Slashdot Mirror
Has the RIAA Wormed 95% of P2P Networks?
DancingSword was one of many to submit links to a strange story about
the RIAA hacking back by sending a worm through the major peer-to-peer networks, supposedly with a 95% infestation rate. Hoax or not?
No mention of whether this affectes Windows clients/hosts or not. Any idea?
I doubt you could get 95% of people on the Internet to agree on anything, much less taste in music, and even if this worm/virus infected every MP3 on a computer, 95% infestation seems really, really unlikely.
On the other hand, this (worming P2P clients) has been talked about a lot in the past--and there are already viruses spreading via P2P, though the community seems to detect them pretty quickly--so I wouldn't put it past the RIAA to do something like this. Much less this Gobbles character; he's pretty infamous on the Bugtraq mailing list for trying to make fun of / piss off as many people as he can. (Incidentally, Gobbles is also known for overstatement, and as he was the one who stated the 95% figure in the article . . . well, you decide.) And it would of course be trivial to "phone home" to the RIAA with information about shared files on the computer.
So while I could believe the existence of the worm, I seriously doubt the 95% infestation figure.
Forget the RIAA bashing, the Gobbles guys know what they do. That said, this is very un-gobbles from what I've seen from them in the past. Not the technology, but the comments in the source, for example. Then again, they're supposedly a large group.
From the little info that is available, I'd give them a 50-50 chance that it's true. That would be interesting.
Assorted stuff I do sometimes: Lemuria.org
Indeed. The Berman Bill has not become law, and under the USA Patriot Act, Hacking can be considered terrorism. One thing we sould all do is boycott the recording industry.
The Uncoveror: It's the real news.
Currently, systrace is available for OpenBSD and NetBSD, but work is going on to make it available for Linux as well.
So, any program you have that opens untrusted content (xmms, mplayer, mozilla, etc) can be run with systrace, and you can selectively enable certain types of activity all the time... disallow certain activities allways, and be prompted for selective approval or denial of everything else.
Even though I believe this to be a hoax, it's certainly true that it could be done, and something like systrace is needed to guarantee a bug in a program you run can't be used to take over your system.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
This is a hoax. If you check the PGP signature, you can see that it isnt valid.
http://phreakinb.com
I take back what I said--ok, so the RIAA may not have the brightest lightbulbs, but they can outsource.
:Peter
BUT...
Unless I am mistaken (already happened once today), this is just a buffer exploit. By the end of the work day, there should be patches for mpg123, xmms, and any other open source mp3 player affected. Then what is the RIAA going to do? Bang its collective shoe on the table and scream "Kill them! Kill them!"?
Correct me if I am missing something here, but isn't it a no-no to put your legally ripped-from-cd tracks into your "share" directory for others to copy? So if this worm goes cruising through your shared directories and finds copyright material, you're still in breach of copyright since you're basically giving away copies of these songs.
More commentary including thoughts on some of the implications here:
x ml
http://www.virusbtn.com/news/latest_news/gobbles.
Score:-1, Funny
Over at SourceForge eMule is one of the largest downloaded clients on the list...
Change one byte of any file and the MD5 hash for said file changes. This is nothing new or even that clever but it does stop bad files from spreading around the network.
As I understand it, Kazza is still number one when it comes to P2P file sharing. When I last opened Kazza it reported 4 million users. Kazza also uses a file hash to allow segmented downloads as do most P2P clients these days.
These **AA infected files would be a drop in the ocean and they would not spread far. If this is a hoax then it's not even a very clever one.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
I wonder...
Would a NDA be legally binding for something as illegal as creating a worm that "hacks" itself onto peoples computers?
Wouldn't the one approched with a deal like that be obliged by law to report it to the police?
If someone asks me to do something illegal in exchange for money, am I breaking the law if I don't report it? Even if I turn the offer down? =/
/.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
That was my first thought. If this is on the level, then anti-virus software should be catching it.
After all the anti-virus attacks of the last few years, consumers and businesses alike have dumped a ton of money into anti-virus software. I find it hard to believe that a worm could get 95% penetration in this group.
These hackers are just looking for some recognition, that's all.
Ya know what pisses me off? If this is true, then users like myself have been illegitamately hit.
I have a copy of Metallica's Kill Em All on tape. My tape is pretty worn out. So I hit the Fastrack network to download the songs. Now under Canadian law, this is perfectly legal as I own an original copy of the album.
But now my PC is infected by a worm/trojan because a cartel ^H^H^H^H^H some 'company' believes that everyone who downloads MP3s are doing so illegally. Nice when a company thinks that everyone is a criminal. Congress really needs to wake up and start protecting the people again, and not mega corporations. And other countries need to shove back when the US tries to push it's own laws onto them.
It's better to burn out than to fade away
The scary thing behind what was posted to Bugtraq is that it explicitly states that all digital media on the system is cataloged, and the list is sent to the RIAA. This assumes all digital media on a system is an illegal copy.
Yes, it does. And it shows what criminal, despicable, disgusting excuses for human beings work for, or with, the RIAA.
Sure, if the worm comes into your system over a P2P network, there's a good chance that at least *some* of your mp3s are pirated, but there's no way to differentiate pirated mp3s and those you ripped/encoded from your own CD collection.
All of my mp3 and ogg files are ripped from my own rather large, but no longer growing CD and Vinyl collection (because now I do not buy CDs, ever, nor will I, ever again). All of my avi's are recorded from my own television, my own animations, or my own media, and are not traded, ever. Indeed, none of my stuff is traded, ever.
However, I did install gtk-gnutella in order to download the hiliarious fan fiction Star Trek episode "Savage Empire", because the web site distributing the files had been slashdoted. A perfectly legal download, for which, if this story is true, these unlawful thugs have infected my machine.
I have enough money, and the will, to persue a very harsh lawsuit against these fucks if this story has any veracity, and if I am infected, and I will not hesitate to do so.
"In Corporate Fascist America You and Your Data Belong to the Copyright and Media Cartels. Bend Over and Enjoy the Ride, Consumer."
The Future of Human Evolution: Autonomy
I don't pretend to know much about the gory details of how it works, but P2P has never struck me as the best way ever invented to ensure the integrity of your system.
Last week a client asked to bring his PC into the cybercafe to download some files using eDonkey. After a couple of days, my observations were that
So I told him to take his eDonkey elsewhere... is there any way to know what you are really connected to with this sort of system?
Virtually serving coffee
If you read the artical, you'll see that they code they released was for a UNIX Mp3 player, which means they certanly have the capacity to infect Unix machines using mpeg123, I doubt windows programs would be much harder, and I DID just upgraded winamp to cover up a buffer overflow problem in the id3 tag...
An MP3 based virus is possible these days, and it could easily spread to all your mp3s once activated. (even on unix, since obviously your mp3 player is going to have access to those files, unless they are read-only)
autopr0n is like, down and stuff.
I'm not so totally sure this isn't real. I have mp3's that play fine on my intel machine but crash xmms and mpg123 (but not amp) on sun, sgi, and pa-risc. Of course, there's always a chance that the files are merely corrupted or the mp3 player doesn't work properly on other platforms, but I wouldn't expect *all* other platforms to die like that, at times. Of course, this has only happened with files I downloaded, not files I've ripped. 95% of my mp3's are my CD's (my music is too valuable not to make backups of!), and most of the rest is mp3's I've downloaded when the CD's have become too scratched to be readable, or when it's a song I had on tape or vinyl and didn't feel like re-recording onto my computer. So I may be a bad way to test this. But who knows---if I can figure out just which files these are, I'll try to analyze the crash dumps a little more and see if I can find anything.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
I download many mp3s via p2p, easily putting me in the 95%, I ahve zone alarm running on my P2P, and have never had any hits attempting to go outbound, with the latest versions of zone alarm, they can't merely mimic application names to get through, wouldn't this BS be provable by someone out there monitoring outbound network traffic....I'm calling HS hoax
I have great faith in fools; My friends call it self-confidence. Edgar Allan Poe 1809-1845
Well, I tried straceing mpg123 on an intel box on the files (have yet to try on other platforms), but no sockets or anything get opened. Perhaps they check the parent process, though? mpg123 calls getpid() but never getppid() in my logs, though.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
Yes, it *is* the artist's choice. Artists get to choose from one of three options:
(a) sell yourself to the RIAA,
(b) spend wads of cash letting people know you exist, or
(c) wither into oblivion.
Do *you* have wads of cash? No? Well, don't ever try to write music and expect anyone but your friends to hear it, then.
Some artists get lucky and get their name out via the Internet, or sign with an independent label.. but 90% of the artists you hear all the time are formerly-no-name guys that the RIAA noticed and invested in.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
Clearly this is a contrived hoax.
Nevertheless, it could be instructive to consider the implications of how this could be accomplished. In doing so, we could establish a baseline and get a sense of things to look for if an exploit of this type were to be produced in reality.
Here is how I would create such a system, with an effort to address the many problematic areas pointed out by other readers. I invite all criticism.
1) A system can be created, using p2p protocols, to build a database of known infringing hosts. You simply ask p2p hosts for copyrighted files and make a note of what you get.
2) At a specific time, trigger a latent feature of software on the infringing hosts to expose personally identifiable information tying the infringing host to an infringing user for prosecution. This could be triggered by something as innocent as a remote system requesting an otherwise non-existant file with a special "trigger" filename.
3) The exposing feature would only be triggered on those hosts which have already been proven to be serving infringing material, only on those hosts which are within the requisite jurisdiction, and only after the proper warrants (authorizing the search) were secured. The information would simply not be requested from non-infringing hosts, or from hosts where the proper legal access could not be obtained. This should addresses any "illegal search" concerns.
4) It would be legal for a p2p client manufacturer to willingly include such a latent feature within their pre-compiled binary. This represents an "infection vector" which would not be detected by any virus scanning, or by looking for modifications to executables. Other infection vectors, such as the proposed MPAA "worm" would be technically possible, but likely untenable in a legal sense. The "infection vector" need not even be associated with the p2p application, a 3rd party DLL or service pack could provide an infection vector even on systems which use "historical" (existing prior to the development of this system) or open-source p2p client applications.
5) Since no "out of the ordinary" information would be sent until the moment the feature was triggered, network analysis would not detect the latent vulnerability. The only hint of a system compromise in this fashion would be the analysis of the date sent in response to a request for this non-existant file. Encryption could be used to obfuscate even that.
6) Since the p2p client has already been proven to be capable of sharing files with remote systems, no possible configuration of firewalling (or similar technology) would prevent the transfer of the requested personally identifiable data to a remote requesting system, provided the requesting system masqueraded as a simple p2p client requesting a willingly shared file..
7) The latent feature would be technically capable of performing any action the owning user is allowed to perform, inclusing relaying personally identifying information, compiling a list of all files on the system (or just those which are being illegally published), or any other action. In actuality, I suspect the latent feature would be only a stub allowing a more specific payload to be downloaded. This would allow the eventual exploit to collect only that information for which legal authorization to collect exists. This also allows the exploit to be developed for a specific hardware/os configuration. Most importantly, the development need not be done before this system is set up. Specific development could be performed up until the instant when the exploit needs to be delivered.
Such a system would, I believe, meet all the criteria of respecting user privacy, and acting within existing legal framework, while providing the access vectors which the proposed "MPAA worm" claims to offer.
No, I'm not really happy about what I've just written. Please shoot me down.
The thing about things we don't know is we often don't know we don't know them.
You said that you will never buy CDs again.
Let me suggest something: go to any New Year's Eve "First Night" event (Williamsburg, VA has one, for example. So does Charlottesville, Harrisonburg, Norfolk... but I think they're nationwide).
Take a bunch of money with you (the ticket only costs $7, and you'll be able to go to 5-8 shows before the evening's fireworks). Buy CDs -- they'll have been produced by artists too small to get or want RIAA representation. They'll have been hand-produced, essentially. If you hear something you like, then buy it. *Ask* them if they mind you sharing over P2P or internet radio -- they may actually say "Please do."
I think I remember buying something from a group called "Trapezoid". But the group wasn't half as good as the woman and husband team that relaxed from playing by doing performance art. As befits a family event, it wasn't pornographic performance art, either. One performance was a story about her mother's wedding hat; another was a story about her father's singing lessons. *Extremely* entertaining.
But go ahead and buy CDs. Just don't buy RIAA CDs. They aren't worth listening to, anyhow [unless it's classical or jazz... but you still can find good stuff elsewhere].
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
First, every time we buy a blank CD, DVD, VHS, or even audio cassette tape we are helping them out. There is a tax which we, in the US, pay every time we purchase any of the above. We also pay it every time we buy a radio, TV, or even a computer. So - we lose.
Every time we rent a CD, DVD, VHS, or even game cartridge - we are (again) paying this tax. So we lose there also.
Should we buy a book, a script, magazine, newspaper, or the like we are probably still paying this tax. So we've lost again.
Finally, even if everyone in the US refused to have anything else to do with the RIAA or MPAA they are still powerful enough to have new laws passed. As in "Atlas Shrugged," by Ayn Rand, if they can not take our money legally - then the thing to do is to change the laws so they can take it legally. After all - laws are nothing more than rules by which we play and those who have the money usually get to make the rules.
Sorry if this shocks anyone but the truth is that it is only because we respected each other, had a unified common sense approach to things, a scrupulous populus, and the knowledge that if you did wrong you would be held accountable for it - that we have made it this far. The "Anything goes" way of looking at things, not holding people's feet to the fire for doing something wrong, and (as bad as it might seem) not being willing to put to death those who really are doing terrible things to others (like Enron's execs who have ruined hundreds if not thousands of people's lives) that has caused us to come to this. What these people are doing is, IMHO, treasonous. Look it up. The act of "Treason" is where two or more groups (whether they be people, organizations, corporations, or whatever) attempt to remove the rights of their fellow citizens. According to the texts it is their "intentions" which merit this stamp So ask yourself this - what are their intentions when they attempt to force upon you their yoke of slavery? What are their "intentions" when they try to sneak, like theives, laws into Congress which remove our rights and preserve or expand upon their rights. What are their intentions? Those intentions are to take away your rights.
Now, someone will probably say "You don't go around killing people just because they are trying to get laws passed." That's true. You don't. Normally. But this is different. It is different because they are not trying to get laws passed for the betterment of mankind or to right an injustice. No. They are trying to twist the laws and our country (Heck! The world even!) to their needs. To enslave it. To enshackle it to their beliefs. Just like some religious cults have tried to enslave others to their will. It is an evil thing to do and it will have terrible consequences if it is allowed to endure.
Even if they were only brought up on charges it would shake up the corporate world enough that many things companies are beginning to attempt to do through the rewriting of our laws would be stopped. Companies would think twice about trying to change laws so they benefit only them and remove our rights. Which brings up - why do groups think they can get away with this? The answer is - they have in the past. The difference is the internet. Whereas before there was this huge time lag between when something happened and when we knew about it - now it only takes hours or minutes for word to be sent and a transgression found out. The problem is still though the complancey of many of the people in our country. "Oh! I might get involved." some whine. "I don't have the time." another chats. "It's not my place." a third comments. If you don't stand up and write your congressmen/women then you are already shackled. You already bear their mark. You already curl up at their feet, lick their hands, and eat the crumbs they throw to you.
So as always the question is - what are you going to do about it? Wallow in the filth on the floor or write and demand that these groups stop trying to infringe on your god given rights!
Someone put a black hole in my pocket and now I'm broke.