0
Code PlagiarismTechnical Detection and Legal Prosecution        Marc Ruef | Luca Dal Molin                       Security ...
Agenda | Code Plagiarism – Detect & Prosecute         Intro                                                        Who?1. ...
Introduction | Who is Marc                                          Intro                                                 ...
Introduction | Who is Luca                        Intro                                                    Who?           ...
Introduction | What is Code Plagiarism                   Intro                                                           W...
ATK Case | Once upon a time ...            Intro                                             Who?                         ...
There was an idea ...                        Intro                          Who?                          What?           ...
... to help me exploit vulnerabilities.                                          Intro                                    ...
And the Attack Tool Kit was born!                                    Intro                                      Who?      ...
The ATK became pretty popular :)                                   Intro                                     Who?         ...
One day I received an email from a friend ...                                                Intro                        ...
So I downloaded the scanner and took a look ... wtf?!                                                        Intro        ...
I have sent a letter to them to request to obey Copyright + GPL                                                     Intro ...
They said: «We can’t see your problem. Please go away!»                                                   Intro           ...
I said: «No, please, be kind ...»                                    Intro                                      Who?      ...
They said: «F—k off, we really don’t care. Really!»                                                      Intro            ...
Technical Analysis | Source Code Analysis                       Intro                                                     ...
I need solid proof. Some reversing helps ...                                               Intro                          ...
Plagiarism has some pitfalls ...◦   Some original plugins were using arbitrary strings for requests and    pattern matchin...
... so I gave them a last chance ...                                       Intro                                         W...
... which they ignored. But tried to cover up :)◦   Some plugins were altered to hide the obvious – Especially within the ...
Legal Problems | Threshold for Copyright                            Intro                                                 ...
Legal Problems | Threshold for Copyright                      Intro                                                       ...
Legal Problems | Other Possible Protection    Intro                                                Who?                   ...
My options were: No. 1 – Legal Prosecution◦   Had contact with differend lawyers from different countries    (Switzerland,...
My options were: No. 2 – Media Rampage :)◦   For me it wasn’t about the money. It was about law and justice ... and    for...
If I don’t get enough attention, then I may go public!                                                         Intro      ...
But who did it?                  Intro                    Who?                    What?                  ATK Case         ...
I tried to contact my «old friend» ... But he ignored me :(                                                       Intro   ...
But wait? I know him and own his code too! :)                                                Intro                        ...
Then they claimed that I was lying. (I didn’t like that!)                                                            Intro...
By accident I’ve got access to their «expert opinion» ...                                                        Intro    ...
Evidence admitted in court                                Intro                                                           ...
I’m sorry, not everyone is an «expert»!◦   There is a list of funny typos (e.g. «exploits» became «exploids»).    (pp. 12)...
Details | Particularities OSS and GPL                           Intro                                                     ...
Details | What should Marc have done?           Intro                                                  Who?               ...
One more thing ...◦   In version 1.8 they fragged their http engine. Because all http    requests missed proper CRLF at th...
Summary                                                         Intro                                                     ...
Literature                                               Intro                                                           W...
Questions                   Intro                              Who?                              What?                    ...
Thank you for your Attention!                   Intro                                                  Who?               ...
Security is our Business!                             Intro                                                        Who?   ...
Upcoming SlideShare
Loading in...5
×

Code Plagiarism - Technical Detection and Legal Prosecution

2,078

Published on

The talk is discussing the basic problem of code theft and violation of licenses. As an example the popular case "ATK vs. XXXX" is retold. With this case as an example the coderecon tool is introduced to show how to identify stolen code with technical utilities. Afterwards the legal aspects of plagiarism and code theft is discussed. This includes current law and articles of a statute in Switzerland, Europe/EU and worldwide.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,078
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Code Plagiarism - Technical Detection and Legal Prosecution"

  1. 1. Code PlagiarismTechnical Detection and Legal Prosecution Marc Ruef | Luca Dal Molin Security & Risk Conference October 26th - 29th 2011 Lucerne, Switzerland
  2. 2. Agenda | Code Plagiarism – Detect & Prosecute Intro Who?1. Intro What? ATK Case Introduction 2 min How it began What is Code Plagiarism 3 min Technical Analysis2. ATK Case Legal Problems How it all began 5 min Media Rampage Additional Details Technical Analysis 10 min Outro Legal Problems 10 min Summary Media Rampage 10 min Questions Additional Details 5 min4. Outro Summary 2 min Questions 3 min Hashdays 2011 2/42
  3. 3. Introduction | Who is Marc Intro Who? What?Name Marc Ruef ATK CaseJob Co-Owner / CTO, scip AG, Zürich How it began Technical AnalysisPrivate Website http://www.computec.ch Legal ProblemsLast Book „The Art of Penetration Testing―, Media Rampage Computer & Literatur Böblingen, Additional Details Outro ISBN 3-936546-49-5 Summary Questions Translation Hashdays 2011 3/42
  4. 4. Introduction | Who is Luca Intro Who? What?Name Luca Dal Molin ATK CaseJob Associate at Homburger AG How it began Member of Practice Team ―IP|IT‖ Technical Analysis Legal ProblemsCorp. Website http://www.homburger.ch Media Rampage Additional Details Outro Summary Questions Hashdays 2011 4/42
  5. 5. Introduction | What is Code Plagiarism Intro Who? What? ATK Case How it began Technical Analysis Legal Problems“The practice of taking someone else’s work or ideas Media Rampage Additional Detailsand passing them off as one’s own.” Outro Summary Questions Oxford English Dictionary, http://oxforddictionaries.com/definition/plagiarism Hashdays 2011 5/42
  6. 6. ATK Case | Once upon a time ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions Hashdays 2011 6/42
  7. 7. There was an idea ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  8. 8. ... to help me exploit vulnerabilities. Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  9. 9. And the Attack Tool Kit was born! Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  10. 10. The ATK became pretty popular :) Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  11. 11. One day I received an email from a friend ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  12. 12. So I downloaded the scanner and took a look ... wtf?! Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  13. 13. I have sent a letter to them to request to obey Copyright + GPL Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  14. 14. They said: «We can’t see your problem. Please go away!» Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  15. 15. I said: «No, please, be kind ...» Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  16. 16. They said: «F—k off, we really don’t care. Really!» Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  17. 17. Technical Analysis | Source Code Analysis Intro Who? What?◦ Strings ATK Case ◦ Names, Title How it began ◦ Copyright Technical Analysis Legal Problems◦ Names Media Rampage ◦ Variables, Constants Additional Details Outro ◦ Functions, Methods, Classes Summary ◦ Objects, Elements Questions◦ Structures ◦ Programming Style (indentation, vertical alignment) ◦ Conditional Statements (if, for, until, switch, goto) ◦ Pattern, Regex ◦ Dataflow Hashdays 2011 17/42
  18. 18. I need solid proof. Some reversing helps ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  19. 19. Plagiarism has some pitfalls ...◦ Some original plugins were using arbitrary strings for requests and pattern matching. Therefore the string «atk» was part of many plugins in the original software. It made it also into their product (see screenshot). [12 plugins affected]◦ Some plugins were realizing outbound tests. I have used a small Intro daemon on my website www.computec.ch to determine the success. Who? What? So did they. [1 plugin affected] ATK Case How it began◦ Some plugins were using arbitrary dates/numbers too. Whenever Technical Analysis possible I have used my birthday 11-02-1981. It made it also Problems Legal into their product. [2 plugins affected] Media Rampage Additional Details◦ Some plugins included typos and minor errors. Those made it also into Outro their product. [5 plugins affected] Summary Questions
  20. 20. ... so I gave them a last chance ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  21. 21. ... which they ignored. But tried to cover up :)◦ Some plugins were altered to hide the obvious – Especially within the new release after my technical letter.◦ Those changes usually destroyed the purpose of the code and rendered the checks useless! For example: Intro ◦ The exfiltration tests were always negative if their website wasn’t Who? hosting my daemon (which was not part of the ATK package) [3 What? plugins affected] ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  22. 22. Legal Problems | Threshold for Copyright Intro Who? What?◦ Article 2 of the Swiss Copyright Act: ATK Case 1. Works shall mean literary and artistic creations of the How it began mind, irrespective of their value or purpose, that Technical Analysis possess an individual nature. Legal Problems Media Rampage 2. […] Additional Details 3. Computer programs shall also be deemed works. Outro 4. Protection shall also subsist in drafts, titles and parts Summary Questions of works on condition that they are creations of the mind with an individual nature.◦ Key elements of the definition: ◦ Creation of the mind ◦ Individuality Hashdays 2011 22/42
  23. 23. Legal Problems | Threshold for Copyright Intro Who? What?◦ Software: ATK Case ◦ Idea | plan How it began ◦ Object code | source code Technical Analysis Legal Problems◦ Case law (decision of the Zurich Court of Appeals, Media Rampage sic! 2009, p. 230): Additional Details Outro ◦ Very low threshold in terms of individuality Summary ◦ Exclusion of banal or trivial software Questions◦ Consequence: ◦ As a matter of principle, software is generally protected by the Copyright Act ◦ Copyright protection is denied with regard to banal software Hashdays 2011 23/42
  24. 24. Legal Problems | Other Possible Protection Intro Who? What?◦ Patent law? ATK Case◦ Brand | design? How it began Technical Analysis◦ Unfair Competition Act? Legal Problems Media Rampage Additional Details Outro Summary Questions Hashdays 2011 24/42
  25. 25. My options were: No. 1 – Legal Prosecution◦ Had contact with differend lawyers from different countries (Switzerland, Germany, USA)◦ Had contact with Free Software Foundation (FSF)◦ There were multiple difficulties: Intro ◦ Such a legal case in Switzerland was «unique» until then Who? What? ◦ My legal insurance wasn’t covering «copyright violations» (no legal ATK Case How it began insurance in Switzerland was/is) Technical Analysis ◦ It would cost me a not definable amount of money to prosecute Legal Problems Media Rampage ◦ The chances were zero to gain indemnity (because I distributed Additional Details Outro the ATK for «free» and therefore had no calculable lossSummary of income). Questions ◦ Within a trial I would have lost money anyway (that’s not my idea of an open-source project). ◦ Because I have waited a long time, I wasn’t able to enforce «immediate legal actions» anymore.
  26. 26. My options were: No. 2 – Media Rampage :)◦ For me it wasn’t about the money. It was about law and justice ... and for the lulz!!1◦ I started to prepare a broad media offensive. Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  27. 27. If I don’t get enough attention, then I may go public! Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  28. 28. But who did it? Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  29. 29. I tried to contact my «old friend» ... But he ignored me :( Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  30. 30. But wait? I know him and own his code too! :) Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  31. 31. Then they claimed that I was lying. (I didn’t like that!) Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  32. 32. By accident I’ve got access to their «expert opinion» ... Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions
  33. 33. Evidence admitted in court Intro Who? What?◦ How does a court establish whether a violation of a ATK Case copyright has occurred? How it began ◦ Expert opinion Technical Analysis Legal Problems ◦ Value of a private expert opinion? Media Rampage◦ What will the expert analyze: Additional Details Outro ◦ Description of the software | plan? Summary ◦ Functionalities? Questions ◦ Source Code? ◦ Object Code? Hashdays 2011 33/42
  34. 34. I’m sorry, not everyone is an «expert»!◦ There is a list of funny typos (e.g. «exploits» became «exploids»). (pp. 12) He might not be a language expert (there are many typos).◦ He did compare the compiled software and not the source-code. (pp. 10) Not a brilliant approach to comment on a «code theft Intro accusation». Who? What?◦ His argument why «to borrow» my code is legitimate was, that I have ATK Case How it began mentioned GPL just somewhere «hard to find». The project was Analysis Technical therefore «open-source» and I have lost all my rights. (pp.Legal Problems 4) This conclusion is just plain stupid. You don’t lose copyrights byMedia Rampage publishing the source code! Additional Details Outro◦ On some pages he disapproved that those were the same plugins. On Summary Questions others he argued that the match might by «just by accident». (pp. 4, 9, 12, 15) Yeah sure, 380 plugins with the exact same 1.716 commands are just magical coincidence!◦ The «expert opinion» contained a copy of the WikiPedia page about «General Public License». (pp. 22-26) Some say WP and Expert can’t be mentioned within the same sentence ;)
  35. 35. Details | Particularities OSS and GPL Intro Who? What?◦ Copyright protection of OSS in general ATK Case◦ With regard to GPL in particular: How it began Technical Analysis ◦ How to validly include GPL when distributing software Legal Problems ◦ Rights and obligations of the licensor Media Rampage ◦ Rights and obligations of the licensee Additional Details Outro ◦ Copyleft Summary ◦ Auto-termination in case of violations Questions◦ Differences Copyright Act | GPL Hashdays 2011 35/42
  36. 36. Details | What should Marc have done? Intro Who? What?◦ With regard to the inclusion of GPL? ATK Case◦ Act quickly! How it began Technical Analysis◦ Act decisively! Legal Problems◦ Safeguard potential evidence Media Rampage Additional Details Outro Summary Questions Hashdays 2011 36/42
  37. 37. One more thing ...◦ In version 1.8 they fragged their http engine. Because all http requests missed proper CRLF at the end, the http checks were rendered useless. 100% false-negatives!◦ The «stresstest module» didn’t work if the http:// was missing in the target definition (which was no requirement and did not show a Intro warning message). 100% false-negatives! Who? What?◦ The «webspider module» wasn’t able to collect file and path Case ATK names How it began which start with a dot. Have fun testing .htaccess files! More false- Technical Analysis negatives! Legal Problems Media Rampage◦ The «lan viewer module» did freeze the whole application if you Details Additional clicked onto something during discovery mode. Denial of Service Outro Summary◦ The «port scan module» did a full-connect without a timeout to every Questions open destination port. Http services lead to denial of service. But chargen lead to memory corruption and code execution Pwnd by your target!
  38. 38. Summary Intro Who? What?◦ Legal prosecution is not easy. ATK Case◦ Act quickly and take a good lawyer! #lfmf How it began◦ Licenses and copyrights aren’t the same. You don’t lose a Technical Analysis copyright by publishing the source code. Legal Problems Media Rampage◦ Fight for your right as long as you’re sure about it. Additional Details Outro Summary Questions Hashdays 2011 38/42
  39. 39. Literature Intro Who?◦ ATK vs.  What? ATK Case ◦ ATK Project gegen     (2006), How it began http://www.computec.ch/news.php?item.117 Technical Analysis Legal Problems ◦ ATK gegen , Teil 2: Rückzug? (2006), Media Rampage http://www.computec.ch/news.php?item.120 Additional Details ◦ ATK gegen , Teil 3: Siege und Niederlagen, Outro http://www.computec.ch/news.php?item.126 Summary Questions ◦ ATK gegen  - Technische Beweisführung (2007), http://www.computec.ch/download.php?view.889 Hashdays 2011 39/42
  40. 40. Questions Intro Who? What? ATK Case How it began Technical Analysis Legal Problems Media Rampage Additional Details Outro Summary Questions Hashdays 2011 40/42
  41. 41. Thank you for your Attention! Intro Who? What?Homburger AG ATK CasePrime Tower How it beganHardstrasse 201 Technical Analysis Legal ProblemsCH-8005 Zurich Media Rampage Additional DetailsTel +41 43 222 10 00 Outro SummaryFax +41 43 222 15 00 QuestionsMail luca.dalmolin@homburger.chWeb http://www.homburger.ch Hashdays 2011 41/42
  42. 42. Security is our Business! Intro Who? What?scip AG ATK CaseBadenerstrasse 551 How it beganCH-8048 Zürich Technical Analysis Legal Problems Media RampageTel +41 44 404 13 13 Additional DetailsFax +41 44 404 13 14 Outro SummaryMail info@scip.ch QuestionsWeb http://www.scip.chTwitter http://twitter.com/scipag Strategy | Consulting Auditing | Testing Forensics | Analysis Hashdays 2011 42/42
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×