We Have a RAT Problem Says DCA

“We the consumers are outgunned and outmanned. We don’t have the tools needed to protect ourselves.  While you are still better off having a 2013 anti-virus program, it won’t protect you against zero-day malware anymore than the polio vaccine will protect you from Ebola.”

That quote is from the introduction of a new report published last week by the Digital Citizens Alliance entitled Selling “Slaving.”  It focuses on an especially pernicious form of malware called RATs (Remote Access Trojans); the users of these applications; their victims; and the enablers — both corporate and criminal — that help spread and even monetize this growing trend in what sounds a bit like hobbyist hacking.  I have never explicitly recommended reading a whole report of this nature before — often the bulk of a study contains a lot of data supporting the main findings — but I do recommend reading all of this one.  Not only does it discuss a cybersecurity threat of concern to any computer or device user anywhere, but the report reads much more like a very long article that provides insight into the nature, motives, methods, and victims of this class of hackers called ratters.  Their brands of mischief include a wide range — from pranking people for sophomoric amusement; to identity and data theft; to slaving built-in webcams on the computers of women and girls to record Peeping Tom photos and videos that may or may not be used for the purposes of extortion and/or sold through black-market channels trading in child pornography.

The DCA report indicates that ratting is on the rise — and going mobile — but readers should take particular note of the lack of sophistication required relative to the amount of harm that can be caused to victims who fall prey to RATs.  In fact, many ratters can hardly be called hackers at all because they don’t hack into computers by means of any remarkable coding skills. Instead, the unsuspecting victim inadvertently downloads malware to her operating system, and a ratter is then able to control that computer (slave it) using one of a handful of cheap, easy-to-acquire, easy-to-operate software applications. An attack can be targeted (i.e. aimed at a specific victim like someone the ratter knows and has a motive to assault), but it seems that most victims are random people downloading files they assume are innocuous but that contain RAT malware.

Probably the most archetypal story of a malicious and targeted RAT assault — one the DCA report cites in some detail — is that of Cassidy Wolf, the California teenager, who was voted Miss Teen USA in 2013.  In the months leading up to her pageant victory, Wolf was the victim of a ratter, who turned out to be a teenage boy at her high school named Jared Abrahams.  Abrahams had taken control of Wolf’s computer as well as her entire social media presence, and she was completely unaware that he had been slaving her webcam to capture naked images of her until the day she received an anonymous email threatening to leak these images and other personal information on the Web, saying that he would ruin her career plans by turning her into an “internet porn star.”  His demand in trade for his silence was that she provide him with a “sexually explicit” video; and Wolf has been rightly praised for her courage in standing up to her assailant, even after he made good on his threat to release compromising images. She contacted the FBI, went public with her story, and used her pageant celebrity status to raise awareness of the problem. Her decision helped lead to the identification and conviction of Abrahams, and by the time authorities caught up with him, they discovered he had been “slaving” the devices of approximately 150 young women and female minors around the world.  He served 18 months and is currently under house arrest.

Abrahams was a relatively sophisticated hacker — and he clearly chose to target Cassidy Wolf — but many ratters are more casual, random, and technologically inept than Abrahams, so they turn to the same resource many of us use for How-To advice — YouTube.  The fledgling ratter (sometimes called a script kiddie) need not find some remote corner of the dark web in order to learn how to spread and use RAT malware because there are dozens — if not hundreds — of tutorial videos on YouTube right now that provide complete, step-by-step guides to ratting along with helpful comments and links by fellow ratters.  (See, the Web really is about community!) In addition to these tutorials, we find ratter “fan vids,” which are not so much tutorial in nature as  vicarious viewing, so you can watch a ratter harass or spy on a victim while narrating his  observations like “Dude, watch this!” and “Oh, fuck, did you see that?  This shit is sick.”

RATs on YT
Just one of many ratter videos on YouTube. All the visible titles suggest tutorials in how to be a ratter.

Collectively, both the tutorial and the ratter “fan videos” have tens of thousands of views, and the DCA report indicates that about 38 percent of these videos are ad-supported, which means that both Google and the ratter are earning some revenue from the ad buys of major brand advertisers.  This means Google has a problem that reads something like this:  “This illegal invasion of an underage girl’s bedroom brought to you by Procter & Gamble.”  And as much as I criticize Google for profiting from the exploitative aspects of digital life, I would not be surprised if the company seeks to mitigate its role as an enabler of ratting just as it has with a zero-tolerance approach to keeping child pornography out of the Google-verse.  The DCA recommends Google assign a “human team” to address the role that both search and the YouTube platform are playing in this regard, but it cannot be overlooked that the Internet industry’s larger policy agenda, advocating a “hands off” approach to all things Web, provides cover for bad actors in a variety of ways.

And that brings us to one of the primary channels through which RATs are spread (and you’ll be terribly surprised), which is illegal file-sharing sites.  Because Trojan Horse malware is delivered by sneaking the virus into an OS while the user downloads a file he/she assumes is safe, it stands to reason that the black-market world of illegal media and software provides an ideal hunting ground for ratters to set their traps.  In fact, some of those tutorials on YouTube demonstrate how a ratter can download a file from, say, kickasstorrents, modify the file with his RAT, then re-upload the newly infected file awaiting random downloaders because, y’know, “sharing.”

By these methods, ratters trap random prey to be fed upon at leisure and prioritized according to the intent of the ratter.  This may include mining victims for credit card or other sensitive information;  or the ratter may slave the computer to mine bitcoins or to spread RAT infiltration to a larger system, like the victim’s place of business.  But in many cases, it seems, the goal of many a low-skilled ratter (i.e. teenage boys and young men) is to gain access to the computers of women and girls who have webcams.  Thus, as ratters manage to trap these prized victims (often with the enthusiasm of trophy hunters), they sell the IP addresses to other ratters — like commodities in their own little RAT exchange — where access to a boy’s computer sells for about $1 while access to a girl’s computer sells for about $5, according to the DCA.

Now, I have at least implied in the past that piracy sites should be boycotted by anyone who considers herself — or himself — a defender of feminist principles.  In addition to the fact that the site owners directly profit from advertising links to “services” that are tied to varying degrees of exploitation of women (e.g. MEET ASIAN GIRLS NOW!!), this DCA study of RATs demonstrates that these sites also unintentionally provide fertile ground for spreading malware that is consistently used to exploit girls, which is apparently valued at a 5:1 ratio over the exploitation of boys. I’m not sure what else needs to be said about that.

Finally, the DCA report does contain some indication as to how Internet companies, users, and law enforcement might actually work to address the challenge of this growing risk of personal invasion.  But in order to get there, the public will first have to accept that Internet companies and law enforcement have a role to play, that our RAT infestation is just more evidence that a free-for-all policy on the Web is a fundamental failure.

Posted in Digital Culture, Law & Policy, Piracy | Tagged , , , , , | 2 Comments

The Copyright Hub is Launched in Britain

In this post from June of 2014, I argued that the Internet is a reason for the average person to care more about copyright, not less.  The premise of that piece was that just because it’s a right most people will never need or care to enforce, that’s not a reason to allow—let alone get fooled into evangelizing—a weakening of those rights for the sake of Internet industry profits.  And among the many dubious talking points oft-repeated by the tech sector and its network of faux-progressive organizations, are variations on the theme that copyrights are today exclusively a barrier to the “free flow of information.”

Not only do I find that premise philosophically offensive (akin to saying “civil rights are a barrier to the free flow of bigotry”), but I also think it is remarkably non-innovative, especially coming from the presumptive problem solvers of our future.  Rather than take the view that the ideal Internet requires that property interests in data (e.g. a photograph or a musical work) be removed as nuisance barriers, why not seek technological solutions that facilitate easy licensing and other methods of leveraging those property interests, so that more people share in the digital-age bounty other than just the Facebooks and Googles of the world?  Crazy, right? Maybe not.

As Andrew Orlowski reports in The Register, The Copyright Hub was unveiled this week in the U.K., and the principle is precisely based on—get this—harnessing the power of data to enable people to easily identify the owner of a work, the terms of the owner’s interest in that work, and to request a license to use that work according to those terms.  That might sound a little bit like Creative Commons, except it isn’t at all. Creative Commons functions much more as a PR tool evangelizing the vague ideology of the “sharing economy,” rather than providing any kind of transactional efficiency between the creator of a work and the proposed user of a work.  Orlowski writes about the prospect of the Hub …

So what previously took days or weeks to track down and negotiate is handled in the background in fractions of a second, because content has identifiers. By reducing the friction and the cost of licensing to almost zero, lots more licensing should be possible. One can envisage a whole new internet that supports functioning markets growing out of the rancid free-for-all of today’s clickbait-infested swamp.

When big corporations get away with practices like stripping metadata from images or pushing the boundaries of infringing an individual’s right of publicity to the extent that all data, all images, all “content” becomes one big grab-bag of decontextualized—free flowing thought it may be—stuff, this is not only bad for professional creators of works but is ultimately bad for the aspirations we have for the Internet itself.  An initiative like The Copyright Hub seems designed to fulfill one goal of the web, which is to connect people, in this case by fostering respectful relationships through content, rather than treating content like wildflowers meant to be picked at will. And in many cases, these transactions will involve no more than the exchange of a simple please and a thank you.   

Orlowski reports that the head of The Copyright Hub, Dominic Young, views this initiative as restoring the right of choice to the owner of a work, which is, of course, the backbone of copyright.  To quote Young from Orlowski’s article, “Copyright is actually the freedom to decide what happens to your work. Everyone has it. Should people be able to make their own choice about how it’s used? Most people would say ‘Yes’. Should they have a single choice thrust one them? Most people would say ’No’.”

Internet industry practices by the big boys have not only chipped away—if not utterly destroyed—that freedom of choice for rights holders, but they have so successfully planted the idea in a new generation of creators that copyright is a state-imposed, mandatory barrier to freedom, that many contemporary creators have been duped into advocating a weakening of rights that are completely optional in the first place.  The hope is that through efficient, technological applications like the Hub, creators who have, to some extent, given up on copyright may find a renewed faith in their ability to connect with users of their works through interactions based on the idea that permission can still be part of our digital future.

For more information about The Copyright Hub visit www.copyrightdoneright.org

Posted in Copyright, Digital Culture | Leave a comment

Donald Trump: A Candidate for Our Times

Years ago, I heard a great discussion among a group of veteran, political journalists; and they were talking about the cliché in which candidates say, “I don’t want to get into a character debate. Let’s talk about the issues.”  Although that particular sentiment was a byproduct of the “family values” rhetoric of the GOP, one of the journalists made a very sound argument that, in fact, character, in the true meaning of the word, is probably a more valid indicator as to how a candidate is likely to govern than anything he or she says about a particular issue during the campaign.  Candidates, he suggested, will campaign on agendas they want to achieve; but given the realities of governance, which is filled with obstacles and unpredictable events, the character of the individual is a pretty reliable indicator as to the kinds of moment-of-truth decisions a leader will have to make while in office.

How that insight is helpful is another matter, since Americans will be as divided on assessments of character as they are on any policy issue, which is one reason I think it’s a shame that we’ve demoted veteran political reporters—those people who traditionally live with candidates on the campaign trail—to the pejorative status of elitist in favor of the more populist platforms of social media.  And so, it strikes me as just a little too perfect that the GOP front-runner happens to be a guy vying to be Asshole-in-Chief of the United States? By “too perfect” I mean that Donald Trump’s present shooting-star status (soon to burn out, I imagine) is a predictable manifestation of what political discourse has become despite living in—or perhaps because we live in—the Information Age.  It’s no surprise Trump appeals to a lot of voters. After all, he sounds just like so many citizens on social media sites and comment threads, who like to make smug, uninformed, and even offensive statements.  Trump is basically a troll.

Okay. Nate Silver beat me to this particular accusation with his article aptly titled Donald Trump is the World’s Biggest Troll.  I had a similar thought a while back, but Silver did actual work, like research and stuff; and so, his article compares and contrasts some of the mechanics that seem to be driving the—presumably temporary—dominance of candidate Trump with populists of the recent past, who have rapidly risen and fallen during primary season.  Silver makes a number of interesting points, but I was particularly drawn to the questions posed in this paragraph:

“Social media allows candidates to make news without the filter of the press. It may also encourage groupthink among and between reporters and readers, however. And access to real-time traffic statistics can mean that everyone is writing the same “takes” and chasing the same eyeballs at once. Is the tyranny of the Twitter mob better or worse than the “Boys on the Bus” model of a group of (mostly white, male, upper-middle-class, left-of-center) reporters deigning to determine what’s news and what isn’t? I don’t know, but it’s certainly different. And it seems to be producing a higher velocity of movement in the polls and in the tenor of media coverage.”

No doubt American politics today is different, though there is an argument to be made that the contemporary tone reflects a regression to the volatility of the late 19th century rather than progress made since the more moderated late 20th.  So, although Silver is reluctant to say whether or not the “tyranny of Twitter” is better or worse than the traditional filter of the press, I’m less inclined to be so neutral on the matter.  If things are not worse, I have to ask why it is that literally every subject—I mean every subject—has become aggressively politicized to the extent that both liberals and conservatives seem willing to ignore any number of technically apolitical realities in order to stand firm in their often futile convictions?  Isn’t that the opposite result of what a “better informed electorate” was supposed to produce?  Every day on Facebook, I see declarations of both left and right-wing outrage based solely on a misleading headline from some dubious source that is predicated on a complete distortion of facts that should never have been political in the first place.

But every topic feeds the circus now, and I guess that’s good for the people who own the proverbial tents, rings, cotton candy concessions, and sideshows; but it should be no surprise, then, when the most outrageous clown in the act winds up becoming the main attraction. Because, of course, Trump is troll-like inasmuch as his obnoxious comments lead serious people to wonder whether he means what he says, or if he’s purposely using divisiveness as a tactic. But this is hardly a distinction worth making because there is arguably no presidential material behind the troll, even if it isn’t an act.  (I mean, you could almost hear the collective spit-take by the Joint Chiefs the day he casually suggested “bombing Iraq’s oil fields.”) But I think Trump is serious about his candidacy, which means he’s technically not a troll. To the contrary, he is a known quantity — a character who’s been part of our culture, for better or worse, for nearly 40 years. I’ve often thought of him as my generation’s Malcolm Forbes, but without being, y’know, interesting.

And this is perhaps the real reason Trump’s polling status is such a natural byproduct of our times:  because he is a pre-digital-age master of what we might today call YouTube entrepreneurism. Trump has been “cultivating his personal brand” since long before the people were born, who now evangelize that idea on the stages of TEDx. His ego has been front and center since his earliest days developing real estate in New York City, and he has nurtured his personal brand into an icon of the American Boss—a cult of personality bizarrely based on the kind of guy you’d think nobody would ever want to work for in real life. Trump’s brand is being one of America’s biggest assholes, a role he has thoroughly embraced and even monetized. He trademarked the declaration “You’re fired”™ for crying out loud.  Trump is to American politics as Kim Kardashian’s ass is to American culture, and maybe it’s working for now because we’ve migrated from the shallow waters of the sound-bite to the dry lake beds of click-bait.

Posted in Digital Culture, Politics | Tagged , , , | Leave a comment

The Innovation Act is Anti-Innovation

Google remains the third largest corporate lobbyist in the country, spending a reported $4.62 million in the second quarter in Washington, with Amazon, Facebook, and Apple spending a combined $6.07 million in the same period.  Naturally, each company has its own interests—Facebook would like more skilled immigrants in the U.S. and Amazon wants to deliver goods by drone—but all of these tech giants, according to this story in Wired, have urged lawmakers to support a patent reform bill called the Innovation Act (HR 9).  Of course, the names of bills can be terribly misleading sometimes. Because, as far as I can tell, the Innovation Act is fundamentally anti-innovation.

At its core, HR 9 is meant to rid the patent system of the dreaded Patent Troll, who—like its cousin the Copyright Troll—will enforce a somewhat flimsy claim in some constituent patent it has no interest in developing, but pursues the case solely for the purpose of extracting money from an entity that is developing something new.  Even strong patent proponents will admit that bad actors exist—bad actors exist in every system—but that trolls are the exception not the rule, and more importantly, that the Innovation Act is based on a definition of “troll” so broad as to potentially disenfranchise many legitimate inventors.  In essence, the passage of HR 9 would be a rather sad comment on the fundamentally American rationale that established the intellectual property clause in the first place — the assumption that a great idea might come from anywhere.

The central problem with the way Silicon Valley interests are portraying the need for reform, according to Professor Adam Mossoff at the Center for the Protection of Intellectual Property at George Mason University School of Law, is that so many of the arguments are predicated on what he calls “junk science.”  Mossoff criticizes inaccurate studies of patent litigation, which have led to defining the term “patent troll” so broadly as to threaten a hugely inventive sector of the American market.  In legal lingo, the colloquial troll is generally referred to as a Non-Practicing Entity (NPE), but much of the data used to support reform proposals will define NPEs as “any entity that derives the majority of its revenue from patent licensing activities.”  As Mossoff—and former patent judge Paul Michel—will point out, this would include universities, start-ups, biotech firms—literally any entity that has the capacity and resources to invent but not the resources, structure, or expertise to develop, manufacture, distribute, and market. To quote Mossoff, “…the definition [of the NPE being applied] is so broad that it renders the results of its study completely uninteresting, unremarkable, and predictable – it’s like saying that 90% of people who sue over an auto accident own cars.”

If a doctor has a concept for new medical device, both she and the public are going to benefit faster, in most cases, if the device concept is sold or licensed to a company that already has the resources to bring that instrument to the market.  Perhaps this same doctor will create a business entity that goes on to invent or improve several other medical devices, but which only ever sells the licenses for those products because it doesn’t make sense to become manufacturers.  Why should this innovative company’s patent interests be weakened by the fact that it would be defined as a Non-Practicing Entity?

In fact, where proposals like HR9 appear to lead is to further exacerbate the central hazard in the U.S. market, which continues to favor the massive corporation over the entrepreneurial endeavors.  It puts giant corporations at an unfair advantage—as if they didn’t already have an advantage—when it comes to licensing or exploiting the intellectual property created by individuals, start-up entities, or R&D-based institutions like universities.  Not only does this seem as though it would accelerate the disastrous trend of wealth consolidation, but it also seems to undermine the central, democratic principle that genius may come from the humblest corners of society and should be rewarded when it does.

On this note, I have to also point out that the arguments for this proposed reform to patent law sound a little too app-centric for our own good.  In large part, the aims of reformers appear predicated on software, and other innovations that tend to have short lifespans in the market, transformations measured in months in contrast to patents that last years.  And while I understand how distracted we can be with all the shiny objects that dance around on our little screens—giving us new ways to spy on ourselves for data mining companies; to hook up for casual encounters; to order a car service; or to play games on the crosstown bus—we should remember that there’s a lot of lower-tech invention and development that needs doing around here, even in the computing world.  We still need a greener energy paradigm, still have aging infrastructure, healthcare needs, security issues, outdated transportation systems, and growing concerns over resource management.  The inventions inherent in addressing any of these and other long-term challenges may well be in the minds of people HR 9 would define as future “patent trolls.”  That doesn’t sound like progress to me.

Posted in Law & Policy, Patents | Tagged , , , | Leave a comment

Orphan Works Rumor Not Helpful

Okay.  A bunch of my artists rights friends and colleagues need to take a breath, because some of you are doing exactly the kind of stuff we hate when the tech industry exaggerates or fabricates negative aspects of copyright.  In the last 24 hours, I’ve encountered a handful of artists rights proponents sharing links and comments proclaiming that the Copyright Act is about to be overhauled, that there is an Orphan Works proposal before Congress, and that visual artists in particular must immediately write to the Copyright Office by July 23rd to make their voices heard on these matters.

Stop.  Breathe.  None of this is true.

First of all, the Copyright Office is seeking input from photographers and other visual artists in order to gain insight as to how this class of creators might better monetize their works, enforce their rights, and more easily register works in the digital age.  The office is soliciting comments in the interest of better protecting creators’ interests, and this July 23rd request has nothing to do with Orphan Works, even if there were such a proposal on the Hill—which there is not.

As for Congress, the Judiciary Committee began holding hearings in April of 2013 as the first step in a comprehensive review of the Copyright Act, and the last of those hearings was held in April of this year.  Congress has thus far listened to 100 witnesses and, as stated by Chairman Goodlatte, “Over the next several months, the Committee will be reaching out to all stakeholders to invite them to share their views on the copyright issues we have examined over the course of our review so far, as well as any others.”  In case you’re unfamiliar with the sound, that’s the proverbial wheels of justice grinding slowly, which is what they’re supposed to do. (Okay, it’s a bit of a mixed metaphor for the legislature, but you get the idea.) It’s also worth noting that the last revision of the Copyright Act took several decades, and the outcome of this review process may not be a rewrite of the law. Hence, nothing is moving as rapidly as your Twitter and Facebook feeds.

The purpose of this review—hence the word review—is not to debate any specific changes to the law, but to assess the Copyright Act in a contemporary light and to hear testimony from experts and stakeholders with differing views as to the strengths and weaknesses of the law in our new technological times.  As such, there is neither an Orphan Works bill nor any other proposal before Congress to amend the Copyright Act. Not yet. Those days may come, and artists and creators should certainly remain involved when they do.

Artists and creators have typically been shouted down or bamboozled by heavily-funded corporate shills and the nouveau-savant within academia, who for various reasons have jumped on a bandwagon of hostility toward intellectual property.  They are the hysterics. They are the ones who cry SOPA every time anyone thinks to protect IP in the digital age. They are the ones who deflect any attempt to impose civil law upon Internet companies by manufacturing a backdoor conspiracy involving a pair of congressmen and a bag man from the MPAA.  Creators cannot afford to to play those games, not least because the antagonists to the interests of creators are masters at exploiting the hypocrisy of others while admitting no such errors in themselves.

Stay involved. Stay the course.  But stay informed.

Posted in Copyright | Tagged , , | 21 Comments