The Goose:

As usual people jump the gun...why shouldn't companies take drastic measures to protect there income, if people didnt pirate then there would not be the need for it.

Jee, I gotta start killing people when I am in bad mood. Same logic. It's not about what situation company put in, it's about how can it manage itself.

The Goose:

As usual people jump the gun...why shouldn't companies take drastic measures to protect there income, if people didnt pirate then there would not be the need for it.

Even if we dodge the whole privacy and safety issues of what they did, why are they treating honest consumers in such a heavy handed manner, would you be happy to be accused of being a pirate until a games company can come over to your house and look through your PC contents before they class you as honest, it's not supposed to work that way, consumers who support the industry always seem to be the ones who are forced to jump through the hoops when in fact as supporters they should be having the best possible experience.

The Goose:

As usual people jump the gun...why shouldn't companies take drastic measures to protect there income, if people didnt pirate then there would not be the need for it.

This is not a "drastic measure". If I had purchased an add-on from FSLabs and found such a file on my PC, I'd be contacting my lawyer, local law enforcement and the FBI. Whether someone pirated their work or not, their reaction is criminal in nature. For those that allow Chrome to store passwords, their account information is being put at risk. If it's dumping all accounts/passwords stored, that may include financial websites, which is now a completely different set of criminal charges. From what I've seen thus far, FSLabs is nothing but a criminal organization at this point.

The Goose:

As usual people jump the gun...why shouldn't companies take drastic measures to protect there income, if people didnt pirate then there would not be the need for it.

DRM sure, protection the content they're creating is one thing and understandable but what sort of protection requires dumping the Chrome browser password database though. It's unrelated to the game and addon content entirely plus it's not valid evidence due to questionable (Or outright illegal.) means by which it was obtained so in that aspect it's useless as well. Feels more like this was done for other reasons and they're trying to cover it up but it's not really going very well for them unsurprisingly. Going by the discussion I read on ResetEra on this yesterday they've had other methods as well such as messing with folders on the users system and messing up texture addons for one thing which also goes beyond simple DRM and into malware. EDIT: From that Reddit thread, now there's a Frack-Up alright.

I work in InfoSec for a large company as a Security Architect I am involved with Incident Response First, this is illegal in many countries and states. They cannot distribute malware knowingly. Second, for the misguided who are buying the line that it is only pirated serial numbers that are affected. Every system that downloaded and ran the file should now be considered compromised. At my company, if this was done, those systems would be isolated, investigated and reimaged. Nobody can guarantee how the malware behaves that they installed. It very well could have left a ghost somewhere or when it is used could send the data via means the company could not detect. I seriously doubt they would look at DNS exfil or even know what it is. There is also the possibility some developer of another program dropped malware and stole your license number and now your copy is blacklisted. The data they exfiled is PII and there are lots of issues with taking it off a system. Was it transmitted in the clear? How are they storing the stolen data they pulled? What if they are compromised? How are they using the data? Have they shared the data? If so, how did they transmit the data and how is it stored? There are legal issues as well. They acknowledged they stole PII from users. This is illegal. Any data obtained through those methods are also not admissible in court. They are also open to being fined by, at the very least, the EU and the UK. For those legitimate users who say they have nothing to hide or worry about. You should be extremely worried. This company has done something very unethical and illegal. When they were caught doing it, they denied it initially, then they said they did it to fight piracy and, Oh, trust them, they don't execute it on legitimate customers. The issue with that is they already ruined that trust by putting malware on your system. You cannot trust this company when they say they do not run test.exe on legitimate copies. If you have had this installer executed on your system, it is my professional opinion you should reimage your system and change any passwords stored in Chrome. Also, use a password manager and do not store passwords in Chrome. Edit: More on the company trust. Keep in mind what they did is very unethical and illegal. In the coming weeks, they will be doing and saying anything to save their company. They are going to be assailed on multiple fronts with various agencies, Attorneys General, countries, and individuals investigating, prosecuting, and/or litigating. Edit2: This has blown up, as it should, but if you read the posts on the forums for FSL that they did not delete, the lack of awareness is absurd. Also, the data was exfiled with unencrypted transmission and the data was not encrypted either. To make matters worse, the target server is not behind a firewall and has RDP open to the world.

(That bolded part at the end about the lack of encryption, and a firewall. That's a huge problem.)

Whats next? Developers go full retard, and hijack the computer to mine some crypto currency as a reparation for pirated games?

in FSL's part, they think vigilante measures will be admissible in court, when infact, the case will turn right back at them the moment they clarify how they identified the defendant. Right now , any and all measures they take will be like rock climbing on mossy slopes with hard boots

after reading their statements, its like they're literally saying, TAKE ME TO JAIL, I'm guilty AF

I just wonder that none of those people using these programs knows / is an attourney to take them to court right away.

with an iQ of 20, one can imagine their privacy was compromised if someone knows their Personal Identification Information without them consenting to it

The Goose:

As usual people jump the gun...why shouldn't companies take drastic measures to protect there income, if people didnt pirate then there would not be the need for it.

Doing illegal things to ensure profit is well by definition not legal and immoral. An over-exaggerated but valid example would be me holding a gun to your head and telling you to buy my mixtape.

does this affect Chrome autofill?

Random guy: what did you do yesterday? FSLabs: nothing much. Steal account details from pirates, log into their accounts on some sites, take a few screenshots as evidence. You know, the usual stuff we have been doing in the last few months. Lawyer: Dude! You can't do that! It's so uncool!

The funniest thing is that they didn't even try to hide/cover their "test.exe" file. Ignorance or purposely? At least they could had rename it to "DRMcheck.exe" and made it FUD... 😛