Sony Leaks Reveal Hollywood Is Trying To Break DNS

schwit1 sends this report from The Verge: Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA's lawyers would target the Domain Name System that directs traffic across the internet.

The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet. No one's ever tried to issue a takedown notice like that, but this latest memo suggests the MPAA is looking into it as a potentially powerful new tool in the fight against piracy.

The US Internet Shutdown Switch

[Anonymous Coward]

Lots of people prefer to ignore that the world's root DNS servers are controlled by US companies... [wikipedia.org]

Re:

[bobbied]

Lots of people prefer to ignore that the world's root DNS servers are controlled by US companies... [wikipedia.org]

Only by convention. You are free to start your own DNS network and dish out your own domain names, just run your own root DNS server. So any country that *really* doesn't like how DNS is structured now, can easily change that within their borders.

Re:

[JMJimmy]

And then we no longer have an internet (international network) we have a regional one which would royally suck.

Re:The US Internet Shutdown Switch

[Anonymous Coward]

And then we no longer have an internet (international network)

INTERconnected NETworks, not international - though it's been that too, since fairly early

Re:

[bobbied]

And then we no longer have an internet (international network) we have a regional one which would royally suck.

The internet would/could still be connected. Name resolution would be a problem, but you *could* still get where you wanted to go.

Re:

[Dragonslicer]

And then we no longer have an internet (international network)

Of course we would. We might even end up with quite a few internets. The downside, of course, is that the Internet would be kind of broken.

Re:

[WorBlux]

Or go to a different system entirely such as the GNU name system, or namecoin.

Re:The US Internet Shutdown Switch

[rickb928]

I don't prefer to ignore this. I instead am thankful.

You don't want the UN involved. And you'll have to recommend a better nation or group of nations to oversee DNS. Or another corporation.

This arrangement has worked very well for a long time. There is nothing to fix, and everything to defend.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[HiThere]

No. What you need is a system that is easy to clone, and which n countries can run independently, for n a positive integer.

DNS seems a good choice for the lower layers, but the top layer needs to have a round-robin resolution, such than any root server that don't find the site will pass you on to the next. You need to also, however, be able to specify the starting root, and possibly the 1st alternate, to avoid cache poisoning.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[binarylarry]

Lots of people prefer to ignore that the world's root DNS servers are controlled by US companies, who invented the Internet and DNS...

Re:The US Internet Shutdown Switch

[afidel]

The I,K, and M root servers are outside the US and are controlled by entities which the US can't directly bully into doing their bidding.

Re: The US Internet Shutdown Switch

[pegr]

This is a great idea. Let's call this file "hosts"! Now, where to put it?

Re:

[ColdWetDog]

You really had to go and say that, didn't you?

Re:

[webmistressrachel]

I really, really hope apk will come on and tell me how "manly" I'm looking these days!

Re:

[webmistressrachel]

Seriously, insightful?? Sarcastic, funny maybe, but I was definitely not being insightful! Next I'll be accused of having sock puppets!

Re: The US Internet Shutdown Switch

[xrayspx]

We should probably have a whole area of disk for various flotsam and configs and yadda yadda, et cetera.

This needs to stop ...

[gstoddart]

The MPAA et al feel they have the right to undermine every bit of technology to server their purposes. They want veto over all new technology to ensure that it aligns with their goals, and makes sure their rent seeking is entrenched in law.

Sony was more than willing to spread malware, and as a cartel these clowns have way too much sway over governments, and seem to think they can act with impunity.

Want the sure file way to the shitty oligarchy of the future? Keep letting these bastards call the shots.

I don't know who actually is behind this attack, but I'm starting to applaud them.

Sony and the other members of the MPAA are out of control, and pretty much deserve to be burned to the ground for the crap they do.

Re:This needs to stop ...

[Shakrai]

I don't know who actually is behind this attack, but I'm starting to applaud them.

You might want to hold [variety.com] your applause [usatoday.com].

I saw the previews months ago for that movie and thought to myself "That looks stupid." but now I'm going to go see it anyway. You should really encourage all of your friends to do the same. Blackmail resulting in self-censorship is not something that needs to be encouraged.

Re:

[fustakrakich]

...but now I'm going to go see it anyway. You should really encourage all of your friends to do the same.

Getting to sound like a good PR campaign now.. It'll probably still flop. It sounds like a real stinker.

Re:

[fustakrakich]

Nobody knows who is making 'threats'. I see no reason to give any money to Sony. They are hardly a bastion of free speech. As far as I'm concerned the whole thing is a scam, though the new Bond flick could be okay. Eh, maybe Sony might get my money after all, and I am amused by your Hollywood Tough Guy talk :-)

Re:

[Anonymous Coward]

I also believe in free space which is why I will not support Sony by watching this film. It is possible that everybody is wrong.

Re:This needs to stop ...

[ganjadude]

doubt that is what he meant, but they could be using the scare tactics to drum up support for this one movie after the fact

My what impressive sources you have!

[s.petry]

Will you also be quoting the National Enquirer in your quest to demonize anyone questioning the MPAA and/or Sony's behavior?

Do you believe that vigilantism is always wrong? Robin Hood was criminal stealing from "rich" who used criminal means of gaining wealth, and the peasants he was giving money to should have lynched him on the spot? (I realize this one is a fable, but a well known one and high on moral fabric).

If you don't believe vigilantism is always wrong, where do you think the line should be? Big

Re:

[s.petry]

In this case? With regards to an industry that could be killed tomorrow if enough people simply voted with their wallet? Yes, I do think it's wrong.

This indicates that you really don't know how the world works, especially in terms of "entertainment". Perhaps 50 years ago this point would have some merit, but not within the last couple of decades at least. Actually investigate how the industry works, then we will talk.

To give you a hint, Sony in this case is a target because it's a single entity who has repeatedly screwed over consumers. They knowingly installed malware on people's computers and faced a class action lawsuit for it, though consumers r

Re:

[geekoid]

If I broke into your house, and dug up all your secrets and then revealed them to the world, should I be applauded if I find out you where doing something 'wrong'?

Re:This needs to stop ...

[gstoddart]

Well, it's kind of like Snowden. Everybody knew they were doing something wrong. The sheer magnitude of it is slowly coming to light. Nobody started off with the illusion they were innocent before this.

I'm torn, I really am. On the one hand, yes, hacking and extortion bad.

On the other hand, I find multinational corporations like Sony to be complete douchebags, who will do anything to advance their own goals, at the expense of everyone else on the planet, and with the assistance of governments who have been willing to stick it to their citizens to protect corporate interests, largely because the politicians are on the fucking payroll.

And then I want to go all Tyler Durden on them because I'm getting tired of the oligarchy and the asshole politicians enabling it.

You don't keep a free society by making it beholden to corporations who tell us what we can and can't do.

Re:This needs to stop ...

[tnk1]

The hackers are totally wrong. So is Sony.

Sony is getting egg on their faces, and the hackers may eventually get caught. Both parties may well get theirs.

And thanks to them, I get to see a real life version of "Swimming with Sharks". That's the positive.

The big negative would be if this becomes yet another excuse for Sony to break the Internet with trying to cover their own asses by making everyone else do their work for them. And in that sense, that is the negative for having both Sony, and hackers who attack Sony existing. Sony will never fix their security, just like they won't fix their distribution. That would require effort. They'll just try and buy regulations that make other people have to jump through hoops so they can continue to store their master password list on unsecured shares on their open network and continue to use various pricing schemes to make people pay more for the same product.

North Korea is one step ahead of you.

[emil]

And they have a better track record of enforcing the people's will than the supreme court at the moment when it comes to Sony.

Re:

[Mashiki]

Well, they also have a great way of enforcing justice on anyone who disagrees with them too. The gulags, cannibalism, and eating tree bark sound wonderful this time of year.

Re:

[poetmatt]

People should be bashing sony for doing a shit job at being sony, but the MPAA is not only Sony.

Meanwhile, the irony of attempting to break DNS is that it's going to come full circle and harm the MPAA. So they really aren't paying attention to what scorched earth tactics really do.

Go ahead

[cdrudge]

If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet.

Good strategy. Go ahead with that plan and let us know how that turns out.

Private/for profit DNS

[Overzeetop]

So then we all get to subscribe to $10-30/yr private DNSs which aren't poisoned, I presume. It's not like I'm using my ISP for my DNS.

Re:

[cdrudge]

Or use a country code DNS out side the US jurisdiction. Or an IP address. Or...

Re:

[LordLimecat]

Meanwhile, in a forgotten corner of the internet, InterNIC cackles with glee as its plan comes together.

Re:Go ahead

[StikyPad]

Exactly. There's nothing frightening about this at all; it's a nuisance at best for the sites. Between using IP addresses directly, or editing a hosts file, or switching to an offshore DNS server, it's all of a 30 second delay.

For sites dedicated to piracy, it won't make the slightest difference in traffic. The demand is there, so people will seek out the product. The idea that making it marginally (or even substantially) more difficult to find will reduce demand is like saying "If Barnes and Noble doesn't carry pornography, there won't be any demand!"

Is piracy morally justifiable? Not really. In the end, someone is going around the rules of society for personal gain. Still, available evidence suggests that the actual economic damage is minimal, at worst, and possibly that it's helpful to the bottom line. People who pirate seem mostly to be people who wouldn't pay anyway, so they're not really lost as customers. Additionally, word of mouth can help the popularity of films, regardless of whether that opinion came from a free screening, a paid viewing, or a pirated download. From a practical standpoint, it doesn't make sense to focus efforts on stamping out something that's so benign. In other words, we shouldn't tolerate measures that negatively impact the rest of society to protect one group from an imaginary harm.

Re:

[meta-monkey]

or editing a hosts file

Great, now APK has another bullet point for his shitposts...

Re:Go ahead

[mrchaotica]

Is stealing from the Public Domain by turning copyright into some sort of perpetual entitlement morally justifiable? Not really. In the end, someone is going around the rules of society for personal gain.

FTFY.

Re:Go ahead

[BarbaraHudson]

I guess they don't know history so well. AlterNIC [wikipedia.org] could easily return under such a scenario.

Re:

[omnichad]

So is IP address allocation. What's left of the Internet when you take that away?

Re:

[omnichad]

Nothing about IPv6 changes that other than there are more individual addresses under oversight and managed allocation.

Re:

[AK Marc]

You can't manage it. I was on The Early Internet. You'd be surprised how many people advertised blocks they didn't own, and got away with it because there were so many to choose from, you'd probably not accidentally step on one in use. The locks on advertising addresses to ensure ownership and such came after. With IPv6 and no authority, we'd see people randomly use addresses, without allocation. And it would work pretty well, given the V6 address space.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:These idiots remain idiotic

[geekmux]

If they break DNS, we'll just move to a shadow system, whether based on hosts or just another flavor of DNS.

Fuck them.

That "shadow" system you speak of could in fact be the catalyst we've all been waiting for to push the majority into IPv6 space.

Nonsense

[tangent]

DNS was created in 1984 to replace the old flat HOSTS.TXT system, at which time the file contained only "several thousand" entries, according to one source I found. Maintenance and distribution of the file was already becoming a problem by that point.

The oldest actual HOSTS.TXT file I found for download was from 1990, and contained about 9,200 lines. (No link; don't want to spam someone's Internet history server just to prove a point. Do your own Googling if you don't believe me.)

There are single data cente

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[tangent]

Distributed darknet crypto-geeks have a pretty poor track record of creating unbreakable systems, too.

SSL/TLS: Launched 1994, sold as impervious, significantly compromised roughly once a year ever since

PKI: Same story as SSL, except you also get fun design decisions that allow foreign governments and corporate IT to impersonate any host they like

Tor: Launched 2002, all onion layers pierced by 2012, requiring only sufficient funding

Bitcoin: Decentralized, anonymous, encrypted to the hilt, billed as economica

Re:

[sconeu]

[PEDANTIC]
What is a HOSTS.TXT file? Back in '84 there was /etc/hosts
[/PEDANTIC]

OK, maybe a VMS system had a HOSTS.TXT.

Re:

[jbmartin6]

I don't think they care too much about what /.ers may do, I am sure at least some of them understand that technically savvy people will just route around the damage. It seems to me what they want to do is make it just difficult enough that Joe Average will shell out the bucks rather than figure out how to use Tor et al. In other words, scrapping the old 'sue 6 year olds for file sharing' approach. Instead taking a page from physical security and trying to make it just hard enough to maximize revenue.

Re:

[JohnFen]

It seems to me what they want to do is make it just difficult enough that Joe Average will shell out the bucks rather than figure out how to use Tor et al.

What they clearly want to do is break the internet. However, if their goal is to stop infringement by Joe Average, this effort would fail. What will happen is an alternate system will be set up by those of us who know how to do such things (whether we engage in piracy or not -- it doesn't matter), then we'll encourage everyone to use it and when we set up machines for our nontech friends and family, we'll set them up to use the alternate system as well.

Re: These idiots remain idiotic

[Jason Levine]

If the MPAA really was serious about fighting piracy, they would work with NetFlix and other online video providers to get their movies online for a reasonable price. How many would stop pirating if everything they wanted was a Netflix subscription away? Instead they treat Netflix like a big threat and try to deny them as much video content as possible.

Re:

[meta-monkey]

Anything that requires my computer to tell me "no" is evil. "Well I could play this file, but some server out there said I shouldn't let you, so no." Nope. That's not the way this works. My computer is my slave. It works for me and only me. Not for Sony, not for Disney, not for the RIAA or the MPAA or anybody else. Just meta-monkey.

And probably the NSA, but fuck if I can stop that.

Re:

[AmiMoJo]

It would fracture the internet into two halves - the US and everywhere else. The take-down requests would be honoured by US servers only, and the US would probably find itself in front of the WTO for screwing with the domain names of other countries.

Re:

[Pontiac]

They already exist.. [wikipedia.org]

comcast

[roc97007]

> and working with ISPs like Comcast to examine how a system might work technically

Yet another reason not to do business... well, you know.

Comcast or cap

[tepples]

How should Comcast objectors living in Comcast territory cope with the 10 GB/mo cap of non-Comcast home Internet through the sat or cell company?

Re:

[roc97007]

How should Comcast objectors living in Comcast territory cope with the 10 GB/mo cap of non-Comcast home Internet through the sat or cell company?

I dunno. Perhaps complain to your municipality about the granting what is essentially a monopoly to a company with such a bad customer service record. Make correcting the situation a factor in getting re-elected.

Where I am, we have a choice of cable or fiber, before you have to consider lower tier like DSL wifi, satellite. (I consider satellite lower tier because of the terrible upload speeds.) I understand that other areas, especially older municipalities, don't have the choices we have in my area. Tha

black DNS?

[Mirar]

So how long until we scrap DNS for something both secure and P2P?

Re:

[TheGratefulNet]

uhm, regular old dotted quads (ip addrs) work fine and cannot be 'taken down' since they are not lookup based but topology based.

and even with ip alias and redirects, a dotted quad can be just about as good as a dns name. better, in some ways, since it cant' be faked like a name can, and does not require another fetch for the name->ipaddr lookup.

Re:

[FictionPimp]

My website is at fd30:0000:0000:0001:ff4e:003e:0009:000e, please visit.

Re:

[TheGratefulNet]

ipv6 is not going to take over any time soon. adoption has taken 20 yrs now and its still 'not there' for many places.

IoT will use ipv6. but websites that are more than your personal site will always have access to ipv4.

Obligatory joke...

[sh00z]

uhm, regular old dotted quads (ip addrs) work fine and cannot be 'taken down' since they are not lookup based but topology based.

and even with ip alias and redirects, a dotted quad can be just about as good as a dns name. better, in some ways, since it cant' be faked like a name can, and does not require another fetch for the name->ipaddr lookup.

...about the awesome library of stuff hosted at 127.0.0.1

Re:

[omnichad]

Welcome to IPv6. If your ISP doesn't support it there are still plenty of ways to get access.

Re:black DNS?

[PhrostyMcByte]

Funny, Microsoft has actually had a P2P DNS system for several years: PNRP [wikipedia.org].

huh what?

[Charliemopps]

No one's ever tried to issue a takedown notice like that...

Really?
http://en.wikipedia.org/wiki/C... [wikipedia.org]
They haven't?
http://en.wikipedia.org/wiki/M... [wikipedia.org]
Tried this?
http://en.wikipedia.org/wiki/P... [wikipedia.org]

Because, the last I checked...
http://en.wikipedia.org/wiki/R... [wikipedia.org]
It was happening
http://en.wikipedia.org/wiki/C... [wikipedia.org]
all the time...

Fundamentally breaking the net?

[King_TJ]

This is totally unacceptable, IMO. I don't care if it's the MPAA suggesting it or the FBI or InterPol, or ??

There should be plenty of ways to deal with hosted content on someone's server without resorting to breaking core functionality of Internet services like DNS!

You could make hundreds of analogies (most of which would probably not be all that great), but to use the ever-popular automobile analogies for a minute? This is a little bit like trying to stop illegal sale of goods by a business by tearing out

Re:

[gstoddart]

There should be plenty of ways to deal with hosted content on someone's server without resorting to breaking core functionality of Internet services like DNS!

Unfortunately, to the asshole lawyers these companies employ ... the core functionality of the internet be damned.

They simply don't care about anything but their own profits. They just want to be in charge of how all technology is used.

"A takedown notice program, therefore, could threaten ISPs with potential secondary liability in the event that they

Re:

[jbmartin6]

I like to say, the Internet does not exist to guarantee the viability of their business model.

Re:

[hcs_$reboot]

Well, you can still connect to the site if you know its IP address. A bit harder to remember though - especially if it's IPv6.

What am I missing?

[Exitar]

In Europe happens quite often that ISP are forced to remove "bad" sites (torrent, stream) from their DNS.
People just learned to not use their ISP DNS anymore.

Re:

[l0ungeb0y]

Well this is Murka and here we have freedum and speeches -- things you could never understand

Screw them!

[excelsior_gr]

We'll make our own DNS!

With blackjack and hookers!

Re:

[Dragonslicer]

You know what, forget the DNS and blackjack.

Re:

[omnichad]

I will **woosh** you and educate you:
http://tvtropes.org/pmwiki/pmw... [tvtropes.org]

North Korea

[Esra Erimez]

Even though the Pirate Bay move to North Korea was a hoax [bgr.com], but if North Korea really wanted to exact revenge on the industry why wouldn't they take an approach that would really hurt them and actually host pirated content?

Beyond 404 HiJacking

[tiberus]

It's bad enough that companies like Verizon, in a effort to help us and provide better service, hijack 404 errors and redirect them to their tailored search results, now this. In light of how little vetting some of these take down notices seem to receive before the ban hammer falls, this is truly scary. Scary in that they think this is how to go about business. Like others have already alluded too, this is likely to at worst cause a minor bit of annoyance before a way to protect against this silliness is found.

Rise of the darksite DNS

[DontBlameCanada]

I already override my ISP's advertised DNS settings to point to something that doesn't redirect to their advertising pages when I typo a URL. I can easily point it at something that doesn't listen to MPAA's bizarre demands.

Re:

[jbmartin6]

Their next step will be traffic sniffing to monitor all your DNS traffic, regardless of destination.

DNS was always optional

[holophrastic]

So, instead of saying: "Hey Joe, check out vids.com", I'll say "Hey Joe, check out 74.238.38.132". Because that's somehow so much harder to do, especially in a link. Welcome to your HOSTS file.

Re:

[rickb928]

It's inevitable that the copyright holders will expect IP addresses or ranges to be blocked or simply deleted from routing tables.

And then innocent bystanders will become caught up in this.

That's how this escalates. And how it is dangerous to let them do even the little thing.

Re:

[holophrastic]

HOSTS file, like I said.

DHT based systems

[Kaenneth]

Would a distributed hash table system (like eMule used(uses?)) make a good DNS replacement?

The wasp and the thistle

[ISoldat53]

This story reminds me of the wasp that landed on the thistle. One of them is going to get stung but I really don't care which. It's bad that anyone gets hacked but it it Sony after all.

The return of Alternic

[mbone]

This would not really work. In practice, it would likely mean a return of Alternic system, with multiple roots - i.e., a dark DNS for the dark net, probably temporary DNS extensions for file sharing, etc.

Somewhere, I suspect Eugene Kashpureff is smiling.

What remedies at law exist?

[rickb928]

For other types of distribution, what remedies at law exist?

For instance, if I start mailing pirated Blu-Ray disc all over the world, do they instruct the various shipping agents, postal agencies, and so forth to refuse to accept anything from me, and also to refuse to deliver to me? Can they do this without informing me? Do I have recourse if this also denies me lawful services?

If I merely pack and ship these discs for someone else, is there a fix in law to also deny me access to shipping methods?

Do they

Won't prevent routing

[kheldan]

They can compromise DNS all they want, but they can't prevent routing of packets from one numeric IP address to another numeric IP address.

If they were actually trying to mess with DNS then they should be prosecuted under hacking laws, because if you or I were to do this thing, that's what would happen to us.

Bastards.

Yeah, that'll work. Sure.

[c]

A huge number of people already barely use DNS. They go to places like "The Pirate Bay" by entering "The Pirate Bay" in the Google Search window, and following the first link or two that they find. So, if Google indexes 194.71.107.27 [194.71.107.27] or there's a Wikipedia link to it (since, you know, that'd be newsworthy), the effect of a DNS ban has little impact on the original discovery of the site URL.

Some (stupid) ISP's already take care of this search mechanism... enter a bad URL, go right to a search page. Most brow

So worst case scenario

[DrXym]

A dozen viable DNS lookup services spring up in the event of a takedown.

Because everything exists to service entertainment

[gestalt_n_pepper]

Somehow, I doubt that any country outside the USA is going to tolerate this nonsense for very long. Entertainment can be boycotted. Other networks can be created. If the MPAA is dumb enough to try this (which is likely, because, you know... entertainment industry), they will just hasten the creation of a new and better decentralized set of internets.

Odd individuals they must have been

[Archtech]

It seems that the bipeds who once inhabited this planet had, at one time, developed a comprehensive worldwide networking system. They accomplished much through it, from exchange of all kinds of information to commercial transactions, education, and even personal communications.

But suddenly, one day, this useful system was destroyed. Apparently a small group of bipeds, which had enriched themselves by creating carefully distorted fictional representations of life and events, decided that the network might be slightly reducing the rate at which they amassed wealth. So they sabotaged it.

We really have no idea what kind of intelligence those bipeds had - if it was even intelligence as we know it.

Back to the good old hosts file

[Baki]

Just spread the ip addresses, like in the old days.
In 1988, I used to know lots of IP addresses by heart. Though that will be a bit more difficult with IPv6.
But we have /etc/hosts for that. Almost like a bookmark...

So we hop back to 1994

[future assassin]

207.99.133.7

Long live capitalism!

[Opportunist]

If A breaks or gets broken, B will emerge to fill the void.

For reference, see content. When content for sale was broken past its usefulness by DRM, download pages popped up left and right where you could get it not only in better quality (no unskipable ads, no "always on" online connection for offline playing...), even the price was better!

Re:

[rvw]

Can MPAA.org be removed?

Great idea, but I bet they will figure out a paid verified DNS registration that will prevent this. Better - it's there yet: TLS with those green bars!

Re:

[ArcadeMan]

Could be a fun idea if enough companies with their own DNS servers would redirect MPAA.org to a parody website instead.

Re:

[bobbied]

DNS already *is* distributed. Don't you really mean something that's not hierarchal?

I'm not following you on the crypto currency framework thing. Can you elaborate?

Re:

[omnichad]

I think they're referring to something like Namecoin [namecoin.info].

Re:

[Connie_Lingus]

of course you can...you can even navigate my decimal number ie...

http://3626153261/ [3626153261]

Comment removed

[account_deleted]

Comment removed based on user account deletion