Slashdot Mirror
RIAA Smacked by DoS
nekid writes "ZDNet is reporting that the RIAA's website was hit by a denial-of-service (DoS) attack over the weekend, most likely in response to their endorsement of legislation that would give them permission to do the same to personal computers that are pirating music (see earlier article). Seems to me that they are killing themselves with bad public relations..." But it seems to me that they don't care, and are instead
banking on the ignorance of the bulk of the world.
Too funny. Someone's been reading user friendly and decided to fight back perhaps?
Most people would die sooner than think; in fact, they do.
Give the media and the average American more reason to think the people the RIAA are against are little more than immature "hackers."
"All mankind is at the mercy of a handful of neurotics". - Norman Douglas
Yup, the best way to convince a large corporation/government office/anyone over the age of 20, is to act like a child.
Immaturity like this only HARMS what we are trying to do.
Grow up kids.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
If the RIAA is allowed to do a DoS attack, I don't see why individuals should be forbidden to do so.
In short: No one should be able to legally commit such a crime.
I'm a leaf on the wind. Watch how I soar.
The DoS'ers were obviously trying to prevent the RIAA from distributing material copyrighted by the DoS'ers. Namely DoS software.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Userfriendly link for those who didn't see it :)
A tragic irony isn't it?
I wonder if we can start a campaign to keep the RIAA DoSed off the net. Not that I'd ever condone such a thing, but there are times when a little net abuse is so poetic.
Thank you for posting that helpful link to the RIAA website. This is a pressing issue, and as such, I urge everyone to go immediately to this website and show your support. Now, more than ever, the RIAA needs our love. So everyone, stop hammering the SSH site and give the RIAA the affection they so sorely need.
do not read this line twice.
Apparently the RIAA hasn't heard of this cool technology called "multitasking".
The only thing that will stop you from fulfilling your dreams is you. - Tom Bradley
Obviously the RIAA rep is not very tech savy. Of course, since their site was DoS'd, I would have to say that about the whole organization.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
wow, didn't they get enough publicity when this story was announced last week...i'm not saying they should have ignored this DOS attack, but it seems to me the RIAA rep had a little too much attitude with quotes like "Don't they have something better to do during the summer than hack our site?" and especially "Perhaps it at least took 10 minutes away from stealing music."...talk about antogonizing the masses...couldn't they comment on this story without being blatantly condescending and arrogant???
on the good side, maybe the link to the RIAA website with this story will slashdot their site and bring it down again....
"Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
Please please please tell me this is faked
-dk
If the RIAA downloads illegal MP3s, even to check to see if they're legit illegal copies, this in turn opens THEM of for legit DoS attacks. The person in question that is doing the "checking" for the RIAA better own the right to every single MP3 he downloads. They're going to need to have the artists themselves sit at the cpus and do the DoS's for this to even be legal, it can't be based around "trust". Quite an evil little repurcussion .. If this goes live, it will effectively DESTROY the RIAA.
"Doesn't the RIAA have anything better to do than hacking into my website?" asked a pimply 15-year old who asked to be called "H@ckeR d00d." "perhaps it at least took 10 minutes away from fucking over artists."
Engineers arn't boring people, we just get excited about boring things.
#!/usr/bin/perl
while (1){
`wget "http://www.riaa.com" -nc -r -l 0 -k -nH -o
}
# one of many many ways to do this...
Arguing that bad PR will make the RIAA think twice about doing something is like arguing that a fish won't want to get wet.
Whether the RIAA site was truly DDoS'ed or not was not the point. The point is: it is now. THIS WAS THE EVIL PLAN!
Not that I'd condone it, but the ultimate hack (or crack) would be rooting the RIAA servers and using them to host a very large MP3 collection, complete with a gnutella client to share them with the world.
________________________________________________
suwain_2
November, 2002 WASHINGTON, D.C. (AP) -- In a massive Denial-of-Re-election (DOR) attack, Mr. Bermen, Mr. Hollings, and all the other RIAA-linked Congressmen have been apparently booted offline by a massive surge of votes for the opponents.
The attack has been described as a write-in vote for an unidentified third party candidate known only as "CowboyNeal". No information upon the identity of this third party candidate are yet known.
-- We live in a world where lemonade is artificial and soap has real lemon.
This kind of thing, short of FLYING over to their HQ and having a sit in, is the only means you have of expressing yourself.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
But the RIAA might be in for some trouble if the bill is passed.
Think about it: The RIAA has (and still does) sell works created by independant copyright owners. They don't keep perfect track of their signings with artists and are, sometimes, selling records which they don't hold the copyright to. Artists have come forth in the courts and said this.
Given that this is the case, an artist can give a group (in this case the public at large) permission to attack any server network participating in the distribution of their copyrighted works. This is not limited to riaa.org. If CDNow.com is selling the CD that the RIAA is distributing illegally they're open to attack too. I mean, just look at how loose the wording is:
"...use of technologies to prevent infringement of copyrighted works on peer-to-peer computer networks"
Translation: any copyright owner can technologically attack anyone infringing upon their copyrights as long as the target of their attack can be described as a "peer-to-peer computer network."
Besides that, the RIAA is acting no less childish than the people that DoS'ed them. Their current actions in regards to this legislation are equivelant to signing onto a Cult of the Dead Cows message board and proclaiming a hacker war. It doesn't matter if it's legal or not you can't expect them to just sit there and take whatever you throw at them.
It's childish to declare a hacker war.
It's foolish to declare a war on all hackers.
It's pure ignorance to believe you can win.
I like that the bill requires them to NOTIFY the Attorney General before they do anything... I don't like that they don't have to wait for approval.
So I started to think... "How would I feel if I was faced with 1000's of people scattered covertly across the country violating my rights?" Then I realized that I do... SPAMers. Sure, if I had the time, money, and expertise, I could take them each to court. But the reality is that even if I get SPAM, the best I can do is report the SPAMer to their ISP and hope they're not SPAM-friendly and will shut the account/network connection down.
So either they should allow us to DoS or hack SPAMers' computers, or they should require the RIAA or whomever to get ISPs to shut down illegal file sharing internet connections.. just like the rest of us.
In all of this law making, the RIAA has not realized a few basic facts. Most of these are relative to me, but I'm sure I'm not alone:
1. When Napster was big, I purchased 75-100 CDs in two years and enjoyed about 80% of them. Since then, I have purchased about 10 CDs and enjoyed about 20% of them. I would rather gamble $15 on a blackjack table then buy a $15 CD when I have only heard one song I like on it.
2. I don't own a plain-old CD player. I have a MP3-CD player, a laptop, and a desktop. If I can't listen to or convert the CD I won't buy it.
3. I'm not a fan of the MPAA either, but which would you rather purchase: A soundtrack CD of a given movie for $17.99 or the DVD of the same movie for $14.99? To me, a music CD is worth about $8, and at least 25% of that should go to the people who actually created those sounds(artists, songwriters).
4. I don't believe the DoS on the RIAA last weekend was necessary, but it will be a preview of what will happen if that new law passes. (Just a prediction)
5. What ever happened to "The customer is always right"? All of this copy-protection, "everyone is stealing our music", "we need tougher laws" stuff can't possibly be in the consumer's best interest. Sounds to me that they are trying to maintain a monopoly. (Hmmm... now where have I seen this before?)
Anyway, I dig into my current music collection, books, magazines, and a few select internet sites for my media these days. I've just about had enough. Everything in this post is my opinion based on some facts and is probably in need of some correction. Have a nice day.
No uptime is currently available for www.riaa.com.
Sounds like netcraft is right on, afaict.
From riaa.com's "What is Piracy" pages:
"4. Online piracy is the unauthorized uploading of a copyrighted sound recording and making it available to the public, or downloading a sound recording from an Internet site, even if the recording isn't resold. Online piracy may now also include certain uses of "streaming" technologies from the Internet."
Sorry, did I miss a memo? When was streaming declared illegal? Shouldn't someone notify Apple and Real that thier streaming server software is facilitating illegal activities?
Come to the University of Mars! Classes starting soon!
.... yeah call it immature, call it childish, call it hacker, call it what you want.......but man I would've loved to do it myself...we're all just too legal to get into trouble annoying someone even if they deserve it.
Give the lil script kiddies a break, they were just venting all of our frustration for us.
"Wasn't me! Don't sue me!" (but I'm enjoying watching)
Sigs pose an operational security risk and help the baddies aggregate data. I guess commenting does too, oops.
If the RIAA is allowed to do a DoS attack, I don't see why individuals should be forbidden to do so
Because it's illegal, that's why.
Bullshit.
If a crime of aggression (ie. attack or subversion, physical or informational) is 'legalized' for a special group, but illegalized for another group, there is nothing ethically wrong with the attacked group fighting back using the same means, regardless of what the law might say.
To take an extreme, but historically accurate, example of the same sort of thing, if it is illegal for a black man to shoot a white man, yet legal for a white man to shoot a black man, there is nothing ethically wrong with the affected black man in question defending himself and his family from his attackers, and most certainly not if he is using the same means they are using (projectile weapons in this case), regardless of what some corrupt and morally bankrupt laws might say.
The only real difference in these two cases (cyberattacks allowed by one group against another, but not visa versa, and physical attacks allowed by one group against another, but not visa versa) is the magnitude of atrocity (vastly greater in the second instance), and the fact that, at one time in the United States, the second instance was in fact actually the law at one time, while the first example (cyber DoS attacks) have not (yet) ever been legalized for one group over another.
However, should DoS attacks by media cartels be legalized, there will be absolutely nothing ethically wrong with those attacked retaliating in kind. Indeed, the ethical breakdown appears to be almost entirely on the side of the copyright cartels, who have just been given a taste of things to come if these foolish laws should be passed.
I will not participate in such activities, but I will excercize my dwindling freedom of speech to openly cheer those who do.
The Future of Human Evolution: Autonomy
That's an interesting concept - if we plan a day in advance to something of the effect of "at 5:00EDT, everyone go to the RIAA site" - that would create a very effective, yet very legal, DoS.
:-)
OK, everyone, tomorrow, July 31, 5:00EDT, attack.
We don't need legislation.
add this:
/ www.atomintersoft.com/products/alive-proxy/ proxy-list/ :)
--user-agent="MSIE/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)" --execute="http_proxy=xxxx:zzzz"
where xxxx:yyyy is the IP:port of a HIGH ANONYMITY web proxy, which you can get from one of several online lists, such as:
http://www.stayinvisible.com/page1.html
http:/
etc.
The Mongrel Dogs Who Teach
(they'll go against congress with a "see? This is what we are trying to stop!" attitude, and congress will agree).
No. . . this is what the RIAA was attempting to legalize, albeit only for their own benefit. If they can't take what they want to dish out, maybe they should reconsider their attempt at legislation.
!#@%*)anks for hanging up the phone, dear.
Do you complain that thugs don't get the same firepower, communications, and transportation support that police do?
If the police were allowed to break into my house, guns blazing, and mow myself and my family down (they are not allowed to do this) with no due process of law (analogous to the vigilatism inherent in the DoS law the copymonopoly cartels have proposed), then, yes, there would be nothing unethical about me defending myself and my family in kind, by doing unto the cops what they would do unto me, and doing it first. Regardless of what the law might say.
Now do you begin to grasp why vigilanti justice is such a profoundly bad idea?
As for file traders, since when is trading files illegal? I trade files of my vacation pictures with friends and relatives all the time. I even use P2P services to trade ISOs of GNU/Linux with friends all the time (P2P in the form of FreeNet reduces my own bandwidth requirements drastically over a client-server setup like ftp or http).
Your 'solution' is tantamount to saying "if you don't like it, get off the internet or become a passive user of our Approved(tm) Content."
The comparison with similarly unbalanced, historical laws holds. An unjust law such as the one proposed demands to be violated, and violating such a law is in no way unethical. Indeed, doing so as an act of defense against an attack by another, DoS or otherwise, is really quite unimpeachable in any reasonable ethical framework.
Your entire "cop" example underscores exactly why vigilante justice is such a bad idea, and the DoS attack against the RIAA, by whoever these people were, underscored very well exactly why this law is such an appallingly bad idea. It will, in all liklihood, destroy the internet's usability for some time, perhaps a very long time. Interestingly enough, those that are promoting such legislation have everything to gain, and nothing to do, by destroying the internet, and it is really a stretch to believe they are really so stupid as to not realize that.
The Future of Human Evolution: Autonomy
from http://www.vigilante.com/inetsecurity/hacktivism_1 .htm
There is an important corresponding technical dimension that reinforces hacktivist claims of populist support. Hacktivist DoS attacks must be executed using client side or individual browser based tools. The prototypical Zapatista Floodnet tool, (which other groups have continued to develop) requires downloading and installing a Java applet. Moreover, these tools need to be consciously scheduled and aimed at a specific web address; actions that presumably demonstrate solidarity and commitment. To some hacktivists this distinction is all-important because it differentiates their activities from the nihilistic and anonymous February DDoS attacks on the CNN, Yahoo, and eBay e-commerce sites. During those assaults, allegedly orchestrated by "mafiaboy" and a few other apolitical participants, DoS "zombie" servers were surreptitiously placed on unwary host systems and triggered en masse. In fact, the utility programs used for swarming attacks, rooted in performance art, are far less powerful than hardcore "smurfing" weapons like Trin00, Stachaldraht and TFN2K.
Flood attacks can be used as a useful form of civil disobedience if used correctly in a *focussed and organised* way.
The whole "don't bring yourselves down to their level" cliche is one that you can count on to be trotted out each and every time someone counter-attacks a person, group of people, or corporate or govt. entity using something other than journalism.
In reality, most wars get fought on many levels. The teen hacker who takes down a web site is that person's way of protesting the situation. Nobody said it has to be *everybody's* way of protesting. If you have the "clout" and the intelligence to write constructive critism of the RIAA and get it published - then do it! That's your own personal "trump card" against them. If you happen to be a teacher, then teach your students about what's going on. You're the one who can give them education on the rights and freedoms they're losing. But if you're a young hacker who has nothing else to offer but your hacking skills (and can use your age as an advantage to avoid getting caught/getting in serious trouble), then maybe defacing or DoSing their web site is your own best method of protest.
Is everything looking like a nail to you, cuz you're sure hitting them on the head...
I agree with damn near every point you bring up. I got tired of paying premium for a song with one hit and the rest filler. I got tired of using the same ol 20 per track CD format when I could have 100's of songs of nearly the same quality on one disk and I got tired of the labels raping you on every purchase.
And since you brought it up, I'll pose an interesting question, using myself as an example, though it'd apply to anybody. It's generally accepted that if you own the copywrited material, you can make as many copies as you want for personal use, right? So let's say I buy a DVD (as per parent's supposition). Tomb Raider. It obviously has the same music that the audio CD will come out with. Some DVD even have a seperate option to listen to the soundtrack seperately. Now, especially in the latter case, don't I own the rights to the content of the DVD (keeping the studios EULA in mind), including all features, music and "bonus material"? And since I now effectively own the soundtrack on the DVD, in many cases the same music, I shouldn't be violating any clause prohibting "illegle use". One copy is as good as another, right?
That's where the fun begins >:)
As to customer service, that only flies with companies who care. Most of the labels have proven they are nothing more than parasites. And the DoS? Heh. You could see that one happening 50 miles out. If they are going to use an easily availible "script kiddie" hacker tool to deny service, then they should have seen the consequences. I mean really. But then, maybe this is what they were hoping for... (Cue Twilight Zone music). Can we now associate illegle music downloads with "hackers"!? OMG!! Ahem. Either way they're idiots.
You need a FREE iPod Nano
"There has grown in the minds of certain groups in this country the idea that just because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with guaranteeing such a profit in the future, even in the face of changing circumstances and contrary to public interest. This strange doctrine is supported by neither statute or common law. Neither corporations or individuals have the right to come into court and ask that the clock of history be stopped, or turned back." -- Robert Heinlein
"He who passively accepts evil is as much involved in it as he who helps to perpetrate it. He who accepts evil without protesting against it is really cooperating with it." --Martin Luther King, Jr.
"If ever time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced Patriots to prevent its ruin." --Samuel Adams
"Fascism should more appropriately be called Corporatism because it is a merger of State and corporate power." --Benito Mussolini
""I hope we shall crush in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." --Thomas Jefferson 1812
"I see in the near future a crisis approaching that unnerves me and causes me to tremble for the safety of my country. As a result of the war, corporations have been enthroned and an era of corruption in high places will follow, and the money power of the country will endeavour to prolong its reign by working upon the prejudices of the people until all wealth is aggregated in a few hands and the Republic is destroyed." --Abraham Lincoln 1865
The liberty of a democracy is not safe if the people tolerate the growth of private power to the point where it becomes stronger than the democratic state itself. That in its essence is fascism -- ownership of government by an individual, by a group or any controlling private power." --President Franklin D. Roosevelt
"The goal is to keep the bewildered herd bewildered. It's unnecessary for them to trouble themselves with what's happening in the world. In fact, it's undesirable -- if they see too much of reality they may set themselves to change it." --Noam Chomsky
Please consider making an automatic monthly recurring donation to the EFF
That'll help, however it won't stop them from making it illegal for you to create and distribute your own music. Nor will it stop them from getting your money.
Everytime their sales slip (or everyone in the country doesn't buy the latest "pop sensation"), they insist it is because of piracy, not the economy or the public refusing to buy from RIAA companies. They may do a similar thing that Microsoft did. (section E) The feds didn't even try to prosecute MS for this, even though I think it is their worst anti-trust violation!
In fact, if you live in the US (and some other countries), you pay "royalties" to them on every CD writing drive you buy and every blank music CD you burn. It doesn't matter if it is your own music, or music you are legally allowed to copy--they still take it.
Here: RIAA does not represent artists directly but we do work on behalf of such artists' rights as freedom of speech and the right to control your own music.
Here: When asked, most consumers describe CDs as a good value. ...the most significant cost of a CD today is the marketing and promotion of that music.
My Favorite FAQ:
What is the RIAA? The RIAA is a membership organization. Our members are record labels who pay membership dues to have the RIAA represent them on different issues. This includes everything from speaking out in support of free speech -- and against attempts to pass legislation to censor music, to traveling the world in support of free trade, to defending artists and record labels from pirates who sell and distribute fake copies of their music. We also work with our members on issues of new technology and how that technology can best bring artists together with music fans.
Lots to think about there. Amazing how the RIAA talks out of both sides of its mouth. "We support artists rights, prevent censorship of music, and help Santa out every Tuesday...." Yet they are busy trying to take away my legal abillity to create and distribute my own music.
If irony was a drink, I'd be wasted.
I'm sorry, your CD license forbids you from sharing music with fishies.
Please come with me, sir.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
while (true) do { wget --quiet -p 'http://www.riaa.org/' --referer='http://slashdot.org/' > /dev/null ; sleep 30; } done;
This episode clearly shows we are up against a gang of thugs who care nothing for anyone's moral sensibilities, if there's a dollar (or a bit of control) to be squeezed out.
As engineers we are used to dealing with people who can be won over, if we can only logicaly explain why our position is the Right Thing. We can't deal with these racketeers that way. They don't care what the Right Thing is, so there's no point in arguing it with them.
We have to recognize that we are in an all out brawl, and act accordingly.
The RIAA doesn't have the knowledge or the skill to do it themselves so they hire companies who do this sort of thing for a living. They pay a certain amonut per song as a base, so many cents (usually about 1.5 cents) per scan, per protocol, then pay the same amount again when they find the files, then so much to send a Cease and Desist Letter. They scan about every 15 minute, or determined by the label. They can run up huge numbers in just a couple of days for popular acts. Who pays? The artist of course, as it goes into their recoupable account, that never shrinks.
DMusic.com has an article with audio of the California Senate Hearings if you want the lowdown on the labels accounting. (Streaming MP3)it can be found Here especially enlightning is Don Engel's and Fred Wolinski's testimony.