Slashdot Mirror
RIAA Plans Cyberwar Effort
Richie Z writes "This article at the New York Times talks about new anti-piracy efforts from the music industry, some of questionable legality. One idea simply redirects users to a website with legal downloads. But two other programs freeze the user's system or delete music files determined to be illegal. Another proposed idea is basically a DoS attack against downloaders. I guess the RIAA believes the law only applies to their enemies." They had a solution to illegality planned.
Load up a few of your computers which are located at different locations with as much of your legally owned music as possible. Open a hotline server so you can transfer those files from your machine a to your machine b. Make no effort to hide your server, but clearly indicate it is yours. When they wipe your machine, sue for damages.
DALnet is dead, DDoS attacks, and supposedly no one knows who was doing it, strange coincidence that the RIAA is "planning" anti-priracy acts. It isn't to much of a leap to say that they are already doing them.
Bit torrent is gaining popularity and is difficult to directly attack, but relies on various websites to distribute .torrent files for the program to work, so what happens? These web-sites are attacked.
The "war" has already begun...
Oh please let them take these measures. Every one of them violates federal law and would allow the RIAA to be branded as criminals (if not terrorists, considering the way the hacking laws in the US have gone recently).
.technomancer
... talks about new anti-piracy efforts from the music industry, some of questionable legality.
Come on, what else do you expect from these people? They have stated that they think its alright to break into computers that contain Mp3s (fair use be damned).
They have sued college students for $90 billion and settled for $17 thousand which is still way too much.
They count 50 cd burners at faster speeds to be 420 burners for statistic purposes.
They have been proven guilty of illegal cd price fixing and screwing the consumer.
All in all, anything they do doesn't really surprise me anymore. I think the only actual thing that would shock me would be something like:
"The New York Times is reporting that the RIAA is giving away $5000 worth of free cds to every person in this country who ever purchased a cd. They also are responsible for puppies, ice cream and rainbows."
can't sleep slashdot will eat me
I think turning off autorunning on CD's should be considered necessary for basic system security. It would be too easy for a music CD to run a fast installer and bang you have a anti-pirate virus installed. Even if they don't "delete files", they could (if you didn't have an outbound firewall) scan for music and send lists to the RIAA. Report on installed P2P software. Send any and all usage logs from that software, etc.
Sure they will hold off till they can get laws on their side, but right now I'm not sure congress really is looking after consumers all that much. This "right to hack" nonsense has come up too many times recently.
I agree. If they start deleting files, we could respond with finding ways to track the IP or MAC address of the host which originally sent the request and launch our own program which would remotely delete the system files required by the computer to remotely delete our files.
Another idea if you have a high-end firewall would be to find out where the hosts launching the attacks are located, and place deny entries into the ACL on the firewall, blocking access to all ports from that host or network. Let's hope they do not resort to address spoofing or using multiple network addresses.
I seriously hope the RIAA does try to go the cyberwar route.
They will get absolutely and utterly bent over and destroyed if they open that Pandora's Box.
Please RIAA... I am begging you... Start a "cyberwar."
-Michael
Threshold RPG
The RIAA never ceases to amaze with their stupid antics. Within a couple of days of the successful iTunes deployment, they leak this bit of lunacy. I can not think of another industry doing so much to alienate its customers, all the more amazing given that a CD is a totally discretionary purchase. How long before they cross the line and get hit with a general boycott?
The idea of launching destructive software is really mind-boggling. IANAL, but it sure seems to me that they could get hit with some massive liability lawsuits if one their destroy bots is a bit more successful than intended. Gotta admit though, it would be sweet irony to see these idiots sued out of existence.
What about Sony? While the record division is trying to impede piracy, the hardware people are abetting it by producing CD-R drives, among other things. What happens if a legit use of a Sony hardware product is impacted by a Sony Music destroy bot?
Maybe something else is going on. Perhaps the real panic in the industry is caused by the notion that a smart artist could put their files on p2p to get exposure w/o signing a record deal. If technology can improve the bargaining position of the artist before signing a deal (of their choice), the extreme reactions of the industry are a bit more understandable. NOT agreeable, however, and as stupid as one can imagine, but understandable if one takes the perspective of those who have been feeding at the music cartel trough for so long.
Dang, I was looking forward to getting an iTunes account, but now I'm conflicted. I'd like to support Apple and the artists, but I hate the idea of any money going to the RIAA overlords who should have been supporting iTunes-like products a long time ago. The pirate networks aren't really free, they just take a lot less time than going to CD store, have better selection in many cases, and allow one to sample. A good pay service with reliable connections, selection and organization, let alone the absence of all the spyware would be much preferable to the "freeware." That's why I think there is something else on the RIAA's mind - Not loss of the customer, but rather loss of the artist...
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
I have my doubts that they could even get these attacks to work on my computer. 1.) It's Linux, 2.) I'm paranoid about my security, and 3.) I'm a programmer and will just write a detection script to locate and remove these trojans. If I can defend against this bullshit than I'm sure other geeks will do the same. All the RIAA seems to be doing is creating a market for secure P2P software and quite possibly giving Linux a good chance for a killer app.
Now the DoS attack might be effective but that game goes both ways. If they start attacking individuals how long will it be until P2P clients come with the ability to detect DoS's and trigger the whole P2P network to do a DDos on the source of those attacks? They'd be hard pressed to handle such a DDoS with legal threats if they did it first and I can just imagine the negative public relations off an Internet war that'd no doubt disrupt large portions of the Net at once.
Why don't these morons figure out that the only way to beat P2P is to offer cheaper cd prices and affordable (non DRM) downloads of songs themselves. Legal or technical attacks aren't going to be very functional and have dangerous tailspins off their customer base.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I think you underestimate RIAA and the differences in the "jobs" that each must do. All RIAA needs to do is make it sufficiently hard for the casual downloader to get their files. If RIAA can do things like: corrupt 1/2 the downloads, shut down the fastest of the filesharers (keeping in mind that only 1/10 actually shares--fewer still have the bandwidth to do it effectively), flood the networks with searches so they're ineffective, and so on--they can make it much more time consuming to find and download good files. Although RIAA themselves may lack the technical know-how, they can sure as hell hire it. It's a mistake to assume that just because RIAA is reluctant to, say, allow DRM-free files of their IP, that they're technically incompetent. When the technology itself is not a potential threat to their IP I suspect you'll find them to be much more nimble (or at least their agents will be).
.... what are they going to do? Hack RIAA.org again? WHo cares! Put up more files? What more does RIAA have to lose. Try to make better P2P networks? They probably will, but the delicious irony is that the hackers/developers are now in a much tougher position because of the decentralization of P2P. How do you penalize a client that methodically sets out to corrupt swarmed downloads (each additional download source increases the risk of corruption--since it only takes a few bytes to throw the whole thing off) of RIAA's music? You really can't in a way that can't be tampered with in the other direction--that would create more problems for downloaders. What's more, if you do attempt to defend the piracy of stuff that is explicitly RIAA's IP, you really lack a defensible case. Even if they do find ways to adapt, the constant upgrading of software, switching of networks, and so on will in and of itself be a large barrier to entry for most piraters.
Please note that there's a lot that they can do short of breaking the law or ethnical guidelines. Many of these suggested technologies will probably never be deployed, but that still leaves quite a few interesting avenues open to RIAA. Furtermore, the mere threat of such viruses or trojan horses being on the network can serve as a detterant for a good number of people.
The hackers, on the other hand,
first, even Machiavelli would recognise that by no way a legitimate end would justify such an extreme mesaure.
second, and if we look at things straigth, this just looks like spam (only not over SMTP) .
In a time when finnaly all parties involved start to try to kill spam in a global way it is interesting that this kind of *solutions* is not only thinked but openly presented to the public ...
what we, the *society* need to demand is that the big fish do the same to this polluters that does to the average spammer i.e. silence, block and wipe them!
AOL are you listening ? ...
the world can be going nuts, but surely it is fun ...
chrs from Portugal...
PS: where is Ashcroft when we need him ?
You would think that the RIAA would have figured out what would happen, if they engage in a "cyberwar" from what happened to Madonna. Instead of trying to outsmart a group of computer users (which WON'T happen unless they hire hackers), they should concentrate on the reason most people download MP3's anyway. THE HIGH PRICE OF CD'S! I remember when CD's hit the stores in the early 80's. The RIAA said that at 20+ dollars each, yes they more expensive than LP's (records), but the technology was new and expensive, and as more and more hit the shelves, the price would come down to the price of LP's. Well, it's been over 20 years, and the prices are still in the 15-20 dollar range, unless you catch them when they first come out and they have a price reduction. As CDRW's became popular in the 90's and the price of blank CD's came down to less than 50 cents each in bulk, people started asking, hey, how come audio CD's are so expensive? It can't be the CD material. As more and more people saw that: A. The artist aren't really making a lot of money on each CD sold, B: The stores where the CD's are bought aren't making any money, C: Companies like Sony, EMI, EPIC(now sony),etc.....are having lavish parties, etc etc......HEY! We are being ripped off! That's what fueled the explosion in file trading (that and peoples desire to get something for nothing). If the record industry would DO SOMETHING positive about file trading like what Apple is doing, then I think the file trading "problem" would disappear. Just look how many LEGAL songs were downloaded in 18 hours! 275,000! @ 99 cents each! Now, although I think 99 cents per song might be a little high, considering if a CD had 12 songs@ 99 cents, the cd, jacket etc....it's a step in the right direction. Come on RIAA, drop the BS, get on the bandwagon and realize your over zealous activities are history. You've had the gravy train for too long!
The real question is... if the RIAA can have people DoS somebodies system or a network and that group or person in turn retaliates are they doing something illegal? Can they get in trouble even though the RIAA is technically doing illegal stuff as well.
those people who think they know everything are a great annoyance to those of us who do. -isaac asimov
1. Set up a honeypot.
2. Make sure the content looks "illegal" but, in fact, is not
(i.e., MP3 files named for popular songs but containing only commentary on them).
3. Get hit.
4. Sue for damages.
5. Profit!
OK, joking aside, in most countries, even accessing a computer without authorization is illegal.
The Canadian criminal code forbids it (look here for a longer version).
TITLE 18, PART I, CHAPTER 47, Sec. 1030 of the US code also looks applicable (but IANAL so if somebody who IAL reads this, please comment).
So, with the law on your side, you can also sue them in a small claims court. That way, they cannot use their financial advantage to subvert justice.
Don't worry about that, I'm sure the RIAA have lobbyists standing by at the ready to amend that situation.
Yes, but they're just about to step on someone with bigger, tougher lobbyists -- and that someone is rather pissed off and defensive right now from crummy earnings, layoffs and overwork: the telcom industry.
Implementing DoS as a means of targeting abusers is comperable to bulldozing an electric company's transmission lines as a way of getting back at an individual who's done something wrong. It's another illegal act and definitely constitutes theft and abuse of nearly every telco or major ISP's policies. I'm sure some of those recent terrorism acts passed which we all have harped about have some interesting things to say about coordinated, widespread infrastructure denial-of-service = terrorism. Even the announcement of the intent to damage American telecommunications infrastructure should put RIAA execs in the holding tank with the shoe bomber.
We've notified our upstreams that should any RIAA DoS services originate on their networks, we will hold themn legally and financially responsible for the impact to our network. Likewise, we will block (via BGP) any external networks and blackhole them that originate RIAA DoS, and expect our upstreams to do so as well.
You may see some Internet fragmentation, but I'd suggest people identify which providers permit and encourage DoS abuse, and which oppose it (and vote with your wallets). Just as you probably wouldn't want service from AT&T if they crammed hundreds of spam messages at you daily, will you want them if they burn all your bandwidth due to illegal RIAA hacking? And how will this set with customers who have burstable service? Will you permit your service provider to engage in a racket that intentionally fills up your circuit, allowing them to overbill you?
Sounds like the RIAA's walking into a nice RICO trap and potentially some interesting domestic terrorism issues, and any tier one network provider that permits this may also be implicated. My attorneys are ready, are yours?
*scoove*
This has the potential to be worse than a /.ing, in that they would almost need to have computers dedicated to DoSing someone. That kind of systematic attack would surely strike terror into the heart of any sysadmin.
Therefore, the RIAA member companies are engaging in state supported terrorism!
I wonder what would happen if someone DoSed the DoSers.
Until the RIAA offers a free media replacement policy (you know, replacing your outdated casette tapes and vinyl records with brand-spanking-new CD's with of the same album), I think music "piracy" should be legalized. It's not piracy if you've already paid for a right-to-use license to the music by already having bought a record or casette tape and are now just getting a copy of the CD without buying it retail.
Robbery. Sheer robbery.
-- Dossy
Dossy's Blog
And add to that the people (like myself) who often download music to get a good, digital copy of something I've long since bought and paid for.
If own an album in LP form and collect all the tracks off Kazaa in order to get it on my iPod without going through the hassle of ripping the vinyl (and thus getting a pretty lousy sounding bunch of mp3's) then I'm pretty much well within my rights but the RIAA is counting that as just more money they've lost to those pesky music pirates.
Appended to the end of comments you post. 120 chars.
Ok.. I have various term papers and code I've written myself... my school doesn't have any stupid rule grabbing copyright, so I own the copyright free and clear on all of it. Wouldn't breaking past the routers firewall, circumventing the Windows XP user/permission scheme be a violation of the DMCA? If so, lets hit them with their own stick. It would be hillarious to see the RIAA itself brought down for a DMCA violation.
"Isn't scanning a computer for illegal files exactly like going to somebody's house and looking through the windows? Or opening their front door and looking but not touching?"
No, actually it's more like your neighbor is missing his wallet. He decides that *YOU* probably have it in your house so while you are not looking, he breaks into your house and digs through your drawers, cabinets, closets, under your couch cushions, in your fridge, etc. He even opens your desk drawers and reads through your personal papers, diaries and mail, all because he *THINKS* you stole his wallet..
If I caught someone digging around in my *house* like that they would get shot. It's illegal for people to do that (B&E your home) no matter what they *think* you may or may have not done.
The law requires the accuser to seek legal relief, they must contact the police, file a complaint, convince a judge to issue a search warrant and the warrant may only cover the item(s) in question. In other words they can not search in your desk drawers for stolen car tires or under your bed for a stolen volkswagen.
Your computer is a private place, or at least it SHOULD BE. If someone breaks into your computer then they have broken into your private property. No different than breaking into your home.
If you are afraid of RIAA police breaking into your PC then you should implement some security, just as you would put locks on your door and big dogs with big teeth inside your house, secure your computers..
Vigilante Justice will NOT be tolerated. They do not want the wrath of the Telecom industy and ISPs, who will gladly turn over reams of data detailing these illegal denial of service attacks.
They also do not want computer scientists angry at them. They have no right to go into my computer and erase MP3s of some CDs that I owned and ripped.
The RIAA does not have the power to do that. They are a trade organization, period. They are not judge, jury and executioner. They will be well advised not to start a war with us.
I have a better idea: The RIAA should ignore the fact that the internet exists. It will save them and us a lot of grief.