"Six" in ASCII art lettering

Takedowns

One of the defining features of the Warez Scene is that the game is illegal, although many participants do not consider this most of the time. While the “motivations of warez traders may vary” and “pure profit is not the sole or even dominant consideration for many,” there is, as Gregory Urbas writes, “a widely-shared conception of warez groups, both by themselves and more generally within the online community, as not really engaged in criminal exploits at all, but rather operating on the fringes of officialdom or the corporate world by pirating expensive soft ware and making it freely — or at least inexpensively — available to others.”[^1] Unfortunately, this belief is misplaced as the many lawenforcement raids of pirate groups have shown.

In this chapter, I detail the major raids conducted against the Scene since the millennium. Specifically, I turn to Operation Cyber Strike and associated early raids, Operation Buccaneer,

Operation Fastlink, Operation Site Down, and the most recent bust, the SPARKS raid of 2020. These raids seem to follow a recurrent pattern. The enforcement action triggers a temporary shutdown of much of the Scene, followed by a period of recuperation before it all starts up again. Thus far, every time there has been a raid, the Scene has recovered and recommenced operations almost precisely as before, albeit each time with more stringent security precautions. Often conducted by covert agents, the raids offer another point at which the Scene surfaces into mainstream culture.[^2] Indeed, while it is possible, as I have done, to piece together the Scene from leaks of its own documents on the web, there are relatively few points at which official accounts independently even verify the existence of this subculture. The closest we will get to an official, non-self-published account of the workings of the Scene is when an official US Department of Justice press release is issued. The issue might state, as this one from 2004 has for instance, that “groups exist solely […] to be the first to place a newly pirated work onto the Internet — often before the work is legitimately available to the public” via “‘elite’ sites.”[^3] It is in this way that law-enforcement raids form an important documentary source and archival context in which to read the Warez Scene.

Operation Cyber Strike (1997), Operation Fastlane (2001), and Operation Buccaneer (2002)

Operation Buccaneer was the designation given by the US Customs Service to its raids of the Warez Scene, beginning in October 2000. Buccaneer is usually charted as the first raid against the Scene, but it was actually preceded by Operation Cyber Strike six years earlier, which targeted the Bulletin Board Systems (BBS) precursors to File transfer Protocol (FTP) topsites and on which very little information is available.[^4] That said, a 1997 interview with “The Punisher” claims that Operation Cyber Strike hit some of Razor 1911’s “most prestigious boards” at the time.[^5] A similar but brief interview with The Crazy Little Punk indicated that even at this early stage, it was impossible to avoid raids: “if the feds are going to watch us, they’ll get into our channel secretly and not let us know it. Invite only isn’t going to keep them out.”[^6]

The primary target of the much more ambitious later Operation Buccaneer was the group DrinkOrDie. The US Customs Service referred to this group as “the oldest and most well known” piracy outfit, a claim of dubious merit that many people have called into question.[^7] Other groups hit by the raid included RiSC, Razor 1911, RiSCISO, Request To Send (RTS), ShadowRealm (SRM), WomenLoveWarez (WLW), and POPZ.[^8] A full list of individuals implicated as a result of these raids is shown in Table 2:

+----------------+----------------+----------------+----------------+----------------+
|      NAME      |  SCENE HANDLE  |     CHARGE     |     ALLEGED    |     GROUPS     |
|                |                |                |    ACTIVITES   |                |
+----------------+----------------+----------------+----------------+----------------+
|David Anderson  |                |                |                |DrinkOrDie      |
+----------------+----------------+----------------+----------------+----------------+
|Alex Bell       |Mr 2940         |Conspiracy to   |                |DrinkOrDie      |
|                |                |defraud         |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Richard Berry   |Flood           |Conspiracy      |Hardware        |DrinkOrDie, POPZ|
|                |                |                |supplier        |                |
+----------------+----------------+----------------+----------------+----------------+
|Anthony Buchanan|spaceace        |Criminal        |                |                |
|                |                |copyright       |                |                |
|                |                |infringement    |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Andrew Clardy   |Doodad          |Criminal        |                |DrinkOrDie, POPZ|
|                |                |copyright       |                |                |
|                |                |infringement,   |                |                |
|                |                |Aiding and      |                |                |
|                |                |abetting        |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Myron Cole      |t3rminal        |Criminal        |                |DrinkOrDie      |
|                |                |copyright       |                |                |
|                |                |infringement    |                |                |
+----------------+----------------+----------------+----------------+----------------+
|James Cudney    |BeCre8tive      |                |                |DrinkOrDie      |
+----------------+----------------+----------------+----------------+----------------+
|Ian Dimmock     |                |Copyright act   |                |                |
|                |                |violations      |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Steven Dowd     |Tim             |Conspiracy to   |                |DrinkOrDie      |
|                |                |defraud         |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Andrew Eardley  |                |Conspiracy to   |                |                |
|                |                |defraud         |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Derek Eiser     |Psychod         |Criminal        |                |DrinkOrDie      |
|                |                |copyright       |                |                |
|                |                |infringement    |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Barry Erickson  |Radsl           |Conspiracy      |Supplier        |DrinkOrDie,     |
|                |                |                |                |RiSCISO, POPZ   |
+----------------+----------------+----------------+----------------+----------------+
|Hew Raymond     |Bandido         |                |                |DrinkOrDie,     |
|Griffiths       |                |                |                |Razor1911       |
+----------------+----------------+----------------+----------------+----------------+
|David A. Grimes |Chevelle        |Conspiracy      |Supplier and    |DrinkOrDie,     |
|                |                |                |topsite         |RiSC, RTS       |
|                |                |                |administrator   |                |
+----------------+----------------+----------------+----------------+----------------+
|Robert Gross    |targetpractice  |Criminal        |                |DrinkOrDie      |
|                |                |copyright       |                |                |
|                |                |infringement    |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Nathan Hunt     |Azide           |Conspiracy      |Supplier        |CORPS,          |
|                |                |                |                |DrinkOrDie      |
+----------------+----------------+----------------+----------------+----------------+
|Armvid Karstad  |ievil           |                |IRC             |DrinkOrDie,     |
|                |                |                |administrator   |Razor1911       |
+----------------+----------------+----------------+----------------+----------------+
|Kent Kartadinata|Tenkuken        |Conspiracy      |DrinkOrDie mail |DrinkOrDie      |
|                |                |                |server operator |                |
+----------------+----------------+----------------+----------------+----------------+
|Michael Kelly   |Erupt           |Conspiracy      |IRC bot operator|AMNESiA, CORE,  |
|                |                |                |                |DrinkOrDie, RiSC|
+----------------+----------------+----------------+----------------+----------------+
|Stacey Nawara   |Avec            |Conspiracy      |Courier         |DrinkOrDie,     |
|                |                |                |                |Razor1911m RTS  |
+----------------+----------------+----------------+----------------+----------------+
|Mike Nguyen     |Hackrat         |Conspiracy      |Site            |Razor1911, RiSC |
|                |                |                |administrator of|                |
|                |                |                |The Ratz Hole   |                |
+----------------+----------------+----------------+----------------+----------------+
|Dennis Osdashko |                |Copyright act   |                |                |
|                |                |violations      |                |                |
+----------------+----------------+----------------+----------------+----------------+
|Kirk Patrick    |thesaint        |                |Site            |DrinkOrDie      |
|                |                |                |administrator of|                |
|                |                |                |GodComplex      |                |
+----------------+----------------+----------------+----------------+----------------+
|Sabuj Pattanayek|Buj             |Conspiracy      |Cracker         |CORPS,          |
|                |                |                |                |DrinkOrDie, RTS |
+----------------+----------------+----------------+----------------+----------------+
|Shane Pitman    |                |                |Conspiracy      |Razor1911       |
+----------------+----------------+----------------+----------------+----------------+
|John Riffe      |blue / blueadept|Criminal        |                |                |
|                |                |copyright       |                |                |
|                |                |infringement    |                |                |
+----------------+----------------+----------------+----------------+----------------+
|David Russo     |Ange            |                |Software tester |DrinkOrDie      |
+----------------+----------------+----------------+----------------+----------------+
|John Sankus Jr. |eriFlleH        |Conspiracy      |Co-leader of    |DrinkOrDie, Harm|
|                |                |                |DrinkOrDie      |                |
+----------------+----------------+----------------+----------------+----------------+
|Mark Shumaker   |                |Conspiracy to   |                |                |
|                |                |defraud         |                |                |
+----------------+----------------+----------------+----------------+----------------+

Table 2: Individuals arrested and charged in the raids of December 2001.[^9]

The Buccaneer raids provide a compelling account of how news spreads within Scene announcement files. For instance, the initial NFO that went around the MP3 scene at the time listed a far more extensive list, totaling thirty-two screen names, than the eventual set of those indicted:

BUSTED: HiTech666 (ex-PWZ/ex-FTS/ex-Razor 1911/Myth/Deviance/RTS, Montreal, Canada), jozef (RogueWarriorz, Canada), Elisa (EGO, RogueWarriorz), Bierkrug (RogueWarriorz), Lord Hacker (RogueWarriorz), Axxess (RogueWarriorz), Waldorf (RogueWarriorz), Demonfurby (RogueWarriorz), Dr Infothief (RogueWarriorz), doodad (pop), tenkuken (dod), eRUPT (author of ruptbot, dod, Miami), doc-x (dod council, Miami), heckler (TiL), zielin, sui (tfl/wlw), hackrat (wlw/razor/dod, California), shark (wlw/razor/dod; RatzHole siteop, Australia), thraxis (not busted; but raided — 700 cds and computer; risc, pgc, dod, Queensland, Australia), maverick (from skidrow, not from omega; dod council), sony, bandido (razor, dod council, risc council), eriflleh (dod council, Philadelphia), bigrar (christopher tresco 23 y/o, dod council, risc, ex-MnM, ex-PSF (Proper Stuff), Boston), avec (former fts, rts, rise, former DOD council, razor), buj (cracker; dod council, former rts senior, razor, former corpgods leader, ex-PGC, Durham North Carolina), forcekill (dod, turku Finland), radsl (dod, popz founder, Oregon), chevelle (Dallas), billyjoe (Austin), ievil (dod, razor, an ircop, had retired already, Arnvid Karstad), superiso (inferno; got raided), ^stealth (Oregon), BaLLz (CSR)[^10]

While some of these turned out to be correct — hackrat, eriflleh, ievil, Erupt, avec, etc. — there are many individuals here named who do not appear on the indictment list. Whether this was simply because there was insufficient evidence to charge them remains unclear. What is obvious though is that these initial news reports within the Scene should be understood within the framework of rumor.

Rumor is both a type of message with an uncertain truth value and a dissemination process for that material.[^11] However, the internet has radically changed the nature of gossip and rumor.[^12] At least one key feature of rumor dissemination in the virtual space is the rapidity of its spread, compared to conventional networks, and the apparent network effects of sourcing in which it appears that the rumor has merely circulated without an authoritative source.[^13] Like their cousins in the legitimate world news space, Scene news announcements mutate rapidly as new facts become known on the ground: “RELOAD THE PAGE, CONSTANTLY UPATED! [sic],” one of the Buccaneer news updates reads.[^14]

When we view Scene-wide announcements of busts, we also need to consider that initial reports are not only inaccurate but function as a type of rumor machine that can make or break a Scener’s reputation as well. For instance, the Operation Buccaneer Scene notice says that “BadGirl was accused of narqing on a site in Germany. They got her purged from most sites and deleted from Checkpoint. She use to be in TR, a MP3 release group.”[^15] These news releases in the Scene can quickly become powerful tools by which enemies are denounced. In these types of online spaces, “[o]ur reputation is an essential component to our freedom, for without the good opinion of our community, our freedom can become empty.”[^16] These types of doxxing NFOs that reveal information about an individual for public shaming are weapons for the erosion of reputation.[^17] Even the suggestion that people have been caught can lead to negative reputational inference in the Scene, with a cracker named MoRf remarking that “[o]nly peasants get caught.”[^18]

This issue of reputation and rumor concerning busts is important in order to understand the Scene as a community. In Francis Fukuyama’s not uncontentious analysis, “[t]rust is the expectation that arises within a community of regular, honest, and cooperative behavior, based on commonly shared norms, on the part of other members of that community” and “[s]ocial capital is a capability that arises from the prevalence of trust in a society or in certain parts of it.”[^19] Given the importance to Sceners of social capital and feeling that other members of the Scene can be trusted not to cooperate with law enforcement operations, being named in an NFO file as having been busted, or having cooperated, would have serious consequences of ostracization. For instance, it is claimed that Shark, apparently a siteop of “The Ratz Hole,” “was a police officer in Sydney, Australia.” This would presumably cause alarm. However, the NFO goes on, “[h]e wasn’t an informant though, but rather a target of the busts” — that is, he was a police officer who was also a Scener and not involved in the investigations. It is unclear what effect this type of rumor would have on the individual’s reputation, but it would undoubtedly lead to disquiet. At the same time, Sceners do not believe notices with an uncritical acceptance. As the Buccaneer notice puts it: “ONLY write a message if you are 200% sure that it’s true. we do NOT need any new rumours.”[^20]

We can also trace the way that news spreads between different outlets when there is a Scene bust. For instance, a different announcement source, #dodbusts on EFNET, claimed:

BUSTED: heckler, zielin, wizy (risciso, til), sui (tfl/wlw), hackrat (wlw/razor/dod, California), shark (wlw/razor/dod; RatzHole siteop), thraxis (not busted; but raided — 700 cds and computer; risc, pgc, dod, Queensland, Australia), maverick (from skidrow, not from omega; dod council), sony, bandido (razor, dod, risc council), eriflleh (dod council, Philadelphia), bigrar (dod, risc, Boston), avec (former fts, rts, rise, former DOD council, razor), buj (dod, Durham North Carolina), forcekill (dod, turku Finland), radsl (dod, Oregon), chevelle (Dallas), billyjoe (Austin), ievil (razor, an ircop, had retired already), superiso (inferno; got raided), raftman (Norway)[^21]

Although it is not possible to trace the direction in which this information flowed, the direct repetition of “thraxis (not busted; but raided — 700 cds and computer; risc, pgc, dod, Queensland, Australia)” is a clue that many of these news sources are copying and pasting from each other, recycling the same rumor, albeit with different names in this particular update (wizy, for instance, who appears nowhere else). It is further worth noting that there are reputational advantages in being the person in the news cycle who can be the first to reveal accurate information. Given that most of the Scene works on a who-you-know basis, accurately identifying members of elite Scene groups can be used to the newscaster’s advantage. That is, being the person who can correctly identify, say, that shark was busted and that they were a member of Razor1911 and siteop of The Ratz Hole is, in itself, a form of bragging that one knows the internal

Scene structure and is acquainted with high-status individuals. Indeed, such reporting carries a false modesty, or humblebrag, within it, akin to saying that one “bumped into Mick the other day,” when one means Mick Jagger. We can, therefore, discern a motive in these announcements for the naming of apparently high-ranking Sceners who were not actually busted; naming such individuals and revealing their details confers status on the person who does the naming.

It is also clear that these busts attempt to target key network figures; group leaders and co-leaders who are the nodes through which much of the Scene operates. Such individuals can be understood through the triplicate functions that they occupy. They are career Sceners, they are gatekeepers, and they hold particular dispositions towards the field and the mainstream.[^22] This is to say that, with limited resources available with which to conduct law-enforcement operations, the involved organizations make targeted choices to focus on supposed central individuals. In a structure that appears to be networked, rhizomatic, and dispersed, the efficacy of this approach seems to be questionable. As can be seen through the history of Scene busts, every time that one head of the hydra is severed, another five appear to regrow: “RTSMP3 currently shutdown, but will return in the future.”[^23]

Operation Fastlink (2004)

After the relative success of Buccaneer, the FBI, the US Department of Justice, the Computer Crimes and Intellectual Property Section (CCIPS) of the Criminal Division, and Interpol coordinated to launch a fresh series of raids in 2004.[^24] The largest component of Operation Fastlink was Operation Higher Education, a series of synchronized raids on topsites based at universities “which resulted in more than 120 search warrants executed in the United States, Belgium, Denmark, France, Germany, Hungary, Israel, the Netherlands, Singapore, Spain, Sweden, and the United Kingdom; the confiscation of hundreds of computers and illegal online distribution hubs; and the removal of more than $50 million worth of illegally copied software, games, movies and music from illicit distribution channels.”[^25] These sites could benefit from the relatively high link speeds of university campuses, although such sites sometimes had seasonal shutdowns to avoid detection over the holiday periods. Operations Fastlink and Higher Education were designed to signal that running topsites on campuses was no longer a certain, safe activity. The primary target of Operation Fastlink was the prolific and highly respected release and cracking group, Fairlight, with subsidiary raids against members of Kalisto, Echelon, Class, and DEViANCE.

As with many cracking groups, Fairlight had its co-origins in the Commodore DemoScene, a computer art subculture that focuses on creating short video artworks within self-contained executables. The merging with the illegal warez subculture came when cracks of commercial software began integrating the demo visualizations of the DemoScene, covered in the preceding chapter. Nonetheless, Fairlight was a highly successful Scene group, and a brief digression into its history is merited. Founded in Malmö, Sweden, the group scaled new heights of speed for releases by using a train conductor as a courier to get the latest games from founder and supplier Tony Krvaric (“strider”), who worked in a computer shop, to the cracker Fredrik Kahl (“gollum”). This localization and speed of transfer meant that they could outpace their rivals with ease, beating other groups to the release by a substantial margin.[^26] This focus on the speed of shipment and obtaining supply at pace can also be seen in internal group NFOs, such as Miracle, who created a list of US companies who would rapidly ship software and games and that could, therefore, be used as a supply route.[^27] At this time, trading cracked software was not a crime in Sweden.

The demographic qualities of the individuals involved are also telling and, in at least one case, remarkable. Krvaric has since emigrated to the United States and is now the chairman of the San Diego Republican Party. There, his biography notes that while he was “[b]orn and raised in Sweden,” he claims to have been “inspired by Ronald Reagan’s optimism and unshakable belief in free enterprise, individual liberty and limited government.”[^28] The biography does not specify whether Richard Nixon similarly inspired Krvaric. While, of course, it is possible that Krvaric changed his politics over time, during the period it was alleged that he was involved in Fairlight, he apparently used the slogan “Kill a Commie for Your Mommie,” according to several news sources, demonstrating a right-wing bent even in his teenage years.[^29] Indeed, an early Fairlight demo called “Space Age” appears to show Krvac throwing a Nazi salute in front of an animated dancing Hitler according to news reporting.[^30] Krvac’s desire “to leave Swedish social democracy,” as an article on him in RawStory alleges, challenges the assertion that the Warez Scene should be viewed as a socialistic or communistic enterprise.[^31] Instead, the Scene is an environment of extreme speed and competition — an eminently capitalistic space — and one to which, it would seem, Krvac’s political temperament is well suited. On the other hand, “gollum” — Fredrik Kahl — is now a Professor of Mathematics who has held positions at Lund University and Chalmers University in Sweden, reflecting the extreme level of skill and intelligence required in cracking software.

Although Fairlight started as a legal demoscene enterprise, it was definitively illegal by the time of its later PC ISO (i.e., games) Warez Scene operations. This led to Operation Fastlink. Like previous busts, initial rumors spread like wildfire through the Scene and contained some truth. For instance, an early report on the raids notes that “toxin” of Fairlight was busted.[^32] This tallies with subsequent FBI press releases that identified toxin as Greg Hurley, a supplier for the group. However, the initial Scene bust report did not note that “ripvan,” Nathan Carrera, was also successfully prosecuted and convicted of “serving as a site operator for at least one FTP warez site.”[^33] Indeed, the initial Scene reports, in the case of Fastlink, were, for once, understated. Although the notification states that one hundred people were targeted, this seems accurate because in the US alone, Operation Fastlink resulted in over sixty felony convictions for software piracy offenses.[^34]

Some Scene members had thought that specific subgenres of release were safer than others. For instance, existing sources state that prosecutors were more interested in pursuing mainstream movie and game release groups than other content types.

As Paul Craig writes, “FBI activity focuses on game and movie piracy, not because the FBI considers this to be the largest threat, but because that’s where the money is.”[^35] He also notes the interview with “DOM” where this Scener says, “to date, no one has been sentenced for ripping adult media,” showing a belief that the XXX genre of the Scene is safe, as might be other areas.[^36] (This is possibly because law enforcement does not wish to be seen to be protecting the pornographic industry.) However, a retrospective analysis of the convictions from Fastlink tells a different story and one in which the MP3 division of the Scene became implicated.[^37] Consider, for instance, that Derek A. Borchardt, Matthew B. Howard, Aaron O. Jones, and George S. Hayes were convicted of being members of “pre-release music groups,” Apocalypse Crew (APC) and Chromance (CHR).[^38] While Fastlink primarily targeted Fairlight’s PC ISO activities, the consequences of the raids reached far into various media types.

Operation Site Down (2005)

Unlike other raids that had worked to infiltrate release groups, Operation Site Down in 2005, along with its subset investigation, Operation Copycat, worked by establishing two sting topsites, LAD and CHUD, that were run by an FBI agent, using the handle “Griffen.” Totaling 11 terabytes of data, these sites attracted prominent affiliate groups, such as CENTROPY, and co-siteops who were willing to help with scripting (the user “x000x,” David Fish) and users who brokered relationships (“dact”) with release groups themselves.[^39]

The studies of Operation Site Down and the affidavits of the FBI agent who operated the sting, Julia B. Jolie, are among the most informative legal documents about the Warez Scene. Of these documents, special commendation should go to Jonathan R. Basamanowicz’s Master’s thesis at Simon Fraser University, “Release Groups & Digital Copyright Piracy,” which is both accurate and enlightening.[^40] For instance, in his analysis, taking the arrests and prosecutions as a random sampling mechanism, Basamanowicz can show, of those convicted in this raid, the different demographic breakdowns for each type of individual. While the average age of Sceners was 27.4 years, siteops and group administrators trended above this age at around 29, while couriers and crackers tended to be much younger individuals. Testers and packagers are also substantially above the mean age range for Scene individuals at 40.5 years, but this is skewed by a limited sample of only two people and a standard deviation of 9.2 years.[^41]

The sentence lengths for individuals of different group types are also telling. Release group administrators received the highest sentence lengths, at an average of 22 months, followed closely by suppliers at 18 months. Siteops, on average, received a sentence of 17.4 months, while testers of cracks received 15.5 months. Curiously, crackers themselves seemed not to receive criminal sentences in this analysis. Of the types of individuals who were imprisoned, couriers received the lowest sentence levels, at an average of 4.5 months.[^42]

The court documents and Basamanowicz’s analysis are also fascinating for the defenses advanced for various criminal behaviors. The first is that often defendants pointed out that the piracy element was incidental to their behavior, which was addictive and compulsive. For instance, one defense read, “[m]y involvement in the warez scene had become such a routine in my life that it completely went out of control […]. I enrolled in classes, but seldom did attend them, I stayed up until 5 or 6 in the morning day after day, constantly chatting online and seeing if there were new pirated works to spread around […]. It was the illusion of power and fame that got to me I believe.”[^43] That the activity was piracy was, in some ways, not even relevant to the addictive behavior.[^44] It is true that its illegality engenders the difficulty of participating in the Scene and that there is a high level of competition and danger; for many the behavior is akin to a high-stakes lifestyle. As I have noted throughout, crackers in particular are motivated by the difficulty of the challenge. As Bryan T. Black writes, “his participation in the warez scene was driven by the intellectual challenge presented by the codes and a sense of membership in a collection of like-minded computer-heads on the internet.”[^45] The alternative reality game of the Warez Scene — as a “crime behaviour system,” as DécaryHétu et al. term it — is a communal and social intellectual adrenaline sport.[^46]

In other cases, defenses used evidence that group members had not been pulling their weight to downplay their significance. For instance, although pertaining to Operation Fastlink, “Christopher Eaves, a supplier for the group aPC, was threatened with banishment from the group because of his lack of contribution,” a fact that he used at his trial to attempt to show his lack of influence/impact.[^47] In other cases, though, the prosecution looked at the formal structure of the groups — such as the fact that they had quality assurance mechanisms in the role of a software tester — to show that there was a professional element to these outfits’ work.[^48] Indeed, as Basamanowicz puts it, “copyright infringement of this nature is inherently a crime of organized and purposive groups acting in concert.”[^49] Yet, as Basamanowicz continues, “despite this aptitude, no research has been conducted on the network structure of these illicit networks, and it is unknown if the courts considered such issues when assigning sentence.”[^50]

Basamanowicz’s analysis is also interesting because he asks whether the idea of network centrality correlates to longer prison sentences. That is, in his analysis of Operation Site Down, Basamanowicz sought to work out whether it was in fact the best connected individuals in the raids who ended up with the harshest sentences. It turns out, though, that this not how things work. As Basamanowicz notes, “there are actors in the network who are highly central, and significant to the connectivity of the network, but were over-looked by the courts in terms of sentencing.”[^51] This makes sense when we adopt a rolebased understanding of how the Scene works, and it highlights the weaknesses of the network approach. It is clear that couriers have a high level of network centrality, connected as they are to multiple sites and groups. However, while central in the network, their activities are not central to the activities of procuring the pirate release. They are also individuals who can easily be replaced, whereas crackers and suppliers are scarcer. Hence, while a network centrality analysis can clarify where individuals sit within the network and its activities, connectivity to one another within the Scene is not a benchmark of the relative importance — or the severity of the crime — of individuals.[^52]

PRQ Raids (2010)

While most Scene raids and busts are high-profile events, undertaken by the FBI and other well funded, anti-crime initiatives in the US with grandiose names (e.g., “Operation Buccaneer,” “Operation Fastlink”), several smaller busts have attracted less attention. These smaller raids, like their larger cousins, rarely result in long-term disruption. On the other hand, the low-level continuous threat of smaller-scale raids seeks to create a constant reminder of the danger of legal sanction. It is not clear to what degree this succeeds, given that individuals carry on their activities nonetheless. It is also the case, it seems, that not all raids go to plan.

In any case, an excellent example of the small-scale, ongoingraid philosophy, but one that had an unclear outcome, can be seen in the European raids in 2010. By all accounts, this was meant to be a large raid. Police in fourteen countries swooped in on topsites and attempted to take them offline. Sites in Sweden (BAR, SC), The Netherlands, the Czech Republic (LOST), and Hungary went offline. As the piracy news website, TorrentFreak, noted, “[w]hile there were reports of individuals having been taken in for questioning yesterday, for an operation of this size those numbers seem unusually low.”[^53] It is also the case that TorrentFreak believes that “certain sites probably survived due to the techniques they employed to thwart this kind of an attack.”[^54] The official press release from the Swedish police noted that the “investigation has focused on both those who provide the network with films before they are released on the market, as well as on the servers on which a large number of films are uploaded (so-called Top-sites), and its administrators. The effort in Sweden has mainly been directed at suspected ‘top sites.’”[^55]

It is possible to speculate which of these sites’ security measures worked. The most likely is the system of bouncers. Perhaps the authorities raided a location believing it to be the site, but it was only in fact the bouncer. This would mean that, upon raiding the premises, they would find only a server that forwarded on connections and no pirated material itself. While previous convictions show that operating a bouncer is sufficient activity to merit jail time at least in the US, this is like finding the signpost to a secret cave rather than the cave. Of course, if a bouncer is seized, a site will likely go offline.

There are also some hypothetical defenses against topsite raids, although it is unclear if these are viable or have ever actually been implemented in practice. For example, in Neal Stephenson’s novel Cryptonomicon (1999), the server “Tombstone” is protected inside a room with an electromagnetic coil wound around the doorframe. This means that any hard drive that “was actually carried through that doorway would be wiped clean.”[^56] This is a nice idea in theory. However, as a humorous, online, fan exchange shows, there are many flaws with its implementation in reality, not least of these was that any magnetic field powerful enough to degauss a hard drive would also be sufficiently powerful as to cause potential injury to anyone carrying a ferromagnetic object anywhere near the field.[^57] That is, anyone entering the room would likely notice the magnetic field before they got anywhere near dismantling the server inside. Instead, the measures that yielded protection here are likely more prosaic.

It is also notable that these raids were targeted at the Internet Service Provider (ISP) level, with five officers visiting the hosting service, PRQ.[^58] This host is known as a provider for controversial websites. It has previously provided hosting for The Pirate Bay, WikiLeaks, and even pedophilia “advocacy” groups. As such, the site has become known as a safe harbor for many types of controversial activities. It has also learned to defend them. For instance, as of 2008, the internet technology news site, The Register, declared that PRQ “has amassed considerable expertise in withstanding legal attacks from powerful corporate interests.”[^59] However, raids against PRQ resulted in the disclosure of email communications: “[t]hey were interested in who were using two IP addresses from 2009 and onwards. We have no records of our clients but we’re handing over the e-mail addresses for those behind the IPs. However, it’s rare that our clients have mail addresses that are traceable.”[^60]

The interesting twist in the raids against PRQ is that under usual circumstances, the raids would target the sites themselves. These are often hosted at universities, so any raid at the ISP level would be asking for a university’s cooperation. In this case, the raid deliberately attempted to intercept Scene operations at an intermediary level. This can be tricky from a legal perspective as such providers are usually immune from prosecution for the content they host if they did not, themselves, produce it. This is what is called the “safe harbor” provision of the US’s Digital Millennium Copyright Act (DMCA).

To understand the challenges of prosecuting at the ISP level, it is worth turning to the example of the intermediary level,

Cloudflare, particularly in the legal context of the US.[^61] In recent days, Cloudflare has come under fire for providing services to entities with illegal, or even just hateful, purposes. That Cloudflare did not make editorial decisions pertaining to its chosen customers was at one point vital to its definitional status under US law concerning free speech.[^62] At least two cases in New York state have declared that a publisher is defined by the editorial selection of the material that it elects to publish.[^63] By refusing to select, Cloudflare works around this. In turn, this has effects for DMCA and the legal status of organizations that publish content instead of those that disseminate it. This situation was remedied in part by the 1996 Communications Decency Act (CDA), which protected “any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected.”[^64] In this act, “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”[^65] In other words, digital providers are free to screen the material they host according to their own internal standards, rather than simply those items that are constitutionally protected, and will not be treated as though they were a publisher, speaker, or endorser of that material.

Until relatively recently, however, Cloudflare had operated in parallel with this US law and offered no additional level of screening of material. This changed when it decided to terminate service to The Daily Stormer, a far-right platform, and 8chan, a noticeboard known for its lawless nature. Cloudflare introduced its own moderation system.[^66] At this point, the protection of the earlier cases became invalid, but the provider was protected under CDA. What is clear is that there is no distinction between free speech and action when the act of publishing words is, in itself, the final act of illicit infringement. The Cloudflare example highlights some of the problems for law enforcement in tackling the Scene by intervening at the ISP level. While they may, indeed, garner information about topsite operations by raiding ISP headquarters and demanding that information be turned over, sites are likely to cease operation once this becomes known or to move their location. In other words, gathering information via uncooperative ISPs is likely not an effective strategy.

The mixed fortunes of this operation may be why these raids did not go on to yield high-profile legal proceedings. It is, in fact, difficult even to find press reports on the original raids.[^67] While some Nordic sources report that charges were brought, it is nearly impossible to locate the court cases that were brought as a result of these raids.[^68] It does not help that, at the same time as these raids, the famous torrent-sharing site, The Pirate Bay, also coincidentally went offline, giving the impression that this bust was targeted at a different segment of the piracy pyramid.[^69] What was clear is that there was not a fifteen-year “gap” between Operation Site Down and the SPARKS raids. Instead, law enforcement was operative, albeit at a slower pace and lower level than the higher profile international busts.

The Sparks Raid (2020)

Things nonetheless did go somewhat quiet in terms of significant scene busts for nearly fifteen years. Then, in August 2020, amid the global, coronavirus pandemic, the Warez Scene was thrown into disarray by the unsealing of US indictments against core members of the release group SPARKS and “several linked affiliate groups including GECKOS, DRONES, ROVERS and SPRINTER.” In particular, the documents revealed that in January 2020 an indictment and Grand Jury charges were filed against a 50-year-old British national living on the Isle of Wight. Alongside this was a 39-year-old Norwegian, whom it is alleged went by the handle “Artist” and who remains at large as of September 2020. Finally, for the initial indictments, a 36-year-old American (known, ironically, by the handle “Raid”) was arrested in Kansas and pled not guilty to the charges.[^70]

The Grand Jury indictment filed by or on behalf of the United States Attorney General, Geoffrey S. Berman, alleges a copyright infringement conspiracy in which “[f]rom at least in or around 2011, up to and including in or around January 2020 […] the defendant, and others known and unknown, were members of a criminal conspiracy known as the ‘Sparks Group’.”[^71] While the indictment is light on actual details, it mentions the topsite Scene, alleging that the defendant worked to “compromise the copyright protections on the discs, reproduce and upload the copyrighted content to servers controlled by the Sparks Group.”[^72] The indictments against all defendants were nearly identical to one another.[^73]

The impact of the SPARKS raid went well beyond these three individuals. The piracy news website, TorrentFreak, noted that the “USDOJ revealed that an operation was underway on three continents, with law enforcement partners in eighteen countries carrying out raids and seizures, declaring that around sixty servers had been taken down.”[^74] This included work in the Nordic countries but also in the Netherlands.[^75] An internal “Scene notice” NFO was also spread around topsites and detailed what had happened. The figures here — which, as always, must be taken with a pinch of salt, as there is no such thing as an “official” Scene announcement — claim that twenty-nine sites were busted within fourteen countries. The claim in the Scene NFO was that the Linknet IRC network was compromised by a user in France, allowing federal agents to eavesdrop on communications that were not secured by additional blowfish encryption.[^76]The Scene-wide announcement NFO also indicated that these raids are not likely to deter longtime pirates. Rather than calling for any disbandment, the document instead provides a set of security tips for locking down sites and IRC networks. As the NFO puts it: “we will [be] back and we will thrive again!”[^77] However, the SPARKS raid triggered a historic decline of Scene release outputs in the short term. As charted by TorrentFreak using the predb.org public pre database, on “Wednesday, August 19, there were 1,944 new releases” and just one week later, “a day after the first raids, this number was down to 168 releases.”[^78]

The Efficacy of Raids and Legal Enforcement

Perhaps the fundamental question that comes out of the enforcement actions that I have detailed in this chapter is, do raids and other legal means of disrupting Scene activities have any long-lasting, or even short-term, effects? Are raids and legal enforcement efficacious? This is the question to which David Décary-Hétu turns in his article in Policy & Internet, “Police Operations 3.0: On the Impact and Policy Implications of Police Operations on the Warez Scene.”

Décary-Hétu rightly notes that the high-level Warez Scene is an attractive target for law enforcement as it is “a very (if not the most) important source of intellectual property illegally distributed online.”[^79] The Scene is an organized crime system that even, ironically, has its own internal rules against plagiarism and a mechanism that functions at least tangentially like copyright, which prohibits groups from claiming credit for each others’ work.[^80] At the time that Décary-Hétu was writing, it appeared that large-scale piracy bust operations were on the decrease. As he puts it, it seemed that “law enforcement agencies have moved away from large-scale police operations.”[^81] Décary-Hétu credits this to the “lack of impact” that these operations have had.[^82] However, the SPARKS raid of 2020 puts paid to the claim that these larger-scale busts of the high-level piracy Scene are a thing of the past. Indeed, the sporadic appearance of a police presence may be all that is required to maintain the threat of action, which may function as a sufficient deterrent to those who would be deterred.

In his analysis of the decline of police operations, DécaryHétu compares the Scene to organized drug networks, which share many characteristics (e.g., decentralization, many small actors, high levels of competition). Décary-Hétu points out that in the drug world, there are also similar enforcement problems, namely that actions tend to result only in short-lived reductions in criminal activities and that offenders tend rapidly to adjust to new mechanisms to avoid detection, as the security advice to siteops in the Scene notice about the SPARKS raids shows. On the other hand, the visibility of police operations has been shown to work as a deterrent in some cases.

It is also worth noting that it may be both easier and more difficult, in different ways, to deter people from the type of crime with which we are here dealing. A computer crime involves staying at home and rarely leaving the house. It does not come with the same level of risk and violence as drug dealing. On the one hand, it may be easier to deter people from the crime because there are few coercive threats that group leaders can use against Warez Scene members. Generally, these individuals are free to leave at any time, which is certainly not the case in drug cartels, which have systems of enforced bondage that hold mules and others in servitude with an extreme threat of physical violence. In this sense, it should be easier to deter individuals from participating in the Scene. On the other hand, because the crime is so easy to commit in one sense — that it only involves sitting at one’s desk, regardless of the skill involved — it may be harder to persuade people to leave because the risk is not apparent. That is, the crime appears safe, and so offenders will quickly return to the activity. Décary-Hétu’s analysis shows that each of the above raids had, in the long term, little to no impact on the volume of material that was shared through the illicit practices of the Warez Scene.[^83]

Scene raids are also challenging to enact from a legal perspective because they require international cooperation between law enforcement units, which may be hard to come by. This is particularly the case when offenders are based in jurisdictions that have, at best, only cordial relationships, such as those between Russia and the US. Conversely, in terms of quantitative output, raids do not impact on Scene activities, and Décary-Hétu posits an important aspect of social disruption. The Warez Scene, he notes, is a community of individuals that relies on trust. By injecting federal agents and others into this community, the raids disrupt the long-term trust that members can have in one another. It is also certainly the case that due to the high levels of interconnectivity and network spread of news, true members of the Warez Scene are almost always aware when there has been a major police raid or bust.[^84]

While the majority of articles about legal sanctions against pirates are concerned with prosecutions of peer-to-peer (P2P) users, large-scale raids and busts against the topsite Scene have been ongoing for over two decades now.[^85] For the most part, these busts are episodic and result in sudden, large-scale disruption that then follows a pattern of gradual return to normality in the Scene. In particular, the events that were Operation Buccaneer and Operation Fastlink resulted in massive, near-total, but temporary shutdowns of the Scene. Conversely, the smallerscale arrests and searches, such as the PRQ raids in 2010, paint a more continuous story, one in which raids and investigations are ongoing all the time. Both types of investigation have benefits for law enforcement. If the aim is to deter the activity, then the breakthrough moments of Buccaneer and Fastlink highlighted law-enforcement operations and gave a jolt of fear to those who participate. By contrast, the narrative of smaller scale, but continuous, investigation is helpful to law enforcement for instilling a sense among perpetrators of being continuously watched and monitored. It also helps to damage trust among Scene members who may be more and more reticent to share personal details with each other, which can then disrupt operations.

It is important to note that while most Scene practices take place anonymously in and on private and encrypted IRC channels and servers, there seem always to be weak points that law enforcement officers can exploit. Consider the early days of Fairlight, where gollum received packages by train courier, but founder and supplier Tony Krvaric, strider, clearly knew his name and address. Things are very different now, but it remains the case that if there are copy protections on a disk, it may be necessary to ship the physical item from a supplier to a cracker or copy-protection specialist. While it is possible to use mail routing facilities and P.O. Boxes, for instance, to obfuscate the trail of physical media and postage, these also introduce delays that may cost a release group the race. Indeed, this demand for speed will, in the end, be the undoing of many individuals. To meet the tight turnaround times required in racing to beat copy protections, individuals are likely to take more significant risks concerning anonymity. Security is always a trade-off that must balance protection against convenience. When the balance tips too far in favor of the latter, law enforcement has an opportunity to intervene.Sites also rely on donations of both finance and hardware, as testified by the role of “hardware supplier.” Before 2009, any transfer of money would have been traceable by law enforcement agencies. However, the anonymity of cash at Western Union, for instance, can make this much harder than following the money on Paypal and other online service providers, which provide greater convenience at the expense of security. In 2009 with the release of Bitcoin, tracing financial transactions became a much more complex process. The anonymity of Bitcoin and other blockchain-based cryptocurrencies is certainly appealing for those in the Warez Scene. It allows the easy transfer of funds without the risk of getting caught. At the same time, though, Bitcoin is a problematic currency if used for any real-world purchases because it is so volatile.[^86] Indeed, it is entirely possible that within a twenty-four-hour window, the cryptocurrency’s value will have altered so dramatically as to make it impossible to carry out the intended purchase. There is also as likely a chance that the funds will have risen in value; it just cannot be known ahead of time. Intermediaries that can help to mitigate these problems will inevitably re-introduce the very aspects of regulatory oversight and identity verification whose absence made these currencies appealing to Sceners in the first place.[^87] Nonetheless, Bitcoin poses substantial, new challenges for law enforcement officers who wish to use financial tracing as a mechanism to hunt down site operators.

In this chapter I have detailed the major busts against the Scene over the past two decades, up to the most recent raids on the SPARKS group in 2020. As I argued from the outset, studying formal, legal documents, such as court indictments and DOJ press releases, about the Scene can help cement our understanding of the practices therein, which are usually opaque and only verified by documents produced within the Scene itself. It is also interesting to note that most studies of the Scene focus on these raids in the discipline of digital criminology. Much research into the Scene has been conducted on this legalistic aspect, warping some of the historical understandings in favor of analyses of practices shadowed by industry discourses. It also means that studies of Scene prosecutions often conflate actions against this highest level of the piracy pyramid with action against P2P file sharers. As it has been the goal of this book to document, this is an extreme category error. The motivations, actions, and organization of the Warez Scene are in an entirely different space to those found lower down the piracy food chain. Yet, regardless of whether we reframe the Scene in terms of an alternative reality game, the reality is that the stakes in such a game are extremely high and have often resulted in prison sentences.

Footnotes

---

Next: Conclusions

Previous: Aesthetics

Warez index