The Beginning of the End For Hadopi?

zrbyte writes "TorrentFreak reports on the latest developments in the french Hadopi saga. 'The private company entrusted to carry out file-sharing network monitoring for the French government has been hacked. Trident Media Guard, which is responsible for gathering data for so-called 3 strikes warnings was hacked and now has some of its data out in the wild, an event which has the potential to upset the operation of Hadopi.' TMG temporarily suspended the gathering of data on file-sharers while they investigated the breach, later claiming that the attack was on 'an unprotected test server with no confidential data.'"

Beginning of the end

[milonssecretsn]

Isn't it "the beginning of the end" for everything today?

http://slashdot.org/poll/2174/The-world-will-end- [slashdot.org]

Re:

[digitig]

The end began almost fourteen billion years ago (probably). The only question is how long it will take.

follow-up

[Anonymous Coward]

http://torrentfreak.com/french-3-strikes-suspended-due-to-anti-piracy-security-alert-110517/

follow-up has good detail - mod up please!

[billstewart]

Just used my mod points on another article a few minutes ago, and then this shows up :-)

Re:

[Anonymous Coward]

More informations here : http://seclists.org/fulldisclosure/2011/May/434

In somewhat related news...

[BlueTemplar]

Sarkozy doesn't want any freedom of expression on the Internet:
http://www.laquadrature.net/en/frances-g8-focuses-on-control-and-restrictions-to-online-freedoms [laquadrature.net]
http://kcrg.biz/2011/05/sarkozy-expels-the-freedoms-of-its-civilized-internet/ [kcrg.biz]

So what?

[Opportunist]

I don't want Sarkozy and nobody cares, why should I care what the garden gnome wants?

Re:

[Anonymous Coward]

The G8 summit will care.

Hacked? Really?

[Trigger31415]

Quoting TorrentFreak: "Actually, hacked is probably too strong a word, since it appears TMG left the front door open." According to Bluetouff (the one who performed the 'hack'), the "Index of" wasn't disabled, so the data was left in the open. Oh, btw, Hadopi is about punishing people if they didn't secure enough their wifi / computer ...

Re:

[Yvanhoe]

It can't be a honeypot. Really, they have proven that they don't have the knowledge to even think of such an "advanced" concept. For someone who has followed the story a bit, there is no doubt about it : it is crass incompetence.

And if it was a honeypot, accessing data on a webserver is not (yet) forbidden by the law. Which is what they did. With just the IP of the computer, all the files were served on the port 80.

Re:

[Yvanhoe]

Don't you think governments can be evil AND incompetent ?

Re:

[KingBenny]

let's not get all mushy and semantic on this, they proved for one they are incompetent to handle what they are supposed to handle, if it was worse, someone could have like injected some data to prove saint Nicolas was the biggest file sharer in france, ergo : their authority has been breached, or maybe even nullified.
except for the fact that we have mass media perhaps. Who knows, the division is the generation who knows jack shit about it, and the generation who grew up with it. And then there's the minori

I'm so glad!

[Samantha Wright]

The Apache Software Foundation should never have entered the distributed computing arena.

Wait, what?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Samantha Wright]

My best guess is that they both have extremely awkward-sounding names (at least, in English.)

Draconian laws

[spikestabber]

Whats with the public of France bending over like this with such draconian copyright laws?
Its not fair at all, Sarkozy's just pussy whipped, his wife owns a record label so he passes all these one-sided
laws just to please her. It shouldn't be allowed and the public doesn't even seem to give a damn.

Re:Draconian laws

[BlackPignouf]

The majority doesn't even understand what it's about.
Newspaper don't care to explain what is it, and why it could be bad.
The minority who knows about it and gives a damn knows how to circumvent it, and use SSH/proxies/neighbour's wifi.

Re:

[Anonymous Coward]

So that's like the tax system then.

Whats with it ?

[unity100]

if you even temporarily be a moron enough to vote any right-wing party, that happens. thats all that there is to it. the reason for you voting for the right wing party, does not matter. in this case, french voted for right mainly because of the culture clash in between migrant population, and anti-immigrant sentiments.

right wing parties dont do any shit for what you have actually voted for, but what they want to do when they are in power. and this is what's happening in france. its as simple as that.

Re:

[cpghost]

There's no correlation between right-wing parties and copyright fascism. In fact, France is rather the exception than the rule. Just look at how in the US, it's the democrats who are the worst copyright talibans.

IMHO, Sarkozy is just taking orders from his Carla, the de facto chief lobbyist of their entertainment cartel. If it weren't him and his party, the P.S. would be just as gung-ho about copyright than the UMP.

Re:

[unity100]

there is direct correlation in between right wing parties and copyright fascism. right wing believes everything is for sale. this includes army, police, judiciary. they just havent been able to outright do these up till now, but with the 'security contractor' bullshit in bush era they had enabled private armies.

and, no, it was the republicans who prepared acta, in first 1-1.5 years of bush administration. democrats are just serving the meal republicans cooked. had republicans been at it undisrupted until

Excuse me, but could someone clue me in

[Opportunist]

Now, it might be different how my company handles tests, but I'd have guessed it would be a bit more difficult to hack a "test" server because, well, it's used for testing. Not for public viewing. It may seem odd to the unsuspecting eye, but test servers are usually vastly better protected than productive systems. First, for the obvious reason that they are used internally and thus reaching them is usually a bit more tricky than accessing a system that needs external connections, and second because test servers are usually used for software that's not yet launched and hence usually a bit more "secret" than software that already made it into the open.

Is it me or is having a "hacked test server" not looking too well on their security bill?

Re:

[Kjella]

Well, from what I gather these systems gather IP addresses from P2P networks and send "strikes", seems to me you could start over at any time with a blank database without any production data.

So you have an empty test server, you tweak it to work with new protocols and networks and whatnot - then you put those changes into production. I can see how that kind of server could end up not having much security.

The problem for them now of course is that it could have data from test runs - not that would be used i

News is incomplete

[Trigger31415]

Also :
-Hadopi have severed the link between them and TMG, as a result of this hack
Source: telecompaper [telecompaper.com] + the French media
(and it was their only source of monitoring)

-the CNIL [wikipedia.org] decided to investigate TMG due to this lack of protection of what may be personnal data.

-TMG decided to sue the hacker, but then removed the complaint

Re:

[SuricouRaven]

Under the common media definition of hacking, the one you'll find used by every non-techie, it means 'Anything illegal, computerised and beyond my understanding.'

Just a test server?

[Charliemopps]

As someone that creates test servers all day long as part of my job I have to wonder what they mean by this. For us to create a true and proper test server it is a MIRROR of our production server. Then we make the changes we need... TEST it.. if everything works we make the changes on production. "Just a test server" really?

Re:

[aztracker1]

Wish I had mod points... In 222003, I was in the middle of setting up a test server, the updates were going to take 40 min. to download, so I figured I'd put it up so I could remote in to finish up at home (was the end of the day). 15 minutes later I was called because the internet was "down" ... actually flooding the connection as the server was hosed/controlled that quickly... Now, nothing gets in front f a firewall with good port restrictions... MS-SQL Server and the Slammer worm... sigh.

Re:

[Phishcast]

I believe it to also be common practice to sanitize production data that goes anywhere except where it's absolutely needed. The sensitive stuff in databases gets replaced with bogus data or whacked all together. If you had, say, credit card data on various prod servers there are regulatory reasons that would prohibit a straight mirror of that data to put on a test server to play with. Not to say they follow such regulations, but it may be reasonable that a test server was compromised and nothing of value

We'll see.

[SeaFox]

TMG temporarily suspended the gathering of data on file-sharers while they investigated the breach, later claiming that the attack was on 'an unprotected test server with no confidential data.

So I suppose if this is really not confidential data they should have no issues with it being released on the Net then, huh?