86-year-old grandmother billed $5K, accused of pirating zombie game

An Ontario octogenarian has been snared in what’s being called a “dragnet cash grab” following Canada’s institution of new copyright infringement rules. She’s on the hook for $5,000, for allegedly downloading Metro 2033, a first-person shooter video game featuring heavy armament and splattered zombies.

CBC News Ottawa reports that 86-year-old Christine McMillan was in for a bit of a shock when she received two emails, back in May, forwarded by her ISP, informing her that she was being held accountable for allegedly illegally downloading a game she says she’s never heard of.

CBC shared a video which it says captures McMillan’s reaction when she was exposed to the game for the first time.

Her thoughts on the game she was accused of illegally downloading:

Dreadful. Who would want to watch this? Disgusting. I can’t understand why anybody would find this… [to be] entertainment?

I mean, anybody who lived through the second world war… or any of the wars… I mean, this would have no appeal as entertainment, I have to tell ya. Disgusting.

As CBC notes, she’s likely one of thousands of Canadians who’ve received notices to pay up, whether they’re guilty of copyright infringement or not.

The notices came from a private company called Canadian Intellectual Property Rights Enforcement (CANIPRE)

As TorrentFreak reports, McMillan is one of hundreds of thousands of Canadians who’ve been accused of copyright infringement under Canada’s “notice and notice” regulations, introduced last year under the Copyright Modernization Act.

The law requires internet providers to forward copyright infringement notices to customers suspected of illegally downloading content, including video games and movies.

According to CBC, the supposed copyright infringers are identified only through IP address. ISPs don’t disclose any further information to the copyright enforcers.

McMillan called the legislation “foolish” and said she “couldn’t believe the government would support” the enforcers “threatening” people over the internet and demanding cash.

In fact, at first, she thought it was a scam, she told CBC:

They didn’t tell me how much I owed, they only told me that if I didn’t comply, I would be liable for a fine of up to $5,000 and I could pay immediately by entering my credit card number.

However, it’s all quite legal.

The owner of CANIPRE, Barry Logan, told CBC that the company ran the wording of the notices past lawyers, and they vetted it for legality.

McMillan said she’s going to ignore the notices and hope the problem will just go away. Hopefully, taking her to court will prove too expensive for the enforcement company, she said.

But how did her IP address get tagged in the first place? She has an adult grandson, but he doesn’t have access to her network, she said.

Who’s shooting mutants with this lady’s IP address?

Assuming we can take McMillan at her word – that she does not spend her time planted on the couch, enjoying a first-person shooter game featuring dark corridors and splattered guts – then how did her IP address get implicated in the alleged copyright infringement?

CBC News Ottawa talked to network security analyst and technology expert Wil Knoll, who suggested that somebody who lives in the same apartment building as McMillan could have accessed her unsecured wireless connection, then downloaded the game using her IP address. Alternatively, even if her network had a password, it could have been hacked, he said.

Knoll:

It’s very hard then to correlate, or nearly impossible, to correlate from that IP address to any individual that’s inside the house, or to prove it forensically.

Especially if these infractions are happening months and months and months ago.

That certainly makes sense. Many people leave their home networks wide open for anybody to use from an outside connection.

The repercussions can be surprisingly nasty.

We’ve seen one instance where a heavily armed SWAT team stormed the wrong house, breaking down the door of a home in Indiana, smashing windows and tossing a flashbang stun grenade, startling an 18-year-old and her grandmother who were watching TV.

Officers were looking for the person behind an anti-police post, from somebody who mentioned, with a smiley emoticon, that they had explosives.

The suspect actually lived in a different house on the same street.

That’s just one example of where a poorly secured WiFi home networks can lead. We’ve also seen unsecured networks be exploited by people sending pornographic spam or even terrorist-related emails.

Unsecured networks are found in plenty of other places outside of people’s homes or apartment buildings. We know that because Sophos has checked, in many cities around the world.

In experiments in London, New York City, San Francisco and several other big cities, Sophos “warbikers” James Lyne and Chester Wisniewski used a simple set of tools to detect thousands of wireless networks while touring busy neighborhoods on a bicycle.

They found that in every city they visited, there was a high proportion of WiFi hotspots using outdated security or none at all. In London, for example, just 17% of hotspots the researchers scanned had the recommended WPA2 setting for encrypting wireless traffic, and about a quarter of hotspots were open networks, with no encryption at all.

Many of the small businesses running those networks also revealed a lack of security awareness by using default network names with no random element, making it likely they were using default passwords as well (both are bad practices).

Getting WiFi security right is essential for everyone, be it small businesses or owners of home networks.

In fact, unsecure WiFi is one of Sophos’s Seven Deadly IT Sins. You can read more about that and the 6 other sins here.

As far as businesses go, Naked Security can help: here are three tips for small businesses for securing WiFi.