Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetPD, Metallica's Mysterious Tracker

Posted by jamie on from the how'd-they-do-that? dept.

Akilesh Rajan writes: "An article at Forbes talks about the firm that supplied Metallica with the software it needed to capture 335,000 users. It 'works like 5,000 humans sitting in a room doing Web searches' to identify user names. Demand for their services is enormous, especially since they also plan to expand into the videogame and movie protection businesses." This NetPD company is unrelated to the shareware program NetPD, which, ironically, helps protect user privacy.

8 of 290 comments (clear)

  1. Another step in the arms race by crow · · Score: 5

    This is another step in the arms race between those who wish to remain anonymous and those who want to know who is doing what.

    It's just a matter of time before the RIAA goes after those operating servers on IRC. NetPD is a company that will likely help in this. (In most cases, they could probably get those running servers booted from their ISPs--very painful when high-speed options are limited.)

    So what are the next step for those who want to be anonymous? How can I mask my IP number when going online (through IRC, web, napster, etc.)? And I mean really anonymous--no logs to be revealed under court order.

  2. Whitehats/Blackhats? by KFury · · Score: 5
    If I hacked into a net conversation between two parties and then sold the information to a third, I would be put in jail. If I refused to say how I got the data I wouldn't be let out on bail. If I did it 350,000 times I'd never be free again. When NetPC does it, they get lots of press as a police presence.


    NetPD hails itself as a "force for good", but where's the accountability? If the Christian Coalition approached NetPC asking for the names of everyone emailing to abortion clinics, how do we know they won't turn their 10 employees (5000 monkeys) on that job to make their next dime?


    Also, without revealing their methods, it seems like there is a real possibility that they're doing packet sniffing, which would be a violation of the law, constituting illegal search, or they're posing as napster clients, letting people download which, while not entrapment, as they're not a law enforcement agency (among other reasons) is just as illegal as the person downloading them.


    If they're only supplying dummy files with authentic-looking names, then the people downloading the files aren't breaking the law.


    Of course, there are other major problems, such as the fact that they're using Napster-registered names, which are often fake to begin with, and that they have no way of showing that someone doesn't own the CD in the first place, and thus a license to make or obtain a copy.


    None of this will have an effect in the long term, as NetPC admits they can't discuss their information gathering methods, because if they were public Napster would be able to block it. Sorry, but such evidence won't hold up in court without demonstrating exactly how it was obtained (for resons of determining authenticity, accuracy, and legality). Once this is done, Napster can block it.

    Kevin Fox

    --

    Kevin Fox
  3. Re:They'll have to tell someone how they do it ... by aphrael · · Score: 5

    Anonymous attacks are becoming more and more effective in the U.S.,

    Yes and no. :) In the case Florida v. JL, handed down 28 March 2000, the Supreme Court ruled *unanimously* that "an anonymous tip that a person is carrying a gun is not, without more, sufficient to justify a police officer's stop and frisk of that person." The argument is that anonymous tips which are *predictive of behavior* can be trusted *when the predicted behavior manifests*, but tips which are merely *descriptive* cannot be --- otherwise you could call the police and accuse the otherwise innocent-looking black man standing at the bus stop of carrying a gun, and the police would be justified in searching him.

    For more information, including the text of the decision, see http://supct.law.cornell.edu/supct/html/98-1993.ZS .html

  4. They'll have to tell someone how they do it ... by aphrael · · Score: 5

    Their methodology will have to come out, eventually.

    Imagine (this isn't going to happen now, but something similar will someday) that Napster refuses to block the names on the list. Metallica sues, and the conversation in court looks like:

    Metallica: "Napster won't block these known copyright violaters."
    Napster: "This is a random list of names; there is no proof they are copyright violators."
    Metallica: "Sure there is; NetPD told us they are."
    Napster: "How did they get the list?" What proof do we have they aren't just random names?"
    NetPD: "Trade secret, we can't tell you that."

    Either NetPD's comment holds up in court, and *anonymous attacks* become acceptable legal practice (in which case we all ought to run to the nearest country with reasonable laws, as ours will cease to mean anything), or NetPD is forced to disclose their methodology to the court, or the list is thrown out as being invalid evidence in a court hearing.

  5. Fighting fire with fire by anticypher · · Score: 5

    Start by attacking any ISP in the UK who offers internet service to this company. At this point, all it takes is threatening to file a law suit, and the ISP will yank their access. It is legitimate to use words such as 'libel', since they may in the near future try to claim someone a criminal, which could then be proven in court to be libelous. Words such as 'cracking attempts' and 'illegal probing' can also be tossed out truthfully. When netPD have exhausted all potential connections in the UK, they will be forced to move their entire operation to another country, and start over again. It will take some perseverence to take them down, but the community is large, and the number of ISPs willing to take a stand against baseless litigation is rapidly diminishing.

    Complain to their upstream provider, about the excessive use of bandwidth caused by netPD. It might not get them blocked, but they could get bumped to a higher cost guaranteed bandwidth service, taking another chunk out of their revenue.

    Track the methods they use to search napster, gnutella, and web sites. They are using some kind of spyder to crawl around and log hits based on their customer's heuristics. These bots/spyders could then be blocked at various points, freeing small sections of the internet from their insidious probing.

    Enlist university administrators to help block netPD. Students who are running distributed file systems and fear being libeled or falsely accused by netPD should send a written request to the university network administrators to block outside access to netPD. Again, use carefully selected panic words 'illegal probing attempts', 'crack attack', and 'allowing netPD access could open the university to a lawsuit'. Tell them cracking/scanning attempts are coming from the subnet 62.254.209.128/25, and ask them to block it.

    Create a standard template to exclude netPD from networks you control. Someone should write a one paragraph disclaimer which could be customised for each locale telling netPD to stay away, and promising to follow up any violations with a vigorous prosecution.

    Bruce Ward, 23-year-old chief technology officer of NetPD sounds like this is a small failed Y2K pre-IPO company jumping onto a wave of free publicity. Not to put down 23-year-olds, but a company with an abrasive CTO like Bruse may not survive riding a big and dangerous tsunami very long, no matter how good surfers they think they are. He already rode another company into bankruptcy and several lawsuits.

    He's been so bold as to register the address www.mp3police.com.
    "We fully expect to upset people and our site will probably get hacked," he says.
    This sounds likes a challenge to leave to the script kiddies. That server is physically located in a webhosting service in Dallas, Tx, USA, running a static page of Bruse's failed Y2K fixit company. Bruse has also registered mp3police.co.uk, which has been recorded scanning many legitimate sites, none of which are running napster or warez boards. Complaints have been circulating for a while, go scan deja for some more info. NetPD has even hit some totally innoculous honeypots and scanned them completely.

    At this moment, netpd.com and netpd.net are still available from futuresite.register.com for a price :-) Any takers?

    The challenge for those who want to see a free net is to attack netPD where it counts, their access, their financial well being, their status as vigilantes, and their reputation with any potential customers.

    the AC

    --
    Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
  6. Re:Bot??? by technos · · Score: 5

    Hmmm.. So NetPd violates Napsters TOS.. And accoding to that TOS, the relevant bits being: (ii) use the Napster browser or service, or attempt to penetrate, modify or manipulate the Napster browser or service or any of the hardware or software thereof in order to: invade the privacy of, obtain the identity of, or obtain any personal information about (including but not limited to IP addresses of) any Napster account holder or user

    (iii) reverse engineer any portion of the Napster service or browser

    And the penalty:

    Napster and its affiliates reserve the right to refuse service and terminate accounts in their discretion, including, but not limited to, if Napster believes that user conduct violates applicable law or is harmful to the interests of Napster, its affiliates, or other users, or for any other reason in Napster's sole discretion, with or without cause.

    I'm just sorry they didn't have a 'fine' clause. Say $1,000 per infraction of privacy policy, and $100,000 per instance of infraction of the RE clause. Collecting 335,000 users nicks and IPs would cost Metallica and NetPD $335,000,000, as well as each bogus session using the harmful RE'd software (probably 40-100 clients) another million.

    --
    .sig: Now legally binding!
  7. Napster names or real names? by The+Good+Reverend · · Score: 5

    I was under the impression that Metallica had hired some magical internet dectective firm to find the real names of those who had been trading mp3s illegally...am I mistaken? This article makes it sound like all that have is Napster user IDs. Yes? No?

    If that's all they have, then why is there a problem? Anyone can use any name to sign up and use the service, it's not as if the 335,000 named folks can't use it anymore. Also, I don't remember giving any personal information when I signed up for Napster, so unless they're working with ISPs, they won't have any real names. If I'm wrong about this, please, someone enlighten me. But it just sounds to me like NetPD logged on, got user names, and killed some trees to make a show of the whole thing.

    The Good Reverend

  8. Favourite quote on this topic by Ron+Harwood · · Score: 5

    Asked of Weird Al: Hey Al!!!!! What do u think about Napster? I just want to know if you approve.

    Al Answers: I have very mixed feelings about it. On one hand, I'm concerned that the rampant downloading of my copyright-protected material over the Internet is severely eating into my album sales and having a decidedly adverse effect on my career. On the other hand, I can get all the Metallica songs I want for FREE! WOW!!!!!

    Taken from Ask Al

    --
    BlackNova Traders