Releasegroups – Groups of people who release the warez into the scene. Often linked with Site Traders.
Topsites – Very fast FTP servers with people who trade the releases from the above groups to other (top)sites.
FXP Boards – People who scan/hack/fill vulnerable computers with warez.
IRC Trading – Users of IRC who download from “XDCC Bots” or “Fserves”.
Newsgroups – People who download from alt.binaries newsgroups.
Peer-To-Peer – Users of p2p (peer-to-peer) programs like KaZaA but also BitTorrent who share with eachother.
We’ll start at the bottom and we’ll work ourselves up to the top.
At the bottom of the piracy food chain we have the peer-to-peer users. There seem to be two groups of peer-to-peer users. The first group are kids and downloading some music now and then because they can’t afford cd’s. Second are the older p2p users who use p2p for also for downloading games, programs, movies, etc. In the media, peer-to-peer are being labeled as dangerous pirates. They are a lot easier to bust for the RIAA/FBI and there are quite some of them who are being sued by the RIAA for thousands of dollars. The level of security is very low, and it’s easy to get access to all warez. This is why they endanger the sceners. The download speeds are quite low since you download from other users. Most p2p-users don’t have a clue about what a long way a release has made untill it’s available for download in p2p software. It has been released, spread from topsites to fxpboards, then to irc/newsgroups and in the end it’s available for the mass via peer-to-peer. The speed of p2p is the lowest, since users download from eachother.
A special kind of p2p system is BitTorrent. It uses a central location which coodinates the downloads but it doesn’t host any downloads. The download itself consists of several pieces offered by various users. Such a coordinated group is called a torrent. BitTorrent is widely used, allthough it’s rather insecure. It’s also fairly accessible. The central distributionpoint is called the tracker. The tracker knows which users already have the file, and which users want to download it. The users who already have the download are called seeders, and the users who are downloading are called leechers. Every user who downloads a certain file, downloads a different part of the file. When the seeder goes offline, they can still download from eachother and all complete the file.
Once upon a time when the internet was still young there were special interest groups that shared information and kept in touch by using a bulletin board type system. This system was designed to take advantage of the internet in a way an old bulletin boards couldn’t; each location had a machine (news server) that would store all the messages of the newsgroups that were desired by it’s users. A short time passed and the users of certain newsgroups thought that this system would be ideal to share files with each other. It’s easy to access newsgroups but unless you are familiar with them, navigating and downloading files from the newsgroups takes more effort than p2p software. You can download from newsgroups using a newsreader, for example: NewsLeecher and Xnews. There are also pay newsservers, these are faster and can hold up the files longer than free newsservers. Free newsserver can be quite fast, and pay newsservers are even faster.
Not far up from peer-to-peer users we have the people who go to IRC for their warez. In general, these people intend to have a better knowledge about computers and the internet. Warez channels are often run by people who have access to a fair amount of pirated material.
There are generally two types of these channels. These can often feed by people from FXP boards or bad sites. First there are Fserve (user-to-user) channels. They mainly use the mIRC client’s File Server function and some scripts to share their warez directly from their hard drives. Second there are XDCC (server-to-user) channels. These are usually run by people who are into FXP boards or in the scene. They have access to fast, new warez. They employ people to hack into computers with fast internet connections and install XDCC servers (usually iroffer) which are used to share out pirated goods. There is a limited amount of people allowed to download a release at once, so when a release is populair you are placed into a waiting line. That way good download speeds will be guaranteed. The download speed is often very good.
FXP is the File eXchange Protocol. It isn’t an actual protocol, just a method of transfer making use of a vulnerability in FTP. It allows the transfer of files between two FTP servers. Rather than client-to-server, the tranfer becomes server to server. The fxp’er just gives a command to 1 server to send files to the other server. FXP usually allows very fast transfer speeds although it totally depends on the connection of the servers. Still it’s ussually faster since the hackers are able to hack very fast servers. The fxp boards layer in the piracy food chain is quite unknown and therefore rather safe. Though the hacker’s activities are very illegal, and therefore dangerous. Security is important. The members are ussually a lot smarter than irc-traders/p2p-users and have a greater knowledge about computers and internet.
The boards usually run a vBulletin forum with custom hacks. The boards ussually don’t work with a credit system. Though the admins do an user cleanup once in a while. The board’s members consist of scanners, hackers, and fillers. They each have their own tasks:
The Scanner’s job is to scan IP ranges where fast internet connection are knwon to lie (usually universities, company’s, etc.) for vulnerable computers. We’re talking brute forcing passwords from programs, or scanning on ports for certain programs which contain a bug. The scanner will oftten use slow previously hacked computers for his scanning (known as scanstro’s), using remote scan programs. Once the scanner has gotten his results, he’ll run post this at the board. This is where the Hacker” comes into play.
Hackers are the people who break into computers. There are many easy-to-exploit vulnerabilities. Hackers get in to a computer using an exploit to get in via a program’s bug. An exploit is a script which uses the bug to get in the pc. The program/exploit he uses (of course) depends upon the vulnerability the scanner has scanned for.When in, the hacker runs his rootkit (a modified version of Serv-U ussually). This rootkit is the server where other people can download from. Most likely he will also install remote administrator software (ussually Radmin), so he can get in to the computer easily. Once the server is installed and working he’ll post the admin logindata to the FTP server on his FXP board. Depending on the speed of the compromised computer’s (aka pubstro or stro) internet connection and the hard drive space, it will be used either by a filler or a scanner.
Now if the pubstro is fast enough and has enough hard drive space, it’s the filler’s job to get to work filling it with the latest warez. The filler gets his warez from other ftp servers hacked/filled by other people. Fillers sometimes have site access, and fxp releases from there to their pubstro. These people who are in sites and in fxp boards are considered corrupt, and if other sceners find out, they will be scenebanned (banned from all his sites). Though it is said that it happens quite often. Once he’s done fxp’ing his warez, the filler goes back to the board and posts leech logins for one and all to use. Fillers (with site access) all try to post a release the first. It’s kinda like a race, who ever wins it get the most credit. The speed of these pubstro’s depend on how fast the pc is they hacked. Though the hackers from these fxp-boards are rather good, and are able to hack 100mbit’s.
Pubbing is not so important anymore nowadays. This scan/hack/fill methodes are from the old days when many university and business ftp servers had write access enabled on anonymous ftp-servers. So instead of break ing into a computer, they would just upload their warez and give the IP address to their friends. This was very popular but died out for obvious reasons. It works like this; there is someone who scans for ftp servers with anonymous logins with write-access. Once found a pub would be tagged (a folder with the name “tagged.by.name”). The idea was that if a pub was already “tagged” other pubbers would leave it alone. This apparently worked for a while, with people respecting other people’s tags and leaving the pubs alone. But it certainly hasn’t worked for a very long time.
A method against retagging is dir locking. This is used in pubbing to stop people which are not allowed to get into the directory of the tagger (and slowing the server down). There are a couple or dir locking tricks. The first and easiest is to make a maze. When you make a maze you just make a lot directories and other people would never know in what map your stuff is since you would have to try them all out. Second is UNIX tagging. That’s about a the magical character, the Ã¿ (alt+0255) which is an escape character on UNIX machines. When give a directory a name containing that character, the name will be displayed different then when you typed. The creator can get in by typing in the original name. Last is dir locking NT systems. More about this and other dir locking here.
Next on the list and pretty much at the top or near the top are the site traders. Site trading is basically sending releases from one site to another. Releasegroups publish their releases on these sites, so they are the first stadium in the distribution of warez. From there on a release will be spread all over the world.
These sites have very fast internet connections. 10mbit is considered the minimum, 100mbit good, and anything higher pretty damn good. The sites have huge hard disk drives. 200GB would probably be the minimum, and they can get up to 5 terabytes. These sites are often hosted at schools, universities, people’s work. Also some countires have the preference. The Netherlands and Germany have fast internet connections, Sweden also but then a lot cheaper. These sites are referred to as being legit. This means that the owner of the computer knowns that they are there and being run, which is the opposite of pubstro’s. Fast connections mean a lot to some people. If you have access to a 100mbit line (and are willing to run a warez server there), there are people who would quite happily pay for and have a computer shipped to you just for hosting a site that they will make absolutely no profit from. Commercial use of site access is not something common, most people do it just for fun, not to make money. Standard site software are GlFTPd and DrFTPd. As well as running FTPD, the sites run an eggdrop bot with various scripts installed. The bot will make an annoucement on an IRC channel when a directory is made or upload completed. It will also give race information, since just like on fxp boards, the site traders try to send a release as quick as possible to another site. That way he will earn credits. The more credits, the more he can download. The speed between topsites can reach about 15 MBps.
There are basically three ranks in sitetrading: siteops, affiliates and racers. Siteops (Site-Operators) are the administrators. There are usually between two and five siteops per site. One is often the supplier of the site, another the person who found the supplier and guided them through the installation of the FTPD. The other will be friends and
people involved in the scene. One or more of the siteops will be the nuker. It is his job to nuke any releases that are old or fake. Affiliates are the releasegroups who post their releases there right after they are finished.
Racers are the people who will race releases between sites. Usually they will have access to a number of sites and will fxp release as soon as they’re released. FXP’ing a release will gain credits. The ratio is usually 1:3, so fxp’ing 3 GB will get them 9 GB credits on the site. The race is to upload the most parts of the release at the fastest speed. Racing happends shortly after a release is released.