• On GameSpot: Games now packed in with Xbox 360's!
advertisementAT&T Tech Support 360

September 26, 2006 4:19 PM PDT

Microsoft sues over source code theft

By John Borland
Staff Writer, CNET News

Last modified: September 27, 2006 3:02 AM PDT

Related Stories

Hackers crack Apple, Microsoft music codes

 September 1, 2006

France rolls over on iTunes DRM-busting law

 June 23, 2006

DRM key to Linux's consumer success?

 April 7, 2006

MP3tunes.com shuns digital rights management

 February 9, 2005
Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code.

For more than a month, the Redmond, Wash., company has been combating a program released online called FairUse4WM, which successfully stripped anticopying guards from songs downloaded through subscription media services such as Napster or Yahoo Music.

Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

"Our own intellectual property was stolen from us and used to create this tool," said Bonnie MacNaughton, a senior attorney in Microsoft's legal and corporate affairs division. "They obviously had a leg up on any of the other hackers that might be creating circumvention tools from scratch."

In a Web posting early Wednesday morning, Viodentia denied using any copyrighted Microsoft code, and released yet another version of his tool.

"FairUse4WM has been my own creation, and has never involved Microsoft source code," the developer wrote. "I link with Microsoft's static libraries provided with the compiler and various platform SDK (software development kit) files."

This latest round of copy-protection headaches comes at a delicate time for Microsoft. In a few months, the company plans to launch its own digital music subscription service, called "Zune," paired with an iPod device rival of the same name. The package will compete with services from Microsoft's traditional partners, such as Napster and Yahoo.

The Zune service and device will use their own flavor of digital rights management, and this will not be directly compatible with Microsoft's partners' products, despite being based on the same Windows Media technology. The company is taking great pains to assure its partners that their PlaysForSure-branded products are still state of the art.

Two-pronged approach
At the moment, Microsoft is taking a two-pronged technical and legal approach to FairUse4WM that goes beyond the scope of its earlier DRM battles.

On the technical side, it is pursuing much the same strategy as in the past: studying the hacker's tool and trying to update its Windows Media technology to block it.

Indeed, the company's Windows Media copy protection technology was designed from the start to support swift updates that would address inevitable cracks. That has long been part of the technology's draw for record labels and movie studios, which are fearful that content protection flaws will lead to films and music being swapped freely online.

Microsoft's copy protection has been cracked before and then quickly fixed. Company representatives said that the FairUse4WM tool, despite its developer's success in breaking through the company's first patch, is simply triggering the same kind of security review that has happened in the past.

"This particular circumvention doesn't change that reality at all, or affect the underpinnings of the system," said Marcus Matthias, a senior product manager at Microsoft. "This is not quite as 'cat and mouse' as some people might have you believe."

The crack's unusual longevity has caused ripples of worry inside the digital media community, however. One service provider, the British network BSkyB, even temporarily canceled movie downloads.

Representatives from other services say Microsoft's previous rights-management security updates have been successful and expect this effort ultimately to be no different.

"One of the great features of the Windows Media DRM is its renewability," said Bill Pence, chief technical officer at Napster. "When the DRM system is compromised, we can incorporate updates with minimal impact on users, and we expect to do the same with the current patch."

Using courts to track a cracker
However, the federal "John Doe" lawsuit, along with "dozens" of legal letters sent to Internet sites that are hosting the allegedly copyright-infringing tool, is a decidedly different tack for Microsoft.

The copyright lawsuit was filed in Seattle federal court last Friday, without a name attached. Just as in the recording industry's many lawsuits against accused file swappers, it targets an unknown individual or individuals, whose true identity will be sought in the course of the case.

For now, that means going to the Internet service providers for Web sites where the original FairUse4WM tool was released, in hopes of tracking down an IP address or other digital traces that might lead to the developer, MacNaughton said.

Microsoft is also contacting other Web sites that have posted the FairUse4WM tool, asking them to remove the software, on the grounds that it contains copyrighted company code.

Company representatives declined to speculate on exactly how "Viodentia" gained access to copyrighted source code. The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said.

So far, little is known about the developer, who has used the pseudonym "Viodentia" in several online postings at a site called Doom9.org. "Viodentia" could not immediately be reached for comment.

After spending an unaccustomed month of grappling with the problem, Microsoft representatives stopped short of promising their latest Windows Media update will be impregnable--although certainly, the hope is that a third patch won't be needed. Viodentia's newest release, posted online Wednesday, will test the strength of the company's latest approach.

"Any time we put out an update, it is our hope that it will be as efficacious as possible," Matthias said. "It is our hope that the technical mitigations that we've put in place will do something to impede this circumvention."

Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed, but has shown that the business of keeping it, or any rights management system, secure is increasingly becoming a full-time job.

"Any DRM out there is going to be cracked," GartnerG2 analyst Michael McGuire said. "More important is how the technology service reacts. Someone has to be keeping an eye online all the time now, looking for the next time."

See more CNET content tagged:
copy protection, hacker, source code, digital-rights management, Napster Inc.

Add a Comment (Log in or register) 90 comments (Showing first 20 comments)
RE: Microsoft sues over source code theft
by protagonistic September 26, 2006 7:14 PM PDT
And we should believe the MS because? So far all we see is
allegations and no proof that what they are saying is true. Anyone
want to bet we never see the proof?

Let's face it, it would be very embarrassing to MS if the guy really
was doing this on his own. I would not put it past MS to outright
lie about it to protect their interests.
Reply to this comment View all 3 replies
Who buys Windows Media format?
by zeroplane September 26, 2006 7:52 PM PDT
If you do buy media in windows media format then you deserve all the pain you will get with the DRM software and the control you give up. Frankly I haven't found any music, movie, or video that I couldn't get not in windows media format. There really is nothing I have found yet that makes me want to buy anything with DRM in it (Micro$oft or Apple)
Reply to this comment View all 2 replies
Zune?
by gmycyk191 September 26, 2006 7:58 PM PDT
Ok, they're sending a team of lawyers to fight for "Zune"

"Your honor, we believe we can show Zune was illegally... On behalf of Zune... At this time we?d like to Zune to the stand..."

The judge, "Excuse me counselor ? what the hell is a Zune?"

MS should loose the law suit simply on the fact they were dumb enough to call a product Zune!

Gotta Zune now... stay Zuned for details... What the Zune!

Whatz your favorite Zune phrase?
Reply to this comment View all 2 replies
DRM only hurts people who are buying content
by unknown unknown September 26, 2006 11:25 PM PDT
not the pirates. There are many easier ways to get the content than trying to crack Microsoft's DRM. For Movies, ripping the DVD is easier since CSS is easily cracked and the key can be brute forced in matter of minutes. For music, ripping a CD is easier than cracking the DRM used by iTunes, Napster, or Rhapsody. I think Cory Doctorow used analogy of having a bank safe with three steel walls and one made of cardboard. Why go through steel when you can go through something easy like cardboard. Going forward with renewable copy protection like AACS for the next gen DVD players, smart crackers won't release the crack (or least not the key they used) but just the product of it, the ripped movies. Some of those honest users that were burned by the overly strict DRM on their purchased content might decide they're not going to deal it any more and get the content sans the DRM that keeps them from enjoying it (the content) the way they want.

It a loosing battle and Microsoft and the Studio are on the loosing side, if they continue to punish the people who pay. It just a slap in the face to do the right thing and be treated like crap.
Reply to this comment View all 4 replies
Microsoft Code
by pnayini September 27, 2006 7:55 AM PDT
Everyone in the computer field knows Microsoft code is weak. Lets accept it, they suck I know writing code which is hack proof is hard, but if every thing that they comeup with is hacked what the hell are they doing.
How many Lawsuits will they file, stop doing that and concentrate on developing good tools first, You are a software company NOT a legal company do what you can do best and then only you will survive.
Bottom line -- Microsoft sucks
Reply to this comment View reply
Stealing from thieves
by NerdPatrolAJ September 27, 2006 8:52 AM PDT
I wonder what the course of history would have reflected if the laws pertaining to intellectual properties were in force during Microsofts inception. For those in the know...its laughable for Microsoft to cry about source code being stolen. I like MS products, hold MS certs, and pay for my software...but how can MS hope to recoup damages from stolen code...when they first stole the code that is the precurser to existing code. As mentioned earlier in another post, the only people losing are the legitimate buyers, and the artists...but I have a feeling the MS isnt going to bat to champion these people.
Reply to this comment View reply
Yeah But!!
by sma7769 September 27, 2006 9:48 AM PDT
Isn't this a little of the proverbial pot & kettle deal not to forget people living in glass houses, shouldn't thro stones? How many times has MS been accused of swiping code and ideas? Treat others as you want to be treated yourself right.
Reply to this comment View reply
Good For Goose & Gander
by rjriley5000 September 27, 2006 10:45 AM PDT
I most certainly do not condone theft of intellectual property. But if theft is going to occur it seems that Microsoft, an admitted member of the Coalition for Patent Fairness:) aka. Coalition for Patent Piracy should accept that what is good for the goose is also good for the gander.

Microsoft has a well deserved reputation as a patent pirate in our community. They are also infamous for doing whatever it takes, including committing fraud on the court (Eolas). They are brutal and desperately need training in ethics and morality.

As soon as Microsoft starts respecting other's intellectual property rights I will start rooting for the protection of their rights.

Ronald J Riley, President
Professional Inventors Alliance
www.PIAUSA.org
RJR"at"PIAUSA.org
Change "at" to @
RJR Direct # (202) 318-1595

Aspiring inventors should visit www.InventorEd.org
Reply to this comment
Isn't MS abandoning Plays4Sure DRM anyway?
by Arbalest05 September 27, 2006 11:04 AM PDT
There are several issues here. Microsoft likely has no proof of the allegation that this hacker (who they know only by his/her alias) has access to their source code. To prove their charge, they would almost have to catch the hacker with their source code. If he/she indeed had the source, that would imply an "inside" accomplice. I'm sure they must know each person that has access to the source of the patch that they released, so that's a good place to start looking for this hacker.

A bigger issue is that the PlaysForSure DRM technology is incompatible to Microsoft's premier music DRM available only in their Zune platform. The DRM that has been cracked by Viodentia is soon to be an orphaned technology. Microsoft is going to leave their PlaysForSure partners out to dry on this one.
Reply to this comment View all 2 replies
Like Stealing a Pinto!
by Sumatra-Bosch September 27, 2006 11:12 AM PDT
The thieves are lucky the thing doesn't blow up before it gets out of the parking lot. Might as well steal the emergency exit plans for the Titanic.

Roberto
Reply to this comment
Microsoft is teh ghey
by Mike2575 September 27, 2006 12:16 PM PDT
I hope V never reveals himself and I hope Microsoft never gets their claws in him. He's a genius as far as I'm concerned and I wish those connected to him shield him.

All I have left is....

WHERE DO I SIGN UP FOR HIS LEGAL DEFENSE/FUGITIVE FUND??????
Reply to this comment
IRONIC!!!
by SeizeCTRL September 27, 2006 1:45 PM PDT
Here MS is complaining that a hacker has "studied" their code and created a tool to bypass it... and they send in their army of lawyers!

Yet MS is doing exactly the same thing by "studying" the FairUse4WM code to develope a way to bypass it's bypassing features.

If I was dude, I would have copyrighted my code and then sued MS for violating the DCMA :]
Reply to this comment
"not easily accessible ?"
by SomeLlama September 27, 2006 2:17 PM PDT
from the article:
"The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said."

Meaning= we don't want to admit anyone who knows how to decompile code or how to use a hex editor can figure this out...



LOL
Reply to this comment
These Redmond guys are scams.Welcome to digital fascizm.
by t3st3r` September 27, 2006 2:54 PM PDT
These DRM things are really getting annoying.What a sucking idea to offer to buy DIGITAL RESTRICTIONS for your own moneys and declare that you criminal and pirate if you're not accepting rules of such unFair game and download\buy pirated things WITHOUT stupid and illegal restrictions which are restricting my legal rights.

Let's admit there is a way better solution: just WATERMARK media files.So user's rights are not restricted but it is still possible to track pirates.Watermarks could be so hard to eliminate that anyone who did pirated could be held responsible even if converted\slightly changed copy leaks.
Reply to this comment
MS is better than Apple for sure..........
by shehzad September 27, 2006 5:30 PM PDT
MS DRM tech is realy great to use and it will help to sell more ZUNES. It's(ZUNE) Microsoft first mp3 player with online music store(included monthley subscriptions service). I think it was very important to peoples who don't want to buy ipod+ itunes. Now they will have one big name software comp mp3 player with online music store. The future of mp3 players and online buying music is in favor of MS. Because it's windows vista(coming soon) which will include ZUNE marketplace sofware.
Reply to this comment View all 3 replies
Why use FairUse4WM?
by Myron.S September 27, 2006 6:08 PM PDT
It'll get to the point where high-fidelity will not be the desirable thing so just connect the headphones or line out of the media player to the line-on on a computer's sound card and record the output. If Microsoft develop some sort of water marking to the audio to prevent this then I'm sure someone will be able to send the analogue audio to some over device and then onto a CD or an MP3. The DRM relies on a chain. Break the chain and any DRM copy-protection is worthless and useless. Yup! Tried the technique before I posted this comment. Audio is ever-so slightly less perfect but it's still sweet (and unsrestricted) music to my ears!
Reply to this comment View reply
haha too funny
by chadbed September 28, 2006 12:18 AM PDT
Microsoft is just ridiculous, I mean who stole the code? It has to be a former programmer for them right? Or wait is it possible someone who doesn't make millions or billions of dollars a year is just as smart or is actually smarter then the programmers at Microsoft. This just proves either some people are way too smart or Microsoft is really just that dumb and ignorant and has some Swiss cheese code unlike anything else in the industry.

I can't even imagine what would happen if xp source code was somehow leaked in its entirety. You might as well post everything you have on your computer on the net, and while your at it uninstall yoru antivirus and start downloading and installing every virus you can get your hands on. It would have the same effect.

it's sad embarrassing things like this happen to them on a regular basis. They just don't have code good enough for there success and thanks to them starving the rest of the industry from cash they will remain where they are today.
Reply to this comment View reply
Intentionally misleading...
by Zymurgist September 28, 2006 7:22 AM PDT
Perhaps it's not obvious, but MS surely
understands that the source code wasn't needed
to implement the approach used by FairUse4WM.
The point of the suit is not to prosecute
infringement, but rather to get far enough in
the process to start discovery. With that, they
can force the identity of the accused to be made
known. It also has the effect of costing him
time, money, causing anxiety, and sending a
message to other DRM-activist software
developers: "we'll make you poor!"

Discovery alone will cost the guy thousands and
ought to be plenty intimidating. Then, MS can
back out of the case when they "find out"
there's no evidence of the source being used.
After that, they can tell the guy that not only
do they know who he is, but also have enough
evidence to prove that he violated the DMCA by
developing the software, then force him to do
what they want or face criminal prosecution.

MS doesn't want to make a DMCA claim against the
guy up-front because they suspect it might not
stand up in court and it's not worth the risk of
being struck down even in part as
unconstitutional. The DMCA is part of the
value-proposition of the DRM in the first place
and they cannot undermine that. The whole idea
of DRM is to use it as a means to bleed money
off a gullible media industry.
Reply to this comment View reply
the arrogance!
by chris_d September 28, 2006 11:51 AM PDT
Apparently there is no proof that any source code was stolen, but Microsoft people believe they are 10x smarter than anyone else, so that must be how it was cracked. No one could crack Microsoft software without source!
Reply to this comment
Those at MS aren't too bright
by philologos September 28, 2006 11:56 AM PDT
As other comments have pointed out, one doesn't need source code in order to know how a program works, or how to change it. If you have a program that runs, you also have access to the binary code of the program. AND, when changes are made to "fix a bug" or "close a loophole", the revised binary code can easily be compared with the earlier version, thus highlighting where, how and why the changes were made!! Either those at MS don't know this, or, they are being disingenuous when they accuse someone of stealing their source code (I think the latter). In fact, source code would certainly get in the way of someone who wanted to know what changes MS was making.

These comments apply to all the releases and patches MS makes, not just DRM code.

philologos
Reply to this comment View reply
 See all 90 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET