The untold story of illegal peer-to-peer network activity on campus

***

Open Sesame

In the Lair of the 40 Thieves

You already know who they are.

You've known since the earliest weeks of your freshman year, when you first logged in to WPI's campus-wide file sharing network. You probably didn't recognize their pseudonyms, and you most likely didn't know them by their real names. Perhaps, when you first got on, they hadn't even banded together yet. But they were still there.

They were the ones who kept the wheels of the internal peer-to-peer network turning. They were the ones who ran the DC++ hubs, who wrote the code that kept those hubs a step ahead of the IT security personnel at WPI's Network Operations Center. They were the ones who shared their files and took requests for new content; the ones who met in secret and conversed only through encrypted channels.

When they decided to band together early last year, they called themselves the 40 Thieves. And even if you've never downloaded an illegal file in your life, if you're a student at WPI you've most likely heard about them anyway. You probably even know that last month, the 40 Thieves were shut down and DC++ was disabled.

But what you may not know is why-or, more appropriately, why now, over a year after they were first formed-NetOps cracked down; why a select four students have been summoned before WPI's Campus Hearing Board on charges of violating the Code of Conduct, and why the rest of the group was not. The short answer is that a few of the 40 Thieves allegedly got greedy. The long answer, of course, will take a bit more explanation.

"It's always been DC++"

I'd only been at WPI for a week when I first learned about DC++, the ubiquitous peer-to-peer downloading tool used across campus to share just about anything a student might want, from music and movies to software and pornography. An article in the New Student Orientation issue of the student newspaper referenced "the network," and a passing question to my RA got me the download link.

Three years later, I have over 100 DVD-quality movies on my external hard drive, along with complete ‘rips' of a dozen different television series. I'd estimate that three out of every four songs in my 250+ hour music collection were illegally downloaded. I'm running fully-functional, ‘cracked' versions of Autodesk Maya 8.5 Unlimited and the Adobe CS3 Master Collection, and until recently I had a cracked copy of Microsoft Office 2007 installed.

By all accounts, I'm a fairly average DC++ user. And according to the 40 Thieves, they got together because there were people like me around.

I sat down with one of the founding members of the 40 Thieves a couple of weeks ago to discuss the organization. In the interest of protecting him from potential reprisal and to provide him with the freedom to speak openly, I granted his request for anonymity and refer to him here with the pseudonym Gabriel. His comments were corroborated by a second 40 Thieves member and two outside observers close to the group.

His story began simply. "A few people wanted to organize a group to help get new material on the hubs," he said. "Some of us had Usenet access, some knew how to get around [NetOps' block of] BitTorrent. But the goal of the 40 Thieves was always to provide a service to the students."

Not that file sharing hadn't been common at WPI long before the 40 Thieves were formed. "It's always been DC++ on campus. That's the college's file sharing program," he said. "There actually used to be a DC hub, with an address that got passed around by word of mouth." The hub itself, meanwhile, would be passed from trusted host to trusted host.

Unfortunately for its fans, downtime was common. The server box was easy for NetOps to track, despite being passed around, and blocking it was a simple affair. So once the 40 Thieves got together, its members began working on a networking protocol that would allow for decentralized file sharing. Called Dtella, the program was based on the same protocol Purdue University students use to share files on their own internal network. It could be run simultaneously with DC++, allowing for direct connections between users without the need for a central server.

With Dtella in place, DC++ ran for several months without significant hitches. But the 40 Thieves were just getting started.

"The Shift"

Cracked or non-DRM versions of copyrighted files and software are often collectively known as ‘warez,' while the community that specializes in producing and distributing such files is referred to as the ‘Scene.' For those groups that are part of the Scene, as in any secretive or exclusive organization, membership is a mark of personal distinction and communal respect. Plus, it's got perks: "You get high-quality stuff really, really fast," Gabriel explained. "It's a mark of honor on the scene to be the first to release a file."

Getting there, however, can take some time, and requires violating copyright law, as a group has to prove itself willing and able to contribute."You either have to produce content or pay money. Paying money buys a box for hosting and sharing. So you either produce, or you help with the infrastructure."

Once they got Dtella running smoothly, the 40 Thieves began working towards both. During the network's final weeks, regular users of DC++ may have noticed the first steps of production: a few ripped DVDs began showing up as ‘40 Thieves Releases.'

Gabriel was quick to point out, however, that while "this was the shift from downloading to producing, the decision wasn't made by everyone. Not really. A subset of the group decided to start doing releases, in the hopes of eventually making it into the Scene."

But unlike the decision to release branded warez, the decision to become part of the Scene's distribution infrastructure was made as a group, when they met face-to-face for the first and last time.

"We reserved a room in the basement of the library," Gabriel told me. After introductions (the members calling themselves by their online pseudonyms, rather than their real names), the meeting got down to business: helping to build infrastructure. "They were planning to buy a seed box to do BitTorrent seeding, in order to get into the private trackers. We couldn't do the sort of seeding necessary [from on-campus]."

Since downloading files through BitTorrent requires uploading files at the same time-a process known as ‘seeding'-a dedicated computer with a significant amount of bandwidth is needed to upload and download large amounts of files. "The idea would be to have all downloads and uploads on the seed box, and then download files from the box in chunks to someone off campus to get around bandwidth limits. [The leaders] asked everyone for their official stance: Are you willing to support it? Are you willing to pay a certain amount of money each month for it?"

Not everyone said yes, but not everyone had to, and in the end, "they put down money and bought it. It was being purchased at some location in the UK-a company that would provide boxes cheap, set up to seed and download BitTorrent files."

How far the 40 Thieves would have gone to gain entry into the Scene will never be known. A few days after the meeting, NetOps pulled the plug and shut the group down.

"The Benefit of the Doubt"

It was a sudden and decisive crackdown, and for the 40 Thieves, it was more than a little painful. Of the group's 20+ members, a handful landed weeklong Internet bans, forcing them to temporarily relocate all their online work to one of the public terminals scattered across campus.

Most of the rest landed yearlong bans of wireless and residence hall Internet access. Some have found ways around the bans, setting up routers through friends' net connections or masking MAC addresses behind other computers. Others have simply relocated themselves to the lesser-used computer rooms in the subbasement of Fuller Labs, resigned to remaining there through much of next year.

But four were summoned before the Campus Hearing Board, charged with alleged violations of the Code of Conduct and Acceptable Use Policy. Two out of the four, both upperclassmen, were tried earlier this month; the first was put on probation, while the second was suspended and is unlikely to graduate on time. The other two, including one freshman, will face the Hearing Board early next year on similar charges.

The evidence against the 40 Thieves, particularly the four summoned before the Hearing Board, was gathered by the personnel at NetOps over the course of several months. Although NetOps refused to comment on the specifics of the case, Sean O'Connor, the Assistant VP of Information Security and Networking, pointed out that everyone was given a punishment or charge that fit his particular infraction. Some believe that a select few "poster children" are being hung out to dry before the Hearing Board, but O'Connor said that "no one's getting picked on. Everybody who's getting charged is getting charged for actions they committed.

"We could be a lot stricter than we are," he continued. "We could shut you down so you couldn't do anything wrong. We'd shut you out from a quarter of the Internet while we were at it. But it's an educational institution. We have to be more open. We have to let you guys do and explore different things. Do we hope you'll stop? Yes. But we like our students. We really don't want them to go to hell."

The 40 Thieves situation is, of course, a rare one. The level of organization and the scope of the group's actions point to circumstances that, had they not been nipped when they were, could very easily have gone the way of federal law enforcement.

The philosophy of NetOps was that, by handling the situation internally, what could have been a life-changing series of choices may instead lead to a powerful object lesson. "It's about making sure our students are okay," O'Connor said. "I've never seen a case where the Judicial Committee hasn't given the student the benefit of the doubt. Every single time."

"Keep on Blocking It"

According to O'Connor, NetOps' approach to activity monitoring at WPI is far more hands-on than other universities'. "Some colleges will post educational material on their website, and that's it," O'Connor said. "We take a hand in the livelihoods of our students. Ohio State, gets about 1500 Cease and Desist orders from the RIAA every month. WPI gets three to four a year."

It's in how NetOps responds to the orders that makes WPI different, he said. "When the RIAA gives us one, they can forget about it, because they know we'll handle it internally. Ohio State and MIT just pass the Cease and Desists along to the students. We bring the student in, talk to them, and tell them, ‘Don't do that again. Here's the reason why you shouldn't.' 95% of those students don't show up in our office a second time." The RIAA and personnel at the Network Operations divisions at Ohio State and MIT could not be contacted for confirmation by press time.

A battle continues to rage between the administrators at NetOps trying to guide students without putting them on rails, and the students who, 40 Thieves membership or not, will keep doing everything they can to provide warez to us users. NetOps' hope is that the students will recognize where the line of demarcation lies between right and wrong, and stop modifying protocols like Dtella and DC++ to get past bans. They're quick to say, though, that "if you keep on modifying it, we'll keep on blocking it."

With the 40 Thieves shut down, NetOps can, for the moment, get the last word in. What's left is to see whether the students will elect to listen.

Close sesame.

***