The structure of the modern pirate (warez) scene

The site aboutthescene , which can now be seen only in the Internet archive, besides the scene history that I translated last time, also contained fairly detailed information about the current state of the scene (2008), its hierarchy and principles of operation. In this article I will try to summarize all this information along with comments from people who are aware of the state of affairs today. Of course, there may be inaccuracies or errors in terminology or structure, some information may seem, on the contrary, too well known, but I tried to present all the information in the most complete way, as it was on the above site.

In addition to describing the scene itself, which still operates according to the principles “scene-only for sceners” and “no business” that were formed at the beginning, the article also contains information about the “undesirable activities” associated with making a profit, which inevitably arose in this global pirated to the underground

The stage itself consists of release groups and a huge topsite system located throughout the world. Although “officially” it is considered that releases should remain only on stage, they are distributed in other places. These are FXP forums, newsgroups, IRC exchangers and stsenovye torrent trackers. They were also described on the site, although, I will emphasize once again, they are not part of the scene.
')

Release group

Release groups are the core of the scene, these are the people who make releases. The composition and number of participants can be very different, depending on what exactly the group releases - movies, music, games or programs. For example, an mp3 group can easily consist of just 1 person, and in a large group that produces software, there may be several dozen people. The group usually has its own server (dump) on which they store working files. There are strict standards or rules by which all releases are made. The rules change rarely, usually this is done by the meeting of the council of several top groups.

Material for releases group takes from the supplier (supplier), which may be a member of the group or not. In the latter case, after transferring to the scene, the supplier may sell the material (for example, a movie made in a movie theater) to commercial pirates.

Supplier methods in the early years were not too different from today’s. The person just went to the store and bought the program, or ordered the software directly from the company-developer. Money to buy in the days of the BBS usually came from the official contributions sysop, but sometimes by illegal methods, such as carding. It has always been preferable to have insiders. These are like spies inside corporations; they take programs directly from sources even before the official release. In this case, the group did not have to keep track of the exit date and immediately run to the store, trying to outrun others. Moreover, it gives time to quietly open the program, while other groups are waiting for an official release. Some groups were more creative, for example, someone pretended to be working in a magazine making reviews of fresh software. At that time, companies were happy to provide copies for free, but over time they became smarter, and such cases diminished.

If a group releases a release that has already been released by another group, this is a dupe. Then release nuke. This means that it is marked as a “bad” release. Groups try to avoid this, as it creates them a bad reputation. In addition to the double, the release may be nyknut for other reasons. There are two types of nukes: global and local.

Global depend on the release itself, that is, something is wrong with the release. For example: errors, duplication, jerking or sticking of a picture, interlacing, incorrect aspect ratio of the frame, incorrect transformation of the TV sequence or frame rate, sound defects, rip curve, etc. If the group itself detects an error, they can request a nuke.

Local depend on the environment. Some sites sniff releases for violating their rules, for example, TS, DVDs in foreign languages, etc. can be banned on the site. But the release itself is correct. Locally nuzzled releases can naturally be distributed on other sites.

When a group makes a release, it is automatically registered in the database. This is a huge database containing all releases ever released on stage. It contains the names of releases, the date and time of release, although the fields differ in different bases. For example, it can be music genres (for mp3 releases), sections, reasons for nuke. Databases exist to provide groups with a service for checking releases already released to avoid duplicates. It can also be used to check whether, for example, a film has already come out, and when, etc. Release databases are updated automatically, either by topside bypass (spidering), or by intercepting pre-messages on the site channels.

Sites / Topsites

Each release group lays out its releases on one or more topsites. Then the release is distributed throughout the scene. In fact, a lot of sites, but for them there is a rating system. The most prestigious sites that have the best operators, the fastest channels and agreements with top groups have the highest rating. This is topsites. All other sites are also part of the scene, if at least some couriers put releases on them, but of course no one calls less important sites, especially those that do not participate in the ranking at all, with topsites.

Security for topsites is very important, they are highly classified. A typical site is configured so that only users with a certain ident and host can access it (or the ip range is checked), with SSL encryption of all sessions. To hide the real IP address of the topsite, FTP bounders are used. Most users connect through a proxy. Thus, the site also does not see their real address.

Sites have a quick connection to the network and a large amount of disk space. Often they are in schools, universities, people at work, or in data centers. Some countries are preferable: the Netherlands and Germany - there is fast Internet and it is in the center of Europe. In Sweden, too, good speed, besides there it is very cheap. Such sites are called legal, in the sense that the owner of the computer knows that the site is located on it, unlike the pubstro (see below). If you have fast Internet and you agree to keep the site, there will be people who will be happy to buy and send you a computer for the site, and they will not receive any commercial benefit from it. The owners of the sites sometimes sell access for money, but this is an infrequent phenomenon. FTPD is installed on the site and the bot will announce on the IRC channel when a directory is created on the site and when the download is completed. He also reports information about the "race" - couriers are trying as soon as possible to transfer the release to other sites. So they earn a rating.

All who are on the site are registered on the IRC channel of the site. Most often they are located on private and very secure servers, the connection is via SSL. There are other security measures. You cannot just enter the channel, you have to invite yourself with the help of a special command while you are on the site. Thus, those who are not on the site will not be able to enter the channel. Or use a password. Often the channels are protected by the plugin for IRC encryption FiSH. In order to read messages, you will need the appropriate fish key. On the IRC channel, site operators and members can communicate with each other. On the same channel there is a bot announcing releases. Most sites have a separate feed for ads.

All the people present on the sites are divided into sites, couriers and affiliates.

Site managers (site operators) are administrators. Usually on a site from 2 to 5 sites. One of them is often the site owner, the other is the one who found it and helped install it. The rest are their friends and people from the scene. One or more of them are nukers. Their job is to remove fakes and doubles.

Couriers are people who transfer releases between sites. Usually each of them has access to several sites and they try to transfer releases as quickly as possible, immediately after their release. The race is to pour the most parts of the release with the greatest speed. The race starts immediately after the PRE.

Affiliates are representatives of release groups that publish their releases on the site. Each of them has access to a private hidden directory on the topsite. New releases are uploaded there before they are available to other users. When a new release is fully uploaded to all topsites with which the group cooperates, a special team is executed, which simultaneously copies the release to a directory accessible to everyone else and advertises on the IRC channel. This command is called PRE. PRE messages can also be transmitted to external channels for announcements in order to inform other couriers / users of sites / fxp that a new release is available for racing.

The sites also have a rating system. Saytopy and affiliates - an exception to this rule, they can download freely. The most common system is 3: 1, that is, if you uploaded 3GB, you can download 9GB (or FXP) to another site. If the participant does not fulfill the mandatory monthly plan for the upload, his account is automatically deleted. For downloading a bad release (if you nyknut), the rating can be reduced, even with a multiplying factor. (comment. that is, if you have filled in some complete mess, you can be counted as a minus in 5-fold size, this practice came from the time of the BBS)

FXP forums

FXP stands for File eXchange Protocol. In fact, this is not a protocol, but simply a file transfer method that exploits a vulnerability in the FTP protocol. It allows you to transfer files between FTP servers. The first server is issued a command, and instead of transferring files to the client, it sends them to another server. Usually the speed of downloading files is very high.

The existence of FXP forums is little known, so they are relatively secure. However, the hacker methods used by them are very illegal and therefore dangerous. Usually work is organized through a forum on a modified vBulletin engine. There is a rating system. It can be either active (when the user must have a certain rating in order to have access), or passive (when the admin simply periodically removes inactive users). All participants are divided into scanners, hackers and fillers.

The task of the scanner is to scrub IP addresses, where there may be low-protected computers with a wide Internet channel (usually universities, companies, etc.). This is either a password selection or a port scan. Scanners often use other, slow, previously captured computers (they call them scanstro), on which they install programs for remote scanning. When results are obtained, the scanner publishes them on the site. In the case of hackers.

Hackers crack these computers. There are so many vulnerabilities (security holes) that are easy to exploit. In order to gain access to a computer, a script is used - the so-called exploit . What kind of exploit to launch, of course, depends on the vulnerability that the scanner has detected. Having access to the system, the hacker installs a rootkit (usually a modified version of Serv-U). Most often, he also installs a program for remote control (usually Radmin), so that later it would be easier to go to this computer. When the server is ready, the hacker publishes a login on his FXP forum. Such a captured computer is called a pubstro or stro. Depending on the connection speed and disk space, it is then used by either a filer or a scanner.

Fillers are engaged in filling the captured servers with fresh warez. Filler takes a warez from other pubstro, filled with other people. Sometimes fillers have access to topsite, and shift releases from there. Such people are considered violators, and if the sceners find out about it, they are banned on the stage. Sceneban - simultaneous ban on all sites of the scene. They say that this happens quite often. After transferring the files, the filer publishes the data on its FXP forum so that others can download. Everyone tries to announce the release first, this is a race, the same as on the stage - whoever wins, he gets an increase in the rating.


^{an example of an ad onstage about an intruder who poured FXP releases}

Pubs / Pubbing

This technique has lost its relevance today. Methods of past times, similar to the above scan / hack / fill, when many universities and companies on FTP servers were allowed anonymous access, including recording. Therefore, instead of hacking the system, it was possible to simply upload the data there and publish the IP addresses. Once this practice was very popular, but for obvious reasons, it gradually died out. It was done this way: FTP servers with anonymous write access were scanned (they were called “pub”). Found pubs were marked (created a directory named "tagged.by.name"). This was done so that no one else would use the already “marked” pub. Apparently, it worked for some time, and people respected such “tags”, but not for long.

Then people began to change tags on their own, what was called retagging. Against this, they began to use dir locking, so that no one, except for those who first marked pub, could not enter this directory. Different methods were used. The simplest - the creation of a "maze" - is hundreds of subdirectories, so it was difficult to find where the warez is. Another method is UNIX tags. The magic symbol ÿ (alt + 0255), which in UNIX machines was a special code. If there is such a symbol in the directory name, it will be displayed differently than it actually is. Only the creator of the directory can go there, since he knows the real name. There were methods for NT systems.

News groups, IRC exchangers and stsenovye trackers

NNTP protocol is one of the oldest on the Internet. Initially, it was used for communication by interests in the manner of bulletin boards (as on the BBS), but people very quickly realized that it can be used to share files. Messages are stored on a news server for a certain time, usually small, but there are servers (usually paid) that store data for a very long time. Fresh releases from the scene are distributed through newsgroups and today, at the same time, there you can find very old releases that have not been preserved anywhere else.

On IRC servers there are warez channels supported by people who have access to releases. These can be people from FXP, paid sites, or sceners. There are two types of channels. The first - Fserve-channels (user-to-user). They use certain IRC scripts and functions to transfer files between users directly. The second are XDCC channels (server-to-user). Usually they are closer to the scene. The server (usually iroffer) is installed on the hacked computer in order to later distribute a warez from there. Only a limited number of users can download at a time, so a queue is being organized.

There are specialized closed torrent trackers, on which only releases are delivered directly from the stage. They are called scene trackers or 0day trackers. The number of users on them is small, and ordinary users can not invite new members, this is done by the administration. They follow the same principles on which the scene operates: no business - access should be free, and releases downloaded from the tracker should not be distributed anywhere. There is no advertising on such trackers, hosting costs are paid for by donates.

Conclusion

The scene is a huge organization that includes tens of thousands of people of different ages and professions, united by a common sports interest - to get and release as much content as possible faster than anyone. And although the sceners themselves do it without any benefit, it is not surprising that there are many people who want to earn money from their activities.

Sceners do not sell releases, but suppliers can. Sceners rarely keep sites themselves, as this is not safe, but some site owners sell access. Even entire “fake” sites are created that impersonate topsites so that couriers upload releases from the stage, although their only purpose is to sell access, or the content itself, which then climbs the Internet from all holes, hung with ads and offers “download to high speed ", of course, for the money.

If such facts are discovered, the violators are banned, and the sites are declared “outlawed,” but how can you keep track of everything when there are thousands of sites scattered around the world and tens of thousands of people on them? Nevertheless, the scene continues to live, and by its existence to prove that not everyone in this world is ruled by money.