How to spot that someone copied open source code licensed with GPL to their closed source commercial application, when you don't have access to their closed source code?
Edit: Great answers! Part 2. What if it is a webapp where you don't even have access to the executables?
Scenario: They copy the source, make some minor changes to the gui so the front end is nearly identical; add a new feature to the otherwise totally identical back-end; and fail to release it back to open source.
It looks like you are, indeed trying to spot it, which means you have to dig into the compiled executable (or associated libraries) of the proprietary program in order to tell. You're looking for strings and symbols that obviously match the free software you suspect.
On a UNIX like operating system, the strings utility provides a great clue. Careful analysis will usually reveal what you need. If you see foolib_easy_init , well .. the compiled program is using foolib.
This of course varies with levels of compiler optimization, obfuscation done before compiling and possibly un-used / debug symbols being stripped away, but people who are too lazy to write their own software are generally equally lazy when it comes to hiding that.
BusyBox has had several high-profile cases of suing hardware manufacturers for using BusyBox without releasing sources. These lawsuits were filed by the lawyers at Software Freedom Law Center.
If your project is mature enough to join the Software Freedom Conservancy, you could engage the services of SFLC too. (Not sure if non-Conservancy projects could use SFLC's services---you should check.)
The GPL has only a limited application to server-side webapps. Anything client-side is being distributed, but this is normally Javascript, and the user automatically gets the source. Anything that's strictly server-side is being run, not distributed, and the GPL primarily applies to distribution.
This was the motivation for the Affero GPL, which (IIRC) says essentially that if you use AGPLed software in something like a web app, it's necessary to offer to distribute source.
Harald Welte has had success with carrot and stick approaches to getting companies who have used his GPL-licensed code improperly to conform to the terms of the license. Many companies simply needed to be educated about the consequences of their decisions and settled their problems out of court.
If you spot a GPL violation (someone used code under your copyright and did not offer source while distributing binaries), get in contact with the violator and ask to resolve the situation. Document the mails, data of when you contacted whom etc. .
If it's not your copyright but you spotted the violation, get in contact with the original copyright holder next to the violator and tell her/him about the violation as well. Advisably before you contact the violator.
If the software is a combined work with many copyright holders, the same applies to you if you're only one of the copyright holders or only a group of copyright holders (and not all). It's your copyright then, and the GPL applies to any kind of derivates - large or small.
If you're due to technical limitations unable to gain knowledge if a probable violation really is a violation, you need to look for other ways to find out more. E.g. by asking question to the probably violator, by getting access to binary or even sources through third parties etc..
If the code in question is under GPL v2 and there is a violation of the licensing terms, termination applies. The violator has lost all rights forever to make use of the GPL'ed code. He must get in contact with all copyright holders again and ask for reinstatement of rights, otherwise still using the code violates copyright.
If the code in question is under GPL v3 and there is a violation of the licensing terms, termination is in effect as well but the violator can recover from this by stopping the violation on it's own - unless a copyright holder asks for more.
Edit: This is merely general information. If you want to look into the concrete legal side of this you should be a copyright owner and you should contact your legal team upfront to find out what you need for a proof and what is suggested to solve a violation even w/o the law as this is much more practical.
