UK Proposing to Disconnect Those Involved in Piracy from the Internet

February 20, 2008

[ad]

Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).

I do hope they can differentiate using torrents to download open source software or creative commons music and videos from the real copyrighted material. They will be basically terminating any Internet suspected of breaching copyright through file-sharing. ISP’s who fail to integrate the initiative will be liable to legal action.

It’ll be a three-strike and out system, first instance a warning, second a suspension and third finally termination.

People in the UK who go online and illegally download music and films may have their internet access cut under plans the government is considering. A draft consultation suggests internet service providers would be required to take action over users who access pirated material via their accounts.

But the government is stressing that plans are at an early stage and it is still working on final proposals.Six million people a year are estimated to download files illegally in the UK.

“The content and proposals for the strategy have been significantly developed since then and a comprehensive plan to bolster the UK’s creative industries will be published shortly,” it added.

It’s pretty worrying I think, is the UK becoming a new homeground for RIAA and MPAA? Much like the US, land of Digital Restrictions Management (DRM). I think intellectual property and copyright should be taken seriously..

But perhaps they should look at the quality of music and movies the ‘entertainment’ industry is producing, the amount they are charging and do a bit of introspection. If a movie is really good people WILL go to the cinema. If an album is good (not 2 good songs and 11 fillers) they will buy the original.

The BPI, the trade body that represents the UK record industry, said internet providers had “done little or nothing to address illegal downloading via their networks”.

“This is the number one issue for the creative industries in the digital age, and the government’s willingness to tackle it should be applauded,” said BPI chief executive Geoff Taylor.

“Now is not the time for ISPs to hide behind bogus privacy arguments, or claim the problem is too complicated or difficult to tackle.”

I’m sorry but how is the ISP going to do packet inspection for every single packet traversing it’s network, then do some kind of hash check on a bunch of combined packets in a stream (only when it’s not encrypted of course) to verify it is copyright content. You can go dropping people from their ISP because they are downloading the latest version of Ubuntu using a torrent.

Source: BBC News

Buffer

Comments

Pantagruel says

February 20, 2008 at 3:33 pm

This will only pave the way for encrypted p2p/torrent clients. I even doubt if an ISP will bother to go as far as deep packet inspection on th massive amounts of traffic they see. They will rather go for a simple blocking of known p2p/torrent ports/clients (some Dutch ISP’s are blocking nntp/torrent and such). The latter can be circumvented by using another port or the prior mentioned encrypted variants, no ISP will block SSL encrypted stuff .
zupakomputer says

February 20, 2008 at 6:34 pm

Yeah, same kinda problems apply in trying to implement such a thing (even if it was in the region of being a good idea, which it’s not for a wide variety of reasons) as were being mentioned in the hacking tools thread.

I like the angle ‘if the films were any good to begin with’ – in total agreement. I only rent films for something to watch when Freeview is rubbish. There’s rarely anything that good that I can’t wait to rent it; the fact I haven’t bothered going to see it at the cinema….
that said – of course I prefer having originals of what I actually like. I’ve spent a fortune importing consoles and games for example and I still prefer to buy CDs – and when I get more room I’m starting/continuing a vinyl collection.
Most films on wide-release went down the Bland Drain headfirst.
Don’t complain if your media is pirated when you’re using templates to make it with, and market it to target-groups in the first place.

And more importantly – what about all the great things being done in folding@home and related sharing networks, distributed clients, etc – all those free and accessible educational and research tools use the same kinds of distributed clients and often the same kinds of file-sharing.
It’d seem maybe whoever the govts tech advisors are have a vested interest in preventing free computing power access and bandwidth sharing – and they’re using the piracy approach as a scare tactic to get the fake-moral-crusaders on their side;

same old methods they always use to ban all kinds of other things:

MARIHUANA: THE ASSASSIN OF YOUTH! = Ban hemp so our chemical patents to turn tree-pulp into paper are used instead of the non-tree non-toxic paper currently in use; ban hemp so biodiesel is forgotten and our petroleum fuel companies take over the market’ ban hemp cause it makes fine textiles and as a crop doesn’t require our patented chemical fertilisers.

I think we all saw the actual contents of that packet, as it passed by with it’s fake header labelled ‘caring about the children’.
Captain Phishy says

February 20, 2008 at 10:01 pm

Ar, these plans could be the berth of me. Shall ‘ave to cut me parrots loose.
eM3rC says

February 21, 2008 at 3:15 am

I personally think that implementing a plan like this would cause more problems than solving the pirating solution. Take the average household. The parents only know enough about computers so they can process word documents, check their e-mail and surf the web. Little 14 year old Chris happens to know a *little* more about computers than his parents and decides to download some music/movies off of limewire/bittorrent, etc. The company flags the downloads and shuts down the internet. What will the parents do now? Thanks to their oblivious son who does not know anything about law, has just cut them off from work/doing their work. Should the parents be punished for their children’s actions even though they were unaware downloading movies online was possible?

Also what about someone mooching off the wireless internet of their neighbor? What happens when the neighbor gets the ban even though they were unknowingly “downloading” illegal content?

The thing about movies now-a-days is they all seem to be the same. There is always a good guy, a bad guy, and sex. Other than that the methods of using these themes seems fairly similar (treasure, money, etc). I will admit that there have been some very original movies released recently, but overall, cinema has been declining in quality (less story, more special effects).

@zupacomputer
Really liked the marijuana part of your post. Great example.

Gotta save my 100th post for something special :)

-I think the addition part of posting does not accept the first answer because it has some kind of timer. I.E. after a certain amount of time has passed the answer is no longer valid.-
goodpeople says

February 21, 2008 at 12:18 pm

I declare those Brits officially nuts. This cannot be implemented without hurting legitimate traffic.
Pantagruel says

February 21, 2008 at 10:33 pm

@eM3rC

You’re quite right, very few parents understand (or even know) what their kids are up to regarding the internet. They endulge in, amongst otherthings, cyberbashing and are by far leeching more then we where ver exchanging through dat tapes or cd’s (damn I feel oldskool). This behaviour will ultimately lead to them being cut-off (and phoning why their internet’s down).

@zupacomputer, you must have been smoking pot ;) , there are plenty of otherthings to substitute hemp and get the same bureaucrat ‘rants’ about them knowing what’s good for us.

The UK is rapily turning into RIAA/MPAA country, I sure hope I will not get arrested at the end of this month just because I used my PDA at a conference and scoured the net.
Captain Phishy says

February 21, 2008 at 11:25 pm

I’ve been a hashish/weed smoker every day solid for over 10 years, hardly missed an evening. I don’t smoke during the day though – I have done in my younger days, and that was great too. But I wouldn’t recommend it during say – classtimes, responsible jobs, monitoring heavy web traffic for security breaches.

I’d recommend it wholeheartedly for vastly improving awful movies, and enduring the other varied onslaughts against sanity that todays world finds an increasing number of ways to unleash.

re: the bot verifier – I find sometimes it times out, othertimes no.
zupakomputer says

February 21, 2008 at 11:32 pm

In the interests of full-disclosure, that was me that posted there. I meant to remove the Captain Phishy joke-handle from my post.
eM3rC says

February 22, 2008 at 2:40 am

@zupacomputer
That was pretty great. Believed the posts were coming from some random troll until you said something about it.

I wonder what kind of effects smoking pot for 10 years straight would have on a person aside from the possibility of oral cancer.

@Pantagruel
I think the odds of them finding anything on you would be one in a million. Unless you have been hacking banks for the last couple of months, I would say there shouldn’t be much for you to worry about.

I wonder how many connections would be terminated because of people wirelessly mooching and kids downloading illegal content off their parent’s internet.
zupakomputer says

February 22, 2008 at 4:19 pm

Effects: none, it wears off after a few hours maximum hence has to be ingested again.

Oddly, and I know not why this is exactly, since I started smoking I got physically fitter and began understanding the kinds of science topics I previously couldn’t get my head around when I was more an arts major. I think that’s probably more to do with not eating rubbish, though it takes psychedelics to care about what the world is made of and why it exists – and to know you can find out.

Interestingly, the human brain contains receptors for THC, which seems to occur uniquely in cannabis.

re: the censors! – the UK was worse than the MPAA for many years, as there was nothing like an Unrated or NC17 certificate here (actually there still isn’t); if a movie was cut, and many were (are still), then that was it – the only way you could see the full version was to import videos from other countries, which also meant having an NTSC VCR – rare in those days, very rare.
Before this new-fangled interweb, I used to swap and so forth movies such as Exorcist, Texas Chainsaw, Clockwork Orange – they were all unavailable here! TCM was even banned in all cinemas except for in London as the GLC gave it a cert. However as of now – it’s been on TV loads of times for free.

As yet another (slight) departure from the precise topic at hand – how about the blu-ray news; not good news in terms of getting rid of the region-encoding nonsense, as HD was the region-free format.
Having region-encoded discs is another good excuse to excuse piracy of films!
eM3rC says

February 23, 2008 at 4:45 am

Interestingly enough, I was talking to an epidemiologist the other day and he was telling me about pot. According to him, the chemical in marijuana have to build up in your system before they actually start causing the effects most people experience when they smoke the drug. IE the first couple times are a placebo =P

Second drug comment. I personally thing marijuana is a far better drug than alcohol. Take driving for example, drunk drivers have the frontal lobe of their brain impaired (controls judgment) so they drive fast and carelessly. High people on the other hand drive amazingly slow and cautiously. What would you rather have, life threatening drunks or annoying but safe pot heads?

Back to the censoring…
That really sucks about the censoring. Although those movies are kinda demented they are classics. Now that you bring those topics up, I really do feel the pain of some piraters. I’ll say that there are always the bad and the good ones. The bad ones downloading stuff just for the hell of it and to piss people off. The good ones, watching classics and other movies worth watching… Not all these shit movies being released these days. Good luck with your epic film watching. If you haven’t seem them already I would recommend Momento as something you should see. Very strange but cool way of doing a movie.

Back to Blu Ray and HD. Toshiba dropped Blu Ray (not sure which format) so it looks like HD (check format) is taking the serious lead now, here in the US.
zupakomputer says

February 23, 2008 at 1:53 pm

That’s certainly true about driving. Pot has this effect where you’re seeing more frames per second, wheras drink has this effect where you’re skipping frames.

I like a drink, but I dislike the way most other people seem to get on drink – loud, uncaring, sloppy, insensitive. Put it this way: I’d never want to live near a pub or a nightclub or bar, but I wouldn’t mind living near a coffeeshop where no drink was served, because you’d never know anyone was there (plus obviously it’d be nearby to drop into).

I think it’s illegal because it encourages people to take a step back and consider things, and because it keeps things un-violent and mellow.

Films: I have seen Momento, but quite a while back. The narrative was different from most films, yes. I like that kind of thing. I found Cypher was kinda similar, and Paycheck (way more Hollywood action-oriented), but they were more linear in how the story unfolded. I’m not so into horrors as I used to be – but I do appreciate the damn good ones. It’s an area with even more cliches than many other genres these days.

Two I’d recommend: Experiments in Terror (shorts collection) and Kairo (the original of remake Pulse).

I’m more into anything ‘avant garde’ and ‘cyberpunk’ these days when it comes to film, and Mystery Science Theatre 3000!
eM3rC says

February 23, 2008 at 6:08 pm

I know what you mean about drink. It seems there are always those people who are amazing to be around when there drunk, mellow, calm, and funny. While there are those who go “ape shit” as soon as they get drunk. Aside from all the drinkers coming out of the bars at like 3am in the morning I think there might also be some problems with prostitution and drug dealers selling drugs laced with some not-so-nice things. A coffee shop or some upbeat cafe would be nice cause of good quality snacks/drinks as well as the people that attend. Drunks or caffeine high people…. hrmmm…..

The government does that a lot. Take the war in Iraq for example. Although I am in full support of the troops over there right now, I would really like to know how the hell Bush was elected over Gore. Lets compare, Bush cannot make a complete sentence with the help of his speech writers… The other candidate won an Emmy… The government doesn’t like its people to think, it likes them to obey.

I have not seem Cypher yet but will add that to my list. Paycheck I did see though and though that movie (story wise of course) was pretty good. I never was a real horror fan but 28 Days Later is my favorite zombie movie (Shaun of the Dead for comedy horror) and Cloverfield for just overall monster movie.

I have not heard of either of those movies so I’ll have to add those to my list also. Thanks for the recommendations!

Mystery Science Theatre 3000 is amazing. No matter what I hope those movies will never die off.

More or less back to the topic… What is your favorite hacker movie? I would vote for either Hacker 2 (the one about Kevin Mitnick) or possibly Enemy of the State (less hacker oriented but very cool story).
Pantagruel says

February 24, 2008 at 3:57 pm

@eM3rC

Wargames, it was run yesterday in the NL, very very old ;)
There are plenty ‘hacker’ inspired movies (Hackers,Hackers 2 – take down) or movies sporting hacking acts (The Matrix, Johnny Mnemonic) but I guess there is no real blockbuster in a serious hacking movie.

It’s not fair comparing a redneck like Bush to an academic scholar like Gore. I have seen Gore’s movie and have my doubts about some points he makes. I pity the American Soldiers down there who went to safeguard the oil reserves with the idea of fighting ‘terrorists. The so called smoking gun was nothing more than a freshly lit cigar and quite a few allies followed the Americans and British without much thought.
It quite absurd that people have to die just to safeguard ‘ a way of live’.
Darknet says

February 24, 2008 at 4:29 pm

I guess I can do a list of Hacking movies for you guys some day.
Bogwitch says

February 24, 2008 at 11:04 pm

Darknet, I would prefer if you could name one GOOD hacking film! :)

@zupakomputer et al. Sorry to say but stoned is impaired. I would not compare it to the level of intoxication you can experience under alcohol but pot can seriously affect your perception.
Darknet says

February 25, 2008 at 1:07 am

What about Sneakers? Or Freedom Downtime?
eM3rC says

February 25, 2008 at 4:27 am

Wargames was another good classic. Die Hard 4 (hacking of course) was amazingly good considering Bruce Willis is around 60 and it was the forth movie of a series. There are very few movies where the second one is better or even on par with the first. Matrix I also liked because of the way it challenged reality. Imagine of hacking eventually was plugging oneself into a computer and fully integrating yourself with the system. That would be awesome :)

I think its fair game to compare the two because they both ran for president. Although some points might be exaggerated you have to remember the general public lives off propaganda. Whether its commercials, shows or the news. I think that “safeguard of life” is life as it is. IE, SUVs, overly large homes, and general wasteful things with the all American nuclear family. I wish people will rely more on negotiation rather than fighting as a first action…

@Darknet
That would be cool although the list would be amazingly long considering almost all spy, terrorist, action movies always have that one guy who is really good at hacking. Why not do like a top 10 hacking movies list and have the posters vote for their top 10?

@Bogwich
I would rather be around a person stoned out of their mind than a person drunk out of their mind.
Bogwitch says

February 25, 2008 at 7:00 am

@Darknet – Sneakers? Really? Not really my taste… Freedom Downtime is one that has excaped me – I’ll see if I can get hold of it.

@eM3rC – Absolutely. Although I’d rather neither were driving.
zupakomputer says

February 25, 2008 at 6:25 pm

I liked Hackers, and agreed that Die Hard 4 was amazingly good, best film I’d rented for a looong time. The Matirx yeah also, although I felt it went the wrong way early on – most movies wait til around the last 10 minutes when they are good films, before going into ‘seen it!’ mode.

Still like it though – the Animatirx is great too!

Sneakers, yup, that was cool. I don’t think I’ve seen Hackers 2. Wargames was one of those films I saw and thought, “I knew it, you can change information elsewhere with a computer!”

As to stoned being impaired…..not sure if you mean while driving, or in general. It depends – it doesn’t impair you when driving, but as I said it isn’t something you’d take if you were in class, or trying to learn or do fast work. There’s meds for that too, but I tend to just take nothing there or have a coffee.

I don’t know how to take how wrong everything started to go; the thing is – the US elections were a shambles for about two months before any decision was even made as to who won. I recall looking at the news one day and being surprised it still hadn’t been called.
I’d have probably voted for Nader, since my sensibilities are completely green – which is another aspect of the shambles; both candidates are Skull and Bonesmen – yet to look at the true history of paganism, masons, templars, and so forth – it’s all about Earth worship. So I look at it more that a) I considered politics a big sham way before 2000 anyway, and b) the worlds full of fake bodies of control that claims to be associated with things they just aren’t a part of.

9-11 just plummeted things even further down the drain, in terms of all that came about because of it at the least. I was just thinking earlier on, how much things suck just cause you can’t even have a smoke (of a cig! not even about joints here) anymore in a cafe; it was bad enough when They banned that from the cinemas, the zombie freaks that They are. I really think what happened because of 9-11 just made those sorts of even-worse laws have a chance of being enforced.

Another evil-of-evils, was when They banned magic mushrooms in the UK. Also after 9-11 and yet more needless proponenting of the ill-fated war economy.
I honestly think only a alien invasion or machines becoming sentient, ironically, has a chance of saving this world. Either that, or I’m moving to the East so’s I can eat my veggie dimsum, and have a smoke at the same time, in some Blade Runner type of world. But I’ll live in the outer green parts, and commute.

As part of some of the cool stuff that does exist however – saw a news story yesterday that an Australian/US company is releasing a game controller this year – that lets you control the gameplay with your mind. I’m looking forward to trying that out. No doubt the brain machine folks will pick up on them for biofeedback units, and telepathic enhancements (because, I presume, your thought waves must have to be pretty accurate for the device to know what you intend).
zupakomputer says

February 25, 2008 at 6:39 pm

Has anyone seen the German film 23 (about a hacker, meant to be based on a true story)? It got like one cinema showing here I think; I was trying to get a subbed copy for a while back and no-one seemed to have it.

re: Enemy of the State – wasn’t that more about survelliance? Ghost in the Shell (and it’s sequel) have a fair bit of reality-virtualreality mixings in them. There’s some anime I’ve yet to see like .hack//sign and Megazone23 that are about getting stuck in virtual worlds.

A lot of way cool video games about hacking computers and being within a computer – Bioshock has that element, and shooter games like Rez, and the Rayforce &/ Raycrisis series.
Definitely check out the cyberpunkreview website for hacking-related films, and approach all Polybius cabs with caution!
Pantagruel says

February 25, 2008 at 7:43 pm

@zupakomputer

You mean: 23, Nichts ist so wie es schein. It’s kinda hard to get a copy. Next time I’m in Germany I’ll scour about.
Hint: do a torrent search

sorry all .otr’s seem to be be bust :(
Bogwitch says

February 25, 2008 at 9:05 pm

@zupakomputer – I have to disagree with you, driving while high on pot is dangerous. Certainly no where near as dangerous as driving while drunk, but your concentration can be way off when stoned. I’ll admit I’ve driven while stoned and often there would be no noticable difference to my driving on other occasions it was clear that my concentration could have been better. That said, driving while chronically fatigued is worse.
I wasn’t aware that the US was playing the ‘blame smokers for everything’ game, too. I do want to quit the ciggies but I’ll be damned if I’m going to be told by a bunch of politicians that I must! There has even been discussion about charging smokers a license fee to buy cigarettes in the UK!
zupakomputer says

February 26, 2008 at 1:28 pm

Disagree if you want; I know it’s not dangerous. It’s actually more dangerous to drive on caffeine & a whole load of perscription drugs than it is stoned.
I tried one anti-depressant once, it had no indication at all on the packet or the inner notes not to drive etc while on it – it munged me out moreso, and impaired me more, than any drink or drug had ever done.
And it was meant to be three a day, every day, for people to normally intermingle in society – I couldn’t even form a thought on one pill.

That said, there’s plenty of people that drive drunk and they never have any problems either. It’s not about what you’re on, it’s the type of intelligence you have and the kind of mindset you have, and although drugs (inc drink) do have specific effects, they don’t affect everyone exactly the same.
It does depend on loads of other things – the company you keep, what you’ve eaten, is the road on a dodgy ley line, etc.

Did you ever see the documentary about the commercial airline pilots that always flew totally blotto? They never had any problems doing so; they did get caught – but it wasn’t because they were impaired, it was because they got spied on.

They should do a study about driving on heroin -a real study, not those fake ones where they pick total idiots that can’t function sober and don’t have a clue about anything. That’d shut all kinds of people up about dangerous drugs. It’s a painkiller whackjobs, what do you think it does.

re: the HD and bluray formats – according to the news stories HD is definitely not being made anymore. Off the bat I don’t recall if bluray has any region 0 recording facility; HD was region-free by default.
zupakomputer says

February 26, 2008 at 2:19 pm

re: Cloverfield !

Definitely one to see then? I’m right into the likes of Godzilla, giant robot, Cthulhu movies.
zupakomputer says

February 26, 2008 at 3:02 pm

re: nootropics, nootropins.

Noticed some of the ubercool overclocking and modding sites are picking up a lot more on brain food products; so I had yet another look around online for that ‘leet haxor’ old time long-known favourite, the area of smart drugs.

And guess what! Over a decade later and the UK is still no closer to legally allowing people to buy drugs that make them cleverer and let them live healthier and longer. It’s impossible to find anyplace that sells liquid hydergine that doesn’t also state that they ‘don’t ship to the UK’. Ho-hum.

I’d first read about these so long ago, in magazines like MONDO2000 and Psychedelic Illuminations. Years back I did manage to find some places that sold to the UK, but as I say, it’s very telling that the situation hasn’t improved at all. Not a smart bar in sight! They’ve only begun to catch on to the organic juice bar & raw food concept of eateries. Someone open a goatrance club with a smart bar already!
Bogwitch says

February 26, 2008 at 5:28 pm

@zupakomputer
Hey, I can only go on my own experience, YMMV. Caffeine has zero effect on me, save the diuretic effect. As I said, stoned I often had no effects but occasionally I allowed my concentration to fade and once I had a fit of the giggles that made me pull over!
A quick question – are you based in the US or the UK?

Re: smart drugs. I’ve not had any experience of these. Surely if they had been proven to work (scientifically proven) there would be pressure groups/ lobbyists from the large pharmaceuticals pushing HARD to get a license?

And don’t get me started about raw food, specifically vegetables. One of my soapboxes! (I’m pro, BTW)
eM3rC says

February 26, 2008 at 11:44 pm

Damn zupakomputer! Talk about a lot of insightful posts!

Ok, I’m going to try and comment on a lot of what you said so please for give the out of orderness of my post.

Drugs – for drivers I would have to say a drugless one is probably the best one although a high one would be better than a drunk one. I also agree with the fact that a lot of the drug tests are very very biased. Like a lot of tests performed by the government they are rigged so the predicted outcome will happen. Drug wise they could use the people who are already heavy addicts for a lot of different things and have managed to already destroy their brains.

I think the effects of some drugs are overemphasized. Taking pot, as the subject drug, I would say it is illegal in many places because of the side effects of “hallucinations” (I know there’s a better word but can’t think of it right now) and such. Smoking on the other hand is just like a caffeine high.

Movies – I have to agree on all the movies with you although I have never heard of 23 or watched an episode of .hack//sign. Enemy of the State was more of a government conspiracy movie with an old guy that happened to be good at computers. Cloverfield was an amazing movie (if you look at it style wise) although it in no way involved hacking.

HD is dead. Blu Ray is guess is the next gen DVD type.

I know im forgetting some of the stuff you mentioned but I need to go to leave for work in 5 minutes so I’ll conclude by saying drugs are ok as long as other people don’t suffer because of them, government does a lot of stupid stuff, many many good movies out there (there should be a hacking movie list on this site), and there is always a way to get drugs into the country. If you have any foreign friends having them order the product, then hide it in something and ship it over would seem to work. Anywho loved your posts zupakomputer and will finish replying later.
Nobody_Holme says

February 27, 2008 at 11:07 am

*facepalm* wheres my MP’s “complain at parliament for you” page gone? Thank god he really does. *yays for good MPs*
zupakomputer says

February 27, 2008 at 5:53 pm

Funny! I’m terrible when it comes to the diuretic effects of alcohol, but with coffee that doesn’t affect me much.

The smartdrugs – you’d think they would get lobbying from the pharm companies, but think about it further – nah, they don’t want people to get well, they want people to be addicted to their drugs. So prescribing things that actually prevent and reverse the likes of Alzheimers isn’t on their agendas at all.
Saying that, many pharm companies do make them – but for whatever reason they aren’t entirely owned by one company or another, in many cases, so the same drugs can be bought
(in the USA it’s legal to buy them with a doctors note, 3 month supply at a time – many folks get them mail order from nearby countries, or just go for a border hop to buy them.
I had a similar experience at chemists in India – you can buy prescription drugs really cheap there, OTC.)
under many different brand names.

And the pharm companies do have problems getting drugs cleared for safety in the first place, there’s horrendously long time-periods slapped on them for approvals – yet many drugs that pass and go on the market are just so bad for anyone to ingest,
it’s very common for someone with an illness to end up on more than one type of prescription drug, permanently, and the drugs are given to them to offset the side-effects of other drugs – an approach that will just make them sicker.

And of course – if the food wasn’t grown non-organically to begin with, then people would be very less likely to get ill.

Plus the reason for so many abusive animal tests is purely because of the ways drug comapnies are expected to prove a drug is safe.
It’d help if more herbal and natural drugs were used in the first place; they’ve been known to work for hundreds of years and more.

I’m UK based; send donations to the Zupakomputer Fund for the Holisitcally Challenged Victims of Totalitarianism and help people that think they live in first world countries realise that they don’t.
tekse7en says

March 2, 2008 at 6:42 am

Jesus H. Christ… talk about comments getting way off topic… lol. But on the topic of awesome hacking movies, maybe darknet should hold a collective hacking-screenplay-writing thing where a bunch of people could pitch in on a bitchin hacking-based movie? At least we could make sure it would realistic.
Pantagruel says

March 2, 2008 at 8:57 am

@tekse7en

lol, guess zupakomputer would pitch in big amounts of brain stimulation substances.
zupakomputer says

March 2, 2008 at 3:31 pm

It’s not really off-topic at all, the topic’s on piracy. Anything that gets outlawed and either shouldn’t be, or is in someway otherwise unavailble (like decent films, which is where the tangenital commentry sprung from) – it’s going to be pirated (copied, smuggled, etc).

What about a better version of Matrix Reloaded with more of the Carcassonne part* – pirate Templars, ar!
‘oist thee jolly roger

*in case anyone missed it, I’m meaning The Frenchman’s castle – it’s clearly a reference to the Cathars and the Visigoths and all that Rennes les Chateau stuff.

Well I always thought so anyway.
zupakomputer says

March 2, 2008 at 3:37 pm

Anyone for cake – that evil East European temporal-dilating drug?

Jammy dodger? Savoy Truffle? Jam on it’s own? Pie-fight in the war room?
Pantagruel says

March 3, 2008 at 9:57 pm

@zupa, you mean space cake, erhhmm jummy 2 slices
zupakomputer says

March 4, 2008 at 2:02 pm

‘Cake’ – the faux drug with time-dilation properties, is from an episode of Brass Eye. I was refering to that, mixed in with a reference to the cake in the same part of that Matrix movie mentioned.
And then other cake refs.; all probably a bit obscure.

“Shmoke and a pancake? […..] Bong and a biscuit?”
zupakomputer says

March 4, 2008 at 6:07 pm

re: hack-ish films. Anyone see Untraceable yet? Is there much networking stuff in it?, or is it more like fear.com or My Little Eye or Devour, one of those horror / dodgy-website movies.
Pantagruel says

March 5, 2008 at 11:51 am

@Zupakomputer

Scoured up Untraceable, it’s a well thought out movie (reminds me of CSI:Las Vegas – Grave danger)
zupakomputer says

March 7, 2008 at 8:03 pm

Well it looks like prickwad’s been spying on what I’ve been typing again:

http://www.dosenation.com/listing.php?smlid=3856

Why don’t you go back to see the wizard G, and ask him for a pair of balls as well this time, so you don’t keep on doing what the enemy programs you to do and say.
Pantagruel says

March 8, 2008 at 12:22 pm

nice link zupakomputer, clearly points out the US ‘view’ on diverse ‘enhancing’ substances
Pantagruel says

March 31, 2008 at 6:50 pm

Virgin media (ISP) will be cracking down on illegal content downloaders

http://www.telegraph.co.uk/money/main.jhtml?xml=/money/2008/03/30/cnvirgin130.xml

but at the same time will offer it’s users a new usenet service which suposedly will be intraceable.

torrentfreak.com/isp-to-voluntarily-disconnect-file-sharers-from-the-internet-080331/

Perhaps Mr. Branson has cooked up a new way to distribute his music via this channel ?? or might they be merely generating the evidence they need to get some conficted for copyright infringements?
zupakomputer says

April 1, 2008 at 1:12 pm

From the first link:

“The BPI has teams of technicians to trace illegal music downloading to individual accounts. It will hand these account numbers over to Virgin Media, which will match them to names and addresses.”

How are they allowed to legally trace any internet traffic down to an account number or IP? Since when is the BPI the police, and have a search warrant that allows them to trace or search communications traffic?

Put it this way: if they suspected someone recieved a copied file in the postal system, would they be allowed to intercept mail, and open it up to see what was in it? Of course not. The internet isn’t any different, it’s electronic communication rather than postal based.

You aren’t even allowed to use recordings of telephone conversations IN COURT, INCLUDING IF YOU’RE THE POLICE, unless you had prior approval to be specifically allowed to intercept and trace the call.

If I was an ISP owner, I’m not saying I wouldn’t listen to complaints about a user, and I’d still look at any evidence presented even if it wasn’t legally gathered, as is the case with all this copyright-related spying, BUT – I’d need more than just say a log file and trace details on it: those can be faked, especially if you don’t actually see them running yourself in realtime. I’d need to hear the backstory – how did you come to locate this person doing whatever it is online? What about them or their traffic made you think they were doing whatever it was?

AND – I’d ask them why they aren’t going to whoever is hosting the sites being downloaded from, and telling them to stop their services.

If it comes to something even more personal, like intercepting transmissions between individual users (ie – they aren’t downloading from websites or servers, they are sending files to one another directly or by e-mail or some such) then I’d be especially interested to find out how they came to be intercepting people’s private communications with one another.
That isn’t hit-and-miss; how many users communications have they illegally spied on, in order to read messages saying something like ‘here’s that cd I copied for you’????

There’s a BIG DIFFERENCE between making someone a copy of a tape or a CD or some such, and pirating loads of material and selling it.

The fact that they aren’t going directly to any providers of the material individuals are accessing proves to me that they are spineless and can’t be trusted.
They’re just like those twats that spend million$ on adverts about paying TV licences and tax discs, and it costs them more to put on the ads and crush perfectly working vehicles than they’d recover in taxes.

I’m not even interested in downloading copied films and music; I just know what this is really about. The sooner other countries start offering ISP access to different countries, the better.
The internet is meant to compensate for some of what’s wrong with offline human society: namely things like borders between countries, taxes on top of goods bought and sold, lack of anonymity, and difficult and costly information access.

Someone should hack all these spying bastards offline.
zupakomputer says

April 1, 2008 at 2:12 pm

A possible heads-up; I think that second link to the torrent news site is a bit dodgy; my browser starter running extremely slow there, then it wouldn’t let me reload it and claimed some default profile was still being used (not an alert I’ve ever seen this browser do in years of use).

However, I’d earlier been at a site I also had never visted before, so it’s possible that one was to blame.
Darknet says

April 1, 2008 at 3:41 pm

No probs here with the second link, TF is a legit site.
Pantagruel says

April 1, 2008 at 7:11 pm

@zupakomputer

Indeed it’s rather strange that a non-govermental body like the BPI will provide such data to Virgin, seems rather illegal.

It seems the ISP’s are stuck between a rock and a hard place. On one side they have costumers to service and protect what their costumers behaviour. On the otherside their are non-govermental organisation urging them to surrender details regarding supposed copyright infringement. Real governmental organisation are forcing them to shed light on internet traffic regarding things like copyright infringments, childporn and possible terrorist behaviour.

The thought of an ISP producing log/trace data to suit the needs of a govermental body is rather sickening, it might be naive but I hope they will resist such temptations.

Getting the distributing side to stop can be rather difficult. Russia (Poetin) for instance has not signed the European Cybercrime Convention so they will be reluctant to do your bidding.

It’s quite funny how, for instance the MPAA or RIAA, has made it their business to pursue the ‘small; fish in the tank instead of going for the proffesional pirates. Guess they just want to show that the average jane/Joe isn’t save from them.

I personally think that downloading actually has enhanced some artists reputations and sales. The bad thing is the music industry is a bottomless pit always wanting more and specialising in one hit wonders instead of solid artists. All the ‘find a new idol in whatever field’ programms are a tribute to this one hit wonder thinking.
zupakomputer says

April 2, 2008 at 3:56 pm

Not only that, I tried looking up Napster’s search recently for two tracks I’m after – one they don’t have, and it’s been deleted for ages off any official releases, the other came up ‘we have track by that artist’ – then provided no links, and no further means of seeing if they had that track or just the artists other tracks, no info on prices or anything either.

So what are you meant to do in those circumstances; you don’t pay in advance to join something, in the event they *may* have what you want…

and what if no-one sells what you want? I’d imagine that if I bothered to list all the tracks I’ve wanted for aeons and never got, cause I’d have to buy a whole album for one song, few of them would appear for legit online downloads.

The usenet service looks promising, although ftp binaries obviously can be downloaded / uploaded already anyway – unless it’s encrypted though, the traffic can still be intercepted and read.
Pantagruel says

April 2, 2008 at 4:08 pm

@zupakomputer

Your right, Napster and alikes might be suitable for the average user not in search for particular artists/tracks.

True, I personally think they should let you have a peek at their content (without download or let’s say 30 sec’s of 10 songs) before you actually join them and pay for their services. Paying just to find out that do not have what you’re looking for is a nice business model but ultimately sucks.

In the end you’ll indeed have to resolve to buying the album containing the one song you want and get the others as unwelcome ‘gift’. (I usually check the left over section for this kind of stuff, but you still feel rather silly that an album would have set you back
zupakomputer says

April 2, 2008 at 4:20 pm

Or what about this one? – I’ve bought a lot of legit goa/psytrance CDs, and found a site that provided the same type I’m into for free. None of them have releases except as whole albums on torrent. Now, I’m unable to use torrent and have no indication of when that’ll change. I’m also not too sure I’m okay with using that kind of a share anyway – anyone could be sending anything down it the other way.

But these clowns claim to be ‘elite’, yet they can only provide one file format (and no bitrate info (ie – the quality of the file they offer off the original MIDI or similar) either I don’t think)! Even if you upload to the archive, for free, they will do all the work for you – sort out all your album tracks* into separate track downloads under every file format you can think of.

I offered to cover costs for them to burn me CDs, and they couldn’t do that either.

Just because it’s ‘free’ doesn’t mean it’s not as bad as the BPI spying or some other aspect of the controlled-phoney areas of music.

*ie – your own made-by-you music / audio; I doubt they allow anything pirated there

Stolen credentials are now the single most reliable entry point into enterprise networks. Compromised credentials accounted for 22% of all confirmed data breaches in the period covered by Verizon’s extended credential stuffing analysis accompanying the 2025 DBIR, making it the most common initial access vector for the third consecutive year. Credential stuffing, the automated replay of stolen username-password pairs at scale, requires minimal skill, costs almost nothing to run, and succeeds at rates that make it economically rational to run campaigns against thousands of targets simultaneously. Multi-factor authentication (MFA) remains the single most effective control against it, yet deployment gaps persist across sectors that should know better.

The Credential Supply Chain

Credential stuffing depends on a supply chain that runs from infostealer malware through dark web markets to attack tooling. Malware families, including Lumma, RedLine, StealC, and Acreed, scrape browser password vaults, saved cookies, and autofill data from compromised machines. The harvested data is identical to what tools like DumpBrowserSecrets extract during post-exploitation: saved passwords, session cookies, OAuth refresh tokens, and autofill entries pulled directly from Chrome, Edge, Firefox, and every other major browser. Attackers package that raw material into structured files known as combolists, formatted as email: password pairs, cleaned of duplicates, and categorised by service type or geography before selling them on.

Combolists trade freely across dark web forums, Telegram channels, and dedicated cracking communities. The initial access broker ecosystem documented throughout 2025 has normalised validated credentials as a commodity. Fresh lists built from recent infostealer logs command significantly higher prices than aged database dumps because they have higher validity rates. The Verizon analysis found that only 49% of a user’s passwords across different services are distinct. That figure is what makes credential stuffing economically viable: breach one service, and there is roughly a 50% chance the same password works elsewhere. Across millions of accounts, that probability becomes near-certainty.

The tooling that drives attacks is openly available. OpenBullet and its successor, SilverBullet, are credential-stuffing frameworks originally released as penetration testing utilities, now standard tools in account-takeover (ATO) operations. They automate the full attack loop: loading combolists, rotating through residential proxies to dodge rate limiting and IP blocks, sending login requests that mimic legitimate browser behaviour, and logging successful hits. Attackers also buy and sell custom configuration files, known as configs, that define the authentication flow for specific target services. Unofficial marketplaces offer configs for specific banking portals, SaaS platforms, and enterprise single sign-on (SSO) providers alongside combolists and proxy subscriptions.

Three Case Studies from 2025

In late March 2025, coordinated credential stuffing attacks hit five major Australian superannuation funds simultaneously: AustralianSuper, Rest Super, Hostplus, Australian Retirement Trust, and Insignia Financial. As BleepingComputer reported on the coordinated attacks, attackers compromised over 20,000 accounts across the five funds, with four AustralianSuper members losing a combined AUD 500,000. The attackers used combolists from prior unrelated breaches. AustralianSuper offered MFA but did not enforce it at login, a gap that regulators identified as the primary enabling factor. Retirement funds make attractive targets because account balances are high, withdrawals are slow to reverse, and many members check their accounts infrequently.

In April 2025, VF Corporation notified customers of a credential-stuffing attack against the North Face online store. BleepingComputer’s coverage of the April incident confirmed that attackers used credentials from earlier unrelated breaches to access accounts and exfiltrate names, email addresses, shipping addresses, phone numbers, purchase history, and dates of birth. Payment card data was not exposed, as a third-party provider handles payment processing. The April attack followed a March incident that exposed 15,700 accounts across The North Face and Timberland. It was the fourth credential stuffing incident against VF Corporation brands since 2020. The pattern reflects a structural problem: tens of millions of customer accounts, high password reuse rates, and authentication systems not designed to detect low-and-slow validation campaigns.

The Change Healthcare breach in February 2024 remains the most consequential recent example of credential-based initial access. The ALPHV/BlackCat ransomware group entered UnitedHealth’s Change Healthcare subsidiary through compromised Citrix credentials on a remote-access portal without MFA, as confirmed in Congressional testimony from UnitedHealth’s CEO. The attackers moved laterally through the billing network and deployed ransomware that shut down payment processing for healthcare providers across the United States for weeks. The incident produced a $22 million ransom payment and an estimated $872 million in reported disruption costs in the first quarter alone. One set of valid credentials on one unprotected endpoint caused one of the largest healthcare-sector disruptions in US history.

Detection and Evasion Techniques

Modern credential stuffing campaigns specifically target the detection mechanisms most organisations have deployed. Attackers bypass velocity-based controls that flag high volumes of failed login attempts from a single IP by rotating through residential proxies. They distribute attempts across thousands of IP addresses so each one generates only a handful of requests, staying below alert thresholds. Third-party CAPTCHA-solving services handle challenge pages, some of which are automated via machine learning and others through human labour farms. Tools that emulate legitimate browser environments, including correct JavaScript execution, realistic mouse movement patterns, and authentic request timing, defeat browser fingerprinting.

The MITRE ATT&CK framework categorises credential stuffing under T1110.004 (Brute Force: Credential Stuffing). Defenders should monitor for several specific signals: unusual geographic distributions of authentication requests, spikes in failed logins spread across a wide IP range rather than concentrated at a single source, and successful logins from IP addresses tied to residential proxy services. Account logins from devices or browsers with no prior history on the account also warrant investigation. The Verizon analysis found that credential stuffing accounted for a median of 19% of all authentication attempts across SSO providers, meaning roughly one in five login attempts was not legitimate.

One underappreciated detection gap is the window between credential exposure and organisational awareness. Dark web monitoring tools available to enterprise teams in 2025 make it operationally achievable to track stealer log markets and paste sites for corporate email domains. Many organisations still treat that monitoring as optional rather than a core detection layer. Credentials circulate in combolists for months before the affected organisation becomes aware, and attackers exploit that window systematically.

Regulatory Response

The 23andMe case produced the most visible regulatory outcome tied directly to credential stuffing. A 2023 attack using combolists accessed approximately 6.9 million customer records. The UK Information Commissioner’s Office fined the company £2.31 million for failing to implement adequate security, specifically the absence of mandatory MFA for accounts holding sensitive genetic data. In March 2025, as Wired reported in its coverage of the 23andMe bankruptcy, the company filed for Chapter 11, with the credential stuffing incident and its downstream legal consequences cited as contributing factors. Regulators in the UK and EU now reference the case as evidence that weak authentication controls constitute a material governance failure, not a technical oversight.

CISA’s 2024 guidance on phishing-resistant MFA explicitly identifies credential stuffing as a primary threat driver. It recommends hardware security keys and passkeys using the WebAuthn standard as the only controls that fully eliminate the credential reuse vector. SMS one-time passwords and Time-based One-Time Password (TOTP) codes provide partial protection but remain vulnerable to adversary-in-the-middle (AiTM) interception, a technique increasingly applied against accounts whose value justifies the extra effort.

CISO Playbook

Phishing-resistant MFA enforced across all externally facing authentication endpoints, including VPN portals, SSO providers, and remote desktop services, eliminates the primary path for exploitation. Password screening against known-breach corpora at login and account creation, using services such as the Have I Been Pwned API, removes credentials already circulating in combolists before attackers can validate them. Rate limiting and progressive account lockout on all authentication endpoints, including API login flows that teams frequently overlook, cuts the volume of attempts that reach the validation stage.

Bot detection that analyses behavioural signals, including request timing, device fingerprint consistency, and session cookie behaviour, provides a second line of defence against campaigns that have already bypassed IP-based controls. For organisations on legacy identity infrastructure, a full platform replacement is not the immediate priority. Enforcing MFA on the externally facing authentication layer, regardless of what sits behind it, addresses the highest-risk exposure first. The Change Healthcare incident is the clearest available proof of what one unprotected endpoint costs at scale.

There is no technical solution that eliminates credential stuffing entirely. Password reuse persists, infostealers continue operating at scale, and combolists will keep growing. The practical objective for defenders is to raise the cost of a successful attack on their specific environment above what attackers can profitably tolerate, and to detect the attempts that do succeed before they compound into something worse. Given that 22% of breaches in 2025 started with a valid credential, organisations that treat authentication hygiene as routine maintenance rather than a strategic priority are already in the breach statistics.

Frequently Asked Questions

What is credential stuffing, and how does it differ from brute force?

Credential stuffing uses real username-password pairs stolen from previous breaches and automatically replays them against other services. Brute force generates password guesses from scratch. Stuffing is faster, quieter, and far more effective because it exploits password reuse rather than attempting to crack unknown passwords. A combolist of 10 million verified credentials will outperform any brute-force dictionary attack against the same target.

What is a combolist, and where do attackers get them?

A combolist is a structured file of email-and-password pairs compiled from data breaches, infostealer malware logs, and dark web markets. Attackers source them from initial access broker forums, Telegram channels, and dedicated credential marketplaces. Fresh lists derived from recent infostealer campaigns are the most valuable because their owners have not yet rotated the credentials.

How do attackers bypass rate limiting and CAPTCHA during credential stuffing?

Attackers use residential proxy networks to distribute login attempts across thousands of IP addresses, keeping per-IP request volumes below detection thresholds. CAPTCHA challenges are handled by third-party solving services, either via automated machine-learning methods or by human labour farms. Tools such as OpenBullet and SilverBullet emulate realistic browser behaviour, including JavaScript execution and mouse-movement patterns, to evade browser fingerprinting controls.

Does multi-factor authentication stop credential stuffing?

Phishing-resistant MFA using hardware security keys or passkeys under the WebAuthn standard fully eliminates the credential reuse vector. SMS one-time passwords and TOTP codes reduce exposure but remain vulnerable to adversary-in-the-middle interception. The Change Healthcare breach, which resulted in $872 million in disruption costs, occurred on a Citrix portal with no MFA. Enforcing MFA on every externally facing authentication endpoint is the single highest-impact control available.

What are the most common targets for credential stuffing attacks?

Enterprise SSO portals, VPN gateways, e-commerce account login pages, financial services platforms, and healthcare provider systems are the most frequently targeted. Retirement and superannuation funds have emerged as high-value targets in 2025 because account balances are large, members check accounts infrequently, and MFA enforcement has historically been optional rather than mandatory.

How can organisations detect credential stuffing attacks in progress?

Key signals include spikes in authentication requests distributed across a wide IP range rather than concentrated at a single source, successful logins from residential proxy IP addresses, account access from devices or browsers with no prior history, and unusual geographic distributions in login activity. Continuous monitoring of dark web stealer log markets for corporate email domains provides early warning before credentials are actively exploited. The Verizon 2025 DBIR found that credential stuffing accounts for a median of 19% of all SSO authentication attempts, so baseline volume analysis is also a viable detection layer.

This article covers techniques used by both attackers and defenders for educational and research purposes. The tools and marketplaces described are documented by security researchers and law enforcement agencies.

Usage: DumpBrowserSecrets.exe [options] Options: /b:<browser> Target Browser: chrome, edge, brave, opera, operagx, vivaldi, firefox, all (default: system default browser) /o <file> Output JSON File (default: <browser>Data.json) /all Export All Entries (default: max 16 per category) /? Show This Help Message Examples: DumpBrowserSecrets.exe Extract 16 Entries From The Default Browser DumpBrowserSecrets.exe /b:chrome Extract 16 Entries From Chrome DumpBrowserSecrets.exe /b:firefox /all Export All Entries From Firefox DumpBrowserSecrets.exe /b:brave /o Output.json Extract 16 Entries From Brave To Output.json DumpBrowserSecrets.exe /b:all /all Extract All From All Installed Browsers

name: Heisenberg Health Check on: pull_request: paths: - "**/poetry.lock" - "**/uv.lock" - "**/package-lock.json" - "**/yarn.lock" - "**/requirements.txt" - "**/go.mod" permissions: contents: read pull-requests: write issues: write jobs: deps-health: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Detect changed manifest id: detect run: | git fetch origin ${{ github.base_ref }} --depth=1 LOCK_PATH=$(git diff --name-only origin/${{ github.base_ref }} | \ grep -E 'poetry.lock$|uv.lock$|package-lock.json$|yarn.lock$|requirements.txt$|go.mod$' | head -n1 || true) echo "lock_path=$LOCK_PATH" >> $GITHUB_OUTPUT - name: Heisenberg Dependency Health Check uses: AppOmni-Labs/heisenberg-ssc-gha@v1 with: package_file: ${{ steps.detect.outputs.lock_path }}

Most Viewed Posts

Search

Recent Posts

Related Posts:

Reader Interactions

Comments

Footer

Most Viewed Posts

Search

Recent Posts

Tags