Site Returns After Piracy Crackdown

A public Internet site that offered information on the underground software piracy scene was back online Thursday, only days after it was "seized" by the Department of Justice.

Even as the DOJ trumpeted its seizure of the ISONews.com Web site on Wednesday, however, the actual Web site content was still available online. That suggests the government took control of the ISONews.com domain name, without seizing the actual servers where the Web site content resided.

Now, the ISONews.com site has reappeared at a new domain, stolemy.com, registered to a Tim Dorr.

The DOJ did not respond to a request for comment.

DOJ Action Discussed

The site appears to be identical to the original ISONews.com site, with visitors participating actively in the online discussion groups devoted to various aspects of software piracy.

One especially active discussion thread, entitled "US DoJ vs. ISONEWS," contained over 400 messages posted between Wednesday and Friday afternoon.

The discussion thread chronicled the dawning awareness among ISONews devotees that the U.S. government had taken over the site's domain name, www.ISONews.com.

At first, members speculated whether the site, which was modified to display a warning from the U.S. Department of Justice and the U.S. Customs Service, had been hacked or whether the site's owners were playing a joke.

An expected delay in propagating the DOJ's change out to domain name servers (DNS) across the Internet meant that many users did not see the government's message even as late as Friday, adding to the confusion.

While many members waited for a further government clampdown and said their farewells to the site, other ISONews.com members proposed moving the site.

A post by an ISONews.com member named Uncle_Mart suggested that David Rocci, also known as "krazy8", the Blacksburg, Virginia, resident whose arrest and subsequent plea agreement with the government led to the seizure of the ISONews.com domain, was not the site's actual owner.

Another message in the thread by a user named "horrordee" proposed backing up the servers on which the site content resided and moving them to a new location outside the United States.

While the site continued without a domain name, ISONews.com members appeared to use a variety of Internet Relay Chat channels to communicate and, by Friday, the site was again available online.

Moving Targets

The resilience of the ISONews.com site points to some of the problems facing law enforcement as they try to crack down on illegal activity on the Internet, according to one security expert.

"The domain name system decouples ownership of the domain name from ownership of the server. There are even domain name services offshore that people can use (to) quickly point to new sites as a server gets shut down," said Chris Wysopal, director of research and development at the security consulting company @stake.

Whereas online businesses conducting illicit trade can be shut down--their servers seized and bank accounts frozen--the job becomes more difficult when the commodity is information and ideas, according to Wysopal.

"If it's just information, people can just back up the site or have a mirror of it. It's extremely difficult to eradicate all remnants of a Web site when people want to keep that information available. I would say it's really impossible given the various jurisdictions overseas--you can almost always stay one step ahead (of law enforcement) and move from country to country," Wysopal said.

While it may be embarrassing, the U.S. government should probably move on and not become overly invested in tracking down the ISONews.com site, he said.

"It's a very difficult problem. You can shut down people who are selling illegal access devices. But when you're trying to get people to stop talking about illegal activity, you're going to be spending a lot of energy and not getting anywhere," he said.