This document discusses various topics related to cyber crime and casual cyber activity. It begins by introducing the author and their background. It then discusses legal gray areas around unauthorized access and copyright law. It examines relationships between consumers and technology companies. Several sections analyze jailbreaking Apple iPhones and modding game consoles like the Nintendo DS, Wii, and others. It covers debates around piracy, homebrew applications, and legal issues. The document concludes by predicting increasing conflicts between public interests in device functionality and corporate control through copyright as technology continues advancing.
2. Hello!
• – Computer Forensic Leader
• DoD Cyber Crime Center
– Defense Cyber Investigations Training
Academy (DCITA) – Deputy Technical Lead
• Author / Co-Author of six books
• 14 years of network / security / forensics
• 20 years of computer hooliganism
3. Legal v. Illegal
• “Unauthorized” vs. “Illegal”
– Terms of Service vs. Law
– Lines severely blurred since the DMCA
– “copyright law now gives content owners
new powers to silence creators of
unauthorized expression, including fair
use expression”
– Julie Cohen, Professor of Law, Georgetown University
4. Consumers v. Criminals
• Consumers are emotional and loyal
• Will trust in a vendor until they feel
betrayed
– If betrayed enough
– and ease of crime is low enough
– Consumer “Criminal”
6. Apple iPhone
• Unlocking the phone
– Modify firmware to allow it to connect to
non-AT&T networks
– Currently legal under exemption filed
November 2006 (expired today, extended)
• Jailbreaking (iPhone and iPod Touch)
– Allows installation of unauthorized apps
– But… won’t somebody please think of the
cell towers?![1][2]
7. Apple iPhone
• The Bad
– Apple / AT&T lose money if users switch networks
– Pirated apps
– Apps that conflict with Apple / AT&T business
– Device can be used in ways that ruin Apple’s
reputation
• Obviously, anyone that does this is a bad guy,
right?
8. Apple iPhone
• The Good
– Unlimited Functionality
• SwirlyMMS – text messaging with MMS
– Apple/AT&T added MMS 14 months later
• Cycorder – Video Recorder
• iLocalis – Remote control and locator of iPhone
• xGPS – Free GPS reader for Google Maps
• NemusSync – Sync Google Calendar
• Five icon dock
• Read PDF / Word / Excel documents
9. Apple iPhone
• The … curious?
– OpenSSH – SSH Server
– LigHTTPD – Web Server
• With PHP and SQLite capabilities
– Veency – VNC Server
12. Apple iPhone
• So simple, even a skiddie could do it…
• 3 Step Process with redsn0w or
greenpois0n[3]
– Download software and iPhone firmware
– Connect device via USB/FW
– Click button to load firmware
• Over 4 million iPhones have been
jailbroken[4]
14. Data on Websites
• If it’s on the web is it:
– Published?
– Public?
– Open for access?
• Where does the onus of security
morality lie?
– User?
– Host?
15. College Admissions
• March 2005, steps posted to “hack” to check
college admission results on ApplyYourself
• Results were already finalized, just not
published to student’s page
• “Hack”: Append login id to end of query URL[5]
• https://app.applyyourself.com/AyApplicantMain/Applic
antDecision.asp?AYID=89CFE0A-424C-4240-Z8D0-
9CR5 2623F70&mode=decision&id=1234567
16. College Admissions
• 119 Harvard Business School hopefuls
attempted URL change
– All were rejected from the school as a
result
– Many other schools rejected “hackers”
• “a serious breach of trust that cannot be
countered by rationalization “
– Kim Clark, then Dean at Harvard Business School
17. First Sale Doctrine
• Copyright limitation implemented in the
Copyright Act of 1976
– Copyright owner cannot limit your ability to
resell a product after initial purchase
– Challenged by physical vs. digital
distributions (eBay v. Steam)
18. First Sale Doctrine
• And in walks the DMCA…
– Timothy S. Vernor v. Autodesk Inc.
– Company liquidated inventory of AutoCAD
– Vernor sold software on eBay, had all
auctions removed by eBay/Autodesk
– Autodesk: EULA prevents resell or transfer,
ruled transactions as violations of DMCA
– Still awaiting judge’s decision…
19. Gaming
• Video Gaming is big business
– 42% of all US homes have a console [6]
– Average gamer spends over $700/yr [7]
– However, average gamer is also 35,
overweight, and depressed…[8]
– June 2009: Only 50% of gamers were
under 18 [9]
= more gamers have jobs
20. Gaming
• Since the beginning there was hacking
• Modifications were prohibitively complex
– LPT ports, terminal applications
– ROM patching
– Modchip soldering
21. Gaming
• Modifications are now extremely simple
• Solderless solutions with ON/OFF
switches
• Drag-n-drop
solutions on
MicroSD
22. Gaming
• The Bad:
– Piracy
– Online cheating
• The Good:
– Backup / import saved games
– Cheat codes
– Homebrew / new functionality
– Bypass region locking
23. Gaming
• Nintendo DS
– Simple Slot-1 card with MicroSD reader
– Drag-and-drop apps and ROMs
– Homebrew:
• MP3 / Movie player
• Web browser
• Organizer
• DSLinux
24. Gaming
• Nintendo Wii
– Solderless Modchip
– Hardmod (bad)
– Softmod (good)
– USB HDD support
– Homebrew:
• DVD Player
• Media Center
• Wii Linux
25. Gaming
• Nintendo Wii
– Hardmod
• Allows for playing burned games
– Softmod
• Allows for playing game images
• Runs homebrew
Current Exploits:
Twilight Hack[10]
Bannerbomb[11]
Smash Stack[12]
Indiana Pwns[13]
26. Gaming
• Legalities
– Console producers heavily
discourage homebrew apps and
modding
– 28 Sep 09 – Wii 4.2 System update
seeks and destroys all homebrew
apps
• Nintendo code was rushed and bugged,
bricking legitimate Wiis
http://modtechs.com/tag/matthew-crippen/
27. Gaming
• Modifying a console to bypass copy
control protection is a violation of DMCA
– Aug 2009 - Matthew Crippen, 27 yr old
college student, indicted on two counts of
modifying consoles for friends
– Faces 10 years of federal time [14]
– Robert Schoch, ICE special agent "Playing
with games in this way is not a game -- it is
criminal." [15]
28. Conclusion
• Things are going to get much worse
before they get better
– Corporations / governments are slow to
evolve and rely heavily on law
– The public evolves very quickly and relies
on morals
– Both rely on self-interest, convenience, and
greed
29. Conclusion
• Consumers are on the losing side
– Suppliers will constantly find new ways to
exploit hardware/software
– Consumers will seek ways to extend
capabilities
– Corporations will treat consumers as
criminals until… they really do become
criminals
30. Conclusion
• Education is the primary answer
– Public need better education on copyrights
and legal system, and it needs to start with
the kids
– Corporations and government need to
understand the changing movements of
their bosses (the public)
• “I don’t use understand or use it, but I’m going to
control it”
31. Conclusion
• Words to watch in the next year:
• “Making available”
– RIAA’s legal suits were partially based not
upon committing a crime, but making
available for the opportunity to commit one
– HR 1319 (Informed P2P User Act - Rep.
Mary Bono, R-CA)