IFPI Employee Describes P2P Sabotage Activities

Maxwell'sSilverLART writes "From The Reg: Matt Warne, an employee of the international version of the RIAA, admitted that he helped the organization spread garbage and random noise on the P2P networks. Apparently, they used multiple DSL connections to present the appearance of separate users, disguising the origins of the files. His group has stopped, but he claims several of the big record companies are still doing it themselves. And here I thought all of their garbage came on CD."

Whats wrong with garbage??

[Bowie+J.+Poag]

Garbage isn't so bad...their lead singer is hawt... Mee-yow!

Cheers,

Just block 'em at the firewall.

Here is a list of P2P Unfriendly IP's you can block.

OverPeer:65.174.255.255
OverPeer:65.160.0.0-65. 160.127.255
Ranger:216.122.0.0-216.122.255.255
R anger:204.92.244.0-204.92.244.255
MediaForce:65.1 92.0.0-65.192.0.255
MediaForce:65.223.0.0-65.223. 255.255
MediaForce:4.43.96.0-4.43.96.255
MediaDe fender:66.79.0.0-66.79.255.255
RIAA:208.225.90.0- 208.225.90.255
RIAA:12.150.191.0-12.150.191.255
MPAA:63.199.57.96-63.199.57.128
MPAA:64.166.187.1 28-64.166.187.192
MPAA:198.70.114.0-198.70.114.25 5
MPAA:209.67.0.0-209.67.255.255
NetPD:207.155.1 28.0-207.155.255.255
NetPD:128.241.0.0-128.241.25 5.255
UnknownC&DCop:64.106.170.128-64.106.170.192
BayTSP:209.204.128.0-209.204.191.255
Vidius:207 .155.128.0-207.155.255.255
GAIN(spyware):64.94.89 .0-64.94.89.255
GAINCME(spyware):66.35.247.0-66.3 5.247.255
GAINCME(spyware):66.35.229.0-66.35.229. 255
MediaDefender:64.225.292.0-64.225.292.127
RI AA:208.192.0.0-208.192.255.255
Xupiter.com:63.236 .32.50
Xupiter.com(mirror):63.208.235.30

I get dozens of hits to each IPchains rule everyday when I am using P2P.

Re:Just block 'em at the firewall.

[Uninvited+Guest]

Where did this list come from? How can I verify its legitimacy? Even more important: how can I discover new addresses which should be blocked?

Re:Just block 'em at the firewall.

[DrPsycho]

MediaDefender:64.225.292.0-64.225.292.127

Um. 292?

I presume that's a typographical error, but you might want to double check those numbers... especially with the hordes of people incorporating them into their IPChains/IPTables rulesets right now. :^)

Re:Just block 'em at the firewall.

[don_carnage]

How can I verify its legitimacy?

nslookup

Re:Just block 'em at the firewall.

I got the list from http://www.shareaza.com 's security forums. Shareaza is a modern Gnutella client with integrated security features. I do not personally use the built in firewalling stuff though. I wrote Iptables rules to block them all. If you would like to verify the authenticity you can just use a tool like Sam Spade for your windows box. Although you will have to be warned that several of the above listed IP's are listed as belonging to some holding compay or another. I would not know where to begin in writing a tool to automate this, but if you have the skills than by all means please do so:) In the mean time you can just read shareaza's forum.

Re:Just block 'em at the firewall.

[Grit]

Umm... isn't one of the "strengths" of P2P that this would only be effective if everybody refused to peer with these addresses? Even if it were effective, wouldn't the parties involved just call up the phone company and order a DSL line--- with an address from the phone company's IP address block?

The same anonymity which P2P promises cuts both ways. Installing filters like this is a big waste of time. Now, accepting the connections but keeping them occupied via a fake "honeypot" network might at least be interesting...

Yeah

[GigsVT]

I've come across some of this stuff, mostly I got mp3s that were the right length, but just silence rather than what the file was named.

They find their way into my playlist if I am not careful, and when I am using it for background music while intensively coding I usually don't notice when one comes up, but it scares the shit out of me if a really loud song comes on after it. :)

Re:Yeah

That's what you get for pirating John Cage!

slowdowncowboyslowdowncowboyslowdowncowboyslowdo wncowboyslowdowncowboyslowdowncowboyslowdowncowboy slowdowncowboyslowdowncowboyslowdowncowboyslowdown cowboy

Re:Yeah

[jc42]

mostly I got mp3s that were the right length, but just silence

They'd better be careful with this. Remember that last year John Batt got into trouble for including a silent track on his CD. John Cage's estate charged him with copyright infringement.

If a recording company is responding to copyright violations by sending around unauthorized copies (or derived works) of John Cage's copyright on his famous 4'33" composition, they deserve to be punished to the maximum extent of the law.

--

Re:Yeah

[MikeFM]

I think they'll find this gag runs out of steam as soon as P2P clients start using checksum techniques. Use trust boundries and individual checksum lists and you can keep the system from being poisoned. It just a little client support and requires that users take the 5 seconds to notice if a file is shit or dangerous and mark it as so in their client. Best of all you don't even have to keep a copy of the actual file to provide the checksum info so you can act as a P2P cop without being set up for feds raiding your basement. The trust boundries is as simple an idea as saying Jack is my friend and I trust his checklist and I trust Jack's friends friends 80% as much as I trust Jack and I trust a friend of Jack's friends 80% as much as I trust Jack's friends.. so that you form a large verification network that eventually peters out unless you raise one of those individuals to your own friend status. This would make it difficult for the RIAA to get into the average users 'friend' list to poison them from there.. and as soon as they did they would be removed from the list and have to start the whole tedious process over again.

Re:Yeah

[Old+Uncle+Bill]

Without a doubt, that is the biggest truth about this article. FastTrack has built in a moderation system of sorts, but do people use it? Hell no. Try this for starters, go search on FastTrack for the movie XXX. I bet one entry comes up saying it is a perfect copy with about 40 people who have it. That equates to 40 dumbasses, because that file is really Half Baked. What is the point of sharing when you are sharing shit? I think the general user on the system is more to blame than the incompetent folks over at the RIAA/MPAA.

The basterds!

[Chocolate+Teapot]

Matt Warne, an employee of the international version of the RIAA, admitted that he helped the organization spread garbage and random noise on the P2P networks

He shared his Brittney Spears mp3s.

Nothing wrong with it

[aridhol]

Why should the music industry be prohibited from putting junk on the network? If the user gets frustrated enough when trying to download music illegally (and yes, copyright infringement is illegal), maybe they'll actually spend money to buy music.

Why is there no great uproar when a private user puts misnamed files on the network? Or when software goes online? Why do we save our complaints for when the legal owners do something against the spirit of the system, rather than when someone else does something against the law?

Re:Nothing wrong with it

[thelexx]

"Why do we save our complaints for when the legal owners do something against the spirit of the system, rather than when someone else does something against the law?"

Simple. In all cases of them being deceptive, it's just that, pure deception. With the assumption of guilt on the part of everyone who might download. Not all cases of downloads are illegal however.

Re:Nothing wrong with it

[echucker]

If they're going to mess with files, at least be clever about it. Take a lesson from the Barenaked Ladies' book - Take a legit file, and implant funny ads for upcoming releases in them. "Pinch Me" off of their Maroon album is a perfect example of this. Do a search for the track on your favorite P2P network, and you're sure to notice that some people note "no ads" in the title.

I actually prefer listening to those versions now over the stock ones.

Re:Nothing wrong with it

[Mournblade]

What if I own the CD and am too lazy/unable to rip it myself, but want to listen to it on my PC? If I *only* download mp3s of songs from CDs that I actually own, is that illegal?

I don't see anything wrong with this.

[thinkliberty]

I don't see anything wrong with this. If it makes it harder to pirate the music and it isn't a DOS against the network or another person. So what? If the copyright owners want distribute blank songs or garbage songs on p2p networks. Let them do it. It would also be interesting to find out if they paid the artist for using their name on a product they are distributing.

They have a right, in a way

[image]

Look, as much as I resent the RIAA, I have to say that they have a total right to fill up P2P networks with bogus files that look like copyrighted material.

What, you are not able to pirate a copy of some new album? Poor baby. Pay for it. You _really_ are ripping off the artist if you steal it. Yes, you are also ripping of the RIAA (which I don't care about). But don't complain that your organized theft ring is being hampered by the rightful owners of that property.

I despise the RIAA and how it treats their artists. But for the love of all that is right, don't *steal* in reaction. That is certainly not going to make the artists lives better.

Buy from alternative record labels. Go see your friends bands live. Write your own music. Read a book. Play with your computer. Make out with your girlfriend. Or, if you really want that album, pay for it. Or don't and boycott the bad labels. *That* choice is yours.

Re:They have a right, in a way

[avgjoe62]

That is all very good advice for those that want to get the music without paying for it.

Now what about those of us that do actually own a valid copy of a song?

I have a large collection of LPs (remeber those? the large, circular vinyl disks with the small hole in the middle?). I take loving care of my albums, buy the best stylus I can and clean them when needed. I used to record onto cassette so I could listen to my albums in my car (perfectly leagal time shifting-- if I am driving in my car, no one is back at home listening to my albums).

Now, I have a car with a CD player, but no cassette. I want to listen to my albums, but I don't want to pay for them all over again when I already own a legal copy. So, I can try and get the output from my turntable to my computer (not easy!) or I can check out a P2P network and download copies of those songs I already leagally own.

Why should the RIAA have any problem with that?

Re:They have a right, in a way

[brain159]

Have we FORGOTTEN all the perceived angst and trauma about usage-prevented audio CDs (sharpie marker deprotection, all that)??

If I buy a CD and find I'm totally unable to rip it, I can and will go searching for the tracks on p2p. If/when every "CD" that comes out (including from the smaller dance music labels I like) is similarly mangled, a few people will manage to rip it (carefully via analogue, or whatever) and the music will still proliferate over p2p.

If, in order to get the music I've paid for into a format I regard as usable (mp3s or oggs) I have to go get them off p2p networks then I've gained no *actual* value from the purchase of the "CD".

Metallica is in on this too...

[Tofino]

Everything Metallica has released since Master of Puppets has been garbage :).

Isnt this what we were expecting all along?

[josh+crawley]

As an ethical issue, downloading songs we havent paid for is just plain stealing. And they tried to shut down the source (the transfer tool and servers), byt the judge bitchslapped them down.

What choice are we leaving them? They're spreading corrupted files. It's not like they're ping flooding every user. They're just sending what the USER REQUESTS.

I'm relieved that's all the Riaa are doing. After all, protecting the groups' rights are what they're about.

EULA?

[Tar-Palantir]

I haven't read any P2P app EULAs, but I wonder if some of them might try including a clause that "You agree by using this Software that You will not attempt to degrade the effectiveness of the Network in any manner, including intentional distribution of flawed or nonsense files."

Now, IANAL, but it seems like the outcome of such an action would be positive for the geek community:

• The RIAA might simply stop.
• They might sue, and have EULAs ruled not binding (this would be negative in the sense that they could continue the monkey business, but good overall).
• The P2P companies might take them to court and win. Wouldn't that be nice?
• 
  
  Anybody see why this wouldn't work (unless some clients failed to put the clause in)?

Funny and true story

[Amsterdam+Vallon]

I actually e-mailed Richard Stallman a couple years ago when I realized a great way to spread the GNU message.

My question was whether disguising pro-GNU songs (such as these) as Billboard Top 40 hits and sharing them on Peer 2 Peer networks was a "right" thing to do.

He suggested that I not do it, but did thank me for a good laugh.

This reminds me..

[Maeryk]

I have been running Limewire, and has anyone else noticed that no matter WHAT you put in the search box, you nearly immediately get three hits back with exactly that title and an appropriate extension? One is a broken move file that just locks your player, and two others are pr0n teasers.. but that must be a large server with a fast pipe... because it consistant, and it is FAST.

Has anyone run into this with any of the other P2P clients, or is it just limewire specific?

(I would think that would be a better way to tie up the services anyway.. just have a remote server that responds to incoming searches with a couple of crap files. Get enough of them doing it, and the S/N ratio will get so screwed people will stop using it.)

Maeryk

Re:This reminds me..

[theLOUDroom]

I use limewire and I've noticed the same thing. Here's what I do about it:

1. Start Limewire and let it get connected.
2. Search one something weird like "frobittzly."
3. Open up the settings and add any computer that replies to my list of blocked ips.
4. Repeat the two steps above until I get no search results for things which shouldn't exist.
5. Use Limewire as usual.

Re:Shirley Manson is all that

[GigsVT]

Shirley Manson is all that

Her sister Marilyn is really hot too.

technology can beat this....

[smd4985]

once again, the IFPI and RIAA don't understand technology. given the infrastructure, p2p users could 'moderate' content up and down, and 'metamoderate' the moderations of other users (wonder where i've heard of those terms ;) ). but seriously, this technological solution would destroy poisoning efforts - as content and users were moderating, crappy content would be marked as 'to be ignored', and valid content would sift to the top of the heap.

It's so much easier ...

[burgburgburg]

playing little guerilla internet tricks rather than trying to understand/reform your industry. It's so much simpler to poison a well rather than figure out how to use it to make money and satisfy your "customers". It's so much more restful to sit around and blame "pirates" rather than addressing new technology and a changed customer base. It so much less tiring to pay off legislators to outlaw things that are inconvenient rather than putting together a business model that isn't 30 years out of date. Thanks IFPI.

How and why do they do it?

[On+Lawn]

When I do a search on gnutella, I used to get nothing but good information. Then about three months ago I started seeing files like (say I was searching for Avalanches)

Avalanches.jpg
Avalanches.mpg
Avalanches.mov ...and so forth. Its pretty easy to avoid them, I don't think they are fooling anyone. I've never even clicked on them to see what they actually contained.

Wait, I did get snookered once. I was searching for "Camaflouge" the old Depech-mode sounding 80's band, which I haven't found a way to purchase the CD anyway. One of the files I pulled down turned out to be a really sweet rendition of "I Know that My Redeemer Lives". I suspect it was a fellow mormon reminding me of my values. But I liked the rendition so much that I kept it and play it.

(By the way, I own the Avalanches CD)

________________________
OnRoad: Hacking that which costs more money and is more deadly. (Its just a car-enthusiast site really)

It's a waste of time in the end

[stratjakt]

P2P networks are already chock full of bad 'rips' full of pops and skips, or poorly/wrongly encoded (like 56k mono), misnamed songs, and so on.

Eventually the people who get 'into' it figure out who enjoys the same sort of music they do, and who tends to have quality mp3s on their sites. So the metalheads migrate together, and the hip hop fans, etc.

If they stray outside their 'clique' and get a garbage tune or two, they delete them and move on.

They also 'poison' newer, profitable releases, and I've found that a huge chunk of the P2P'ers are there for older or more obscure music. The fact that there's a garbage version of Britney Spears' latest floating around doesn't bother a Deadhead or someone looking for underground punk tunes in the least.

So, I suppose it could discourage a handful of 13 year old newbies if by luck they manage to get the garbage files the first time they try it. But it won't 'kill' the networks.

Who's complaining?

[Sloppy]

Why should the music industry be prohibited from putting junk on the network?

No reason they should be prohibited, and I haven't seen a single poster suggest that they should be. This is news (sort of) because it's moderately interesting, not because it's some horrible atrocity.

be careful what you say about the riaa here

[circletimessquare]

be careful what you say about the riaa in your posts, or they'll use the same tactic here, on slashdot, and post random garbage comments to drown out the anti-riaa noise...

wait... garbage posts on slashdot!? it's already begun! how much are those trolls getting paid?!

A quote from a Honest Artist

[esorense]

This might be a little offtopic but I thought it was interesting. I attended a Spoken Word Event by Henry Rollins. He discussed his views on P2P and downloading music off the net. His basic view was go ahead download my stuff. "I would rather have your time than your money," he said. Amen. I liked it so much I added it as my sig, sorry about the repetition.

Re:copyright infringement is illegal

[aridhol]

Hmm...I just looked at the definition of civil disobedience:

[R]efusal to obey governmental demands or commands

OK, so you're refusing to obey the law (meaning that yes, you admit that it's illegal but you don't think it should be).

[...]

means of forcing concessions from the government

Here's where I don't beleive that you're practicing civil disobedience. See, you're breaking the law from the privacy of your own home. This means that the government doesn't see that you're doing it, so you're not making much of a statement. You're not going to acheive anything doing it this way, and you know it. This makes it not civil disobedience, but regular lawbreaking.

If you really feel that it's civil disobedience, get a bunch of people together, set up a network in a public place (rented hall, maybe), and download there. Make sure the media is there, and hand out pamphlets telling what you're doing. Get your message out there. Face the risks of being arrested.

Until you do something like this, I say you are not practicing civil disobedience, but plain old lawbreaking.

Advertising.

[Moderation+abuser]

They should use p2p like a radio broadcast, put low bitrate encoded versions up for free, advertise sites where the high quality encodings can be purchased for $0.50.

Re:Why haven't I noticed?

[uncoveror]

They want everyone to stop trading files, so they fill the networks with garbage. They want us to pay $20 for a CD that cost less than 1 to manufacture, and most of those are filled with garbage. Increasingly, they won't play in a computer because of "copy protection," when computers are they only player many of us have. How do we tell them we don't approve? By boycotting their products. Let CDs gather dust on store shelves.

The Cost of "Disinformation"

[davejenkins]

Disinformation, the act of spreading rumors, false orders, and couterfeit money is as old as warfare itself. Usually, the production cost' of disinformation is much less than the 'production cost' of truth. It's easy to spread a rumor about ambushed soldiers, whereas actually ambushing someone is pricey. Fake Confederate dollars were much easier to print than real ones, etc. Al Qaeda knows this, and it's rumor mill is going full steam.

Now to the immediate fight: the RIAA and record labels have decided to invest time and money into producing counterfeits and disinformation. The problem is that the very structure of P2P networks makes this overtly pricey:
1. The RIAA must proactively produce 'bad' Britney Spears
2. Some dope must download this 'bad' track-- but once they find it's bad, they delete it. The track never gets past that first copy.

Whereas 'legitimate' tracks get copied and passed around by everyone, because the legitimate tracks are keepers, and they expand virally.

Eventually, the RIAA will come under such heavy costs to maintain their disinformation campaign, that it would be cheaper to start using the P2P system to their advantage (theoretically)

Packrat P2P users do save garbage.

[ChaosDiscord]

However, more recent evidence suggests that the technique is being used by major labels in-house, instead, and the sheer quantity of junk files found on the peer to peer networks today - purportedly residing on individual's PCs - points to continuing "poisoning". Why? Because users abort a junk download, or quickly delete a file. The alternative explanation for the persistence of this noise material is that users are extremely inattentive, and that's difficult to believe.

The Register dropped the ball on this. There is a non-trivial number of peer-to-peer users who just download things because they can. Much like the core of packrat warez traders they're not so much interested in the specifics as trying to have the largest collection. (And when you get warez from one of these packrats, you'll often get software that's seriously broken.) They're not really going to listen to the two months of continious music they have, just a small subset. Clearly they're rather have real songs, but they never bother to check. It only takes a few of these people to create the impression that the network is full of garbage.

Yawn... MD5 Checksums

[Rayonic]

I guess that the RIAA's anti-piracy measures are getting so bad that they're circumvented well before they're implemented.

There are already networks out there that incorporate MD5 checksums in order to avoid bad files (example, example). Couple that with a simple checksum repository (example, example). Or maybe even a search engine (example), and you never have to download another bad file again.

Re:copyright infringement is illegal

[Ann+Coulter]

Prohibition ended because of plain old lawbreaking (resulting in some corpses and blind people to boot). Sometimes civil disobedience does not send the message clearly. The most effective message is direct action and if it takes money from RIAA members and indirectly their political pawns then it is more just than parades.

Reality check

[GuyMannDude]

For a minute there it looked like you were making some serious points. Then I got to this line:

Make out with your girlfriend.

That kind of delusional thinking just wiped out any semblance of reality that your post might have had. :)

GMD

Re:Fighting Fire With Fire

[PinkFloyd]

"File sharing is illegal - you are paying nothing for something."

No, file sharing is _NOT_ illegal. Copying and distributed copyrighted works is illegal. There's a world of difference between the two.

It's not that simple, buddy

[Cokelee]

If you really feel that it's civil disobedience, get a bunch of people together, set up a network in a public place (rented hall, maybe), and download there. Make sure the media is there, and hand out pamphlets telling what you're doing. Get your message out there. Face the risks of being arrested.

Hmmm, not quite. When it comes to those who care more people use P2P than don't.

See this is the internet and everything is distributed (not the hippie generation where your approach might actually work). Millions upon millions of people disobeying the law is infinitely more formidable than getting a couple hundred to take a fall for millions.

You see, if the civil disobedience came only from a few people in this situation they would be squashed and become an example, not a martyr for the cause.

By effectively eluding the government and **AA people are out rightly defying the law in masses. Meaning, if the government does not change its policies it will be forced to imprison its population. Because this cannot occur and have the government still exist, the masses will win over the few.

It's only a matter of time and determination.

Re:YES!!. Virus also, i think.

[meringuoid]

No matter what you put in, you get a file back instantly, some of which are some kind of pornbots or something, and i have had a few where they are a virus, i believe. It seems to change the names of its files on the fly. Its kinda neat, in a way, i wonder who it is.

The dummy results always come from the same few machins; they say they're running Gnucleus, and I believe it - access to the source code helps if you mean to screw with Gnutella in this way.

The .exe files in the !!_YEEHAA_!! zip files probably hijack Internet Explorer - going by what comes out of running 'strings' on them, they also add a whole lot of porno bookmarks - venusseek.com in particular. This is just a guess as I'm not planning to actually run this thing on Windows :-) The images and mpgs just show an ad for some porno site.

The .vbs viruses... they seem to have come from Columbia. A look at the source of one of them reveals

rem "Plan Colombia" virus v1.0
rem by Sand Ja9e Gr0w (www.colombia.com)

rem Dedicated to all the people that want to be hackers or crackers, in Colombia
rem This program is also a protest act against the violence and corruption that Colombia lives...
rem I always wanting that all this finishes, I have said...

rem Santa fe de Bogotá 2000/09
rem I dedicate to all you the song "GoodBye" of Andreas Bochelli

It relies on user stupidity and Windows' habit of hiding file extensions. Instead of 'virus.mp3.vbs' the user sees 'virus.mp3' and thinking all is well doubleclicks to play it. VB script promptly scans the whole hard disk and creates a copy of itself under the name of every MP3 it finds. That's why you tend to get double results - maybe Quadrophenia.mp3 and Quadrophenia.mp3.vbs from the same user. It also seems to redirect IE's start page to a FortuneCity site, and has a bunch of other stuff going on related to script kiddie life and Colombian politics.

Compared to this sort of malevolence, a Coral song that craps out after five seconds and continues in silence is positively benign.

What I want to know, though, is why I keep getting back 'Free Bird' by Lynyrd Skynyrd no matter what I search for?

I love(d) Norah Jones' Music...

[Newer+Guy]

So I went out and bought her CD, but found out that I can't play in to my computer (which IS my CD player by the way). "No problem": I thought to myself. Since I already own the CD (that I can't play), I'll go onto Kazaa and download the tracks. BIG PROBLEM, as every one of them has been altered with a 'swishing' tone every 30 seconds or so. In disgust, I returned the CD. If Norah doesn't want me as a fan, she can go fuck herself. Actually, I wonder if Norah (even) knows and appreciates how hard her label works at derailing her career?