We were after one guy, say malware flight simmers

flight-sim-labs-2

A flight sim company who put malware in one of their jets now say they were only after one person, in an attempt to downplay how many users were affected by what they described as “DRM”. As we reported yesterday, Flight Sim Labs normally sell planes to players of Flight Simulator X, but they recently included a malicious file called ‘test.exe’ in an installer for a popular airbus (you might have seen it if you’ve flown with EasyJet). The malware was designed to dump usernames and passwords saved in the Chrome browser. When this was discovered, the head of the company said the malware was targeted at pirates. It only ‘activated’ if the person installing the plane was using a pirated key to do so, he said. But they now claim they were using the clandestine .exe file to target a single, specific person.

The head of the company, Lefteris Kalamaras, made a post to the Flight Sim Lab forums, admitting again that the dodgy file was embedded in the installer. As in previous posts, he refers to the malware as “DRM” – digital rights management. He then goes into more depth about what they did and why.

First he explains what would happen if you were a “genuine” user running the installer for the airplane:

“As soon as the user entered their customer information (order ID / serial number / email) it verified this against our server database. Genuine customers and any other legitimate serial numbers trigger a full proper installation and no tool was called / used to figure out any pirate info. The installer that temporarily extracted the tool would remove it as part of its normal cleanup operation upon proper installation completion.”

Finally, he zones in on their reasoning for including this “tool” at all – to find the people who were cracking their airplane add-ons and distributing keys online for free (for context, this particular aircraft normally costs $100).

“…there were specific crackers who were successful in sidetracking our protection system by using offline serial number generators. We could not find how this would happen, but we happened upon a particular set of information (username / email / serial number) that would occur recurrently from specific IP addresses. We tried to add more tests in our subsequent installer releases, but the specific crackers were also upping their game in ensuring they sidetracked our installer. We even went so far as to figure out exactly who the cracker was (we have his name available upon request of any authorities), but unfortunately we could not be able to enter the registration-only web sites he was using to provide this information to other pirates.”

And from here, it just gets more and more Netrunner.

“We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers so we decided to capture his information directly – and ONLY his information (obviously, we understand now that people got very upset about this – we’re very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts.”

In other words, they began to put malicious software into their airplanes in an attempt to catch some pirates. But the focus shifted, according to Kalamaras, to keeping track of a single cracker.

The post goes on to say they intended to send all the collected information about this cracker to the “proper legal authorities”. Although it neglects to address the legality of installing malware on the computers of innocent users in the first place, nor the legality of harvesting usernames and passwords from anyone, whether they are a pirate or not.

flight-sim-labs-1

This continues to be a grubby story. The whole shebang has been dissected by Fidus Infosec, an information security firm who made a post attempting to answer five pertinent questions:

  1. What legal boundaries is this pushing, if not directly breaking the law?
  2. How is the data being sent to FSLabs?
  3. How is the data being secured and who has access to it?
  4. What exactly are people’s usernames and passwords being used for?
  5. What on earth were they thinking?!

They confirmed that the file ‘test.exe’ was indeed malicious, and that it was designed to “extract saved usernames and passwords from the Google Chrome browser and have them displayed in a readable format”. But through their testing they also concluded that “the password dumping tool (test.exe) is only called when a fraudulent serial is used” just as Flight Sim Labs attest.

However, the infosec folks also found that any captured information was being sent back to the servers of Flight Sim Labs in a badly encoded format (in Base64 – the encryption equivalent of wrapping a confidential memo in a few obscuring layers of cling film). They also questioned the security of the servers themselves, and summarised their thoughts like this:

“Whilst we fully understand the importance of DRM and combating piracy, it poses the question on how ethical some companies are being in doing so along with the legal and infosec implications of it.”

There are still unanswered questions. How many people – pirate or otherwise – have had their usernames and passwords taken by the malware? What has happened to those usernames/passwords? And how many people used the dirty installer legitimately, thus briefly hosting malware? We’ve emailed Flight Sim Labs with these questions and more, and will let you know if we get a response. But don’t hold your breath.

73 Comments

  1. Premium User Badge

    Lexx87 says:

    I’m actually surprised they didn’t realise how obviously they would get caught in doing such a daft thing.

    • aepervius says:

      And they certainly failed to consult a lawyer. Which would have told them this is highly illegal. Vigilantism is not authorized in any first world country as far as I know. You are not allowed to hack back… Or steal password. Not only what they gathered would be non receivable because it would be hard to prove any custody chain but also it is highly illegal.

    • YourMomWillDoIt says:

      funny story, so if you accidentally enter a wrong serial the program activates and sends ur passwords unsecured through the web to their insecure server? well played ;)

    • DThor says:

      I’m sure some devs, especially a relatively small group and servicing an extremely vertical market, must stay awake at night worrying over lost revenue and shallow margins. I seriously doubt you get into study level plane design for any reason other than love for the market and earning (hopefully) a decent living. It’s sad they let emotions drive a stupid decision like this. It’s like packing e-coli into a Bento box and telling legit customers to not eat the complimentary wasabi. Just asking for trouble.

      I’ve found the entire market tends to live in an XP world, with lots of running apps as root and installing in system root locations. Primarily because FSX is bloody ancient.

  2. Vilos Cohaagen says:

    Wow, this is so illegal in the UK and EU.

    • sosolidshoe says:

      But don’t you get it? They’re targeting *evil pirates*. They’re *heroes*. They’re basically *internet Batman*. Totes justified yeh.

      Yes, that’s sarcasm, for the avoidance of doubt. But it’s not an uncommon attitude, sadly, and this kind of behaviour is the natural result of casting file sharing as a good vs evil moral and legal battle for the very soul of creative endeavour, and it’s only illegal right now because the bigger corporations haven’t yet boiled our collective frog for long enough to successfully get it made legal.

  3. Premium User Badge

    Drib says:

    I’m not sure about legality in the US, given how uh, special our government is when it comes to tech and DRM.

    But I do know this is shady as balls. No one will ever trust your company again, guys, was that what you wanted? There’s no reversing from that.

    • SaintAn says:

      Capcom did that before years ago iirc. Think it was included in a Street Fighter game. Memory fades and most people are too mindless or brainwashed to stand up for themselves so they submit and let things like this happen and continue to support such corporations.

      • Premium User Badge

        Drib says:

        I don’t recall them outright stealing passwords, but I do vaguely remember some DRM kerfuffle with them and one of the Street Fighter games.

        Yeah. Maybe it won’t be remembered forever, you’re right.

        • Premium User Badge

          Drib says:

          Looking it up, SF4 had GFWL, which… yeah, sucks, but doesn’t steal data.

          SF5 had some weird rootkit that COULD have been used to nick data, but wasn’t specifically designed to do so.

          Those are pretty far removed from this particular thing.

      • corinoco says:

        FSLabs ain’t Capcom. The Flight Simming community is only small, and heavily reliant on forums; and FSLabs name is now MUD. There is no way they will recover from this.

        The big issue is that if FSLabs “knew” who they were targeting then why not just go to the Internet Cops about it? Various authorities world wide LOVE nailing a pirate to show how good the Cops are and What Will Happen To You If You Copy A VHS.

        It looks a lot like FSLabs decided to go for retribution, becasue THAT always works out well, doesn’t it? IDIOTS. I guess they don’t even understand that just because you’ve “got the IP address” of the perp then you DON’T have positive ID! Have they not heard of DHCP? Hint: It’s not a deHavilland. (Flight sim joke there)

        It’s astonishing how stupid they have been, this is really the kind of stupid I thought only Australian companies could achieve, but they really pushed the flyingboat out with this. Sorry I’ll stop the bad jokes now.

      • MajorLag says:

        Sony infamously included a rootkit on many music CDs. People have short, and selective, memories indeed.

    • something says:

      If they obtained any passwords and used them to access a computer system without authorization, that would, I belive, be criminal hacking under US law. Merely taking the passwords from the target machine would probably also fit that definition.

  4. satan says:

    IT WAS JUST A SOCIAL EXPERIMENT BRO!

  5. Lobotomist says:

    How are they not prosecuted for this ?

    • Pogs says:

      Its early days. I’m sure they will be having a friendly call from the European Data Protection people.

  6. Kollega says:

    Ladies and gentlemen and everyone else, this is what I can freely call “cyberpunk for blockheads”.

  7. Cvnk says:

    I don’t use Chrome (or any web browser) for password keeping so I’m not personally worried but I’m curious how they were able to access and decrypt that information.

    • Cvnk says:

      Some quick reading reveals that I should not have been surprised by this element of the story. Chrome password dumping is nothing new or unique.

      Still, seems strange to me that it should be this trivial. I realize that the main value in a password manager is eliminating password reuse and encouraging complex and random passwords to protect you against online breaches but I also expect the local store of those passwords to be reasonably secured.

      • AthanSpod says:

        Mainly the Chrome devs refuse to implement some form of master password to protect the password store out of the assumption that if a bad actor has access to read the store then they can likely keylog the entry of the master password as well.

        Personally I’d still prefer a master password on the store, even if it only offered limited additional protection. At least make the bad actors actually jump through the extra hoop (which is an additional step at which an anti-virus might catch it in the act).

        • MajorLag says:

          > which is an additional step at which an anti-virus might catch it in the act

          You place entirely too much faith in AV software if you actually believe this. AV software is basically worthless.

    • Lord Byte says:

      By allowing “elevated controls”, the ubiquitous “Run in adminstrator mode” it seems that allows it to bypass the requirements for using your username and windows password in Chrome to access the encrypted usernames and passwords.
      Seriously, any properly designed software should NEVER require it to be run in “Adminstrator mode” as it allows it to basically do anything to your computer. It’s really not that hard to stay within the rights of the system, unless of course, your software is specifically made to tamper outside of its “allowed” spaces (like Temp, Appdate, Documents and so on)

      • Catterbatter says:

        The password recovery tool was launched by the installer, which would have prompted to run as admin.

  8. Skabooga says:

    Woah, woah, woah, I think we are all just glossing over the fact that they are charging $100 for a virtual airplane. I mean, what? Is that normal? (I have a feeling that it must be, but not being a flight sim enthusiast, I feel compelled to ask those with more experience.)

    • percydaman says:

      Pretty egregious but not surprising I guess. I mean those games are still rather niche in the grand scheme of things. And the amount of work they do to recreate the planes. I’m not surprised they think they should charge 100 bucks a pop in the hopes of getting their investment back. I would never pay that, but I suppose some do, or they wouldn’t make em.

    • poliovaccine says:

      Actually I was scrolling down to say the same thing. Like, no wonder they give such a shit about pirates, and no wonder people want to crack their stuff!

      I think that is fairly normal in the world of hardcore simmers, but that still feels like it’s just taking full advantage of the niche to which these people belong, knowing they have to pay these exorbitant prices if they want to participate at all. I really don’t know how sims over the years have justified their insane-o prices, especially when gamers of every other stripe often consider $60 too much for hundreds of hours of entertainment out of a game made on a seven figure budget. I’ve been surprised before at figures like that, and it’s always coming from hardcore flight or train sims, or else hardcore war games. Someone else will have to explain to me why folks are cool with that, though.

      • TheOx129 says:

        As someone who’s only relatively recently immersed themselves into the world of sims and grognard games over the past year or two – and had similar sticker shock – I might be able to offer some insight. I’d say the high prices are the result of a few factors:

        1. Supply and Demand – At their core, these are games (though many would dispute that even calling them “games” is appropriate) with a niche audience and a relatively small number of active developers out there. Frankly, I think the niche is bigger than folks think, as illustrated by games that can appeal to both the mainstream and the core genre audience – think things like Red Baron or Close Combat – but titles like Gary Grigsby’s gargantuan War in the… games are always going to have a pretty limited audience.

        2. Complexity – Generally, most sims and wargames are a good deal more complex than their more mainstream counterparts. Players expect things like accurate flight and damage models, historically accurate orders of battle (for wargames), realistic ballistics, etc. It’s not uncommon to find wargame or sim devs that primarily develop for government agencies or militaries given the level of fidelity they strive for.

        3. Developer/Publisher Stodginess – While some have finally started to understand that the market has fundamentally changed in a post-Steam world – chief among them likely being Matrix/Slitherine, which now actually *gasps* sells a good chunk of their games on Steam and other storefronts in addition to offering pretty regular discounts – most developers and publishers seem set in their ways. Basically, their argument is “I’ve been doing this for X years, and I know what works. If you think it’s so easy, you can make your own games.” At the worst end of this, I’d say you’d have groups like Battlefront and Shrapnel, that at times come off like they regard their customers as little more than ATMs.

    • Sian says:

      I asked this very question when the story popped up the first time yesterday and was told that devs work for years on just one plane and that they were extremely detailed down to things that aren’t all that obvious at first glance like fly-by-wire physics.

      Development costs must be exorbitant, and hardcore simmers are ready to pay that much, so I’ve come to the conclusion that there’s nothing wrong with the price in my opinion.

      • Mezelf says:

        The upcoming F/A-18 Hornet for DCS will cost €80, and it’s made by Digital Extremes themselves.
        You are correct that an insane amount of work and research goes into just one plane. The A-10C is often cited as the most complex and detailed flight sim airplane ever released to the public, and DE is promising that the F/A-18 will finally overtake the A-10C.

        When you consider how it takes months (maybe years) to master a complex jet, how modders are still working on Falcon 4.0 which was released in 1998, how much more expensive peripherals for flight simming can get, and how hardcore sims actually teach real life navigational and piloting skills, a €60 to €100 price tag is not that hard to swallow.

        • KasrkinTrooper says:

          The Warframe guys are making flight sim modules for dcs now?

        • Kaladin says:

          Aren’t Digital Extremes the guys who made warframe?, never heard of them making flight sims before.

        • ADorante says:

          The company behind DCS World and the F-18-AddOn is called The Fighter Collection/Eagle Dynamic and their development is closely supported by another 3rd party developer called Belsimtek.

          Regarding the higher price tag: If you have a niche product that translates to lower sales numbers. But you still have to get a return on your investment. Ergo: higher prices – if your product is good enough and the prospective customer has no alternatives.

      • Zenicetus says:

        Just repeating points made in the previous RPS post:

        An accurate model of a modern airliner is extremely complex, and the people who are into flying these things on a computer demand that they fly like the real thing. All systems modeled, including failure modes. There’s a lot of graphics detail too, but that’s trivial compared to the flight dynamics and systems modeling.

        Combine all that with the fact that these developers are very small shops, usually just a few people with some outside contractors, and that’s why it takes years for a release. The high price tag is a result of development time, combined with a very small market of people interested in these products.

        It’s only the study-level airliners (and higher end DCS combat planes) that are priced this high. You can get a good model of a General Aviation prop plane or business jet for $30-$40. The last plane model I bought was a Carenado PC-12 (GA single turboprop) for $35. I’m not into flying the heavy iron, so it’s not that expensive to pick up plane models here and there, over time.

    • Skabooga says:

      Thanks to you all for your kind and informative answers! It’s nice to know a little bit more about a corner of gaming/simulation that I have not yet visited.

  9. causticnl says:

    I can see “Sort of” the reasoning behind it, its stupid yes, what they did, and they should get burned for it. But looking at the employment at their company I think they just wanna model airplanes, and have 0 knowledge of DRM, and how to deploy it. And if its just for one person I really wonder if its worth all the trouble, yes, those planes cost more then 100 bucks, and its a small market they operate, so any lost sale will be felt (wich they will now feel anyway), Ill wager the people downloading those “pirated” versions werent planning to buy them anyway.

    • percydaman says:

      Seems likely. I mean not every pirated game isn’t a lost sale, but when you’re charging 100 bucks a pop for a single plane, you’re gonna get people who would have never purchased it, whether they had a pirated version of it or not. But you’re right. I’m sure ever lost sale to them hurts. Probably easy for them to fall into the fallacy that a pirated plane equals 100 bucks out of their pocket.

    • poliovaccine says:

      Totally true, fuckin bingo. Most games I ever pirated, I got them because I wanted to try them out, and they had no demos. These days it’s just easier to look up some gameplay on YouTube, but it wasn’t always like that (I realize that’s not how every pirate works, but my example is my example and I don’t think it’s unique). And I grew up kinda spoiled on all games having demos to em. In fact, I played BF1942 for years just on their demo servers. I never did buy the game, but I did my part in spreading love and enthusiasm for it, and several friends I recruited into matches did go on to buy the retail copy. I never liked it quite enough to want or need more than a quick dip into those Wake Island servers, so I never did, but that doesn’t make my playing the demo a loss of money for the devs. I was never going to buy it, demo or no demo.

      It’s entirely the same when I pirate a copy of some game I have no clue if I’ll like or not – if I’m that ambivalent, I need a free sample to sway me, or else buying it just isn’t even a possibility. It’s the same with most any new food product or band or anything. If anything, that free sample only brought my likelihood of buying the game up from a “definitely not” to a “well, maybe.” But games are expensive and my budget for them is always limited. And if most people pirate stuff, I expect it’s cus they either don’t have the money, or are unwilling to part with it, so either way I’m not seeing a loss of a sale there. They may get the experience for free, but I don’t think it costs the devs anything in terms of sales, and if anything it spreads word of mouth favorably amongst groups of people where otherwise there’d possibly be none. I mean, there’s a ton of bands I’d say I’m a fan of, but whose albums I don’t own. I still recommend em to anyone who’ll listen, and even though I just listen to em on soundcloud or something for now, I’ll surely buy an album or a concert ticket or two eventually. In the meantime, I’m a fan who otherwise wouldnt exist, if I had to pay before I could hear them for the first time.

      I don’t mean to say that piracy is “good” for anybody but the pirates, only that a pirated copy is, indeed, not the same thing as a lost sale. Now, a physical, boxed copy stolen out of a store, that kind of is a lost sale, so I understand where the fallacy forms. But digital copies don’t cost the publisher anything to produce – pirated games reproduce asexually. They are millions of iterations upon one original copy, they are legion.

      I feel like it’s important to highlight, not because pirates deserve any sort of credit, But rather because, when devs or publishers fall into that fallacy, they tend to do incredibly irresponsible and poorly planned maneuvers like this. The Capcom example is another good one, and so is the minor DRM thing that happened with Rime – again, most of all because it illustrates how devs or publishers fall into irrationality when they begin to see piracy figures as money stolen from them. They are forgetting that most of those figures were *never* going to be sales to begin with. Probably 30% of em are just jackasses who saw the torrent was recent and decided to nab it without any genuine interest whatsoever – they may download it, never even play it, realize they have no interest and fucking delete it later, cus they need more HD space to pirate Deus Ex Mankind Divided. Why? Cus it’s there. Not to save themselves money they would have otherwise spent – but just cus it’s there. Humans are acquisitive little monkeys, as anyone who’s ever watched themselves compulsively steal forks in a Bethesda RPG knows. I sincerely believe that a fair percentage of pirated copies of any game never even get *installed,* never mind played, cus I think that people will just take stuff when it’s sitting out in the open like that, whether they actually want it or not.

      Case in point, I’ll never buy coke, but I’ve used a fair bit in my life cus hey, I’ll take it when it’s already around and offered to me free. It’s not anywhere near good enough to be worth the money it costs, in my personal estimation, but it’s good enough to accept for the price of nothing. And that free line someone gave me at a party is so very, very far from being money out of a dealer’s pocket. Then I think of free samples at the grocery store, and I realize people will take things for free even if they don’t want them *at all.*

      I’m sure that’s not 100% of piracy, but I think, especially with things like new game releases, that sort of mentality plays into it a lot more than some people tend to think. I don’t believe all or even most pirates would buy copies of the games if no piracy existed. After all, if you have the money for it, just getting a legal copy is most likely going to be less of a hassle that pirating ISO files, and hey, then you can actually use the multiplayer.

      If anything, the fallacy needs highlighting for *the devs’ sakes,* because they’re the ones who shoot themselves in the foot out of hysteria over piracy figures. They should be seeing those figures as word of mouth spreading, as not-yet-converts but interested, as potential customers and quite likely already present fans. And then sales are sales. Because piracy isn’t going anywhere, and half the time game makers go out of their way to try and fight it like this, they only hurt themselves. I mean, case in point here.

      • wwarnick says:

        It’s true that they don’t directly lose money every time someone downloads it, but when the price is $100 and it’s a niche product, I think that even people who actually would buy it would be more tempted to just download it if the option is there. Hardcore sims like this aren’t extremely popular, much less 3rd-party airbus models that cost $100. Thus, a company like this, developing expensive niche products, needs every sale they can get. Each sale makes a bigger difference than it would to a more mainstream dev studio.

        That said, I agree entirely that more studios should provide a more proper way for people to try things out (demos shareware, etc.), if only to prevent piracy. However, I’m not sure how easy that would be with something like this.

        • poliovaccine says:

          Yeah, I definitely agree that the niche element is significant here, much as a truly “indie” one would be, or a mom n’ pop competing with a big chain. That being said, the high price tag due to the niche element is, of course, its own incentive for piracy itself. And with a lot of these things, I believe prohibition just plain doesn’t work, anyone working for the side of prohibition has an equally clever counterpart on the opposite side, so rather what needs to happen is competitive incentives in the other direction. Not at all claiming to know what those are in this case, though. If it really takes so much time and effort that each plane is worth about a hundred bucks a pop, then that really especially sucks to have it pirated, yeah, but at the same time, if it costs that much it’s totally going to be pirated. I kind of don’t see a way around that, human-naturewise… barring some sort of super invasive/online-only type of DRM, which I’m sure would be crippling to a niche developer in terms of blowback from their fan base.

          • poliovaccine says:

            Yknow, I have no idea how viable this is, but maybe, as far as a “demo” for something like this, they could do like HBO sometimes does: give it to you for free for a little while, maybe a free weekend, and then put the price tag back on it. If you liked having it, you buy it, and you get to try it out, but it’s not like you have it anymore.

            Like I say, no idea if that’s viable, but that’s one thought. For a genre this niche it might actually make a difference.

          • wwarnick says:

            Yeah, I agree entirely. A lower price might persuade people to pay instead of pirate.

      • Someoldguy says:

        I’d tend to agree with you on this topic. When I think back to my teenage years I had next to no cash and an endless enthusiasm for music. All my friends collaborated to share and swap our records and inevitably most of them ended up being taped. Everyone recorded music from the radio. In later life when we actually had disposable income, we all ended up buying all our favourite records. Sometimes more than once as formats changed.

        Maybe small niche developers can’t afford to look at the long-term picture, but in general it seems likely that if the product is good and priced appropriately, it will sell.

      • DefinitelyNotHans says:

        “It didn’t have a demo so I HAD to pirate it! I bought it later though, therefore I’m a GOOD pirate and therefore most other people must also be too!”

        You can’t really lecture people on fallacies when you’re spewing that shit.

        Look, I don’t care if you download shit, but at least grow up and grow some balls about it. You’re not special and you aren’t entitled to try everything before you buy it. You’re doing something objectively wrong and actively helping to spread it around while you do, this doesn’t change no matter what piss poor justification you up with, it just makes you sound like an even bigger asshole. Be a man and take some responsibility for your actions because absolutely no one is falling for this sad old “I’m a good guy pirate!” routine except other kiddie pirates who want to join in on the guilt-shirking circle jerk.

    • kalirion says:

      You don’t need “knowledge” of DRM to know that deploying a password stealing trojan is a big no-no.

    • Zenicetus says:

      “Ill wager the people downloading those “pirated” versions werent planning to buy them anyway.”

      No they weren’t, but they’ll still try to get tech support from the developer.

      These aren’t like user-friendly AAA games. They’re complex simulations where users expect some developer support as well as the user-to-user forum support. Because these are small shops, tech support is usually handled by a programmer, where every hour spent handling tech support is an hour away from bug smashing or further development.

      From various dev comments over the years, I’ve learned that annoyance at tech support demands from unauthorized users, is one driver of DRM and user authentication for these big, complex flight sims. It’s not just the “lost sales” argument.

      • Someoldguy says:

        What’s stopping them from asking for the security code or asking permission to do a software check when someone asks for support? That’s legal and sensible.

      • percydaman says:

        There’s always a few dipshits who will pirate something, and then pop into a forum to post some complaint, where even a cursory search could have shown them that their issue was related to the crack they were using. But I think they’re a small minority. Eventually if you pirate enough shit, most learn to not go running to the developer the second something goes wrong.

  10. DatonKallandor says:

    I’m curious if they are licensing the airplane from Airbus or if they’re pirating the airbus. Cause that kind of irony would just be delicious.

    • TechnicalBen says:

      But don’t you understand, it’s totally ok for THEM to do it.

      (See not paying artists, coders, voice overs etc. See copying code. Copying art. Copying film/story/ideas… it’s endless in the industry. Difference is, they have the excuse “stealing is my job”, where as we are the public, and merely showing a friend a PC game is taking their food out of their mouth…)

  11. Shadow says:

    Well bloody played.

    Firstly, you don’t fight blatant ilegality with blatant ilegality. If you do indeed have the details of the alleged perpetrator, then you forward them to the authorities with the corresponding report and let them take over.

    I understand you’re probably struggling to find the niche for your 100-dollar pixel planes (I know it’s more complex than that, but I’m similarly struggling to find sympathy here), but this is quite a shitty bit of vigilante “justice” that’s also so poorly handled it might even be damaging entirely legit customers along the way.

    • TechnicalBen says:

      This kind of thing never ever ends well.

      Tit for tat and all that.

  12. Sian says:

    Maybe I’m being naïve here, but Flight Labs had the cracker’s IP. Instead of waiting for authorities to contact them and ask for it, why didn’t they contact the police? What were they hoping to accomplish?

    • pack.wolf says:

      Probably because they really don’t want to have to answer the question “how did you get this data”, since that would probably lead to them being prosecuted for way more serious crimes than piracy.
      And they transmitted the data basically in plain text??
      (Base64 is enirely reversable without any concept of a key)
      Wow. I so hope they either get fined a VERY painful sum or someone goes to prison. Because this is really f*ing serious. Leaking credit card, bank account, tax, health insurance, … data serious. Potentially ruining lives serious.

    • DEspresso says:

      Cross-border policing is difficult at best, for a suspicion of a non-capital crime it’s quite some odds for law enforcement.

    • Cederic says:

      Even more stupid, they’ve just admitted that they’re willing to break the law in their attempts to access a resource protected by people willing to break the law and skilled enough to succeed at it.

      I foresee further entertainment for the rest of us before this is over..

  13. wwarnick says:

    Most people that downloaded it wouldn’t have bought it, but I’m sure there were still some people that would have but gave in to the temptation to download it for free instead. That’s $100 lost to a small company. They’ll feel it. I totally understand their wanting to find out who was doing it. I think their intentions were fine, but they definitely let it get out of hand and it blew up in their faces. That’s what happens when you play with fire. Natural consequences.

  14. Rince says:

    That’s weird. I would had expected that the people who plays serious flight simulators to not be the kind which pirate software.

    Not that I’m that kind of people. I’m not playing simulators and of course that I’m not paying 100 dollars for a DLC. That’s for sure.

    • lukibus says:

      Agree, you’d expect simulation fans to appreciate the quality and want to support the developers in this sort endevour – you want to fly the real thing but can’t afford to, so pay for the best simulation which is made for people to experience in such detail.

      What isn’t obvious is how many “good enough” simulations are available for cheaper. Are F1 car / farm combine harvester / underground train simulations good enough for the most exacting simulation fan, or is it just that no-one wants something beyond the top of the range “good enough” version?

      What isn’t known is how many sales are thought to be being lost and whether the accounts using the pirate keys are just free loading and not purchasing any models, or if it’s the high end models being registered, invoked for a bit and then never invoked again.

      This is not justifying or agreeing with the tactic of stealing any account details from anyone (though it does appear they weren’t just scrapping this info from all users), but maybe the developers had grown so desperate after seeing lots of accounts regularly using high value DLC that earned them nothing.

      Unfortunately for the developers they need to provided some impartially reported info about their sales and how they reached the calculation of lost sales before it might be possible to understand better why they did this foolish thing.

  15. kalirion says:

    It’s like an airline putting bombs on all their planes, but it’s OK because they’re only after 1 hijacker.

    • Shadow says:

      “Hey, we poisoned the village’s water supply to catch that dastardly thief. But don’t worry, it’s DNA-locked to harm just him alone. It’s perfectly safe: I took a gengineering course over the summer.”

  16. Halk says:

    I wonder if this is not much more widespread. That is, what information do other DRM systems like Steam, Origin, … collect about their users?

    Of course they would do it in a much more elegant way that is not clearly illegal or at least made legal by some cleverly worded sentences in their TOS.

  17. Spacewalk says:

    Is that engine under that plane’s nose? If so then they’ve got more problems than malware in the game.

  18. melerski says:

    They sure showed him.

  19. Solar Mechanic says:

    As soon as someone files a suit against these guys, they are well and truly boned.

  20. LaundroMat says:

    Two things I’m left wondering:

    – What knobhead thought that a “test.exe” file would not raise any flags with the pirate(s) themselves? I mean, these people are able to crack license keys, surely they’d see through this ploy instantly?
    – How much time and effort that is spent on trying to block piracy (unsuccesfully) could have been spent on improving the game? I’m not saying it’s a bad game (I don’t know), but any game developer worth his salt always has a huge backlog of improvements.

  21. Kittim says:

    Google Chrome? Isn’t that a tool a mega corp uses to track your every online activity in order to sell it to the highest bidder?

  22. lodanap says:

    Obviously what they have done needs to be followed up by the authorities. I doubt their ultimate intentions were anything but sincere, unfortunately their mechanism for achieving this wasn’t well thought out. I really hope this doesn’t end the company. There’s plenty of absolutely huge companies out there with questionable business practices that get away with bloody murder and seem to go unscathed. If your going to chastise the small man then put as much effort in to going after the giants as well. This doesn’t stop me buying the plane once its finished as they still deserve my money for their hard work.

  23. CookPassBabtridge says:

    As the test.exe was included in the Prepar3d V4 installer, the cost of the product is actually $140 as opposed to $100, the latter of which is for the old FSX. Users of the more recent P3D are charged more.