Sandman1971 writes "Over the long Memorial Day weekend, Revision3 was the target of a malicious Denial Of Service Attack which brought R3 to its knees. After investigating the matter, it was discovered that the source of the attacks came from MediaDefender, the famed company hired by the MPAA and RIAA to try and stop the spread of illegal file sharing. The kicker? Revision3 was taken down for running a bittorent tracker to distribute its own legal content."
Looks to me like MediaDefender is in clear violation of at least two subsections of 18 USC 1030 [cornell.edu]. Where is the federal criminal investigation?
Corporations aren't normal members of the public. Except they're treated as such in court. So that the people who run them don't get treated like normal members of the public.
Your argument contains one common fallacy. Corporate executives aren't even remotely normal.
The executives aren't being sued, the company is. This sort of "Take-down" company is treading on thin ice legally, one such misfire as this and they can lose the company.
Trick is, they are well aware and have likely structured the company to allow a simple simple collapse w/ minimal loss, after which MediaProtector will be reborn from the ashes, a completely different company w/ the exact same staff and an identical client list.
Best bet is to go after the company that hired them; prove they paid this company to break the law for them. The RIAA/MPAA will have a harder time collapsing and reforming...
Although not a similar case, Clive Sinclair structured his company with an eye to surviving collapse. He split it into "Sinclair" (which carried all of the losses) and "Sinclair Research" (which carried all of the profits, intellectual property, et al). After the Sinclair C5 fiasco, "Sinclair" was sold to Amstrad for a small fortune (ie: he sold off the debt) and "Sinclair Research" (which had all the useful stuff and was now considerably richer) remained in his hands.
The idea MediaDefender is nothing more than a disposable front-end, therefore, is entirely possible and would make a lot of sense.
Trick is, they are well aware and have likely structured the company to allow a simple simple collapse w/ minimal loss, after which MediaProtector will be reborn from the ashes
Well that seems perfectly normal to me. Don't you do that when you're caught doing something you're not? Why I had to collapse and reform the other day to get out of a reckless driving charge. The cop did seem pretty surprised, though. Hm.
So... how long until we see MediaDefender's board get perp-walked? (too much to hope for seeing the RIAA board getting arrested, but hey...)
*sigh*... I know, I know. MediaDefender will likely claim that some poor (scapegoated) bastard employee of theirs did it without authorization, yadda yadda... then said poor bastard will get to watch in horror as his entire life goes down the toilet.
Then again, if it does go down like that, it would stand as a prime example of how one should always give priority to personal ethics before accepting a job offer...
As many of you know, Revision3's servers were brought down over the Memorial Day weekend by a denial of service attack. It's an all too common occurrence these days. But this one wasn't your normal cybercrime - there's a chilling twist at the end. Here's what happened, and why we're even more concerned today, after it's over, than we were on Saturday when it started.
It all started with just a simple "hi". Now "hi" can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess - like by a cranky 3-year old-it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking "hi" over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called "SYN". A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet - routers, firewalls and load balancers - are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, it's typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
That's what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down - bringing the rest of Revision3 with it. In webspeak it's called a Denial of Service attack - aka DoS - and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.
(Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, "Now who would want to attack Revision3?" Who indeed? So we set out to find out.
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that's the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a "torrent", which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or "tracker". You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It's a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it's bound, every internet packet has a return address. Often, particularly in cases like this, it's forged - or spoofed. But interestingly enough, whoev
MediaDefender claims that they have taken steps to ensure this won't happen again. "We've added a policy that will investigate open public trackers to see if they are associated with other companies", promised Grodsky, "and first will make a communication that says, hey are you aware of this." Since when is being a "company" required to legally run a BitTorrent tracker?
Try this instead: Determine if the tracker belongs to you. No? Then you don't have the right to abuse it in this way.
And what's the betting the FBI's interest is more in obtaining a copy of the DDoS attack software, rather than prosecuting?
If the FBI is so incompetent that they actually would need to raid a company to find software capable of a syn flood....well then I'm pretty sure most of us can stop using strong encryption and just start hiding all of our files on floppy disks in the air conditioning vents behind the couch.
Again, please RTFA Coward. The torrents on Revision3's servers were their own content, but one R3 member found a torrent named something like RAMBO_axxo on their tracker on May 25 and reported it to the admins. They immediately took it down and then found the backdoor that MediaDefender had been using to post fake torrent hashes on their servers. Once the backdoor was closed, MediaDefender's servers began the DOS attack as an automatic response. Louderback says that the FBI is already investigating. I expect the EFF will get involved as well as this story develops.
How do we know that the Revision3 content was legal? Because they (Revision3) say it was? I don't buy it. MediaDefender isn't stupid; they found illegal content and shut it down. The reason there will not be any investigation is because Revision3 cannot allow an investigation to occur, lest they be found guilty of hosting illegal torrents.
Here in the US we have one little legal principle known as "innocent until proven guilty". Perhaps you've heard of it, perhaps not. Essentially, it's what keeps the justice system from being a Jump to Conclusions mat.
Exactly. I highly doubt R3 would have contacted the FBI if they were hosting illegal content. They use bittorrent as a method of distrobution for legal content.
You argued the lesser point with the troll and missed the greater one.
Why does the legality of Revision3's hosted content matter?
Is MediaDefender an agent of the federal government, granted extra-legal powers by Congress to commit these otherwise-illegal acts? Are they chartered by a state government? Has their operation been nationalized by the military, or perhaps they possess a letter of marque and reprisal?
1. Copyright infringement isn't normally a crime. You're using the word "illegal" and "guilty" carelessly here. 2. Committing a crime to retaliate in response to another crime is still wrong, and committing a crime in retaliation for a mere civil infraction doubly so.
Even worse though, Media Defender allegedly committed a crime in response to a perfectly legal activity. The only thing on that torrent tracker, prior to Media Defender injecting all sorts of nastiness into it, was just their own videos and podcasts. Basically, it's no different than an RSS feed you'd get from some place like/., they just used BitTorrent to do it.
MediaDefender isn't stupid; they found illegal content and shut it down.
Shutting down illegal content with an illegal attack is still illegal. Also, the only evidence of illegal content is the content MediaDefender was trying to put there. They are apparently going to all open BT servers they can find, serving up illegal content generated by them, then shutting them down. That's not looking for problems to address, that's planting evidence and then attacking them claiming vigilante justice. The only ones slinking away will be MediaOffender
I salute for having the courage to voice your opposing viewpoint in the face of such adversity, O anonymous Totally-Not-A-MediaSentry-Employee contributer.
So tell me, how did you set up this DOS?
Did I say "you"? I meant to say "they", of course. Apologies.
I hate to feed the trolls, but just felt someone should point out for those who don't use Revision3 that this is incorrect, they produce original shows, such as Diggnation. (as far as i am aware, they do not have any user uploaded content or any non-original content at all)
Seriously, I hope they get even more crucified because of this. Performing a DOS is a clear violation of law in all states, and since it crosses the borders, its a clear felony.
I look forward to the indictment, conviction, and imprisonment of the executives of their operation.
Failure to achieve these things will not reflect well on the fitness of the rulers to rule.
ROFL... You must be new here. Allow me to welcome you to planet Earth. Expect no useful action against Media Defender. And again, welcome to our humble planet...
by Anonymous Coward
on Thursday May 29 2008, @04:30PM (#23592483)
Hard.
"Move it's own media files" means they were probably using it for jamming operations against other trackers. Meaning they hacked the server, went to other bittorent sites, said "hey, we've got tasty files here, but only 91% of complete garbage", used revision3 as their server so everyone thought it was kosher instead of, say, Media defenders IP range, and when revision3 kicked them off their servers decided to reconnect and DDOS'd them. Because the input bandwidth was intense for the fubar'd uploads and they had just been cut off of their primary source, they used all available bandwidth to reconnect and DDOS'd.
What's going to happen here is a combination between defamation of character suites and hacking lawsuits. Those are the kinds of suites that put people out of business and in jail.
The RIAA and MPAA just shot themselves in the head on this one and their shell company is going to go tits up due to it. That's going to have a concussive effect on the other shell companies which will have a bad effect on their anti-piracy campaign.
And yes I know it's expensive, but I could find an attorney to take it on spec.
I operate a tracker to distribute my music [geometricvisions.com]. It's more efficient than direct HTTP downloads, so it saves on my hosting bill.
The point really needs to be rammed home to law enforcement and elected officials that there are many perfectly legitimate, and in fact socially beneficial uses for peer-to-peer file sharing.
>>Revision 3 should have just sued, and sued BIG. By discussing it so glibly, and in such detail, on their blog they're jeopardizing their case. A huge financial hit would hurt the RIAA's cronies a LOT more than a little negative publicity from a blogger
Except then RIAA could have just paid up and fixed their scripts and moved on.
The FBI investigation is going to turn up more dirt and likely will lead to lots of discovery. Imagine the connections between organizations proper discovery could come up with. Also imagine the work needed to comply. "Ok, RIAA turn over all correspondence you have had concerning enforcement for the last 3 years".
This does not mean Revision 3 can't sue for damages. But letting the FBI get the ball rolling is the first step. And if the FBI do lay charges then the money part gets a lot easier.
According to CNET article http://news.cnet.com/coops-corner/?tag=cnetfd.blogs [cnet.com]
"At this point, Revision3 says it's not planning to file a lawsuit. Not because it doesn't have a case but pursuing a court remedy would likely cost a lot of money."
That 'huge financial hit' would be years off at best. R3 is trying to hurt them now while they can. They know that with deep enough pockets, the RIAA & friends can keep justice at bay almost forever.
Contrary to their public boo-hooing over the cost of "piracy", the RIAA and MPAA are full of money.
What they need is public opinion. In order for them to be successful in curtailing "piracy", they need to convince a large percentage of the public of 2 things - 1) that they are in a morally superior position compared to those sharing files, and 2) that bad things happen to those who share files.
R3 is taking this opportunity to show that 1) the RIAA is a morally bankrupt group of thugs in 3-piece suits, and 2) the RIAA makes bad things happen to good and bad people indiscriminately.
I'd be surprised if a whopping big lawsuit didn't follow this, but I haven't been able to RTFA.
Sure, R3 may disolve before it can file a civil suit, but I imagine the US goverment will hold together long enough to bring criminal charges against MediaDefender.
DOS attacks are a felony. People go to jail for committing felonies.
R3 can sue, in addition to the criminal charges brought forward by the state, in order to recoup any damages sustained by the attack, but even if they don't, MD still has to face the federal government for breaking the law.
Not to mention any discovery in this matter can and WILL be used by states who are currently investigating mediadefender for performing investigations without proper licensing.
Its doubtful that anyone will hack into any of those closed systems for the most part. However, I wouldn't be surprised to see mediadefender start getting nailed VERY hard bandwidth wise. I wonder how many syn packets or christmas tree packets it takes to fill up a 9gbps pipe?
Criminal investigation? (Score:5, Interesting)
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Funny)
Parent
Re:Criminal investigation? (Score:5, Interesting)
Trick is, they are well aware and have likely structured the company to allow a simple simple collapse w/ minimal loss, after which MediaProtector will be reborn from the ashes, a completely different company w/ the exact same staff and an identical client list.
Best bet is to go after the company that hired them; prove they paid this company to break the law for them. The RIAA/MPAA will have a harder time collapsing and reforming...
Parent
Good point. (Score:5, Interesting)
The idea MediaDefender is nothing more than a disposable front-end, therefore, is entirely possible and would make a lot of sense.
Parent
Re:Criminal investigation? (Score:5, Funny)
Well that seems perfectly normal to me. Don't you do that when you're caught doing something you're not? Why I had to collapse and reform the other day to get out of a reckless driving charge. The cop did seem pretty surprised, though. Hm.
Parent
Re:Criminal investigation? (Score:5, Informative)
Parent
Re:Criminal investigation? (Score:5, Interesting)
So... how long until we see MediaDefender's board get perp-walked? (too much to hope for seeing the RIAA board getting arrested, but hey...)
*sigh*... I know, I know. MediaDefender will likely claim that some poor (scapegoated) bastard employee of theirs did it without authorization, yadda yadda... then said poor bastard will get to watch in horror as his entire life goes down the toilet.
Then again, if it does go down like that, it would stand as a prime example of how one should always give priority to personal ethics before accepting a job offer...
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Here's the blog post (Score:5, Informative)
As many of you know, Revision3's servers were brought down over the Memorial Day weekend by a denial of service attack. It's an all too common occurrence these days. But this one wasn't your normal cybercrime - there's a chilling twist at the end. Here's what happened, and why we're even more concerned today, after it's over, than we were on Saturday when it started.
It all started with just a simple "hi". Now "hi" can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess - like by a cranky 3-year old-it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking "hi" over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called "SYN". A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet - routers, firewalls and load balancers - are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, it's typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
That's what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down - bringing the rest of Revision3 with it. In webspeak it's called a Denial of Service attack - aka DoS - and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up. (Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, "Now who would want to attack Revision3?" Who indeed? So we set out to find out. Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that's the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a "torrent", which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or "tracker". You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It's a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it's bound, every internet packet has a return address. Often, particularly in cases like this, it's forged - or spoofed. But interestingly enough, whoev
Parent
Re:Here's the blog post (Score:5, Funny)
Parent
First WTF (Score:5, Insightful)
Try this instead: Determine if the tracker belongs to you. No? Then you don't have the right to abuse it in this way.
Parent
Re:slashdotted (Score:5, Funny)
"(Mirrordot seems to have died and the wayback machine doesn't have it.)"
The wayback machine doesn't have it? You mean this is fresh news!?!?
Parent
Re:Criminal investigation? (Score:5, Funny)
Parent
Re:Criminal investigation? (Score:5, Informative)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Informative)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Why does the legality of Revision3's hosted content matter?
Is MediaDefender an agent of the federal government, granted extra-legal powers by Congress to commit these otherwise-illegal acts? Are they chartered by a state government? Has their operation been nationalized by the military, or perhaps they possess a letter of marque and reprisal?
No?
Parent
Re:Criminal investigation? (Score:5, Funny)
Parent
Re:Criminal investigation? (Score:5, Insightful)
2. Committing a crime to retaliate in response to another crime is still wrong, and committing a crime in retaliation for a mere civil infraction doubly so.
Parent
Re:Criminal investigation? (Score:5, Interesting)
Parent
Re:Criminal investigation? (Score:5, Insightful)
Shutting down illegal content with an illegal attack is still illegal. Also, the only evidence of illegal content is the content MediaDefender was trying to put there. They are apparently going to all open BT servers they can find, serving up illegal content generated by them, then shutting them down. That's not looking for problems to address, that's planting evidence and then attacking them claiming vigilante justice. The only ones slinking away will be MediaOffender
Parent
Re:Criminal investigation? (Score:5, Funny)
I salute for having the courage to voice your opposing viewpoint in the face of such adversity, O anonymous Totally-Not-A-MediaSentry-Employee contributer.
So tell me, how did you set up this DOS?
Did I say "you"? I meant to say "they", of course. Apologies.
Parent
Re:Criminal investigation? (Score:5, Informative)
Parent
TO paraphrase world of warcraft (Score:5, Insightful)
That'll teach 'em (Score:5, Funny)
Really? Lucky We Have Laws (Score:5, Insightful)
Failure to achieve these things will not reflect well on the fitness of the rulers to rule.
Re:Really? Lucky We Have Laws (Score:5, Insightful)
Failure to achieve these things will not reflect well on the fitness of the rulers to rule.
ROFL... You must be new here. Allow me to welcome you to planet Earth. Expect no useful action against Media Defender. And again, welcome to our humble planet...
Parent
Re:Really? Lucky We Have Laws (Score:5, Insightful)
Parent
Please bear in mind... (Score:5, Funny)
Parent
"Hey guys, we just got the servers ba-" (Score:5, Funny)
And the rustling noise (Score:5, Funny)
Media Defender is going to get shitcanned. (Score:5, Insightful)
"Move it's own media files" means they were probably using it for jamming operations against other trackers. Meaning they hacked the server, went to other bittorent sites, said "hey, we've got tasty files here, but only 91% of complete garbage", used revision3 as their server so everyone thought it was kosher instead of, say, Media defenders IP range, and when revision3 kicked them off their servers decided to reconnect and DDOS'd them. Because the input bandwidth was intense for the fubar'd uploads and they had just been cut off of their primary source, they used all available bandwidth to reconnect and DDOS'd.
What's going to happen here is a combination between defamation of character suites and hacking lawsuits. Those are the kinds of suites that put people out of business and in jail.
The RIAA and MPAA just shot themselves in the head on this one and their shell company is going to go tits up due to it. That's going to have a concussive effect on the other shell companies which will have a bad effect on their anti-piracy campaign.
If they take down *my legal tracker, I'll sue (Score:5, Insightful)
I operate a tracker to distribute my music [geometricvisions.com]. It's more efficient than direct HTTP downloads, so it saves on my hosting bill.
The point really needs to be rammed home to law enforcement and elected officials that there are many perfectly legitimate, and in fact socially beneficial uses for peer-to-peer file sharing.
Competition ... illegal or otherwise (Score:5, Insightful)
Re:Shouldn't have publicized it on their blog (Score:5, Insightful)
Except then RIAA could have just paid up and fixed their scripts and moved on.
The FBI investigation is going to turn up more dirt and likely will lead to lots of discovery. Imagine the connections between organizations proper discovery could come up with. Also imagine the work needed to comply. "Ok, RIAA turn over all correspondence you have had concerning enforcement for the last 3 years".
This does not mean Revision 3 can't sue for damages. But letting the FBI get the ball rolling is the first step. And if the FBI do lay charges then the money part gets a lot easier.
Parent
R3 says they are not planning to sue (Score:5, Informative)
Parent
Re:Shouldn't have publicized it on their blog (Score:5, Interesting)
What they need is public opinion. In order for them to be successful in curtailing "piracy", they need to convince a large percentage of the public of 2 things - 1) that they are in a morally superior position compared to those sharing files, and 2) that bad things happen to those who share files.
R3 is taking this opportunity to show that 1) the RIAA is a morally bankrupt group of thugs in 3-piece suits, and 2) the RIAA makes bad things happen to good and bad people indiscriminately.
I'd be surprised if a whopping big lawsuit didn't follow this, but I haven't been able to RTFA.
Parent
Re:smells like... (Score:5, Funny)
signed,
The Rest Of The Planet
Parent
Re:smells like... (Score:5, Insightful)
That would be the best thing that could happen. Judges have absolutely no sense of humor about people who pull shit like that.
Parent
Re:smells like... (Score:5, Insightful)
DOS attacks are a felony. People go to jail for committing felonies.
R3 can sue, in addition to the criminal charges brought forward by the state, in order to recoup any damages sustained by the attack, but even if they don't, MD still has to face the federal government for breaking the law.
-Rick
Parent
Re:smells like... (Score:5, Interesting)
Parent
Re:Where did they get the firepower? (Score:5, Informative)
Parent
Re:Where did they get the firepower? (Score:5, Interesting)
Its going to be hard to blame that on a rogue employee.
A deliberate decision to acquire the instrumentality of a crime is frequently fairly convincing evidence of intent.
Parent
Re:Where did they get the firepower? (Score:5, Informative)
as well as Valleywag http://valleywag.com/393955/revision3-ceo-antipiracy-group-attacked-our-network [valleywag.com]
Parent
Re:god save their souls (Score:5, Interesting)
Parent