost all of the attention from the media, anti-piracy groups, and lawmakers focuses on p2p -- yet real digital pirates hate p2p users too! In fact, the more I read about digital pirates, the more I appreciated that piracy is almost a secondary aspect of the scene. In reality, piracy (outside p2p) is about building a reputation and gaining respect among peers. It seems hardly anyone dealing in stolen content ever uses it -- all they do is crack and trade it to elevate their status in the pirate community.

A second surprise involved the sorts of people active in the pirate scene. This is the advantage of a book like SPE over the competition; SPE is written by a reporter who interviews pirates themselves. In one case, a university network admin hosts a top level pirate site by hiding bandwidth usage from his supervisors. In other cases, top technical schools in Europe with fast connections are favorites of pirate users. On p 53, pirate suppliers -- those who steal media, that is then cracked and distributed -- said they knew of no other supplies who hacked companies to steal media. That ran contrary to my understanding, but I believe it.

I was also highly interested in learning how my own books have been pirated. I was always curious how a book that had never been published as a Microsoft .chm file would appear on p2p networks. SPE reveals that book pirates use stolen e-book credentials to sequentially read and scan text and images. Their custom software then compile a completely new book out of the material they obtain.

The final surprise was the warped sense of morality demonstrated by members of the pirate scene. Consider this quote: "Sadly, the Internet attracts such bottom dwellers, people who in real life have no one to talk to. The anonymity of IRC is a place they revel in. Some of us, though, still maintain ethics and standards." These are the words of the leader of a pirate group! Oddly enough, a few sentences later this person states "I idolize the true friends on IRC." In another case, a pirate who narrowly avoided an FBI sting shares these sobering thoughts: "Now I really don't think piracy was worth it. I have a life, a girlfriend, a job... The worst thing about the scene is how fast you are forgotten; nobody really cares too much after a few months. Is that worth the jail time?" Indeed.

I highly recommend reading SPE. I would skip the four appendices, as I do not believe they add anything noteworthy to the book. If you are a nontechnical person, you will still enjoy reading SPE since it is more about humans and their motivations, and less about technology.

Software piracy is a major concern of companies such as Microsoft, Electronic Arts, and others. But what exactly is software piracy? Where does its roots come from? Is it different than file-sharing? What exactly makes it so efficient? These are some of the questions explored by Paul Craig in Software Piracy Exposed (2005, Syngress Press, 310 pages, ISBN 19322266984). This new title goes behind the scenes of the pirating world to give readers a deeper understanding of this sector of the underground economy. It is a fascinating read, but is hurt by poor editing, undocumented references and information, and the seemingly apologist attitude the author takes towards the pirating community.

The author succeeds very well in walking the reader through what he learned in going "undercover". He starts out by explaining how he was able to gain access, and introduces the reader to some of the main people he learned from. This is followed up with a brief history of how software piracy evolved, not from the advent of computing and Bulletin Board Systems, but from the introduction of forgery centuries ago. In fact, it is from this book that I learned how software went from an asset of no value to the creators to a protected asset under U.S Federal Law.

Craig then walks the reader through each step of the, for want of a better term, the life cycle of pirated software. It is indeed fascinating to read how the process operates much more efficiently than the processes of the software vendors themselves. In fact it has to be, or the pirates would have no purpose in being. More interesting is the notion that none of it is driven by profit motives, but mainly for social affirmation that comes from being successful. What is scary is that much of the success of software pirates is due to inside employees and/or contractors providing them the code needed to crack and distribute the software. From a systems controls perspective, it is incredible to read what I already knew at some level: too many companies have not locked down their public FTP servers.

The drawbacks of the book are important, at least to me. First, the book seems to have lacked the editorial review process to eliminate even the most basic misspelled words. When I see mistakes like this, it raises questions about the validity of the remaining content, Second, the author makes references to a number of incidents and information without making footnote documentation of the information sources. Third, the author comes across as too much of an apologist for the software pirating community. While at times he seems to be critical of their thought processes, by not coming right out and saying they are wrong (as well as crediting innovation in software to their efforts), he is in a sense validating what they are doing.

Who Should Read This Book?

This book should be read by IT security personnel to understand what vulnerabilities they may face in their own organization. It should also be read by IT Auditors, so they too can determine what needs to be added to their audit programmes to assess risk.

The Scorecard

Birdie on an Average Par 4