Cloud Firm MediaFire Flags Malware Samples For DMCA Violation, Bans Researcher 125
chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."
Could be legit (Score:5, Funny)
Re:Could be legit (Score:4, Funny)
Malware authors are content creators too. Don't they deserve the recognition and profits for their hard work?
I agree, lets get them to stand up and take a bow. I don't think it's reasonable to hold an anonymous copyright and let all that hard work go unrecognized.
Re:Could be legit (Score:5, Insightful)
Re: (Score:2)
That is just novel enough of an idea that I think it would work!
Does anyone have the address of these jerks so we know what court district or country we'd have to file the damage suit in?
Triple damages to be applied of course, since they would have zero problems doing that to any one of us.
Hell of an idea, hitch up the legal horses and take 200 heaping loads of it to the appropriate courts.
Cheers, Gene
Re: (Score:1)
I'm a bit confused about how it found malware in compressed and encrypted files, assuming the compression and encryption was the work of the researcher, because such a person would certainly know better than to just repeatedly upload typical, in-the-wild payloads that would match signatures... and then bitch about being blocked. Right?
One would be them running their standard anti-malware through the same notification process as their dmca takedowns. A total non-issue... they just need a new email template.
Re: (Score:2)
They didn't find malware, they found a filename or a hash value that matched something in their library, and issued a takedown notice.
Re: (Score:2)
Anyone have any ideas about what can be done about it other than saying "I told you so"?
Re: (Score:2)
Isn't there provisions in the DMCA, that if you file knowingly false takedown notices you go on trial for perjury or similar?
So, if the content is not for the issuer to take down, I should think anyone attached to it can file a complaint.
She may also have grounds for unrightful termination of contract, so there should be at least 2 venues for responding to the takedown.
Re: (Score:2)
Re: (Score:2)
Isn't there provisions in the DMCA, that if you file knowingly false takedown notices you go on trial for perjury or similar?
So, if the content is not for the issuer to take down, I should think anyone attached to it can file a complaint.
She may also have grounds for unrightful termination of contract, so there should be at least 2 venues for responding to the takedown.
This is referred to as the "giant loophole" provision -- the key words are "knowingly false". Since the process is automated, the people responsible don't know if it's true or false, and likely don't even know about the notice until they receive a response.
That said, there is also a complaints process, and she has followed it. Most people just don't bother.
Complicating this is that the people sending the notice are sending it from a foreign country, and don't claim ownership to the data they're claiming i
Re: (Score:2)
If you have programmed a system to act on behalf of a person, you have the responsibility to ensure that the system is able to do its job. The fact that it is automated cannot be a valid excuse, as the only reason you issue the take-down (or the system issues it for you) is that your system has claimed it true. Ignorance/stupidity/incompetence is, as most judges will explain, no excuse. ...this needs to be brought before a judge.
Re: (Score:2)
"Can't sue someone for perjury when they don't even have standing in the courts where the laws are interpreted and enforced."
Re: (Score:2)
And while we're at it, let's take a lovely photograph and get all your names as a wonderful memento of the occasion!
Re: (Score:1)
Since LeakID now claims ownership of this malware, can't we sue them for all damages it causes?
I think you would have better luck simply demanding that the lawyer responsible go to jail for perjury. Issuing a DMCA take down notice requires that you sign a legal statement that the content is infringing. If it isn't that shows willful dishonesty on the part of LeakID.
soon anti spy apps can be banded under DMCA (Score:2)
soon anti spyware apps can be banded under DMCA
Re: (Score:3, Funny)
soon anti spyware apps can be banded under DMCA
This is a masterfully crafted electrum spyware app. All craftsdwarfship is of the highest quality. It is finely colored with dimple dye. It menaces with spikes of cat and is banded with rings of copper.
Re: (Score:1)
Ah, I see one of your software craftsdwarves, Urist McCompilington, was taken with a secretive mood. Good job. I'm glad you had the electrum, cat, copper, dye, and a good software workshop available.
Of course, now that he's a Legendary Softwaredwarf, you'll never be able to get him to haul rocks or tend to the wounded in the hospital again.
Re: (Score:2)
Re: (Score:2)
Malware authors are content creators too. Don't they deserve the recognition and profits for their hard work?
I little part of me hopes that it is the rightful party that's behind the takedown. I'd think we'd all be happy to give them what they deserve.
Re:Could be legit (Score:5, Insightful)
If the authors aren't named, it's not a valid DMCA complaint. The real problem here is service providers taking down material without a valid complaint.
IIRC, the DMCA provides immunity for a service provider that takes down material persuant to a valid complaint. That implies that without a valid complaint, there would be a cause for action against the service provider. People need to start suing or there's no incentive for a service provider to obey the law.
Re: (Score:1)
Sue the service provider for what? They can take down your content all they want according to the TOS. You can file a suit against the bogus DMCA filer but the service provider can take things down regardless.
Re: (Score:2)
Sue the service provider for what? They can take down your content all they want according to the TOS
The trick is you have to pay them. Then they owe you service. If their TOS states that they can take your money and then take down your files at any time, that's a completely one sided contract which aren't typically ruled valid by the courts, even in the corporate USA.
Re: (Score:2)
>>That implies that without a valid complaint, there would be a cause for action against the service provider. People need to start suing
Yes. You pay taxes to support the courts. Might as well start using them.
Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files. If they don't, then sue them.
Re: (Score:3)
As I understand the safe harbor provisions of the DMCA, this is incorrect.
They have a safe harbor from copyright liability if they restore them in response to a proper counter-notice, and if they do not restore them they lose the safe harbor benefit they had with regard to any cause of action the user may have had -- but the DMCA doesn't create a cause of action requiring restor
Re: (Score:2)
>>>>>Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files. If they don't, then sue them.
>>
>>losing the safe harbor benefit with respect to actions by the user is a non-event
First off, how about quoting my WHOLE comment. I said the customer should sue the ISP. Second, I wouldn't call that a "non-event". No company wants to be sued for breach-of-contract, suppression of free speech, abuse of monopoly, a
Re: (Score:3)
This inference is incorrect. The safe harbor provisions of the DMCA protect a service provider (under certain conditions) from copyright liability provided they take down material once they receive a compliant takedown notice, and from any liability they might otherwise face for taking down
Re: (Score:2)
In the absence of teeth... (Score:5, Interesting)
There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.
In the absence of any real penalty in the laws for filing false takedown notices, it seems to me that everyone should simply start filing takedown notices on every single thing they find on the net anywhere until the hosting companies realize that it is a total mess, and start demanding more than an automated statement, something like proof, a statement of the work it is supposed to actually violate, etc.
Clearly if these files were compressed and encrypted, any hash or content match was random, and virtually any executable code or encrypted file might trigger a match with whatever engine these take-down artists were using.
Perhaps there is a business opportunity to set up a company in East Timor or some such place that would automatically file a counter notices [wikipedia.org] (putback), which then requires the takedown artists to file suit, or shut up. This puts the cost burden back on them, and at worst case, an improperly accused person has a ten day interruption of availability.
As long as the hollywood darlings are in office I see no chance of this ever being corrected via legislation. The best bet is to get it to topple over of its own weight.
Re:In the absence of teeth... (Score:5, Interesting)
This is happening to a friend of mine who is being stalked. An offshore firm has obtained access to her FB pictures, and filed takedown notices on every single one she has, even the ones from her phone. FB got tired of the DMCA notices (even though there was -zero- copyright liability anywhere) and suspended her account.
I guess the answer is to hold your photo collection offshore and just link to the contents, or have one link to blog, etc.
Re:In the absence of teeth... (Score:5, Insightful)
Why isn't this little story of yours made public? This would be a perfect opportunity to blackeye FB and the DMCA.
Re: (Score:2, Insightful)
When an AC posts a story like this it's likely a lie. That's why it isn't being made public.
Re: (Score:2)
What's another black eye gonna do? Nothing. FB and the DMCA are both covered top to bottom in bruises, and they stand tall and proud, begging for more, they can take it. Oh well, this is the system we built. The tendency will be to reenforce it. DMCA not working? We need more!
Re: (Score:2)
Interesting... what other services do they provide, and do they charge any more for, say, wealthy coal magnates who spread FUD about climate change and who are trying to buy the white house?
Not that I think DMCA notices are going to stop them, just I'd like to annoy them out of pure spite.
Re: (Score:3)
There's a solution for this, just create a law that requires all international DMCA requests to send it through snail mail for processing. An optional online tool should be allowed, but only under an agreement that you're liable under US law for false DMCA requests.
Re: (Score:2)
Re: (Score:1)
No, please, don't create another law. Let's remove the one that's causing all this trouble.. Pffft! Like that'll happen..
Re:In the absence of teeth... (Score:5, Interesting)
There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.
All easily solved by simply saying that the forum chosen by the plaintiff is inconvenient. It's a simple motion to file in most jurisdictions -- if I live in Texas, and I sue you in New York, you can request the venue (that is, where the court is located, not which laws apply) be changed to New York, as you are the defendant and the burden is on the Plaintiff to prove damages, etc. It's all under the 'innocent until proven guilty' -- and not granting such a motion would prejudice the defense.
Unfortunately, such just and fair legal concepts have been thrown out... and nobody gives a damn. People are busy protesting crap like mortgage defaults, while the judiciary falls apart to the sound of silence.
Re: (Score:1)
In the meantime, you're still offline... How can we circumvent that?
Re:In the absence of teeth... (Score:4, Insightful)
There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.
The perjury claim is effectively impotent anyway. The ONLY thing you have to attest to under penalty of perjury is that you represent a(not the) rights holder who's work is allegedly infringed. That's any rights holder and any work. If you represent Prince, you can have any file removed from the internet by claiming that it is a copy of Purple Rain, even if you do not have a good faith belief that it is, and you cannot be touched by a perjury charge.
Re: (Score:2)
First, you do not need to go to France or some other country to file charges on the firm or person making fallacious DMCA take down claims. It is a US law used to protect copyright owners and when it is used incorrectly, a US court can decide penalties or corrective action.
Second, perjury is not the only penalty associated with fallacious DMCA take downs. Any damages caused by the take down plus legal fees can be recovered in much the same way as and that would be from where the harmed party exists. You wou
Re: (Score:2)
You can seek justice in a US court.
But you can't collect. Most of the time you can't even collect with a judgement in hand from a US court against a US company. They simply stone wall you.
You have zero chance of collecting from a guy working out of a loft in Paris.
So if you had a point, it was lost by your naivety of the real world.
Re: (Score:2)
You attach to assets they hold like the claimed copyrighted works and report the debt to the credit bureaus so the company has to clear it in order to do business or suffer penalties in trying to do so.
This is why you sue the agent and the owner who will be liable too.
If I was the only person suing, you might have a point. But if everyone who has been wronged by these things sue, then they cannot escape the reality.
Re: (Score:2)
You can not "attach" physical assets without the aid of Police.
Most Police ignore judgements unless they are very high amounts.
Most financial assets will be kept off shore, out of the reach of US courts.
Even if they had US assets, they are not going to tell you about them, and they are not even going to show up before a judge and explain why not.
They will simply ignore you.
The only way you get anything is go after them in their own country, and hope the US judgement isn't laughed out of a French court.
You'v
Re: (Score:1)
What are you talking about? You do not need the police to put a lien on a building or car or copyrighted work. All you need to do is file the proper paperwork with the appropriate agency.
Re: (Score:2)
Re: (Score:2)
They already know it's a mess. They are just using these incompetent services because the big media companies are making that a condition of getting hosting business from the big media companies. You need to find a hoster that does the DMCA takedowns the old fashioned way, by printing them out and putting them in the INBOX of the company lawyer.
Re: (Score:2)
it seems to me that everyone should simply start filing takedown notices on every single thing they find on the net anywhere
hmmm, sounds like a good app for a BOT!
Simple solution: (Score:5, Insightful)
Charge these organizations a nuisance fee for false positives. Problem solved.
Re: (Score:2)
You mean kinda like the charges of perjury that can be levied against them already according to the terms of the DMCA?
Re: (Score:2, Informative)
Reread the terms, most unfortunately, only part of a proper DMCA takedown notice is made "under penalty of perjury", and it's not the part most of these vandals (with apologies to the Vandals) get wrong.
Re:Simple solution: (Score:5, Interesting)
As AC alluded to, they can only be charged with perjury if they don't have rights to the work they claim is being infringed. If your work is nothing to do with the work they claim is infringed, you have no recourse. So to troll the system all you have to do is have a random copyright on something, and claim everything you see infringes on it.
Re: (Score:1)
These organizations and the people/organizations who employ them are already subject to damages and legal fees their take down notices cause. The DMCA does not protect the person making the claim or the accused, just the netowrk operator if certain steps are taken.
Re: (Score:3)
a rather simple solution would be to attach a deposit to filing a DMCA notice. if the notice is unchallenged, or eventually goes to court and is won, then the deposit is returned.
if the notice is challenged, and the organization does nothing, then the content is restored and they lose their deposit. or if it goes to court and the challenger loses the case, then they also lose the deposit. maybe even have the deposit automatically be awarded towards the legal fees of the defendant in this case.
the deposit
Hold them to the fire (Score:5, Interesting)
LeakID (and/or their client) just claimed copyright over malware. Not just any malware, but targeted malware against a corporation for the intent of theft of intellectual property and unauthorized access of computer systems.
IANAL, but LeakID should then be held liable and responsible for their "copyrighted works".
Re:Hold them to the fire (Score:4, Insightful)
Exactly, it might be a good idea to report LeakID to the FBI as they've publicised that they (or their client) own said malware.
Re:Hold them to the fire (Score:4, Insightful)
Third Strike (Score:3)
Re: (Score:3)
Re: (Score:2)
lets hope that some annons start filing take downs of all political speachs and ads the election season that would get them to fix the dmca takedown system really fast.
(note i am not suggesting anyone do this.( just in case it does and is tracked back to me))
How to build a regulated Internet (Score:3)
One takedown at a time.
Next Licensing, tickets and penalties
Perhaps this is good? (Score:1)
I wonder if this isn't a good thing to have happening as frequently as it is and to highly visible victims. Maybe some laws will get passed/changed to make automatic detection/takedown illegal. It is hard to send a computer program to jail for fraudulent takedown notices, but if a person or lawyer (are they people?) signs the takedown notices then there is someone to blame and send to jail for fraud.
I guess I don't actually believe what I wrote because I am too cynical of our current corporation/politician
Re: (Score:2)
You miss the point. The reason that auto-take-down exists is so that current copyright holders can cut huge swaths through anything they feel "Might" infringe on their copyrights, and therefore should be expunged from the planet as we know it. They care less than a wit about collateral damage, improper take-down, and illegal or immoral applications of the laws they've ramrodded through governments around the world. They want to control the content, and force you and me to pay. If along the way the throw the
Come on - her last name is "Parkour" (Score:2)
So it's pretty darn obvious she's doing a lot of dangerous, crazy stuff. They were right to ban her.
Re: (Score:2)
I'm just glad she's not running from the problem.
Paris? (Score:4, Interesting)
I hope that is Paris, Texas, since a company in Paris, France has fuck all to do with the United States' DMCA laws.
Re:Paris? (Score:5, Informative)
Thanks to international copyright agreements, French (and a shitload of other countries') copyrights apply in the US as well. And since you don't have to be a US citizen to take legal action to a US company or citizen under US laws, they can. It's the same reason why a certain Swedish site can be sued for infringement of US copyrights according to Swedish laws.
You see it's a trade-off between security and freedom; companies gain security in exchange for citizens losing freedom.
Re: (Score:2)
Actually, it's in Paris, Australia, and this is all a car gymkhana gone wrong
Seriously, why shouldn't a French company provide DMCA-related services? It's a possible source for more stupid France-bashing jokes, but aside from that I deon't see the issue.
Re: (Score:2)
% telnet francenet.fr 25
220 mailserver.francenet.fr ESMTP MAIL Service, Version: 3.1156. Please don't shoot. We surrender!
(connection closed)
% _
Re: (Score:2)
Damn it, I just tried that. Now I'm going to be disappointed for the rest of the day,
The Obama This Is Very Funny (Score:2)
Re: (Score:1)
Re: (Score:1)
Obama is responsible for the DMCA that was passed before he was ever in political office?
Re: (Score:2)
"Obama is responsible for the DMCA that was passed before he was ever in political office?"
No but he hasn't tried to do anything about it, and he has been notoriously friendly to "Big Content", RIAA, and MPAA.
He may not have signed it, but he has certainly shown support for it. So, yes. I think this is poetic justice, in a very small way.
Re: (Score:2)
Friend, it is true that the Dems are suckling at the Hollywood teat hard and long, but don't you for a moment think that Hollywood won't or doesn't invest in the other side too, because in the end, they have far more interest in getting their agenda passed than who does the passing.
Re: (Score:2)
" don't you for a moment think that Hollywood won't or doesn't invest in the other side too..."
Of course. But my comment was about Obama, not about them.
Mila Parkour (Score:4, Funny)
She was kicked off...
No worries, she will grab on to the horizontal bar, swing 360 degrees around it then flip, somersault and land with a graceful roll.
So let me get this strait - it was a virus... (Score:1)
Re: (Score:1)
Dumb Parallel (Score:2)
Gaiman and Obama had their live streams interrupted interrupted by brainless content robots. This guy was kicked off a service by his fellow carbon-based units after some content violations were flagged. Except for the fact that it's all part of the IP wars, there's no parallel at all.
Someone injured by this malware needs to... (Score:4, Insightful)
...file suit against the malware authors and then subpoena LeakID's records to identify them.
It's an interesting question. (Score:2)
Re: (Score:2)
Copyright is generally assumed for any work that benefits society.
Not true. That's a paraphrase of the Constitutional language, yes, but there's plenty of copyrightable materials that are of minimal or negative benefit to society: The Turner Diaries, say, or [insert completely crap Hollywood movie here].
And of course anyone might disagree about what is or is not of social benefit, depending on their particular ideological/political/financial/social/etc filters. One person's Ulysses is another's 50 Shades o
Re: (Score:2)
Don't trust the cloud! (Score:1)
Tis just yet another example in the ever growing exhibit hall of reasons not to trust the cloud. If you do not want to bother setting up your own IT services, you should be hiring somebody to set them up for you. The best option is to do it yourself (not rocket science these days) and maintain total control.
There are lots more sob stories coming regarding people and their misplaced trust in cloud services.
Re: (Score:1)
The cloud is just a new fancy word for mainframe or terminal server.
move along nothing to see here.
Re: (Score:1)
In the 1960s and 70s, and even 80s, the idea of centralized computing services shared by many users made a lot of sense. Most people couldn't afford computers or great computing power, nor did they have a need for such resources. The solution was to have a university, lab, or business purchase a big powerful computer and users would use dumb terminals to interact with it. It worked great.
The difference today, is that the "cloud" is being sold as a similar sort of resource when it clearly isn't necessary.
Re: (Score:1)
The problem is, not everyone knows how to do that.
Thats why so many NON-IT folks are using cloud crap.
Remember dropbox and rapidshare and co. They ALL make a living off people not knowing how to do better.
Exciting cloud (Score:1)
...which is why... (Score:2)
Re: (Score:1)
THIS
this is what I would do (Score:2)
Encrypted? (Score:3)
The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010.
So, how did LeakID determine these were copyright violations? They'd have to be breaking encryption on servers' contents and that would be a DMCA violation as well.
Malicious software researcher? (Score:2)
I'm presuming it's the software that's malicious, not the researcher.
Okay, so the DMCA is or isn't directly involved? (Score:2)
I know that in all cases, the threat of DMCA action is really what is at stake here. The DMCA is a damaging piece of one-sided legislation that no only hurts people in the US but all over the planet.
It's time this is brought before a judge I think. What is stopping this from happening?
C'mon Google. You've got a dog in this race too!
What kind of encryption was that?! (Score:1)
what about this summary? (Score:2)
Invalid DMCA Complaint, then. (Score:1)
If the specific content (a URL) and owner of that content were not identified in the DMCA claim, then it was not a valid claim and the provider had no business removing any content or access.
Huh? (Score:1)
> LeakID claiming that it was 'acting on behalf of the copyright owners,' though
> the owners and presumed copyrighted content weren't named."
I thought the law required names and addresses of owners.
If law and politics are killing the internet (Score:1)
start killing the laws and the politics?
ie. start contributing to the free internet and start boykotting the idiots?