May Newsletter

Fiction News

Hey Everyone!

April and the beginning of May have been hectic months. I’ve been working on chapters for three separate fiction projects. Most of which I have been posting on the Royal Road for my fans (links included below). Treeka’s story has undergone a significant expansion since April 1st. I’m almost 50,000 words into the story, and it’s still not complete. Book five will be the most ambitious to date. I’m also expanding the word of the Cyber Teen Project with a new story from the perspective of Ralphie, Nigel’s kid brother. It’s called the Mechanical Son and several chapters are already ready for free on the Royal Road. Last week, I finally received the second developmental edit for Cosmic Squeeze. I will continue my work on that next weekend.

When I started this newsletter several years ago, I curated and posted links to relevant cybersecurity articles. Now, I’ve started writing a series of cybersecurity-related articles. The first will cover how criminals steal our intellectual property, such as books, audiobooks, and other digital assets, and resell them for profit. They try to ride on the backs of others who have carefully curated an audience over the years. Also, let me know which articles you want me to write in future newsletters.

The Case of the Stolen IP

As a content creator, I have a target on my back. Pirates and nefarious individuals try to profit from my hard work. I mitigate this in several ways, including registering my work with the US Copyright Office. As a cybersecurity professional, I am keenly interested in how criminal enterprises work, from big to small. Criminals are lazy by nature, and it’s my experience that they will do only the minimum required to steal and sell their stolen wares online. Sometimes, these thieves are brazen enough to steal a book from a bookseller like Amazon and then try to pass it off as their own work. These criminals often use bots to simultaneously upload hundreds of stolen books through an Amazon application programming interface or API. 

One day, when I was looking up some keywords for one of my books, I stumbled upon an illegal website that sells digital copies of popular books. Just because the author or publisher checks the “add digital rights management” (DRM) box, it doesn’t mean it’s safe from thieves. In fact, these protections can be cracked in less than a minute. Usually, DRM turns out to be more of a pain for readers than for criminals. That’s one of the reasons I don’t check that box on most of my content. 

What’s interesting about my intellectual property story is that a significant audio distributor was aiding the criminal activity. Without further adieu, here is my story as shown through screen shots and captions.

How thieves use free platforms to promote their wares

Thieves create accounts on free music platforms like Soundcloud to promote the books they steal which includes a link to another site they control.

At first glance this site may look legit, but it’s full of surprises.

While, this book landing page may seem innocent enough it’s full of dangers. When a user clicks on any of these links except the Amazon affiliate link they will be redirected to another site to ask for additional info (similar to a phishing site). Remember these thieves want to sell the collected information as well.

Here it comes…

This is the first time the user is asked for information which may be used against the reader trying to get the free PDF. This is really dangerous because the unsuspecting reader might use the same email and password for a number of different sites (including banking sites).

Now the thief wants the reader’s credit card!

Once an email and password is given the reader of the seemingly free PDF is asked for more sensitive information like their credit card. Not only is the reader’s personal information at stake the thief is stealing YOUR customer.

Reading the fine print…

Just in case the reader just can’t wait to pay a $1 for a fake trial which will most likely result in fraud. They will be billed $24.99 twice a month. Good luck trying to get that to stop!

A clue?

One interesting finding was the Fitnesky logo in the top left side of the page where it asked for login info.

A real (legit) website?

If the user clicks on the Fitnesky logo they will be directed to this web page. Looks legit huh? Well, it might not contain malicious code the image has nothing to do with fiction books.

One out of 90 isn’t bad? Or is it?

Analyzing the Finesky webpage only shows one reported malicious analysis. What this means is that 90 antivirus vendors were queried and only one was reported as malicious. 

Let’s break down the URL

Using URL scanners we can dig into the suspected webpage in more depth. The summary information concludes that there is 4 IP addresses associated with this site from 3 countries across 4 domains. It performed 22 HTTP transactions to bring up the webpage. Another interesting finding is that the certificate is valid for only 3 months and it is a free Let’s Encrypt certificate that can be re-registered using bots.

The owners of the website are tracking using Google Analytics Google Tag manager out of Germany and the United States.

Examining the IP address

Examining the IP that’s registered as the primary we can see that more hits on Virustotal appear. 

Closing Words

Further examination revealed that the payment website is being hosted at a Slovakian web hosting company. While this is interesting, it’s a dead end because it is difficult to prove Finesky’s involvement. The site is also protected using Cloudflare, an anti-distributed denial of service company. Since the website is protected, it’s impossible to continue the analysis. 

While this was a dead end, I got SoundCloud to take down the link to the book. I had to provide proof of ownership and fill out a form, which took about ten minutes. 

The Mechanical Son FREE on Royal Road