Four Years

Drink or Die was a big warez procurer. Was.

These group got busted a while back, and now the prison sentences are starting to roll in.

John Sankus, the leader of the group, just got 46 months, or a little less than four years for it. That’s after a plea bargain, which you can read here.

That news article also mentions a former employee of a software company getting a little less than three years for being a provider.

You can read what the DOJ had to say about this here and here. Here’s also a here. Here’s also a news article about it.

The leader of Pirates With Attitude just got sentenced, too.

If you’d like to keep up with these sorts of cases, the DOJ has a handy little page for it.

OK, maybe DOJ releases don’t impress you. You can take a look at some news articles about these actions and their impact here and here and here.

Just government mouthpieces, you say? With a little digging-around, I found what pretty much boils down to a running tally from the other side as these operations were going on. Absolutely fascinating reading, and it generally confirms what the more orthodox media had to say.

If you read through at least some of this, you find out a few things:

  • The authorities are interested and are willing to go as far as to set up sting operations.
  • They are able to infiltrate at least some of the warez operations where at least some security measures had been taken.
  • They’ve gotten at least some international cooperation on this.
  • They have a pretty good idea how these organizations operate, and where to look for them.
  • People who have earned a free interview with a law enforcement agent tend to be quite cooperative.
  • The Warez Chokepoints

    If you’ve read at least some of the linked material, it becomes clear that warez operations are a good deal more centralized than, say, MP3 operations. This makes law enforcement actions easier.

    There are just so many employees of software companies who have access to prereleased software and who are also willing to hand a copy over. That number should drop somewhat now that such people are getting some hard time for it.

    There are just so many people with the skills to crack copy protection. As the reports from the other side indicated, some in the business decided it was time to quickly retire from it.

    The current warez model depends heavily on leeching bandwidth and disk space from universities and (to a lesser extent) corporations. There are just so many qualifying hosts out there, and at least universities have been put on at least some notice to look for such infections.

    These items will each tend to discourage, not eliminate warez traffic. Probably the most limiting factor will be the warezers themselves. Those who wish to continue in the “business” are going to be extremely security-conscious and nowhere near as open as they may have been in the past. At least the smart ones will. The dumber ones, well . . . .

    When you think about it, it’s not so easy to tell the difference between a cracker and an FBI agent in cyberspace. I suppose it’s not impossible, but extra precautions will winnow out plenty of non-agents, too.

    Non-American warezers? Remember, the software largely comes from the U.S., and if the U.S. folks are paranoid, they likely aren’t going to forget all that and leave an overseas trail.

    None of this makes warez creation impossible, just more difficult (and probably not a whole lot more so).

    However, warezing is an unusual criminal action in that it’s not the act itself that has impact, but the distribution of the results of that act.

    It’s like detonating a nuclear bomb. What you do isn’t as important as where you do it. If you do it in lower Manhattan, very big deal. If you do it in the middle of a big desert, nowhere near as big a deal. Same bomb, much different impact.

    The important impact is to make warez dissemination more difficult. For example, if warezers go to encryption, that eliminates those leechers who find decrypting a hassle.

    Nor will most makers be too concerned about what the average taker thinks. After all, leeches just take and provide nothing in return. How many leeches contributed to the PWA or DOD Defense Funds, for instance? There will be exceptions, but on the whole, if the average leech has to jump through a bunch of hoops, the average maker will probably find that more a test of worthiness than anything else.

    Besides, a leech can do nothing about it.


    There are certainly other, more decentralized ways of conducting this activity, and no doubt this has and will happen over the course of time.

    However, at least the first chapter of the cyberspace equivalent of open-air drug markets has drawn to a close, at least in the United States.

    From now on, law enforcement agencies will be extracting a price for this type of activities. How much of a price is an open question. Could well be not much of one.

    After all, drug traffic continues in the U.S. despite a much greater effort. However, there’s one huge difference between drug providers and warez providers. Drug providers get paid. A lot. Warez pushers generally don’t (though this may well change). When you’re the one accepting the risk, that makes a big difference

    The days of “I can’t be caught” are over. The question is now like that of a would-be drug purchaser. “Is it worth the chance, however small, of getting caught?”

    To quote the prosecutor in the Sankus case:

    “John Sankus and his techno gang operated in the faceless world of the Internet and thought they would never be caught,” McNulty said in a statement. “They were wrong. These sentences, and those to follow, should send a message to others entertaining similar beliefs of invincibility.”

    This isn’t risk-free anymore. You should know that, and anybody who doesn’t think you should know that is just playing you for a stooge.

    In this case, ignorance is not bliss.


    Be the first to comment

    Leave a Reply