The New Reality of Stealth Crimeware
Anyone who has been in information security recently knows that it has gotten easier for cybercriminals to build stealth crimeware. The malware we deal with on a regular basis grows ever more difficult to find, while high-end targeted attacks such as Stuxnet and other advanced persistent threats (APTs, the abbreviation I hate) are using ever more advanced rootkit techniques to avoid detection.
Cybercriminals use clever stealth techniques to evade detection because it allows their malware to be more effective, live on a machine or network longer, and thus maximize the compromise. McAfee Labs is now at the point where we detect more than 110,000 new unique rootkits per quarter.
To make matters worse, there is another issue that many fail to recognize:
Today’s current OS-based security model is not adequate; cybercriminals know how to get past these defenses every time.
The security industry has to find a new vantage point on cybercriminal behavior to stop and uncover their stealth techniques. It is time for our industry to start looking at security beyond the operating system to gain a more effective view of how cybercriminals operate.
We delve into these and many other issues in our latest report: “The New Reality of Stealth Crimeware,” written by myself and Thom Sawicki of Intel. Download it here.
In order to view this page you need Flash Player 9+ support!
Introduction
Stealth is the art of travelling undetected, of being invisible. Stealth technology allows military aircraft,
Ninjas, and malware to sneak up on the enemy to launch an attack, gain intelligence, or take over
systems and data.
Although stealth techniques are used in sophisticated attacks like Conficker and Operation Aurora, the
Stuxnet attack offers a new blueprint—and benchmark—for how committed criminals can use stealth
techniques to steal data or target computing systems. Stuxnet innovations included a combination of
five zero-day vulnerabilities, three rootkits, and two stolen digital certificates. Powerful toolkits, like what is available in the Zeus Crimeware Toolkit, make stealth malware development a “point- and-click” endeavor, no longer restricted to the most knowledgeable programmers. While there are no definitive industry figures, McAfee Labs estimates that about 15 percent of malware uses sophisticated stealth technique to hide and spread malicious threats that can cause significant damage.1 These attacks form the cornerstone—the “persistent” part—of advanced persistent threats (APTs).
Data Privacy Weather Report – News Roundup for 2011
Data privacy is on the firing line this year with Fortune 500 companies in the scope. It’s been a long shot year with the proliferation of organized crime, its merger with global communications, and further development of horizontal markets to sustain profitability.
alternatives. We’ve designed Dropbox to protect user data against
threats of all kinds, but we’ve focused on helping users avoid the most
common threats: not having current backups, not having any backups at
all, accidentally deleting or overwriting files, losing USB drives with
sensitive information, leaving files on the wrong computer, etc.”
or behind an electric gate, you don’t need to worry that somebody
might attach a tracking device to it while you sleep. But
the Constitution doesn’t prefer the rich over the poor; the man
who parks his car next to his trailer is entitled to the same privacy
and peace of mind as the man whose urban fortress is
guarded by the Bel Air Patrol. The panel’s breezy opinion is
troubling on a number of grounds, not least among them its
unselfconscious cultural elitism (shwing!).
.
Cyber Insecurity
Our society’s infrastructure can no longer function without computers and networks. The sum of the world’s networked computers is a rapidly increasing force multiplier. Today’s businesses are becoming heavily dependent on technology for integration, productivity and organizational scalability. Data is an increasing fraction of total corporate wealth and needs to remain secure while ensuring confidentiality, availability and integrity.
Increasingly, organizations require communications to provide rapid and agile collaboration, information sharing, and connectivity to data sources. Technology enables employees and partners to work and access systems anywhere, anytime – also placing systems at an increased risk by the same token of availability. The protection of digital assets during transport, and at rest on storage devices is essential to the life cycle of information as it transcends the border of physical and logical controls.
The world of security is becoming more complex and threatening every day. This increasing complexity embeds dependencies in a manner that may diminish the frequency of surprises; however, the surprises will be all the more unexpected when they inevitably occur.
Security is becoming a means and not an end; modern protection strategies are quickly shifting toward risk absorption rather than risk avoidance. Service orientated architectures and Web 2.0 technologies are fueling the internet revolution while at the same time rapidly deteriorating the security situation. That deterioration compounds when nearly all individuals and businesses are establishing dependencies on computer and communications systems. It is thus obvious that increasing dependence means ever more difficulty in crafting protections against known and unknown threats to systems.
The traditional network barriers that separated trusted from untrusted and “inside” from “outside” are now disappearing. As more applications become directly accessible to remote users and systems, the concept of the network perimeter becomes increasingly vague and more difficult to protect. Attacks are no longer confined to lower areas of the network stack and target widely adopted systems and software programs, having major implications globally, in all sectors.
Threats and risk are chiefly growing amongst the poorly coded applications, and unsophisticated end-users. Protections need to work together in a concerted effort to reduce risk and mitigate known and unknown threats to computing systems.
Modern day security has become architecture of devices, people and software that work towards providing the best possible layered defense against attacks.
Key drivers:
Increasing complexity
Sophistication of applications and attacks
Financial Gain for Hackers
Workforce Productivity
State & Government Compliance
Those with either an engineering or management background are aware that one cannot optimize everything at once that requirements are balanced by constraints. In engineering, this is said as “Fast, Cheap, Reliable: Choose Two.”. In the public policy arena, we must first remember that the definition of a free country: a place where that which is not forbidden is permitted. No society needs rules against impossibilities and I believe that we are now faced with “Freedom, Security, Convenience: Choose Two.”
For me, I will take freedom over security and I will take security over convenience, and I will do so because I know that a world without failure is a world without freedom. A world without the possibility of sin is a world without the possibility of righteousness. A world without the possibility of crime is a world where you cannot prove you are not a criminal. A technology that can give you everything you want is a technology that can take away everything that you have. At some point, in the near future, one of us security geeks will have to say that there comes a point at which safety is not safe.
A proud member of:
The InfraGard program is a public/private cooperative effort dedicated to improving our national security. InfraGard consists of Chapters throughout the United States. The FBI leads the U.S. Government side of InfraGard. Infragard provides a trusted forum for the exchange and channeling of information and subject matter expertise related to the protection of our nation’s critical infrastrcuture from physical and cyber threats.
Trusteer Rapport – Security tool protects online banking against Botnets
Rapport is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and employees. The product is free for the customers of over 70 different banks, AND can also be downloaded independently of those services for FREE. You can protect any web site you choose outside of the network, and also use the tool with Chrome, IE and Firefox.
[gallery link="file"]Rapport implements a completely new approach to protecting customers and employees. By locking down customer browsers and creating a tunnel for safe communication with the online website, Rapport prevents Man-in-the-Browser malware and Man-in-the-Middle attacks. Rapport also prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only.
Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans. Its proprietary browser lockdown technology simply prevents unauthorized access to information that flows between customer and employee websites regardless of whether these attempts were generated by new or known Trojan variants. Rapport is also capable of preventing very targeted and under the radar phishing attacks.
Enterprises such as banks can easily configure the system to protect customers and employees and begin offering them Rapport software for quick download from their website. Following a simple one time installation process, Rapport begins securing browsers, works in the background and does not call for a change in user behavior – customers and employees can bank and use the internet as usual – thus enabling fast adoption. Rapport comes with a rich management application that enables enterprises to effectively trigger alerts, view and analyze data as well as manage security.
Rapport is focused on preventing online fraud committed by financial malware and differs from Anti-Virus because it:
* Locks down access to financial and private data instead of looking for malware signatures
* Communicates with your online banking website to provide feedback on security level and report unauthorized access attempts
* Allows for immediate action to be taken against changes in the threat landscape.
Features
* Blocks Zeus, Torpig, Silent Banker and other Man-in-the-Browser attacks
* Blocks Keyloggers and screen grabbing
* Blocks Man-in-the Middle attacks
* Blocks Phishing attacks
* Works on both Windows and Mac
* Protects immediately upon install
* Complements other security software
* Transparent to customers and employees unless a threat is detected
* Delivers advanced reporting on current and new threats including zero-day attacks
* Comes with pre-packaged marketing tools and materials
* 24×7 support option
Benefits
* Prevents wire and ACH fraud
* Protects against account takeover attacks
* Deployment within weeks, requires no change to enterprise applications
* Fast notification of threats affecting your customers and employees
* Fast adoption by customers using proven tools
* Added security with no change in user behavior
* Proactive rather than reactive to threats and incidents
Browser Lockdown – This technology specifically prevents unauthorized access to sensitive information in the browser. Before launching the browser, Rapport verifies its integrity, preventing unauthorized modifications to the browser’s executable. Rapport locks down all programmatic interfaces to sensitive information inside the browser while it is connected to a protected website. This prevents browser add-ons and other pieces of software from accessing login information, financial information and transactions based on customized policy created with the enterprise. Additionally, Rapport protects the browser’s memory and prevents any pieces of code injected into the browser’s memory from capturing or modifying sensitive information.
Keystroke Lockdown – Rapport prevents tampering and reading of data by encrypting sensitive information from the moment it is typed into the keyboard until it reaches the browser. Trusteer encrypts keystrokes very low in the operating system’s kernel and keeps them encrypted inside the kernel and user space to achieve this goal.
Communication Lockdown – This technology enables Rapport to verify the legitimacy of the website that the customer or employee is currently using, preventing the submission of sensitive information to fraudulent websites. What’s more, verification of a direct connection with the website and assurance of encryption are also confirmed to prevent Man-in-the-Middle attacks. This technology prevents many ACH FRAUD transactions and efforts of trojans such as Torpig & Zeus.
Actionable Intelligence – All policy violations, such as attempts to read password fields and change web page content are reported to the Trusteer cloud-based fraud analysis service. Trusteer’s team of fraud analysts works 24×7, analyzing information from customers all over the world in order to identify new attack patterns. Advanced automatic update mechanisms allow Trusteer to react immediately to new threats. Organizations are immediately alerted regarding new attacks as they occur, instead of days, weeks, and even months after the fact.
These are not the days of the Nimda Virus, so get protected!
PC users: http://download.trusteer.com/Gcur4Wtnu/RapportSetup.exe
Mac users: http://download.trusteer.com/Gcur4Wtnu/leopard/Rapport.dmg
Good Press…
Trend Micro Press release:
http://us.trendmicro.com/imperia/md/content/us/pdf/stories/smb/ss04corpwfbs50080528_0528a.pdf
“Trend Micro Worry-Free Business Security lets our engineers set up client policies on the server, and block modifications to areas of the system commonly attacked by malware. It works great to stop infections. No longer is antivirus just a reactive solution; with Trend Micro it is proactive.” – Matthew Chambers
Software protection lists can be defined, preventing users from installing unauthorized software on company systems. “We can protect them from what they don’t know,” explained Chambers. “This gives us more control and helps ensure that we know exactly what software is being used.”
“It was easy to upgrade to the new release, and we’ve thoroughly tested it out on all of the PC’s used by our engineers, contractors, and executives. We will definitely be encouraging all of our clients to migrate to Worry-Free Business Security. Fighting malware costs companies money—this solution will cut back on the time spent on remediation and allow us to focus on other infrastructure projects that deliver value to companies.”
“Industry certifications, rankings and internal evaluations all show that Trend Micro evolves to meet the needs of its customers and resellers for continuous protection of IT assets,” said Matthew Chambers, Systems Security Engineer at Corporate IT Solutions.
“Threats to online business environments have constantly evolved, but Trend Micro Worry-Free solutions give customers all-in-one protection. As a service provider, we also appreciate that Trend Micro continues to simplify our job with solutions that are easy to deploy and manage.
NY Times/Nextag blog on web site hacking:
Full Story
Matthew Chambers, a Systems Security Engineer, with Corporate IT Solutions says, “Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected. Applications typically take input information and send it to a database for storage and processing. We interact with these kinds of applications every day, whether its a signup form or a login page for a favorite networking site.”
Network world video interview:
The actual interview was 30 mins long or so with a few dozen questions. Sucks they only used like a 20 second clip towards the end of this video. http://www.networkworld.com/events
The P2P war: Someone is monitoring your activities!
Anti P2P Companies
“Each day BayTSP servers scan the Internet worldwide with multiple satellite and terrestrial feeds at over 50 million bits per second for clients’ assets in inappropriate uses or locations, finding on average over 1.5 – 2.0 million copyright infringer’s a day. BayTSP’s patented “fingerprint” technology allows the company to identify files containing clients’ pictures, music, movies, or logos irrespective of the file name, surrounding frame or pictures……”
You have probably read about and heard of various organizations that actively search out and file lawsuits against people who share copyrighted materials, right?
E.g. download movies, music, games and applications.
The above is a quote from one of these companies (BayTSP). The CEO? A former computer hacker. The methods they use to net people downloading files are working flawlessly. Do you know why? Because up until now, you probably didn’t know what you could do about it.
RIAA
The Recording Industry Association of America (or RIAA) is a trade group that represents the recording industry in the United States. Its members consist of a large number of private corporate entities such as record labels and distributors, who create and distribute about 90% of recorded music sold in the US. It is involved in a series of controversial copyright infringement legal actions on behalf of its members.
The RIAA also participates in the collection, administration and distribution of music licenses and royalties
The RIAA’s stated goals are to protect intellectual property rights worldwide and the First Amendment rights of artists; to perform research about the music industry; and to monitor and review relevant laws, regulations and policies.
As of December 2009, the RIAA has sued more than 35,000 people in the United States suspected of distributing copyrighted works, and have settled thousands of these cases.
- How the RIAA Litigation Process Works
- Directory of Lawyers Defending RIAA Lawsuits
- Parental Liability for Copyright Infringement by Minor Children [PDF 76k] November 1, 2005
- Typical Claims and Counterlcaims in Peer to Peer Litigation [PDF]
- http://brainz.org/14-most-ridiculous-lawsuits-filed-riaa-and-mpaa/
MPAA
Motion Picture Association of America (MPAA), originally called the Motion Picture Producers and Distributors Association of America, is a non-profit trade association based in the United States which was formed to advance the interests of movie studios. Its members consist of the “big six” major Hollywood studios: Buena Vista Pictures Distribution (The Walt Disney Company), Sony Pictures, Paramount Pictures (Viacom—which bought DreamWorks in February 2006), 20th Century Fox (News Corporation), Universal Studios (NBC Universal), and Warner Bros. (Time Warner). The organization produces the well-known voluntary film rating system.
Oberholzer, Felix; Strumpf, Koleman (March 2004). “The Effect of File Sharing on Record Sales: An Empirical Analysis“.
Gardner, George (2007-07-04). MPAA’s Media Defender sets up ‘fake’ site to catch pirates. TECH.BLORGE.COM.
Movie piracy more popular than ever. Computing.co.uk (2007-01-29).
^ MPAA Caught Uploading Fake Torrents. torrentfreak.com (2007-01-11).
Gross, Daniel. “Does a Free Download Equal a Lost Sale?“, The New York Times, 2004-11-21.
These companies who contract the Brand enforcement services are the sponsors of this P2P terrorism. The MPAA (Movie Picture Association of America) and the RIAA (Recording Industry Association of America), Record Companies, Movie Companies, and just about anyone that has content being shared online illegally. They own and manage the intellectual property rights to/for copyrighted materials. Anyone who has content they want protected can hire companies like this and utilize the antip2p technologies.
When you are downloading content that is managed by these people illegally, you are depriving them of money they would have normally received for the use of such content. But they aren’t the ones that actually end up searching you out and sending you letters. The way its been portrayed, you probably figured based on the fact that only two organizations manage this stuff, that your chances of being caught were not too great. After all there are millions if not billion of people online right? Time’s are changing, and so isn’t the business of “Internet-Piracy-Prevention (IPP)” (See AntiP2P Company List)
When file sharing networks such as Kazaa/Fasttrack started to become mainstream, the number of people using these networks increased exponentially. In or around the beginning of 2004, there were OVER 3 million users logged onto the KaZaa network at any given time. Today, there are dozens of p2p programs and networks. Limewire has been downloaded over 200 million times since its inception.
Bottom line is, companies are losing BILLIONS of dollars due to P2P file sharing of copyrighted content. How do you think a trillion dollar like the music/movie industry is going to respond to this? Businesses have taken advantage of the need for people to protect their intellectual property and make every attempt to stop its circulation. They are investing more money into the software to stop you then was put into every filesharing website, piece of software or any other development towards expanding p2p networks combined. Mind you, outside of advertising; 99% of the p2p programs you use have no real value as far as revenue is concerned.
If you are using file-sharing software and actively downloading or sharing files. Whether it’s Limewire, Bearshare, Shareaza, Bittorrent, Newsgroups, IRC, FTP, or WinMX. Or some other filesharing software, it really makes no difference.
These companies have developed software to connect to ALL of these different network types, they are presently on ANY NETWORK that trading or file sharing occurs on. (publicly accessable of course)
Every time you log onto a p2p network, you are connecting to these companies’ dozens if not hundreds of times per session. They pose as clients, hubs, leafs, supernodes, ultrapeers etc.. The software they use is developed to interact with the networks the same way a traditional client does.
But this is not one person sitting behind a computer, this is an enterprise (business) sized computing setup, using high powered internet connections and thousands of addresses to emulate individual users. The way p2p networks work nowadays is that, in order for everyone to be aware of files, they have to be aware of everyone else. There is not usually a ‘central hub’, that keeps user and file information. You sign on by piggybacking to one user (hub) and become a leaf. Lists of users as well as files are passed around through hubs and circulated throughout the network. When you search, you connect to every hub/user available looking for ‘hits’ on files. You will connect to hundreds of users per minute doing ANY type of search.
Even if your using a firewall, some type of security software. Behind a corporate network, behind a school network you will be connected to. The antip2p company clients emulate real ones. The only difference is, once they obtain you’re computer number (IP) they will Connect to you’re machine and attempt to take screenshots and other evidence of the files on it. Clients often have a feature to ‘browse’ other users enabled by default. Think about it, how does your firewall know the difference between what clients have good intentions and other’s who don’t. You’ve configured you’re firewall to allow the P2P program you run to work right? That is about the end of it as far as the filewall is concerned. It’s an ‘exception’ to a very simple set of rules which either allow or deny a specific type of traffic. It cannot disseminate between these companies and legitimate clients. Because these companies are using software to mimic regular clients for gathering evidence.
These companies sit on p2p networks 24 hours a day, 7 days a week, 365 days a year. Will and do connect to your machine and use a variety of tactics to stop you from sharing files. Gather Evidence against you for lawsuits. Attack you’re machine, filling it with requests to crash you’re P2P Software.
You cannot see 99% this going on in the background, but there are some things you probably did not know were the cause of (Software Hang Ups, Slow Computer Performance, Blue Screens, Slow Downloads, 100′s of fake search results) Etc..
Here is a clip from one company, so that you can better get idea of who they are:
“MediaDefender uses a range of technological countermeasures employed on P2P networks to frustrate users’ attempts to steal/trade copyrighted content. We have a proven track record of adapting to challenges and successfully protecting our customers as new technologies and networks arise.
Decoying and Spoofing are the most commonly known techniques that we employ. We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title. Pirated files will no doubt be on the networks, but with our protection applied it would be easier to find a needle in a hay stack than a real file amongst our countermeasures”
If you think this kind of activity does not affect you, you’re dead wrong. I’ve been sharing files for many years on these networks, back on AOL when we had no centralized way to find each other by using P2P. I’ve watched all these networks grow, helped design software. Researched these companies, countermeasures and helped design software to stick it to them.
That is basically what this article is about. Doing what you can to ensure that you never connect to these companies.
These companies use software that automatically performs these activities, they do not need to pay a room full of people to sit at desks. They have HUGE networks full of servers running this kind of software, the process is 70% automated. I’ve seen hundreds of connection attempts even after the filesharing software is closed for HOURS. They are relentless and VERY AGGRESSIVE.
If you’ve used most software you’re aware of ‘Sources’. Its people that have the same exact file and can simultaneously provide you pieces of it. Well, these companies will trick your software into thinking that they have this file, using thousands of virtual clients (computers) at a time. You’ll have 133 sources, all sending you pieces of a file that when verified do not come together, subsequently you have to re download them. You just keep downloading fake pieces of files over and over… This will cause downloads to stay at 33% for example, and other types of behavior you’ve been clueless to recognize.
If your like most people, you don’t know dick about the internet and how it works. You have just identified the software you need to get what you want (Music, Movies, Porn, Games Etc..)
Maybe all you knew before this point was how to load up your favorite program, search, and find what you need right?
The people who wrote your file sharing program it will take care of all these problems right? If a file dosen’t work, just search it again and try another one right?
Have you noticed its gotten a little bit harder to find files that work lately? Its only going to get harder. None of the programs you currently use have any type of software integrated into them to block or thwart these companies efforts.
I’ll explain how to find the best quality files, avoid detection, and ultimately give it to those companies trying to stop you from doing what you do. (sometimes illegally)
Protowall
The easiest program to use currently out now is called ProtoWall. This program uses lists of computer addresses called a ‘blocklists’. These lists are maintained by people who track, monitor and hunt down computers being used by the antip2p companies we talked about. They maintain lists updated daily for Government agencies, Local/Federal/State police, Antip2p, Computers infected with viruses, and a lot more.
———————————————————————-
The Protowall website is located at the following link:
Peerguardian or http://phoenixlabs.org/pg2/
Or you can download it direct from sourceforge.com;
http://prdownloads.sourceforge.net/peerguardian/pg2-050918-nt.exe?download
Note: This link is for XP/2000/2003.
The blocklist lists are hosted and maintained by Bluetack.
- When you first install the program you can choose lists to load in, and several other options. The basic ones you want are: P2P, Hiijacked, Gov, Trojan.
- Make sure you “Allow HTTP”, a lot of times you will visit web sites that are being blocked. Outbound HTTP (Web browsing) has no need to be filtered the sites belong in ranges of computers being blocked, it’s not the intention to block the sites. With http blocking on, you will be unable to connect to some sites and services. Always try to turn off peerguardian to see if that fixes you’re problem.
- When you set it up, try to disable (“log connections”, “show allowed connections”, don’t block http!)
You’ll see a lot of information, all you need to do is let this program run. Uncheck the box for log allowed connections, you only want to see what is blocked.
The Peerguardian website has plenty of FAQ (Guides) on installing the software.
If you’re looking for other programs like peerguardian try Protowall.
Good luck (Don’t forget to check out the list of companies at the bottom of the page),
Matthew http://www.infostruction.com
————-
“The P2P war: Someone is monitoring your activities!”
“To the best of our knowledge, this work is the first to quantify the probability
that a user will be monitored i..e. interact with a suspicious IP address. Using
Planetlab, we conduct large-scale active measurements, spanning a period of 90
days, from January to March, spread over 3 continents, yielding nearly
100 GB of TCP packet header data. A naive user is practically guaranteed
to be monitored: we observe that 100% of our peers run into blocklisted
users. In fact, 12% to 17% of all distinct IPs contacted by a peer are blocklisted ranges. Interestingly, a little caution can have a significant ect: the top five most prevalent blocklisted IPs contribute to nearly 94% of all blocklisted entities we ran into. This information can help users to reduce their chances of being monitored to just about 1%.”
Just imagine, that was last year. Before half of the companies at the bottom of this list existed. You can find this paper here AntiP2P Testing
AntiP2P Companies
Activated Content Corporation
Alliance Against Counterfeiting And Piracy
Altnet
ACCS: Association of Copyright for Computer Software (just japan related?)
Access Integrated Technologies, Inc.
Antipiratbyrån
APG AntiPiratGruppen
Attest Systems Inc, also Copyright Compliance
Audible Magic
AEIA : The Australian Entertainment Industry Association
AIMIA : Australasian Interactive Multimedia Industry Assoc.
ARIA : Australian Recording Industry Association Ltd
Artist House Publishers Co., Ltd
ASCAP
The Australian Copyright Council
BASCAP – Business Action to Stop Counterfeiting and Piracy
Bay TSP
BigChampagne LLC
BMI
BPI (British Phonographic Institute)
BREIN
Brilliant Digital Ent. (see altnet)
British Musicians Union
Broadchart Limited (owns netpd)
BSA- Business Software Alliance
Buma Stemra & Cedar (Netherlands)
CacheLogic
The Canadian Motion Picture Distributors Ass
Cinea (owned by dolby)
Copyright Assembly
Copyright Compliance see Attest Systems Inc.
CRIA- The Canadian Recording Industry Association
Crosswarp Inc
Copy Protection Technology Working Group (CPTWG)
Cyberverse
Cymphonix
Cyvelliance
Digital Security Co.
Dtecnet
DTEC International/DataTex Engineering
The Entertainment And Leisure Software Publishers Assoc. (ELSPA)
ESA- Entertainment Software Ass (formerly IDSA-Interactive Digital Software Ass)
Envisional Limited
FACT- Federation Against Corporate Theft
FAST- Federation Against Software Theft
Friend Media Technology Systems
GEMA-German society for musical performing rights
GÜFA
GVU (the)
Grayzone
Identity Systems aka Search Software America
Internetpiraterie portal
isuppli
International Federation of the Phonographic Industry
International Federation Of Producers Of Phonograms And Videograms (swedish)
Internet Enforcement Group (IEG)
IIPA – the International Intellectual Property Alliance
IO Group dba Titan Media Inc (porn company going after file sharers)
I.M.R.O : Irish Music Rights Organization
IRMA – the International Recording Media Association
< (see>Joltid>
Kontiki
Lancope
Landwell (legal arm of pricewaterhousecoopers)
Liberty Media Corporation
Logistep AG
Loudeye (bought overpeer)
Macrovision
MarkMonitor, EmarkMonitor
Marksmen
MCPS : Music Copywright Protection Society
Mechanical Copyright Protection Society (MCPS)
Media Defender Inc
Media Enforcer LLC (owned by baytsp now)
MediaForce
Medialink
MediaSentry (part of safenet)
MediaSignature
MIPI (Music Industry Piracy Investigations) part of aria
Monitored Networks
Music Industry Piracy Investigation (MIPI)
MPA : Music Publishers Association of US
*MPAA – Motion Picture Association of America *major movie companies listed
NameProtect
NAMM : U.S Music Trades Organization
NARM : National Association of Recording Mechandisers
Nareos, Inc
Netarc Ltd
NetEnforcers
NetPD
Net Enforcers Inc
Net Sentry Inc
News Corporation
New York Software Industry Association
Nexicon, Inc
Nokia (see Identity Systems aka Search Software America)
NMPA : National Music Publishers’ Association, Inc
Nuke Pirates
OnSystems, Inc. (media defender)
Overpeer
p2p engineering
Palisade Systems
Peersentry
Peerscent Inc
Performing Rights Society
Philips Content Identification
Pinkerton Govt Services
proMedia
The Publishers Assoc.
Quibus
Ranger Online Inc
Retspan
*RIAA – Recording Industry Ass of America *(major music labels are listed as well)
Safenet (MediaSentry)
Search Software America aka Identity Systems
SAMIA (South Australian Music Industry Association)
SAZAS – Society for protection intellectual property (slovenian)
SESAC
SIIA – Software Information Industry Association
SOCAN
SPARS : Society of Professional Audio Recording Services
Snocap (in drm list as well)
SoftwareShield Technologies Inc
St Bernard Software
Technorati
Teletrax
Thomson
Trident Media Guard
Vidius
Viralg
Web Sheriff
West Australian Music Industry Association
WIPO – World Intellectual Property Association
XMBC
