Today, we would finally like to introduce the guy who is behind the Safabyte, ComponentForge, XtraComponents and ComponentSoft.net scam. His name is Đặng Minh Thắng, although he usually simplifies this to Thang Dang Ming or Thang Dang. Sometimes he calls himself Thang Minh, Hoang Minh or Jimmy Dang. He was born on June 9th, 1980, which means he just turned 30 today! Until recently, he might have lived or worked at 107 Phố Đức Giang in Long Biên district of Hanoi, the capital of Vietnam.

After finishing his studies at Hanoi - Amsterdam High School, a prestigious Vietnamese high school, he studied information technology at Hanoi University of Technology. In 2003, his team won the first prize at his university's Students Scientific Conference for an emedded system that controls car engines. After finishing his studies, he went on to work for various software companies located in Vietnam and abroad (such as FPT Software, one of the Vietnamese largest software companies).

At this point, Thang Dang was on his way to become a well-known and respected professional. Instead, he turned to the dark side of copyright infringement. In 2007, he launched his grand project: Safabyte, the fraudulent .NET component vendor - selling software based on code stolen from long-standing .NET component vendors such as Rebex, ComponentSpace, ComponentAce or LanapSoft. After changing his brand name and payment processor many times (once every few months recently), he still continues with this practice until this day under XtraComponents and ComponentSoft.net brands.

(You can find a photo of this Thang Dang here or here.)

We have been informed that he currently lives in the United States, possibly studying for an MBA at WKU and residing at the campus (College Heights Blvd 1806, Suite 201). This opens a wide range of opportunities! Perhaps studying law might have been a better choice for him after all? :-)

Permalink | Leave a comment  »

It looks like the con-artists behind Safabyte, ComponentForge decided that putting a new API on top of code stolen from Rebex (did than last time with XtraComponents) was not such a great idea after all. Instead, they decided to start over again with a new brand. In February, they launched a new website at CodeUltimate.com, but less than two months later, they finally settled on calling themselves ComponentSoft.net. They even got a brand-new website design this time. But the very stealthiness and secrecy they engage in is what revealed them again.

Let's look closer:

• Their domain name was registered anonymously. This alone made them suspicious. Why would a reputable company do this? Unsurprisingly, he changed this to a fake name after reading this blogpost. Luckily, you can still check out componentsoft.net domain history in DomainTools - the entries in red were "privacy protected" (anonymous) registrations.
• API of many of their components look just like Rebex API with renamed classes. Some parts were added, changed or removed, but the core functionality is the same. There are even some identical bugs!
• They never reveal their real company name and address. When pressed through their transaction provider, they implicitly confirmed that they are not a US-registered company, yet fail to mention this on their website. Instead, they still present themselves as "ComponentSoft, a division of ATP, Inc., located in Walnut, California" while in fact they appear to be a division of "ATP Technology, JSC located in Hanoi, Vietnam".
• Once again, they claim that "ATP, Inc. is a Microsoft Certified Partner", which is very unlikely because this "ATP, Inc." doesn't even seem to exist.
• Their install package contains two sets of DLLs. One set infringes on Rebex IP, other set infringes on other people's IP. The installer decides which one to install. This doesn't look like something a reputable company would do, ever. He will undoubtedly get rid of the fake DLLs now, but his customers victims who have downloaded the package prior to publishing this blogpost can still verify this (contact us for details).
• Many of their forum posts are from 2009. This is very suspicious, because the domain name was only registered in March (and the previous domain in January). In fact, these forum posts were simply recycled from the forums of their previous incarnations - unsurprisingly, they treat their customers' support request and nicknames just like other people's code. Their ComponentSoft News also extend back to 2009. No mention of any name change. But we understand - changing their name is no longer a news for them.
• The testimonials at their website never mention anyone who could be contacted to verify them. In fact, many of these testimonials look copy&pasted from other companies' websites.
• They pretend that completely unrelated website (with .eu instead of .net in the domain name)

Still not convinced? Then just use .NET Reflector to compare the assemblies. The code in the first picture was written by Rebex. It is a part of SshSession.SendPacket method. An identical code can be found in ComponentSoft's UltimateSftp.dll assembly (the second picture):

See the full gallery on Posterous

The scammer will undoubtedly modify the stolen version of SshSession.SendPacket as soon as he becomes aware of this post, but it doesn't really matter. Most of the code in a majority of his components comes from Rebex, so we can simply find another example. Just let us know if you need additional information to do your own analysis.

Permalink | Leave a comment  »

How to get rich fast? If you are living in a country where copyright law is just for fun and you know how to write software, it's rather easy:

1. Purchase a source code of some commercial software components.
2. Rename all namespaces, methods, properties, etc.
3. Throw away the samples and write new ones.
4. Compile, repackage and sell as your own work.
5. Profit!

This is exactly what a company (?) called ComponentForge or Safabyte did! Check out our website about ComponentForge/Safebyte scam if you are interested in details.

You'll soon find more posts about this case on this blog. More evidence, more traces, more about the people involved. Remember the book Cuckoo Egg book by Clifford Stoll about tracing a spy in a computer system which started at Berkeley campus back in eighties? Well, we probably won't find a Soviet agent here, but it can be interesting anyway. We already have some various traces to follow...

Would you like to know more?

• Check the evidence at the cheated.by.safabyte.net website
• Follow us on Twitter to see what's new in this case
• Get updates via RSS
• View websites of the original vendors: Rebex, ComponentAce, ComponentSpace and LanapSoft

Update (2009-10-16): They did it again, this time under XtraComponents brand!

Permalink | Leave a comment  »