RIAA to DoS Pirates?

_Chainsaw sent an article running at ZD that talks about the RIAAs latest plan to stop pirates: " We'll smother song swappers " is the quote, but it basically amounts to a Denial of Service. Way to go guys! Brilliant strategy!

Just goes to show

[Mattcelt]

That the RIAA see their own interests as being more important than the civil liberties of their *customers*. Should this vigilante BS be responded to in kind?

I think we need to keep a very close eye on the RIAA right now. We (/. users) have the same capabilities as the US govt because of our large distributed nature. I advocate the foundation of a group to watch the RIAA. Email me if you think it's a good idea.

Oh, and check out the RIAA-watching stuff already on http://www.cryptome.org.

Mattcelt out

Their resources are finite

[CmdrTroll]

Speaking as an avid music pirate and warez trader, this is one of the best possible cases. Consider the alternatives:

• They can contact my ISP and have my connection shut down. That would be very painful for me and disrupt my hobby. I would be forced to go outside, make friends, and do other social things. Bad.
• They can send me threatening letters. I don't like threatening letters because that would also make me think twice before swapping warez or trading songs. My parents might see the letter and revoke my computer privileges, which would also be very bad.
• They can pollute the swapping services with junk files. This is a huge waste of my time and pisses me off.
• They can pollute the warez scene with virii. This would also piss me off greatly.
• They can sue the owners of the swapping services. A good service is hard to find (I'm sick of the Aimster/AudioGalaxy kind of crap) and that would annoy me.
• They can lobby ISPs to limit upstream bandwidth. That will cause my warez services to diminish in value and make it hard to remotely access my PC.

OR, they can simply DoS the swappers. Unfortunately for them, they are relying on TCP, so they need to disclose their source addresses for the attack to work. And if they do that, we traders can make a database listing all of their IP addresses (kind of like MAPS/ORBS) and block their asses. We will find ways to thwart this approach and we will continue trading.

So, in a nutshell, I am very pleased with their latest strategy. I haven't been so gleeful since they announced copy-protected CDs (which also have done little to discourage swapping).

-CT

Legality of distributed systems.

[Matt2000]

If I as an individual decided to write a client for a distributed system such as Gnutella that took an innordinate amount of bandwidth from users it connected to it'd be considered a bad or malicious client, but not illegal.

All the RIAA is asking for here is to play on the same level as us. I have difficulty counting the number of times I've read posts following an RIAA announcement saying "We'll just crack/hack this/that until their systems can't handle it," and yet the assembled masses get all self righteous as soon as the RIAA suggests they be allowed to do the same.

I liken this struggle to the one surrounding the hacked satellite cards. The legality of hacking those cards has been accepted, so the company fights on a technological level. I find this completely acceptable, and perhaps the best/right reaction to a sitation such as this.

I think we should encourage the RIAA to try to slow down file trading systems, and save the real fight for when they try to pollute our laws with amendments that will affect us far more comprehensively than the availability of the latest Spears track.

Not really.

[jd]

Theft of computer resources is illegal in many countries, and certain parts of the US (such as Oregon). Theft of data is also illegal. Using a crime to justify a crime ("eye for an eye") is an interesting, but disputed practice ("two wrongs don't make a right", "the end NEVER justifies the means").

Going by a democratic system, that's two sayings for the Nays, versus one for the Eyes. The Nays have it, by a majority of one vote.

Re:Arrest them

[ajs]

No, it's not a terrorist act (according to the bizzare logic of the new anti-terrorism bill) unless they're doing it for financial gain....

Oh wait! That's EXACTLY why they're doing it!

What next?

[blang]

Seems like RIAA is going through evolution at a fast pace. First they knew nothing. Then digital happened, and they still knew nothing. Then the net and digital and p2p happened, but this time they were prepared, armed to the teeth with DMCA.
Then they tried out misc. tecnhological speed bumps, which all turned out to be trash, and when that was revealed, they tried to extort dr felten. And when he yelled "foul", they somehow managed to backpedal in a way that got felten's suit thrown out of court. bastards.

And now they've evolved into script kiddies. I guess the goal justifies the means. However, they're still as dumb as brick. In the aftermath of September 11., the hawks have tightened things so that hacking is considered terrorism.

Cool. Finally there is no need to go through expensive lawsuits to stunt these goons. All we have to do is wrap up the evidence, and hand them over to the feds.

Extortion, cyberterrorism, sounds like a mob thing to me. Time for a grand jury to put these people away.

The RIAA does NOT have that right - they are lying

[jms]

I've read through the statute, and I think that the RIAA is attempting an enormous bluff.

It seems to me that for the RIAA to attempt to hack into someone's internet-connected computer and disable it is clearly illegal under current law:

18 USC 1030(a)(5)(C)

(a) Whoever - (5)(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ... shall be punished as provided in subsection (c) of this section.

An internet-connected server would appear to be a "Protected computer" under the definition in 18 USC 1030(e)(2)(B)

(e) As used in this section - (2) the term ''protected computer'' means a computer - (B) which is used in interstate or foreign commerce or communication;"

"Damage" is defined in 18 USC 1030(e)(8)(A):

(e) As used in this section - (8) the term ''damage'' means any impairment to the integrity or availability of data, a program, a system, or information, that - (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;

If the RIAA really thinks that it is legal for them to hack into and disable other people's computers, then why aren't they doing it already? Answer, because they know that it's really
illegal -- if they were to do more then $5,000 in cumulative damage, they could be charged with a felony, but they're hoping that they can fool Congress into making it legal for them to attack and destroy other people's computers by claiming that they currently have that right, and that the antiterrorism bill is going to take that right away from them.

The RIAA appears to have adopted the strategy of making a completely false claim, then taking advantage of the runaway-train-antiterrorism bill to attempt to insert a brand new exemption for themselves, allowing them and only them to practice cyberterrorism under the guise of "protecting their copyrights."

Dirty tricks as usual.

Compromises like this won't work long-term.

[Draxinusom]

All that sounds good, but in the long term there is nothing the music industry can do to solve the problem of piracy without fundamentally changing their business model. Right now it looks like this: 1) Manufacture flashy new act 2) Market the product like it's going out of style 3) Milk it, milk it, milk it 4) When it goes out of style, go to step 1.

The problem is that a model that is so driven by marketing is especially vulnerable to piracy. Why?

• Marketing is good at creating desire, but poor at creating support.
  
  The music labels have pretty much stopped telling people to buy their stuff because it's good, but because it's popular, and at some level their customers realize this. People will buy a product because it's the hot thing, but if that is its sole source of appeal, at the end of the day the buyers won't feel obligated to support the people behind it.
  
• Marketing-driven products have no value apart from their marketing.
  
  If you have an act that's good but undermarketed, MP3-trading will function like free marketing, resulting in increased sales. But if you have an act that's well-marketed but crappy, MP3-trading will function like lost sales, as people say, "Okay, I've been told by Mr. Television that I should have this; well, now I have it."
  
  No one is going to "discover" Limp Bizkit by hearing an MP3. The product is the marketing and vice versa. Similarly, in tend years, that Limp Bizkit CD isn't going to be on the shelves waiting for the next generation of music fans; if you want to make money off it, you have to make money now.

Take a look at the publishing industry. The book world is also driven by marketing, but to a much lesser extent. If you publish a book, you can expect that it will provide revenue independent of the amount of money you spend to hype it. That's because the book industry is actually about selling the content instead of the hype.

Furthermore, the publishing houses have stayed alive by acting as finders and screeners of content. Instead of riding one or two major cash cows, they cast their nets wide, trying to get everything that has some quality. There are tons of great music albums that never get major label release, but there aren't that many great novels out there haven't been published in one form or another. Conversely, I know that anything published by a major house will be better in quality than 90% of what I could get for free.

So why don't the record companies adopt a model like the publishing industry, where they nurture a variety of intrinsically good acts that will provide more modest but longer-lasting and more stable cash flows? Simple: the quality-based model doesn't make nearly as much cash as the marketing-based model.

The fact is that there is no way for the record companies to make a "fair" profit doing what they do now. Nothing less that the survival of their way of doing business is at stake; it's no surprise that they're going down swinging.

DoS attacks on ISPs

[Peter+H.S.]

I work as a volunteer Sys Admin (BOFH) for my apartment block; 300 users, on a 2mbit leased line, so we are a small time ISP of sorts.
Our users are dynamically assigned private IP numbers, so we use NAT on our gateway.
As I see it, any kind of DoS attack on one of our users, will effectively be an attack on our gateway /firewall, and our commonly shared bandwith.

If such an indiscriminate DoS praxis was instigated by the RIAA against us, we would excersise our legal options to retaliate and defend ourself:

Eg. even though such DoS'ing may become legal in the US, it would still be a criminal activity by my countrys laws (Denmark). Since RIAA has presence in Denmark, it may be possible to persecute them.

Also, perhaps such DoS'ing from the US to other countries, may be illegal even by US law, since it is likely to conflict with international law.

And our humble organisation, might just be politically so well connected, that we could make it an EU case. Certainly we could make it a case in our own parlament, since we occasionally negotiate with high level civil servants, regarding various laws for community(?) based ISPs.

A huge amount of all Danish Internet traffic, goes through the so called DIX. So permanent choke points for RIAA IP numbers there, (and on our backbone providers routers), could also be an option.

We would also bitch and complain to RIAAs backbone provider, suggesting that harbouring DoS script kiddies like RIAA, might be a bad buisness idea, that perhaps could mean trouble for the overseas connectivity for the rest of their costumers (filtering on the DIX, RBL-style, peering agreements, perhaps even lawsuits).

In short, if such a law became a reality in the US, I would strongly advise the RIAA, to individually check the national identity of their DoS-targets IP, before commencing any attack.

RIAA and Gnutella

[Th0th]

This is a bit off topic, but regarding the RIAA and DoS attacks, and the recent /. article about the RIAA trying indemnify themselves from damages resulting from hacking into computers.. I query whether anyone has been out on Gnutella lately and noticed all the 1k files, the names of which exactly match the query entered. I always assumed that these were viruses, porn site ads, etc. I wonder if the RIAA have gnutella servers out there trying to cripple, create security breaches, etc on the machines of people violating copyright by trading mp3s, movies, etc. Does anyone wanna load up gnut and do some detective work???