Has the RIAA Wormed 95% of P2P Networks?

DancingSword was one of many to submit links to a strange story about the RIAA hacking back by sending a worm through the major peer-to-peer networks, supposedly with a 95% infestation rate. Hoax or not?

Windows Clients/hosts?

[pgrote]

No mention of whether this affectes Windows clients/hosts or not. Any idea?

Re:Windows Clients/hosts?

[Zayin]

If 95% of all p2p-participating hosts are infected (as the article claims) then the answer must be yes.

(Simple math: If the answer is "no", then that would mean that 5% or less of p2p-participating hosts run Windows. That is not the case.)

Re:Windows Clients/hosts?

[Geertn]

On bugtraq, this was mentioned by gobbles, who also did the Apache and OpenSSH exploit. The signed message verify at hushmail says it is signed correctly, so I guess it's the real Gobbles. The scary thing is, GOBBLES always mentions something really unrealistic, but suddenly he proves it...... like the apache and openssh exploits... scary

Re:Windows Clients/hosts?

[Technician]

Doesn't anybody lock down critical program files by checksum checking anymore? At that infection rate, it should have tripped someone's altered file monitor. Then they would have been in the major A/V signature files long ago. That infection rate could not have been a secret very long. I have a bunch of program files that are always checksum'ed at startup. If they change, and I didn't change it, bootup is halted for system repair. Signature files are no longer enough. Virus like activity needs to be watched.

Re:Windows Clients/hosts?

[Total_Wimp]

>3) Snort, RealSecure, Dragon, NFR, and all that other crap
>cannot detect this attack, or this type of attack.

But if it has infected "95% of all P2P participating hosts" then a few of us should be able to slap on a sniffer and simply look for the unauthorized traffic to prove if this is real or not. I personally don't trade over P2P so it wont do me much good, but there should be a bunch of you out there that could take this test.

If the exploit really is sending out the volume of data it claims, it should be fairly easy to spot. I know he "specially crafted" the traffic to make this more difficult, but how sneaky can it be when a catalog contains a few thousand MP3s? If "all media on the machine" is cataloged but you're only sharing out a subset of that media then a delta in the traffic would be pretty apparent.

The only thing I could think of that would make this really difficult is if the program sent the catalogs and then just stopped doing much until it was contacted or until a predetermined time. Solution: Attach a clean host with an infectable P2P client to your network with the suspected infected one. Make sure it has a HUGE catalog of music that isn't being shared to the P2P network. Then look for corresponding traffic.

Sounds like a lot of work, I know, but as my dad always said, "it builds character." Or, I suppose, we could just sit around and say "I think it's true" or "I think it's phony" all day.

TW

Hmm... fudge?

[Wtcher]

Reminds me of that "156 CD burners are really 421 burners since they're really fast!" argument they tried to pass off some time ago.

95%? Not likely.

[achurch]

I doubt you could get 95% of people on the Internet to agree on anything, much less taste in music, and even if this worm/virus infected every MP3 on a computer, 95% infestation seems really, really unlikely.

On the other hand, this (worming P2P clients) has been talked about a lot in the past--and there are already viruses spreading via P2P, though the community seems to detect them pretty quickly--so I wouldn't put it past the RIAA to do something like this. Much less this Gobbles character; he's pretty infamous on the Bugtraq mailing list for trying to make fun of / piss off as many people as he can. (Incidentally, Gobbles is also known for overstatement, and as he was the one who stated the 95% figure in the article . . . well, you decide.) And it would of course be trivial to "phone home" to the RIAA with information about shared files on the computer.

So while I could believe the existence of the worm, I seriously doubt the 95% infestation figure.

not sure

[Tom]

Forget the RIAA bashing, the Gobbles guys know what they do. That said, this is very un-gobbles from what I've seen from them in the past. Not the technology, but the comments in the source, for example. Then again, they're supposedly a large group.

From the little info that is available, I'd give them a 50-50 chance that it's true. That would be interesting.

Text of the Bugtraq Posting

[terraformer]

Gobbles Security has posted crap like this before to security sites and this is in keeping with their other posts.
(http://www.google.com/search?q=gobbles%20 security &sourceid=mozilla-search&start=0&start=0&ie=utf-8& oe=utf-8")
It seems to be an obvious prank.
See below for text of latest post.

[snip for lameness filter]
"Putting the honey in honeynet since '98."

Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org) to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively monitor traffic. Our contributions to the RIAA have given them the power to actively control the majority of hosts using these networks.

We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could spread malicious media through the p2p networks, and gain access to the host when the media was viewed.

During our research, we auditted and developed our hydra for the following media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)

After developing robust exploits for each, we presented this first part of our research to the RIAA. They were pleased, and approved us to continue to phase two of the project -- development of the mechanism by which the infection will spread.

It took us about a month to develop the complex hydra, and another month to bring it up to the standards of excellence that the RIAA demanded of us. In the end, we submitted them what is perhaps the most sophisticated tool for compromising millions of computers in moments.

Our system works by first infecting a single host. It then fingerprints a connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would be. Then, the proper search results are sent back to the "victim" (not the hard-working artists who p2p technology rapes, and the RIAA protects). The user will then (hopefully) download the infected media file off the RIAA server, and later play it on their own machine.

When the player is exploited, a few things happen. First, all p2p-serving software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.

Our software worked better than even we hoped, and current reports indicate that nearly 95% of all p2p-participating hosts are now infected with the software that we developed for the RIAA.

Things to keep in mind:
1) If you participate in illegal file-sharing networks, your computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively infecting p2p users, and building one giant ddosnet.

Due to our NDA with the RIAA, we are unable to give out any other details concerning the technology that we developed for them, or the details on any of the bugs that are exploited in our hydra.

However, as a demonstration of how this system works, we're providing the academic security community with a single example exploit, for a mpg123 bug that was found independantly of our work for the RIAA, and is not covered under our agreement with the establishment.

Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de

Problem Type:
Local && Remote

Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP

Exploit Available:
Yes, attached below.

Technical Description of Problem:
Read the source.

Credits:
Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlwEARECABwFAj4jBA0VHGdvYmJsZXNAaHVzaG1haWwuY29t AA oJEBzRp5chmbAP4gwA
oKmMyRIxA74KZfAVv3MsEBKCZxRMAJ sFFhywKWzMoiT/Qiy4FV +r1inukA==
=OjMp
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wj8DBQA+IwO0HNGnlyGZsA8RAuusAJ49gGSCJzKlRpn+7b9v d+ GYydWzUQCgjq3Ofe2n
WBnlQNf4GeyaFTit5N0=
=RBjc
- ----END PGP SIGNATURE-----

Re:Is the RIAA liable to hacking chages?

[uncoveror]

Indeed. The Berman Bill has not become law, and under the USA Patriot Act, Hacking can be considered terrorism. One thing we sould all do is boycott the recording industry.

Want to be secure? Use systrace...

[evilviper]

Currently, systrace is available for OpenBSD and NetBSD, but work is going on to make it available for Linux as well.

So, any program you have that opens untrusted content (xmms, mplayer, mozilla, etc) can be run with systrace, and you can selectively enable certain types of activity all the time... disallow certain activities allways, and be prompted for selective approval or denial of everything else.

Even though I believe this to be a hoax, it's certainly true that it could be done, and something like systrace is needed to guarantee a bug in a program you run can't be used to take over your system.

Hoax

[phreaknb]

This is a hoax. If you check the PGP signature, you can see that it isnt valid.

Now that I have read the fine article...

[PeterClark]

I take back what I said--ok, so the RIAA may not have the brightest lightbulbs, but they can outsource.

BUT...
Unless I am mistaken (already happened once today), this is just a buffer exploit. By the end of the work day, there should be patches for mpg123, xmms, and any other open source mp3 player affected. Then what is the RIAA going to do? Bang its collective shoe on the table and scream "Kill them! Kill them!"?

:Peter

Re:The Register is wrong..

[UCRowerG]

Correct me if I am missing something here, but isn't it a no-no to put your legally ripped-from-cd tracks into your "share" directory for others to copy? So if this worm goes cruising through your shared directories and finds copyright material, you're still in breach of copyright since you're basically giving away copies of these songs.

More commentary

[sheriff_p]

More commentary including thoughts on some of the implications here:

http://www.virusbtn.com/news/latest_news/gobbles.x ml

MD5 Hash

[Inda]

Over at SourceForge eMule is one of the largest downloaded clients on the list...

Change one byte of any file and the MD5 hash for said file changes. This is nothing new or even that clever but it does stop bad files from spreading around the network.

As I understand it, Kazza is still number one when it comes to P2P file sharing. When I last opened Kazza it reported 4 million users. Kazza also uses a file hash to allow segmented downloads as do most P2P clients these days.

These **AA infected files would be a drop in the ocean and they would not spread far. If this is a hoax then it's not even a very clever one.

Re:*cough* bullshit *cough*

[Mattsson]

I wonder...
Would a NDA be legally binding for something as illegal as creating a worm that "hacks" itself onto peoples computers?
Wouldn't the one approched with a deal like that be obliged by law to report it to the police?
If someone asks me to do something illegal in exchange for money, am I breaking the law if I don't report it? Even if I turn the offer down? =/

Antivirus

[artemis67]

That was my first thought. If this is on the level, then anti-virus software should be catching it.

After all the anti-virus attacks of the last few years, consumers and businesses alike have dumped a ton of money into anti-virus software. I find it hard to believe that a worm could get 95% penetration in this group.

These hackers are just looking for some recognition, that's all.

I'm pissed off

[Sandman1971]

Ya know what pisses me off? If this is true, then users like myself have been illegitamately hit.

I have a copy of Metallica's Kill Em All on tape. My tape is pretty worn out. So I hit the Fastrack network to download the songs. Now under Canadian law, this is perfectly legal as I own an original copy of the album.

But now my PC is infected by a worm/trojan because a cartel ^H^H^H^H^H some 'company' believes that everyone who downloads MP3s are doing so illegally. Nice when a company thinks that everyone is a criminal. Congress really needs to wake up and start protecting the people again, and not mega corporations. And other countries need to shove back when the US tries to push it's own laws onto them.

Look at the bugtraq subject

[NFNNMIDATA]

This is obviously a clever, drawn-out way to post a real bug. The whole part about the RIAA is just to get you to read their bug post at the bottom. This is probably just an attempt to inject some amusement into bugtraq. It seems rather obvious to me.

PROOF: I'm not infected

[cheesedog]

Downloaded at least 20 tunes in the last week. My results? rpm -V xmms shows that nothing is amiss. Bring it on, Gooblers!

RPM's greatest asset: ability to catalog every installed file, including MD5 checksum, ownership, timestamp, mode, size, etc. So any "worm" has to not only trojan target files, by RPM itself. Good luck.

BTW, since all my executables are installed and owned by root, and since I log in as myself, wouldn't this so called worm need not only a buffer overflow in the executable, but some way to elevate its privileges to root? The bugtraq posting makes no claim that it does this.

I Am Utterly Innocent but Possibly Infected

[FreeUser]

The scary thing behind what was posted to Bugtraq is that it explicitly states that all digital media on the system is cataloged, and the list is sent to the RIAA. This assumes all digital media on a system is an illegal copy.

Yes, it does. And it shows what criminal, despicable, disgusting excuses for human beings work for, or with, the RIAA.

Sure, if the worm comes into your system over a P2P network, there's a good chance that at least *some* of your mp3s are pirated, but there's no way to differentiate pirated mp3s and those you ripped/encoded from your own CD collection.

All of my mp3 and ogg files are ripped from my own rather large, but no longer growing CD and Vinyl collection (because now I do not buy CDs, ever, nor will I, ever again). All of my avi's are recorded from my own television, my own animations, or my own media, and are not traded, ever. Indeed, none of my stuff is traded, ever.

However, I did install gtk-gnutella in order to download the hiliarious fan fiction Star Trek episode "Savage Empire", because the web site distributing the files had been slashdoted. A perfectly legal download, for which, if this story is true, these unlawful thugs have infected my machine.

I have enough money, and the will, to persue a very harsh lawsuit against these fucks if this story has any veracity, and if I am infected, and I will not hesitate to do so.

"In Corporate Fascist America You and Your Data Belong to the Copyright and Media Cartels. Bend Over and Enjoy the Ride, Consumer."

Did anyone think P2P was good for security?

[melonman]

I don't pretend to know much about the gory details of how it works, but P2P has never struck me as the best way ever invented to ensure the integrity of your system.

Last week a client asked to bring his PC into the cybercafe to download some files using eDonkey. After a couple of days, my observations were that

• It was going to take him another month to get a whole video of anything (cf 90 minutes for a whole Redhat CD over the same connection)
• The only downloads that worked were XXX
• His software opened 200 connections through my firewall, compared with about 20 for the rest of the cybercafe (our machines are thin clients, he was on a different subnet)
• He was receiving from 100 or so different ports, some of which are also used by well-known worms and trojans

So I told him to take his eDonkey elsewhere... is there any way to know what you are really connected to with this sort of system?

Well...

[autopr0n]

If you read the artical, you'll see that they code they released was for a UNIX Mp3 player, which means they certanly have the capacity to infect Unix machines using mpeg123, I doubt windows programs would be much harder, and I DID just upgraded winamp to cover up a buffer overflow problem in the id3 tag...

An MP3 based virus is possible these days, and it could easily spread to all your mp3s once activated. (even on unix, since obviously your mp3 player is going to have access to those files, unless they are read-only)

Re:Remember

[orangesquid]

I'm not so totally sure this isn't real. I have mp3's that play fine on my intel machine but crash xmms and mpg123 (but not amp) on sun, sgi, and pa-risc. Of course, there's always a chance that the files are merely corrupted or the mp3 player doesn't work properly on other platforms, but I wouldn't expect *all* other platforms to die like that, at times. Of course, this has only happened with files I downloaded, not files I've ripped. 95% of my mp3's are my CD's (my music is too valuable not to make backups of!), and most of the rest is mp3's I've downloaded when the CD's have become too scratched to be readable, or when it's a song I had on tape or vinyl and didn't feel like re-recording onto my computer. So I may be a bad way to test this. But who knows---if I can figure out just which files these are, I'll try to analyze the crash dumps a little more and see if I can find anything.

outbound network monitoring

[Nevermore-Spoon]

I download many mp3s via p2p, easily putting me in the 95%, I ahve zone alarm running on my P2P, and have never had any hits attempting to go outbound, with the latest versions of zone alarm, they can't merely mimic application names to get through, wouldn't this BS be provable by someone out there monitoring outbound network traffic....I'm calling HS hoax

Re:outbound network monitoring

Even if you're running snort, portsentry and any other common security tool you'd like to name, unless you knew exactly what you were looking for, and exactly where to look. This would look like any other mp3 going in/out. That's the major problem with IDS technology. Signature based identification does *not* stop 0-days.

Re:Remember

[orangesquid]

Well, I tried straceing mpg123 on an intel box on the files (have yet to try on other platforms), but no sockets or anything get opened. Perhaps they check the parent process, though? mpg123 calls getpid() but never getppid() in my logs, though.

Re:The RIAA as a terrorist organization

[orangesquid]

Yes, it *is* the artist's choice. Artists get to choose from one of three options:
(a) sell yourself to the RIAA,
(b) spend wads of cash letting people know you exist, or
(c) wither into oblivion.

Do *you* have wads of cash? No? Well, don't ever try to write music and expect anyone but your friends to hear it, then.

Some artists get lucky and get their name out via the Internet, or sign with an independent label.. but 90% of the artists you hear all the time are formerly-no-name guys that the RIAA noticed and invested in.

Entirely possible. Here's how:

[lynx_user_abroad]

Shoot me down if I've missed something.

Clearly this is a contrived hoax.

Nevertheless, it could be instructive to consider the implications of how this could be accomplished. In doing so, we could establish a baseline and get a sense of things to look for if an exploit of this type were to be produced in reality.

Here is how I would create such a system, with an effort to address the many problematic areas pointed out by other readers. I invite all criticism.

1) A system can be created, using p2p protocols, to build a database of known infringing hosts. You simply ask p2p hosts for copyrighted files and make a note of what you get.

2) At a specific time, trigger a latent feature of software on the infringing hosts to expose personally identifiable information tying the infringing host to an infringing user for prosecution. This could be triggered by something as innocent as a remote system requesting an otherwise non-existant file with a special "trigger" filename.

3) The exposing feature would only be triggered on those hosts which have already been proven to be serving infringing material, only on those hosts which are within the requisite jurisdiction, and only after the proper warrants (authorizing the search) were secured. The information would simply not be requested from non-infringing hosts, or from hosts where the proper legal access could not be obtained. This should addresses any "illegal search" concerns.

4) It would be legal for a p2p client manufacturer to willingly include such a latent feature within their pre-compiled binary. This represents an "infection vector" which would not be detected by any virus scanning, or by looking for modifications to executables. Other infection vectors, such as the proposed MPAA "worm" would be technically possible, but likely untenable in a legal sense. The "infection vector" need not even be associated with the p2p application, a 3rd party DLL or service pack could provide an infection vector even on systems which use "historical" (existing prior to the development of this system) or open-source p2p client applications.

5) Since no "out of the ordinary" information would be sent until the moment the feature was triggered, network analysis would not detect the latent vulnerability. The only hint of a system compromise in this fashion would be the analysis of the date sent in response to a request for this non-existant file. Encryption could be used to obfuscate even that.

6) Since the p2p client has already been proven to be capable of sharing files with remote systems, no possible configuration of firewalling (or similar technology) would prevent the transfer of the requested personally identifiable data to a remote requesting system, provided the requesting system masqueraded as a simple p2p client requesting a willingly shared file..

7) The latent feature would be technically capable of performing any action the owning user is allowed to perform, inclusing relaying personally identifying information, compiling a list of all files on the system (or just those which are being illegally published), or any other action. In actuality, I suspect the latent feature would be only a stub allowing a more specific payload to be downloaded. This would allow the eventual exploit to collect only that information for which legal authorization to collect exists. This also allows the exploit to be developed for a specific hardware/os configuration. Most importantly, the development need not be done before this system is set up. Specific development could be performed up until the instant when the exploit needs to be delivered.

Such a system would, I believe, meet all the criteria of respecting user privacy, and acting within existing legal framework, while providing the access vectors which the proposed "MPAA worm" claims to offer.

No, I'm not really happy about what I've just written. Please shoot me down.

Re:Resume buying CDs

[MickLinux]

You said that you will never buy CDs again.

Let me suggest something: go to any New Year's Eve "First Night" event (Williamsburg, VA has one, for example. So does Charlottesville, Harrisonburg, Norfolk... but I think they're nationwide).

Take a bunch of money with you (the ticket only costs $7, and you'll be able to go to 5-8 shows before the evening's fireworks). Buy CDs -- they'll have been produced by artists too small to get or want RIAA representation. They'll have been hand-produced, essentially. If you hear something you like, then buy it. *Ask* them if they mind you sharing over P2P or internet radio -- they may actually say "Please do."

I think I remember buying something from a group called "Trapezoid". But the group wasn't half as good as the woman and husband team that relaxed from playing by doing performance art. As befits a family event, it wasn't pornographic performance art, either. One performance was a story about her mother's wedding hat; another was a story about her father's singing lessons. *Extremely* entertaining.

But go ahead and buy CDs. Just don't buy RIAA CDs. They aren't worth listening to, anyhow [unless it's classical or jazz... but you still can find good stuff elsewhere].

Re:Remember

[djeaux]

The following bit from Gobble's announcement bugs me, especially item #5:

"Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet."

If this isn't a hoax, then RIAA has been complicit in the development of a large network for staging DDOS attacks. Regardless of the Berman bill, that would seem to be "cyberterrorism" to me.

So, the question isn't whether Slashdot thinks this is a hoax but whether the FBI thinks it's a hoax... djeaux

Re:Never buy another again

[Simonetta]

You know, I have to agree with this. If DRM makes it impossible to consume media products then there will eventually arise a new form of entertainment that will be somewhat more active than the totally passive media that characterized the 20th century. No one really has a clue as to what kind of interactive media will be developing over the next fifty years.
I was 'into' creating electronic ambient sound atmospheres by programming synthesizers until the MP3 revolution hit about five years ago. Then I got involved with collecting all of the music on MP3 that I listened to as a young adult. I find that not having broadband prevents using the P2P networks as a means of exposure to new music. Why doesn't the RIAA try to make high speed internet access from the home illegal?
But I am not buying media product any more not so much as a boycott but rather because it is not very interesting. I am beginning to find books more interesting than music. It is difficult to find actual books on the P2P networks. People don't read and the people that do read don't scan books for upload/sharing. Almost all of the books available on Kazaa! are of the Fantasy-Science Fiction-Horror-Military genre. It is impossible to find anything from the New York Times bestseller list on P2P, even great stuff that has been published years ago.
I would like to suggest to the slashdot community that if you have a favorite book, by all means get a flatbed scanner and OCR program and scan/proofread/post it to your favorite P2P network.

You are forgetting something

[Audacious]

First, every time we buy a blank CD, DVD, VHS, or even audio cassette tape we are helping them out. There is a tax which we, in the US, pay every time we purchase any of the above. We also pay it every time we buy a radio, TV, or even a computer. So - we lose.

Every time we rent a CD, DVD, VHS, or even game cartridge - we are (again) paying this tax. So we lose there also.

Should we buy a book, a script, magazine, newspaper, or the like we are probably still paying this tax. So we've lost again.

Finally, even if everyone in the US refused to have anything else to do with the RIAA or MPAA they are still powerful enough to have new laws passed. As in "Atlas Shrugged," by Ayn Rand, if they can not take our money legally - then the thing to do is to change the laws so they can take it legally. After all - laws are nothing more than rules by which we play and those who have the money usually get to make the rules.

Sorry if this shocks anyone but the truth is that it is only because we respected each other, had a unified common sense approach to things, a scrupulous populus, and the knowledge that if you did wrong you would be held accountable for it - that we have made it this far. The "Anything goes" way of looking at things, not holding people's feet to the fire for doing something wrong, and (as bad as it might seem) not being willing to put to death those who really are doing terrible things to others (like Enron's execs who have ruined hundreds if not thousands of people's lives) that has caused us to come to this. What these people are doing is, IMHO, treasonous. Look it up. The act of "Treason" is where two or more groups (whether they be people, organizations, corporations, or whatever) attempt to remove the rights of their fellow citizens. According to the texts it is their "intentions" which merit this stamp So ask yourself this - what are their intentions when they attempt to force upon you their yoke of slavery? What are their "intentions" when they try to sneak, like theives, laws into Congress which remove our rights and preserve or expand upon their rights. What are their intentions? Those intentions are to take away your rights.

Now, someone will probably say "You don't go around killing people just because they are trying to get laws passed." That's true. You don't. Normally. But this is different. It is different because they are not trying to get laws passed for the betterment of mankind or to right an injustice. No. They are trying to twist the laws and our country (Heck! The world even!) to their needs. To enslave it. To enshackle it to their beliefs. Just like some religious cults have tried to enslave others to their will. It is an evil thing to do and it will have terrible consequences if it is allowed to endure.

Even if they were only brought up on charges it would shake up the corporate world enough that many things companies are beginning to attempt to do through the rewriting of our laws would be stopped. Companies would think twice about trying to change laws so they benefit only them and remove our rights. Which brings up - why do groups think they can get away with this? The answer is - they have in the past. The difference is the internet. Whereas before there was this huge time lag between when something happened and when we knew about it - now it only takes hours or minutes for word to be sent and a transgression found out. The problem is still though the complancey of many of the people in our country. "Oh! I might get involved." some whine. "I don't have the time." another chats. "It's not my place." a third comments. If you don't stand up and write your congressmen/women then you are already shackled. You already bear their mark. You already curl up at their feet, lick their hands, and eat the crumbs they throw to you.

So as always the question is - what are you going to do about it? Wallow in the filth on the floor or write and demand that these groups stop trying to infringe on your god given rights!