Can Bon Jovi Foil the Pirates?
By Noah Shachtman
2:00 a.m. Sep. 19, 2002 PDT


Hair-rock mastodons Bon Jovi may have actually done something cool this decade.

The 1980s megastars have a new, Web-based scheme to discourage their soon-to-be-released disc from being pirated. And computer security experts think the program just might work.

On the inside of the packaging of Bon Jovi's Bounce is a 13-digit, randomly generated serial number. By entering that code on the group's website, fans enroll in a program that puts them "first in line" for concert tickets and allows them to listen to unreleased tracks from the band.

"The idea is to make anyone who's file sharing or burning feel like they're missing out by not buying a real copy of the CD," said Larry Mattera, a new-media executive at Island Def Jam, Bon Jovi's label.

The company tried a similar program with Rusted Root and Willie Nelson. But the system was seriously flawed, Mattera said. It relied on Gracenote's CD Key technology, which embedded the access code in the disc itself.

Anyone who burned a copy of the album got the code along with the music. So there was no benefit to buying the record legitimately.

The new system isn't foolproof, either. A record store employee could open the CD and pass the membership on to pirates.

But with over 137 billion possible combinations to the 13-digit number, the chances of guessing the Bon Jovi code are pretty low, Symantec security expert Elias Levy said.

To obtain a working code, a hacker could write a program that generated random serial numbers. Then, accessing the Bon Jovi site through a proxy (or third-party Web server) in order to mask his identity, the hacker could then stream an endless number of these codes until one worked. The process is known as "brute forcing" in security jargon.

"If (the Bon Jovi site) continued to accept the connections, it could take an hour to a day to find a code that worked," a hacker called The Pull, who works at a mainstream computer security firm, wrote in an e-mail. "With a large enough network, say, a 50,000 node, one could do a lot of hits at once. It wouldn't stand very long against distributed cracking."

Once several codes had been obtained, hackers could then figure the algorithm that created the Bon Jovi serial numbers, The Pull added. And then, it's open season.

But that's a pretty cumbersome process, considering the reward is priority tickets to an acid-washed-jeans flashback. Few hackers would be willing to go through the effort, the security experts said.

The Pull added, "I would have to say this would be relatively secure, considering the merchandise is not all that valuable."




Link posted by GermanSusi on BWJBJ.