The Dark Side of IT: The Top of the Piracy Pyramid


My last blog already, time is flying! Let’s be honest, I didn’t start blogging out of free will but I actually kind of liked it. Just writing about interesting topics, giving my opinion and people joining the discussion. Can think of worse thing to do! I might continue blogging, but in the mean time follow me on you like IT and especially cyber security, be sure to follow we on twitter!

Now on to my last post! You all might have seen Jarro talking about Eriks piracy fine on this blog. For a while I’ve been interested in how online piracy actually works. When you occasionally download yourself (perfectly legal it seems) you might notice that a lot of ‘releases’ have a group mentioned and they even have there own information sheet (.nfo, this example of FAIRLIGHT). This got me interested into internet piracy and the fact I could not find any concrete information on this really triggered me. I did found this one clue, the pyramid of internet piracy in the image below. In this blog I will look at the top of the piracy food chain to find out what goes on in this dark corner of the Internet. So click read more below!

Illegal downloading is a big these days, really big. With the speed of Internet connections increasing, downloading a piece of software or a movie takes less and less time. But uploads do take more time, so that got me wondered: how does a popular movie get spread so fast. By just using torrents it would take ages for it to spread. This is where the terms “release groups” and “topsites” come in. There seems to be a whole scene involved in releasing and spreading pirated material, called the warez scene, often just called The Scene. This is a fascinating world with its own hierarchy, as the pyramid indicates.

So how does the pyramid work? Quite simple actually: a supplier, usually someone in the entertainment or software industry gets their hand on a non-released item (be it a DVD, BluRay, CD or software package). Release groups have contact with these suppliers and crack the software or rip the movie/music. The files gets uploaded to a high speed topsite and from there get spread to other topsites and eventually becomes available for the masses to download using P2P, torrents and usenet.

But where does this originate? This scene started somewhere in the early 70’s when the first commercial software began to be protected. This urged crackers to reverse engineer these protections and release a protection free version of the software. The Internet was, from the beginning, something where everyting could be shared, even protected software.  A global cracking scene emerged and today it is said to be grown to over 200,000 people according to this documentary (there is also a book on this topic, but it is in German:

And now a little bit about how it works. Topsites are large FTP servers with lots of terabytes of storage connected to fast internet lines, mostly 1 gbit/s or more. These sites are often located at companies or universities where fast internet connections are available. The servers are paid for by scene members and secretly installed at their locations. These sites got affiliated release groups which release pirated materials onto these sites and most groups are on more topsites. They can upload releases in secret directories, so no one is aware of what’s being uploaded. Once a command is given, the release gets public on the topsites and starts to get traded by couriers. They will start at spreading the release to other topsites and eventually will trade to less quality sites on for example 100 or 10 mbit lines. From there the step to mass downloading is made.

But why would you risk jail time by running a topsite or being a supplier /release group? There is not much information about this, but it seems like The Scene is a highly organized group of people, with some characteristics of gang culture. It is hard to get into, because you need to either be a supplier or releaser or own a topsite. Once you are in everything is about competition: you want to be the best release group or currier with the best topsite. People from in the scene say it is really addicting since you can access a lot of pirated material from fast servers and often before your friends can, so it is probably also about excitement.

This giant infrastructure of piracy is off course highly secretive. Everybody communicates through proxies and bouncers using IRC, so no one can listen in. The topsites also use IP registration and bouncers to stay off the radar and mostly are maintained by network administrators, so they won’t get noticed. This being said, it seems almost impossible for law inforcement to get a hold of this underground infrastructure. Whenever they do get success it is mostly done by infiltrating, just like with  other criminal gangs; the FBI for example created two topsites themselves to get information on release groups and couriers in Operation Site Down . In Operation Buccaneer they also made some arrests in the Netherlands, most of them at universities like Delft and Twente (known for their early adoption of high speed networks). But like with every “bust” they can only target small piece of the global scene and although doing damage, the remaining part of The Scene continues and locks down even more. Therefore law enforcement has not been able to kill the top of the piracy food chain.

In this post I tried to make clear how the world of online piracy is operated as a highly organized infrastructure, almost comparable to real life criminal gangs.  I hope this is all clear to you, if not please place a comment. Like this? Follow me on Twitter!

Last but not least, an interesting article from Wired about topsites: You can also look at this series in order to get a better understanding of The Scene:


Tags: , , ,

About Robert Boerrigter

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: