Internet Book Piracy Page 11

  At the same time, as an alternative to creating and distributing online files, some pirates are using an older popular method of scanning books, commonly textbooks, to sell on the streets or to the schools. This is the approach often used in the less technologically sophisticated and poorer countries, where Internet use is less common. So instead of providing free files, the pirates sell pirated copies of books to people on the streets, in bookstores, and through deals with college officials.

  In turn, efforts in different countries have ranged from confiscating pirated books and other materials, to requiring websites to take down pirated material or shutting them down, to arrests, fines, and lawsuits against those who distribute, sell, or receive pirated materials in whatever form. Yet no matter what efforts are taken, more pirates appear, and those fighting them generally have a labor-intensive, daunting path to stop the pirates, much less recover any lost compensation or damages as a result of the piracy. Moreover, a part of the problem is that piracy is global in scope; pirates in one country launch websites, software, and services to facilitate the transfer of files or manufacture pirated books for shipment to another country.

  Thus, a worldwide effort is needed more than ever to fight back against the pirates, who are like the pirates on the high seas attacking vulnerable ships, like viruses might victimize hosts or weeds might victimize gardens. But here the victims are the legitimate publishers, writers, and creators of other forms of creative content. As one victim put it in the article “Rant on E-book Piracy, Sociopaths and Rampant Criminality,” without using his name to avoid further targeting:

  “Like other criminals, pirates have a thousand ways to justify their crimes to themselves and others. One of the lies they tell is that piracy doesn’t affect sales. They even have false surveys that they share online … to convince others that stealing books online is a victimless crime that doesn’t cost. Some of these criminals even go so far as trying to make the case that stealing from writers and publishers helps them …

  “(But) online piracy is organized crime and there is no justification for participating in it … ‘Sharing’ is a euphemism for counterfeiting …

  “The unethical people who participate in this crime might be the same people who break into your house or rob banks, but they commit their crimes online mainly because they think there is less likelihood of getting caught and there is definitely considerably less likelihood of being physically injured or killed during the commission of their crimes.

  “They are extremely well organized. Not only are their actual criminal enterprises, which are criminal conspiracies, well-organized, but their not-for-profit supporters are well-organized, as well. They have important sounding names and often disguise themselves as academics who support the freedom of information. But, these organizations and their criminally-minded members don’t just want free information exchange within the boundaries of the law, they want to freely exchange what is the property of other people” (http://witchrants.wordpress.com/2013/03/13/rant-on-e-book-piracy-socopaths-and-rampant-criminality).

  CHAPTER 11

  The Battles of the Music and Film Industries Against Piracy

  FOR THE MOST PART, THE fight against piracy has been carried out by the music and film industry, compared to a relatively few limited efforts by writers and publishers, largely in the form of takedown notices. While one strategy has been the massive lawsuits against downloaders, such as by Voltage in various countries, one of the most successful approaches to reducing piracy has been creating an online pay-as-you-download or paid subscription system. Examples of this strategy can be found with iTunes and Netflix, which have provided low-cost alternatives that make it easier to pay a small amount to listen to music or view films, rather than obtaining them legally. But the system doesn’t always work, most notably in the case of newly released films, where there is an incentive to download or share files before or while the film is in theaters and before it is released through subscription services or the home video market. This issue is reflected in the pirating of popular films and TV like The Hurt Locker, Dallas Buyers Club, and Game of Thrones, all pirated worldwide, as described in Chapter 10. Still, the music and film industries have benefited from being more organized and better financed in taking on the pirates, compared to the publishing industry. The following chapter discusses how they have organized and have been successful in some respects, while being very vulnerable in other cases.

  The Potential for Damage from Pirates and the Sony Hack

  The potential for damage, shown by the Sony hack in response to the film The Interview, goes far beyond just the loss of income due to illegally sharing films, music, or other types of creative content. This hack takes the threat of piracy to an entirely new level, demonstrating that not only can creative property be obtained and shared by pirates, but high-tech pirates can reach within the very innards of a company in order to steal copies of private materials—from employment and health records to information on company financial data and personal emails. In the news accounts of the hack, a lot has been made about the embarrassing emails released that showed CEO Amy Pascal and other company officials trashing various Hollywood celebrities, such as calling Angelina Jolie an untalented prima-donna director. While that may be titillating reading for the general public, what is more significant for the piracy battles is the way the pirates were able to locate and breach passwords to gain access to virtually anything they might want to steal, copy, and distribute publically or use for extortion to prevent the revelation of this material.

  The Interview was widely pirated before Sony chose to release it through legitimate downloads and independent theaters—about 450,000 downloads within one week according to some media reports. The irony of this hack is that the focus on the film—a largely sophomoric comedy that likely would have disappeared within a week or two with relatively low-box office numbers—launched it into a must-see box office sensation. At the same time, media has mostly focused on the film’s success showing that critics can’t stop freedom of speech, on the embarrassing revelations about the emails and high salaries of Sony executives, and on the need to find blame for the hack, such as claiming North Korea behind it because the picture featured a successful plot to kill its Chairman Kim. Attention to these factors has obscured the broader threat of hacking into any system to pirate not only creative content but anything. This means that any company, any individual, could become fair game for piracy, linking the act to an invasion of privacy because once pirated, any information can be revealed. This goes beyond pirating books, films, music, and other creative content; virtually anything can now be pirated once a company or individual becomes the target of a hack. In a sense, then, the Sony hack might be seen as a kind of wake-up call to the very serious dangers of Internet piracy and its ability to steal not only property, but the very privacy and identity of its victims.

  While much of the Sony hack story will be well known, a summary of the case may help to reflect the vast damages, apart from whether Sony can recoup its investment in the film that triggered the hack. Then again, maybe it could have been used as an excuse to hack into the company, given one of the theories that it may have been engineered by a disgruntled insider, along with some collaboration with high-tech hackers and operatives working with the North Korean government.

  The hack began on November 24, shortly before the Thanksgiving holiday, when hackers calling themselves “The Guardians of Peace” accessed the computers at Sony Pictures, forcing the company to temporarily shut down its email and other systems until it was able to restore services on Monday. Meanwhile, the hackers apparently dug deeply into the Sony system, enabling them to steal copies of files and emails and pirate some of the studio’s current and upcoming releases, which were soon circulated widely on file-sharing sites.56

  Among the pirated films were Brad Pitt’s war movie Fury, which was downloaded on peer-to-peer networks over 888,000 times in one day alone, November 27, as well as Annie, downloaded ove
r 206,000 times, and Mr. Turner, Still Alice, and To Write Love on Her Arms, downloaded 100,000 times.57 As of November 30, these numbers were over 1.2 million downloads for Fury, over 206,000 for Annie, about 104,000 for Still Alice, 63,000 for Mr. Turner, and 20,000 for To Write Love on Her Arms.

  But the release of the films was just the beginning of the revelations from the hack attack, announced on Sony’s computers with the image of a skeleton and a message that said: “Hacked by #GOP.” The group also posted the chilling message that it would release “secrets and top secrets” of the company.58 Additionally, without specifying demands, some screens showed a red skeleton with the warning: “If you don’t obey us, we’ll release data shown below to the world.”59 The first mystery was who was behind the hack, since on November 25, the website TheVerge reported an email from a hacker who identified herself as “Lena” and claimed, “We Want equality [sic]. Sony doesn’t. It’s an upward battle. Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in. I’m sorry I can’t say more, safety for our team is important [sic].”60 So was this the disgruntled employee? Was this a cover for a more nefarious hack orchestrated by hackers in North Korea, since the North Korean government called The Interview an “evil act of provocation” that deserved “stern punishment”?61

  So that became the beginning of the mystery to discover who was behind the hack. And then on Monday, December 1, the leak of internal documents began, initially published on Pastebin, an anonymous Internet posting site. Among other things, one of these documents contained the pre-bonus annual salaries of senior executives, showing that seventeen of them earned over $1 million a year. Moreover, at this point, the FBI got involved and issued a private bulletin to a wide range of companies about a malicious software threat that could remove data from its computers, which could not be recovered and confirmed that it was working with Sony to investigate the attack. And later that evening, the hackers released what they claimed were “tens of terabytes” of internal Sony data, described as a “Gift of the G.O.P.” Among other things, the post included links to various Sony archives that included its employees’ passwords, social security numbers, salaries, and performance reviews.62

  Then, over the next weeks the hackers released even more, including lists of all the computers on the company’s internal networks, as well as the locations, IP addresses, MAC addresses, Windows computer names, and usernames of over three thousand individual PCs in North America and over 7,700 more worldwide computers on the company’s network. There was also a digital certificate issued by Sony’s corporate certificate authority to Sony Pictures to create server certificates for Sony’s Information Systems Service (ISS) infrastructure, which might have been used to sign later versions of the malware that took all of Sony’s computers offline. Plus, there were other certificates associated with the Sony Pictures e-commerce site, with its intranet servers, and with its infrastructure provided from multiple telecommunications companies.63 While most of the general public was fascinated by all of the gossip revealed about executive salaries and embarrassing emails, and then by the warnings of mayhem if theaters released the picture, within the very structure of Sony’s computer and Internet infrastructure, the hackers/pirates caused vastly more damage. There is evidence that much earlier, in February 2014, the hackers/pirates had already breached the system, beginning with an attack on the company’s international theatrical sales and distribution system in Brazil—in which they obtained passwords to access stored invoice and payment information—though Sony disabled the two accounts involved.64 After that, Sony was mainly concerned about potential denial of service attacks. Then the GOP launched its attack from inside Sony’s own network, and after burrowing deep within the system, threatened Sony with even further damage. This was all made possible by its deep penetration, such as releasing the emails and private information about Sony employees and eventually causing Sony to go bankrupt.65

  This potential for hackers/pirates to burrow deep within any company’s network system is chilling. This action against Sony could be replicated in other companies around the globe, and it goes far beyond pirating films, music, books, software, or other creative content; it shows the potential of pirates to take much more than creative content to make or save money through what many pirates justify as sharing or helping others facing overpriced creative content, from films to music to books. For the most part, though, this wasn’t the story of the Sony hack that spread like wildfire through the media. Instead, the focus shifted from the high executive salaries and their embarrassing emails to the story of The Interview. Many believe that the hack and threats to escalate the damage to Sony was due to hackers in North Korea acting on behest of the North Korean government, because the film—a comedy about two goofball journalists hired by the CIA to kill leader Kim Jong Un—was a gross offense of the nation.66 So now the threat was that any theaters showing the film would be in danger of terrorist attacks.67

  The widely known result is that Sony did pull the film, since the nation’s five biggest theater chains refused to show it,68 but within a week, independent theaters came to the rescue and were willing to open the film on Christmas day. These openings were carried out without incident, and thereafter the film was quickly released on Netflix and other online channels, and was subsequently pirated by over 450,000 illegal downloads the first day of its release. These numbers represent a kind of ironic coda to the original piracy of Sony’s private information, including around forty-seven thousand social security numbers, plus network passwords. Then all of the hullabaloo turned a quickly forgettable film into a must-see feature that raked in over $15 million in sales.

  So the story became more about free speech and Sony’s initial cowardice in pulling the film from theaters in response to pressure from the owners. Prominent members of Hollywood’s creative community expressed anger at Sony’s feature to “make a stand for artistic freedom,”69 though Sony sought to justify their response based on security concerns that someone could get injured or killed if there was an attack. There was also some blowback against Seth Rogen, the writer-director-star, and his filmmaking colleagues for exposing employees and the audience “to digital damage and physical threat by pushing his outrageous humor to the limit and backing the film to the last.”70 At the same time, the release of damaging emails by Amy Pascal, co-chairman of the studio, and Clint Culpepper, head of Sony’s Screen Gems unit, led to criticism of their leadership; Pascal had traded racial jokes with producer Scott Rudin about President Obama’s supposed taste in black-themed movies, while Culpepper called one of the few black moviemakers, Kevin Hart, a “whore” because of his growing salary demands.71 And then it became a kind of patriotic duty to see this film to stand up to the terrorists and North Korea. President Obama even got into the act with threats of sanctions against North Korea, while the FBI claimed evidence that the hackers were from North Korea, although some alternate theories post that the takedown of Sony was the work of a former Sony employee who had been fired. Or maybe the former worker had teamed up with the North Korean hackers.

  Whatever the source of the hack, the piracy of private data is what led some former Sony film production workers to file lawsuits against Sony. The grounds were that the company did not do enough to prevent hackers from stealing nearly fifty thousand social security numbers, along with salary and other personal information on current and former workers, or waited too long to tell employees about their stolen data. As described in the Associated Press article, “Sony Facing 2 Suits by Ex-Workers Over Data Breach,” two employees sued in federal court alleging that “the company failed to secure its computer systems despite ‘weaknesses that it has known about for years,’ and instead made a business decision to accept the risk,” since Sony had repeatedly been attacked over the years. And then two former movie production workers sued Sony in Los Angeles Superior Court, claiming that “the company waited too long to notify employees that their data had been stolen,�
� in violation of a California law to protect sensitive financial and medical information, resulting in “likely damage [to] plaintiffs and class members for the rest of their lives.” According to legal experts, these cases are likely to be among the many that are filed over this data breach, causing Sony to potentially face “tens of millions of dollars in damages from a class-action lawsuit.” Plus, Sony could be likely to face fines from government regulators and lawsuits from actors, producers, and directors who may prefer not to work with the company anymore.72

  Meanwhile, the US government has gotten involved in the fallout from the attack. Besides stating that it thought Sony “made a mistake” in releasing the film, it issued a stern warning to North Korea of sanctions due to its being behind the attack. These sanctions could run the gamut from cyber retaliation and financial sanctions to criminal indictments against individuals implicated in the attack, or even increased US military support of South Korea, which is still supposedly at war with North Korea.73

  As of this writing, it is not clear where this attack will lead, but it shows the potential for an act of piracy to go far beyond the theft of creative content of films, books, music, and other materials. Then, if this is done on a large enough scale, as with the Sony hack, it could result in severe economic damage not only to that company, but multiple companies, and further undermine a country’s economy. Already governments have sought to crack down on the piracy of creative materials because they threaten to undermine major industries, such as the film, music, and publishing industries producing these materials. But now—given the potential for piracy to go within these companies to steal private information, passwords, and undermine computer networks—the threat is that much greater. So the Sony hack is not just about the ability of a single film to antagonize a country with its material, if that is in fact the reason for the Sony hack. It’s not just a convenient explanation provided by the hackers to cover up their other reasons for targeting Sony, perhaps in retaliation for other wrongs committed by the company. It’s not just a way to show the prowess and power of hackers today. Rather, the hack reflects the potential damage of piracy to not just a single company or industry, but to the economy of the country as a whole, as the piracy of materials from multiple companies grows.