Game Mod Developer Caught Deliberately Distributing Malware

Game Mod Developer Caught Deliberately Distributing Malware

It’s sometimes genuinely odd how little attention people pay to their own industry. In 2007, Sony dropped a rootkit onto users’ PCs when they attempted to play an audio CD. In 2008, EA took serious heat for integrating aggressive DRM into its products that directly hampered gameplay. Assassin’s Creed Origins was wrapped in so many layers of DRM, end users blamed the game’s initially poor performance on its DRM implementation (EA denied this, as it would). In aggregate, most gamers are willing to tolerate DRM so long as it doesn’t prevent them from using the software they purchase, harm the performance of their PC or console, and doesn’t install actual, literal malware on their systems.

Given how long topics of piracy and DRM have been hotspots in the PC community, you’d think any game developer would be familiar with them. And apparently, you’d be wrong.

Flight Sim Labs is a company dedicated to “specializing in various add-on products and services for the Microsoft Flight Simulator and Enterprise Simulator Platform (ESP) families.” That’s a specialized market, to be sure — flight sims don’t tend to sell in huge numbers, but they also tend to build a steady community over significant periods of time. Microsoft’s last version of Flight Simulator came out in 2006, yet supporting that game apparently continues to be a viable business strategy 12 years later. I’m a huge supporter of PC game modding, and mods have been shown to extend the useful lifetime of games by creating new game mods, integrating new content, and sometimes fixing bugs that the original developers couldn’t or wouldn’t tackle. So far, so good.

Several days ago, reddit user Crankyrecursion found that FSLab’s A320 package contained malware known as Chrome Password Dump. It does exactly what it says it does — dump your Chrome passwords. Unsurprisingly, gamers have revolted against this, and the company’s CEO has offered a mixture of apologies and defensive explanation.

According to FSL, it added the Google Password Dump malware to its own products to catch a single individual. Flight Sim Labs discovered that this person was distributing authentication codes for the game using offline tools. Here’s how the company head, Lefteris Kalmaris, initially justified its behavior:

[W]e happened upon a particular set of information (username / email / serial number) that would occur recurrently from specific IP addresses. We tried to add more tests in our subsequent installer releases, but the specific crackers were also upping their game in ensuring they sidetracked our installer. We even went so far as to figure out exactly who the cracker was (we have his name available upon request of any authorities), but unfortunately we could not be able to enter the registration-only web sites he was using to provide this information to other pirates.

We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers so we decided to capture his information directly – and ONLY his information (obviously, we understand now that people got very upset about this – we’re very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts.

This type of explanation raises more questions than it answers. Why couldn’t FSL create an account on the sites that were pirating its software? Even if we assume it was somehow blocked from doing so (you might need to know someone in the scene to get access), at what point did it start to seem reasonable to dump a frickin’ piece of malware on everyone’s computer?

Game Mod Developer Caught Deliberately Distributing Malware

This one is easy: There is no situation or instance in which companies have the right to install malware on someone’s computer. The entire situation seems to break the CFAA (Computer Fraud and Abuse Act) in several ways. Now, to FSL’s credit, it has since apologized profusely for this decision and offered full refunds to anyone who wants one. Some of the language used by the studio head, however, seems to demonstrate a failure to understand what people are upset about:

For example, he wrote, “I want to reiterate and reaffirm that we as a company and as flight simmers would never do anything to knowingly violate the trust that you have placed in us.” Quotes like that remind me of a remark Stannis Baratheon makes in A Clash of Kings, the second book of the Game of Thrones series. “‘I am not without mercy,’ thundered he who was notoriously without mercy.”

Flight Sim Labs absolutely did do something to break trust with its customers, period, full-stop. We acknowledge that FSL was attempting to avoid a common problem with DRM — specifically that it punishes legitimate users, while doing nothing against pirates who crack the game. But FSL clearly knew what it was doing. In fact, it told users to omit certain directories from their antivirus software scans, to avoid its own malware being detected.

The company obviously knew its users wouldn’t accept having malware installed on their systems, which is why it attempted to persuade people to avoid scanning certain directories. Even when he responded to the problem, Kalmaras took potshots at crankyrecursion, claiming he was wrong about how the program worked and simultaneously declaring “in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.”

One can’t help wondering how FSL knew that so categorically.

Despite the FBI’s blatant bad-faith posturing on questions of encryption, security researchers generally agree that any piece of software that fundamentally weakens PC or mobile security is unacceptable. It does not matter if the malware was only initially present but later deleted. It does not matter that FSL was trying to catch pirates.

It’s never acceptable to install malware on a person’s system. Not for any reason. If the dev team failed to protest what they were being asked to write, FSL needs a new dev team. If the devs protested and leadership refused to consider their concerns, it needs new leadership. Either way, this isn’t just offensive to a small number of people, it’s a catastrophic breach of trust to almost everyone at Flight Sim Labs. If the only way you can secure your product is by literally installing malware, you don’t deserve to have a product at all.

Continue reading

Microsoft Distributing Spectre, Meltdown, Antivirus Updates
Microsoft Distributing Spectre, Meltdown, Antivirus Updates

Microsoft is pushing new updates for Meltdown and Spectre out via Intel microcode patches. Also, some AV software should be compatible with Windows 10 once again and updates on those systems should resume.