Microsoft sues over source code theft

Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code.

For more than a month, the Redmond, Wash., company has been combating a program released online called FairUse4WM, which successfully stripped anticopying guards from songs downloaded through subscription media services such as Napster or Yahoo Music.

Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

"Our own intellectual property was stolen from us and used to create this tool," said Bonnie MacNaughton, a senior attorney in Microsoft's legal and corporate affairs division. "They obviously had a leg up on any of the other hackers that might be creating circumvention tools from scratch."

In a Web posting early Wednesday morning, Viodentia denied using any copyrighted Microsoft code, and released yet another version of his tool.

"FairUse4WM has been my own creation, and has never involved Microsoft source code," the developer wrote. "I link with Microsoft's static libraries provided with the compiler and various platform SDK (software development kit) files."

This latest round of copy-protection headaches comes at a delicate time for Microsoft. In a few months, the company plans to launch its own digital music subscription service, called "Zune," paired with an iPod device rival of the same name. The package will compete with services from Microsoft's traditional partners, such as Napster and Yahoo.

The Zune service and device will use their own flavor of digital rights management, and this will not be directly compatible with Microsoft's partners' products, despite being based on the same Windows Media technology. The company is taking great pains to assure its partners that their PlaysForSure-branded products are still state of the art.

Two-pronged approach
At the moment, Microsoft is taking a two-pronged technical and legal approach to FairUse4WM that goes beyond the scope of its earlier DRM battles.

On the technical side, it is pursuing much the same strategy as in the past: studying the hacker's tool and trying to update its Windows Media technology to block it.

Indeed, the company's Windows Media copy protection technology was designed from the start to support swift updates that would address inevitable cracks. That has long been part of the technology's draw for record labels and movie studios, which are fearful that content protection flaws will lead to films and music being swapped freely online.

Microsoft's copy protection has been cracked before and then quickly fixed. Company representatives said that the FairUse4WM tool, despite its developer's success in breaking through the company's first patch, is simply triggering the same kind of security review that has happened in the past.

"This particular circumvention doesn't change that reality at all, or affect the underpinnings of the system," said Marcus Matthias, a senior product manager at Microsoft. "This is not quite as 'cat and mouse' as some people might have you believe."

The crack's unusual longevity has caused ripples of worry inside the digital media community, however. One service provider, the British network BSkyB, even temporarily canceled movie downloads.

Representatives from other services say Microsoft's previous rights-management security updates have been successful and expect this effort ultimately to be no different.

"One of the great features of the Windows Media DRM is its renewability," said Bill Pence, chief technical officer at Napster. "When the DRM system is compromised, we can incorporate updates with minimal impact on users, and we expect to do the same with the current patch."

Using courts to track a cracker
However, the federal "John Doe" lawsuit, along with "dozens" of legal letters sent to Internet sites that are hosting the allegedly copyright-infringing tool, is a decidedly different tack for Microsoft.

The copyright lawsuit was filed in Seattle federal court last Friday, without a name attached. Just as in the recording industry's many lawsuits against accused file swappers, it targets an unknown individual or individuals, whose true identity will be sought in the course of the case.

For now, that means going to the Internet service providers for Web sites where the original FairUse4WM tool was released, in hopes of tracking down an IP address or other digital traces that might lead to the developer, MacNaughton said.

Microsoft is also contacting other Web sites that have posted the FairUse4WM tool, asking them to remove the software, on the grounds that it contains copyrighted company code.

Company representatives declined to speculate on exactly how "Viodentia" gained access to copyrighted source code. The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said.

So far, little is known about the developer, who has used the pseudonym "Viodentia" in several online postings at a site called Doom9.org. "Viodentia" could not immediately be reached for comment.

After spending an unaccustomed month of grappling with the problem, Microsoft representatives stopped short of promising their latest Windows Media update will be impregnable--although certainly, the hope is that a third patch won't be needed. Viodentia's newest release, posted online Wednesday, will test the strength of the company's latest approach.

"Any time we put out an update, it is our hope that it will be as efficacious as possible," Matthias said. "It is our hope that the technical mitigations that we've put in place will do something to impede this circumvention."

Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed, but has shown that the business of keeping it, or any rights management system, secure is increasingly becoming a full-time job.

"Any DRM out there is going to be cracked," GartnerG2 analyst Michael McGuire said. "More important is how the technology service reacts. Someone has to be keeping an eye online all the time now, looking for the next time."

[protagonistic]

RE: Microsoft sues over source code theft

And we should believe the MS because? So far all we see is
allegations and no proof that what they are saying is true. Anyone
want to bet we never see the proof?

Let's face it, it would be very embarrassing to MS if the guy really
was doing this on his own. I would not put it past MS to outright
lie about it to protect their interests.

[t8]

Open source

No such thing as source code theft in the Open Source world. That world is a better one.

[Hardrada]

you probably won't see the proof

because you probably won't bother to do anything more than read CNET's flawed accounts over your morning danish. Given there's a court proceeding involved, you can certainly gain access to anything that isn't sealed.

Of course, you appear to be an expert, so there's probably no point in actually waiting for the details - just jump to your conclusion based on the always reliable CNET article.

[dragonfly8610]

Missing the real point....

I think that a great number of people voicing their opinions here are missing a very real point...if Bill Gates and Microsoft and Intel had not made the term "PC" a reality, many would not be here today in this forum to argue about MS' DRM or code in the first place. Arguably, the standards in hardware that have arose due to the MS/Intel partnership have created a market for machines that once only resided in government think tanks and colleges.

So far, all of this talk about open-source supplanting the work of the code-writers at MS has not amounted to anything. There are still many games, applications, and various other pieces of software that open-source has not even contemplated an answer for.

So, when MS is dead and in its grave, I will consider open-source. And expect the same hackers, viruses, and security holes from it as I have come to expect from Microsoft.

I have no problems with Microsoft...and wonder how much of other peoples' problems are just related to their hacking or inability to work with Windows to make things work seamlessly.

Now, as for DRM...I hate it...but that is what the hackers are for...and if it wasn't for Microsoft's coding errors, then people wouldn't be able to hack anything. But I believe there is no such thing as a secure program...only programs that are continuously changed to thwart the efforts of hackers...including OSX and Linux.

[zeroplane]

Who buys Windows Media format?

If you do buy media in windows media format then you deserve all the pain you will get with the DRM software and the control you give up. Frankly I haven't found any music, movie, or video that I couldn't get not in windows media format. There really is nothing I have found yet that makes me want to buy anything with DRM in it (Micro$oft or Apple)

[richto]

Because its twice the quality or half the size...

People use WMA because its twice the quality for the same size or half the file size for the same quality as competing solutions - e.g. Apples AAC or MP3s. Not to mention I can play back the WMA files directly on my THX enabled Pioneer amplifier. And on my TEAC CF-H255 mini system as well.

Using WMA doesnt mean you have to use DRM. You can buy unprotected DRM music perfectly legally from www.allofmp3.com (As this site is legally licenced and pays licensing fees in Russia, the Berne convention automatically makes songs purchased from there legally licensed in any country that is also a signatory of the Berne convention)

[richto]

Because its twice the quality or half the size...

People use WMA because its twice the quality for the same size or half the file size for the same quality as competing solutions - e.g. Apples AAC or MP3s. Not to mention I can play back the WMA files directly on my THX enabled Pioneer amplifier. And on my TEAC CF-H255 mini system as well.

Using WMA doesnt mean you have to use DRM. You can buy unprotected DRM free music perfectly legally from www.allofmp3.com (As this site is legally licenced and pays licensing fees in Russia, the Berne convention automatically makes songs purchased from there legally licensed in any country that is also a signatory of the Berne convention)

[gmycyk191]

Zune?

Ok, they're sending a team of lawyers to fight for "Zune"

"Your honor, we believe we can show Zune was illegally... On behalf of Zune... At this time we?d like to Zune to the stand..."

The judge, "Excuse me counselor ? what the hell is a Zune?"

MS should loose the law suit simply on the fact they were dumb enough to call a product Zune!

Gotta Zune now... stay Zuned for details... What the Zune!

Whatz your favorite Zune phrase?

[Tomcat Adam]

Superficial.

People didn't think iPod or Xbox, Wii, or Sony (depending on where you are) were good names at their start either.

[Hardrada]

uh - not exactly

yeah, zune isn't out yet, but if you'd actually read TFA, you'd notice it mentions Zune uses a different DRM. Consequently, Zune isn't likely to be the least bit affected.

More likely MS filed this suit to placate content owners who feel they're at risk financially because the DRM has been compromised.

[unknown unknown]

DRM only hurts people who are buying content

not the pirates. There are many easier ways to get the content than trying to crack Microsoft's DRM. For Movies, ripping the DVD is easier since CSS is easily cracked and the key can be brute forced in matter of minutes. For music, ripping a CD is easier than cracking the DRM used by iTunes, Napster, or Rhapsody. I think Cory Doctorow used analogy of having a bank safe with three steel walls and one made of cardboard. Why go through steel when you can go through something easy like cardboard. Going forward with renewable copy protection like AACS for the next gen DVD players, smart crackers won't release the crack (or least not the key they used) but just the product of it, the ripped movies. Some of those honest users that were burned by the overly strict DRM on their purchased content might decide they're not going to deal it any more and get the content sans the DRM that keeps them from enjoying it (the content) the way they want.

It a loosing battle and Microsoft and the Studio are on the loosing side, if they continue to punish the people who pay. It just a slap in the face to do the right thing and be treated like crap.

[SeaDragon]

DRM - Legal Theft

You're right. When I buy music I just want to listen when where and how I want. I'm not selling the songs, I'm not giving them away, I am just making them available on MY CD players, MY MP3 player, or MY PCs. With the latest DRM crap I can't do that. I will not by ANY CD that has that on it. NO MATTER how much I like the group or songs.

[xaKira]

Possible Future?

Over the last 6 months I have been putting together my theatre box (PC) at home. I finally purchased my HD Plasma so I can see the computer screen in full resolution. Now I will convert all my music to OGG format and movies to Xvid format and play it though this PC, which I can also control from my other PC's around the house using the virtual network computer software (VNC) if I want. This theatre PC being on my home LAN means I can also just listen to my music or watch my movies on any of my home PC's. Now I just have to get my iPod to play OGG (or just get rind of the iPod) and I'm sorted. All the technology is available to setup without locking into DRM and of course you have to be a bit of a pirate. OGG and Xvid are free codec's so I don't think I will ever purchase DRM locked equipment.

This DRM stuff is hopefully the death throws of a mega-rich industry that's becoming irrelevant. They were needed when marketing and distribution chains were the only way we could know about and get our entertainment media. Hello everybody, the internet is here. Music artists can now make songs at home on PC's and distribute for free. I hope they can find a way to make money from it indirectly, but becoming mega rich by trying to control every song distributed is a thing of the past. Can we realise this?

[SeizeCTRL]

Exactly!

The first thing I do when I buy something off iTunes is burn it to CD, rip it to MP3 and then send it over to my laptop and my netgear sc101 so I can listen to it in any room of my house... instead of just my iPod or my PC that has iTunes on it.

Copyright holders are idiots if they think DRM prevents people from burning to CD, ripping and then uploading it to P2P / torrent sites.

[Ton Nevig]

I have to agree...

Originally I bought a new cd every time a new song I liked came out. This was both expensive and cumbersome. When iTunes came out I was quite relieved, I now only had to purchase the song desired and didn?t have to physically store it anyway other then my hard drive. Now the glitches come. I bought a cd player for the car that would handle mp3?s. Opps iTunes does not defaultly rip MP3?s. Ok my fault didn?t read the fine print, re-ripping 300+ cds. Two weeks later I realize that in order to get my iTunes to play in the car I have to burn them as an audio then rip them back as an MP3. Arg now that is a pain in the @$$.

However the point is moot because I lost access to all the iTunes I bought. I had been using a certain email with the account that I was getting badly spammed on, so I changed it. In the confusion, which I expect was my fault entirely I lost all rights to the music I paid for.

So I am now back to buying cd?s, though I store them on cd spindles now and trash the jewel cases. In honesty had I known then what I know now, I never would have given myself the headache and just stuck with cd?s from the beginning.

[pnayini]

Microsoft Code

Everyone in the computer field knows Microsoft code is weak. Lets accept it, they suck I know writing code which is hack proof is hard, but if every thing that they comeup with is hacked what the hell are they doing.
How many Lawsuits will they file, stop doing that and concentrate on developing good tools first, You are a software company NOT a legal company do what you can do best and then only you will survive.
Bottom line -- Microsoft sucks

[Hardrada]

everyone?

Obviously you represent the entire 'computer field', so at risk of offending the entire 'computer field' I'll risk informing you that your argument is ridiculous.

Sure, there are Microsoft products with security holes, as is true with all software. Many of those holes were discovered in IE or WMP. Given the size of the user base and the fact that they're both free, I hardly consider this as an assurance that 'Microsoft code is weak' or that 'they suck'.

What's really weird is that you're spending time focusing on Microsoft when their DRM issue results in your getting access to DRM free content!

[NerdPatrolAJ]

Stealing from thieves

I wonder what the course of history would have reflected if the laws pertaining to intellectual properties were in force during Microsofts inception. For those in the know...its laughable for Microsoft to cry about source code being stolen. I like MS products, hold MS certs, and pay for my software...but how can MS hope to recoup damages from stolen code...when they first stole the code that is the precurser to existing code. As mentioned earlier in another post, the only people losing are the legitimate buyers, and the artists...but I have a feeling the MS isnt going to bat to champion these people.

[aabcdefghij987654321]

Back it up or retract it

You say MS stole code.. prove it or be known as a liar.

[sma7769]

Yeah But!!

Isn't this a little of the proverbial pot & kettle deal not to forget people living in glass houses, shouldn't thro stones? How many times has MS been accused of swiping code and ideas? Treat others as you want to be treated yourself right.

[Hardrada]

please inform us

how many times? You have a list, right? Sorry, but I'm new here and haven't heard about all these patent infringement and copyright violation cases you're referring to.

[Arbalest05]

Isn't MS abandoning Plays4Sure DRM anyway?

There are several issues here. Microsoft likely has no proof of the allegation that this hacker (who they know only by his/her alias) has access to their source code. To prove their charge, they would almost have to catch the hacker with their source code. If he/she indeed had the source, that would imply an "inside" accomplice. I'm sure they must know each person that has access to the source of the patch that they released, so that's a good place to start looking for this hacker.

A bigger issue is that the PlaysForSure DRM technology is incompatible to Microsoft's premier music DRM available only in their Zune platform. The DRM that has been cracked by Viodentia is soon to be an orphaned technology. Microsoft is going to leave their PlaysForSure partners out to dry on this one.

[David Arbogast]

Even if they were...

Even if they were going to abandon it... Just because you are going to throw some flowers away when they wilt "just a little bit more," it doesn't give somebody the right to break into your house and steal them.

<<Microsoft likely has no proof of the allegation that this hacker (who they know only by his/her alias) has access to their source code.>>

We don't really know that for certain... And I'm willing to bet that if a hacker found his way to Microsoft's source code, Microsoft will have no interest in discussing it publically. They took the case to court, so they must believe they have sufficient evidence to make their case.

[qwerty75]

No sympathy

Any company or developer that partners or in any way ties themselves to MS deserves the huge shafting they will inevitably get.

[Sumatra-Bosch]

Like Stealing a Pinto!

The thieves are lucky the thing doesn't blow up before it gets out of the parking lot. Might as well steal the emergency exit plans for the Titanic.

Roberto

[Mike2575]

Microsoft is teh ghey

I hope V never reveals himself and I hope Microsoft never gets their claws in him. He's a genius as far as I'm concerned and I wish those connected to him shield him.

All I have left is....

WHERE DO I SIGN UP FOR HIS LEGAL DEFENSE/FUGITIVE FUND??????

[SeizeCTRL]

IRONIC!!!

Here MS is complaining that a hacker has "studied" their code and created a tool to bypass it... and they send in their army of lawyers!

Yet MS is doing exactly the same thing by "studying" the FairUse4WM code to develope a way to bypass it's bypassing features.

If I was dude, I would have copyrighted my code and then sued MS for violating the DCMA :]

[SomeLlama]

"not easily accessible ?"

from the article:
"The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said."

Meaning= we don't want to admit anyone who knows how to decompile code or how to use a hex editor can figure this out...



LOL

[t3st3r`]

These Redmond guys are scams.Welcome to digital fascizm.

These DRM things are really getting annoying.What a sucking idea to offer to buy DIGITAL RESTRICTIONS for your own moneys and declare that you criminal and pirate if you're not accepting rules of such unFair game and download\buy pirated things WITHOUT stupid and illegal restrictions which are restricting my legal rights.

Let's admit there is a way better solution: just WATERMARK media files.So user's rights are not restricted but it is still possible to track pirates.Watermarks could be so hard to eliminate that anyone who did pirated could be held responsible even if converted\slightly changed copy leaks.

[shehzad]

MS is better than Apple for sure..........

MS DRM tech is realy great to use and it will help to sell more ZUNES. It's(ZUNE) Microsoft first mp3 player with online music store(included monthley subscriptions service). I think it was very important to peoples who don't want to buy ipod+ itunes. Now they will have one big name software comp mp3 player with online music store. The future of mp3 players and online buying music is in favor of MS. Because it's windows vista(coming soon) which will include ZUNE marketplace sofware.

[chadbed]

Microsoft is the devil

competition is always good. However your praise is uncalled for. Microsoft always has stolen ideas, technology and has never done anything original in its entire history from dos on up through windows vista. They learned to copy cheat steal and screw there way to the top. I have no doubt the zone will crash and burn. IN 10-15 years when Linux is up to par Microsoft will be a shadow of itself it is today. And Microsoft will deserve it.

I just wish it would happen sooner so all the great innovators of the world could actually get some credit and make some money so they can continue.

People say well if you can do better then do it better. Well the simple fact is competing with Microsoft would be near impossible. They are in fact probably the most powerful company in the world capable of getting away with anything they want. Your idea/concept/innovation will be forced to be given away free and will then be copied by Microsoft and integrated into their next os especially if it catches on. Just like itunes/ipod antispyware, widgets, FireFox, photo viewer, DVD creator, calender etc etc etc.

I wish they would be broken up to give all the other software companies a chance. Microsoft will not stop until they are the sole provider of software in the industry especially for the windows platform.

[LJ Story]

What are you talking about?

How is Zune+MSMusic store (selling equally priced tracks or forcing you into a month=-to-month lease of your music) any better than iPod+iTunes?

The cost of the music players are similar, the cost of the music is similar, both stores are free to use, and MS is going to wrap all your music in its DRM--whether you want it to or not--if you use the wireless option.

That makes Zune sound pretty mediocre.

[LJ Story]

What are you talking about?

How is Zune+MSMusic store (selling equally priced tracks or forcing you into a month=-to-month lease of your music) any better than iPod+iTunes?

The cost of the music players are similar, the cost of the music is similar, both stores are free to use, and MS is going to wrap all your music in its DRM--whether you want it to or not--if you use the wireless option.

That makes Zune sound pretty mediocre.

[Myron.S]

Why use FairUse4WM?

It'll get to the point where high-fidelity will not be the desirable thing so just connect the headphones or line out of the media player to the line-on on a computer's sound card and record the output. If Microsoft develop some sort of water marking to the audio to prevent this then I'm sure someone will be able to send the analogue audio to some over device and then onto a CD or an MP3. The DRM relies on a chain. Break the chain and any DRM copy-protection is worthless and useless. Yup! Tried the technique before I posted this comment. Audio is ever-so slightly less perfect but it's still sweet (and unsrestricted) music to my ears!

[ZeekJones77]

Digital Play and Record techniques

Funny. The whole DRM thing is a way to make money by convincing the evil riaa and movie companies that it is possible to protect content. It really is not. Analog is one way but you still can record digitally with less loss of quality by simply playing the music on your computer and recording on your computer at the same time. It takes longer but effective. It may be harder with video but it is still possible.

I don't advocate doing illegal things to intellectual property but if you paid for what you have then you should not have drm restrictions for legal purposes.

[chadbed]

haha too funny

Microsoft is just ridiculous, I mean who stole the code? It has to be a former programmer for them right? Or wait is it possible someone who doesn't make millions or billions of dollars a year is just as smart or is actually smarter then the programmers at Microsoft. This just proves either some people are way too smart or Microsoft is really just that dumb and ignorant and has some Swiss cheese code unlike anything else in the industry.

I can't even imagine what would happen if xp source code was somehow leaked in its entirety. You might as well post everything you have on your computer on the net, and while your at it uninstall yoru antivirus and start downloading and installing every virus you can get your hands on. It would have the same effect.

it's sad embarrassing things like this happen to them on a regular basis. They just don't have code good enough for there success and thanks to them starving the rest of the industry from cash they will remain where they are today.

[Ihaveajob]

"They will remain where they are today."

You mean the most successful company in the world?

[Zymurgist]

Intentionally misleading...

Perhaps it's not obvious, but MS surely
understands that the source code wasn't needed
to implement the approach used by FairUse4WM.
The point of the suit is not to prosecute
infringement, but rather to get far enough in
the process to start discovery. With that, they
can force the identity of the accused to be made
known. It also has the effect of costing him
time, money, causing anxiety, and sending a
message to other DRM-activist software
developers: "we'll make you poor!"

Discovery alone will cost the guy thousands and
ought to be plenty intimidating. Then, MS can
back out of the case when they "find out"
there's no evidence of the source being used.
After that, they can tell the guy that not only
do they know who he is, but also have enough
evidence to prove that he violated the DMCA by
developing the software, then force him to do
what they want or face criminal prosecution.

MS doesn't want to make a DMCA claim against the
guy up-front because they suspect it might not
stand up in court and it's not worth the risk of
being struck down even in part as
unconstitutional. The DMCA is part of the
value-proposition of the DRM in the first place
and they cannot undermine that. The whole idea
of DRM is to use it as a means to bleed money
off a gullible media industry.

[Mike2575]

Right On

This is all a ruse to expose him as it may "chill" further irritants to microsoft. Like I said before, I hope he is well insulated by his peers and never gets exposed.

[chris_d]

the arrogance!

Apparently there is no proof that any source code was stolen, but Microsoft people believe they are 10x smarter than anyone else, so that must be how it was cracked. No one could crack Microsoft software without source!

[philologos]

Those at MS aren't too bright

As other comments have pointed out, one doesn't need source code in order to know how a program works, or how to change it. If you have a program that runs, you also have access to the binary code of the program. AND, when changes are made to "fix a bug" or "close a loophole", the revised binary code can easily be compared with the earlier version, thus highlighting where, how and why the changes were made!! Either those at MS don't know this, or, they are being disingenuous when they accuse someone of stealing their source code (I think the latter). In fact, source code would certainly get in the way of someone who wanted to know what changes MS was making.

These comments apply to all the releases and patches MS makes, not just DRM code.

philologos

[t8]

You can't steal open source

You can only violate the license.

[Klael]

But of course....

The bottom line of it is by now that stealing MS' source code would be essentially a set back to any hacker looking at the code of FairUse4WM and then testing updates for that against any updated versions of windows media player.
Either way copyright generally deals with theft and redistribution for profit (it also covers free redistribution but most companies this big couldnt really care less, or shouldnt anyway)

All MS are really in charge of is encoding the music for WMP users. They can always give the artist a level of safety but no matter who you get to code the protection it is never going to be completely hack proof anyway. The point of all the nagging... well to me it doesnt seem like there is one...