Slashdot Mirror
RIAA Plans Cyberwar Effort
Richie Z writes "This article at the New York Times talks about new anti-piracy efforts from the music industry, some of questionable legality. One idea simply redirects users to a website with legal downloads. But two other programs freeze the user's system or delete music files determined to be illegal. Another proposed idea is basically a DoS attack against downloaders. I guess the RIAA believes the law only applies to their enemies." They had a solution to illegality planned.
Load up a few of your computers which are located at different locations with as much of your legally owned music as possible. Open a hotline server so you can transfer those files from your machine a to your machine b. Make no effort to hide your server, but clearly indicate it is yours. When they wipe your machine, sue for damages.
DALnet is dead, DDoS attacks, and supposedly no one knows who was doing it, strange coincidence that the RIAA is "planning" anti-priracy acts. It isn't to much of a leap to say that they are already doing them.
Bit torrent is gaining popularity and is difficult to directly attack, but relies on various websites to distribute .torrent files for the program to work, so what happens? These web-sites are attacked.
The "war" has already begun...
Oh please let them take these measures. Every one of them violates federal law and would allow the RIAA to be branded as criminals (if not terrorists, considering the way the hacking laws in the US have gone recently).
.technomancer
... talks about new anti-piracy efforts from the music industry, some of questionable legality.
Come on, what else do you expect from these people? They have stated that they think its alright to break into computers that contain Mp3s (fair use be damned).
They have sued college students for $90 billion and settled for $17 thousand which is still way too much.
They count 50 cd burners at faster speeds to be 420 burners for statistic purposes.
They have been proven guilty of illegal cd price fixing and screwing the consumer.
All in all, anything they do doesn't really surprise me anymore. I think the only actual thing that would shock me would be something like:
"The New York Times is reporting that the RIAA is giving away $5000 worth of free cds to every person in this country who ever purchased a cd. They also are responsible for puppies, ice cream and rainbows."
can't sleep slashdot will eat me
I think turning off autorunning on CD's should be considered necessary for basic system security. It would be too easy for a music CD to run a fast installer and bang you have a anti-pirate virus installed. Even if they don't "delete files", they could (if you didn't have an outbound firewall) scan for music and send lists to the RIAA. Report on installed P2P software. Send any and all usage logs from that software, etc.
Sure they will hold off till they can get laws on their side, but right now I'm not sure congress really is looking after consumers all that much. This "right to hack" nonsense has come up too many times recently.
I seriously hope the RIAA does try to go the cyberwar route.
They will get absolutely and utterly bent over and destroyed if they open that Pandora's Box.
Please RIAA... I am begging you... Start a "cyberwar."
-Michael
Threshold RPG
The RIAA never ceases to amaze with their stupid antics. Within a couple of days of the successful iTunes deployment, they leak this bit of lunacy. I can not think of another industry doing so much to alienate its customers, all the more amazing given that a CD is a totally discretionary purchase. How long before they cross the line and get hit with a general boycott?
The idea of launching destructive software is really mind-boggling. IANAL, but it sure seems to me that they could get hit with some massive liability lawsuits if one their destroy bots is a bit more successful than intended. Gotta admit though, it would be sweet irony to see these idiots sued out of existence.
What about Sony? While the record division is trying to impede piracy, the hardware people are abetting it by producing CD-R drives, among other things. What happens if a legit use of a Sony hardware product is impacted by a Sony Music destroy bot?
Maybe something else is going on. Perhaps the real panic in the industry is caused by the notion that a smart artist could put their files on p2p to get exposure w/o signing a record deal. If technology can improve the bargaining position of the artist before signing a deal (of their choice), the extreme reactions of the industry are a bit more understandable. NOT agreeable, however, and as stupid as one can imagine, but understandable if one takes the perspective of those who have been feeding at the music cartel trough for so long.
Dang, I was looking forward to getting an iTunes account, but now I'm conflicted. I'd like to support Apple and the artists, but I hate the idea of any money going to the RIAA overlords who should have been supporting iTunes-like products a long time ago. The pirate networks aren't really free, they just take a lot less time than going to CD store, have better selection in many cases, and allow one to sample. A good pay service with reliable connections, selection and organization, let alone the absence of all the spyware would be much preferable to the "freeware." That's why I think there is something else on the RIAA's mind - Not loss of the customer, but rather loss of the artist...
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
I have my doubts that they could even get these attacks to work on my computer. 1.) It's Linux, 2.) I'm paranoid about my security, and 3.) I'm a programmer and will just write a detection script to locate and remove these trojans. If I can defend against this bullshit than I'm sure other geeks will do the same. All the RIAA seems to be doing is creating a market for secure P2P software and quite possibly giving Linux a good chance for a killer app.
Now the DoS attack might be effective but that game goes both ways. If they start attacking individuals how long will it be until P2P clients come with the ability to detect DoS's and trigger the whole P2P network to do a DDos on the source of those attacks? They'd be hard pressed to handle such a DDoS with legal threats if they did it first and I can just imagine the negative public relations off an Internet war that'd no doubt disrupt large portions of the Net at once.
Why don't these morons figure out that the only way to beat P2P is to offer cheaper cd prices and affordable (non DRM) downloads of songs themselves. Legal or technical attacks aren't going to be very functional and have dangerous tailspins off their customer base.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I think you underestimate RIAA and the differences in the "jobs" that each must do. All RIAA needs to do is make it sufficiently hard for the casual downloader to get their files. If RIAA can do things like: corrupt 1/2 the downloads, shut down the fastest of the filesharers (keeping in mind that only 1/10 actually shares--fewer still have the bandwidth to do it effectively), flood the networks with searches so they're ineffective, and so on--they can make it much more time consuming to find and download good files. Although RIAA themselves may lack the technical know-how, they can sure as hell hire it. It's a mistake to assume that just because RIAA is reluctant to, say, allow DRM-free files of their IP, that they're technically incompetent. When the technology itself is not a potential threat to their IP I suspect you'll find them to be much more nimble (or at least their agents will be).
.... what are they going to do? Hack RIAA.org again? WHo cares! Put up more files? What more does RIAA have to lose. Try to make better P2P networks? They probably will, but the delicious irony is that the hackers/developers are now in a much tougher position because of the decentralization of P2P. How do you penalize a client that methodically sets out to corrupt swarmed downloads (each additional download source increases the risk of corruption--since it only takes a few bytes to throw the whole thing off) of RIAA's music? You really can't in a way that can't be tampered with in the other direction--that would create more problems for downloaders. What's more, if you do attempt to defend the piracy of stuff that is explicitly RIAA's IP, you really lack a defensible case. Even if they do find ways to adapt, the constant upgrading of software, switching of networks, and so on will in and of itself be a large barrier to entry for most piraters.
Please note that there's a lot that they can do short of breaking the law or ethnical guidelines. Many of these suggested technologies will probably never be deployed, but that still leaves quite a few interesting avenues open to RIAA. Furtermore, the mere threat of such viruses or trojan horses being on the network can serve as a detterant for a good number of people.
The hackers, on the other hand,
1. Set up a honeypot.
2. Make sure the content looks "illegal" but, in fact, is not
(i.e., MP3 files named for popular songs but containing only commentary on them).
3. Get hit.
4. Sue for damages.
5. Profit!
OK, joking aside, in most countries, even accessing a computer without authorization is illegal.
The Canadian criminal code forbids it (look here for a longer version).
TITLE 18, PART I, CHAPTER 47, Sec. 1030 of the US code also looks applicable (but IANAL so if somebody who IAL reads this, please comment).
So, with the law on your side, you can also sue them in a small claims court. That way, they cannot use their financial advantage to subvert justice.
Don't worry about that, I'm sure the RIAA have lobbyists standing by at the ready to amend that situation.
Yes, but they're just about to step on someone with bigger, tougher lobbyists -- and that someone is rather pissed off and defensive right now from crummy earnings, layoffs and overwork: the telcom industry.
Implementing DoS as a means of targeting abusers is comperable to bulldozing an electric company's transmission lines as a way of getting back at an individual who's done something wrong. It's another illegal act and definitely constitutes theft and abuse of nearly every telco or major ISP's policies. I'm sure some of those recent terrorism acts passed which we all have harped about have some interesting things to say about coordinated, widespread infrastructure denial-of-service = terrorism. Even the announcement of the intent to damage American telecommunications infrastructure should put RIAA execs in the holding tank with the shoe bomber.
We've notified our upstreams that should any RIAA DoS services originate on their networks, we will hold themn legally and financially responsible for the impact to our network. Likewise, we will block (via BGP) any external networks and blackhole them that originate RIAA DoS, and expect our upstreams to do so as well.
You may see some Internet fragmentation, but I'd suggest people identify which providers permit and encourage DoS abuse, and which oppose it (and vote with your wallets). Just as you probably wouldn't want service from AT&T if they crammed hundreds of spam messages at you daily, will you want them if they burn all your bandwidth due to illegal RIAA hacking? And how will this set with customers who have burstable service? Will you permit your service provider to engage in a racket that intentionally fills up your circuit, allowing them to overbill you?
Sounds like the RIAA's walking into a nice RICO trap and potentially some interesting domestic terrorism issues, and any tier one network provider that permits this may also be implicated. My attorneys are ready, are yours?
*scoove*
This has the potential to be worse than a /.ing, in that they would almost need to have computers dedicated to DoSing someone. That kind of systematic attack would surely strike terror into the heart of any sysadmin.
Therefore, the RIAA member companies are engaging in state supported terrorism!
I wonder what would happen if someone DoSed the DoSers.
Until the RIAA offers a free media replacement policy (you know, replacing your outdated casette tapes and vinyl records with brand-spanking-new CD's with of the same album), I think music "piracy" should be legalized. It's not piracy if you've already paid for a right-to-use license to the music by already having bought a record or casette tape and are now just getting a copy of the CD without buying it retail.
Robbery. Sheer robbery.
-- Dossy
Dossy's Blog
And add to that the people (like myself) who often download music to get a good, digital copy of something I've long since bought and paid for.
If own an album in LP form and collect all the tracks off Kazaa in order to get it on my iPod without going through the hassle of ripping the vinyl (and thus getting a pretty lousy sounding bunch of mp3's) then I'm pretty much well within my rights but the RIAA is counting that as just more money they've lost to those pesky music pirates.
Appended to the end of comments you post. 120 chars.
Vigilante Justice will NOT be tolerated. They do not want the wrath of the Telecom industy and ISPs, who will gladly turn over reams of data detailing these illegal denial of service attacks.
They also do not want computer scientists angry at them. They have no right to go into my computer and erase MP3s of some CDs that I owned and ripped.
The RIAA does not have the power to do that. They are a trade organization, period. They are not judge, jury and executioner. They will be well advised not to start a war with us.
I have a better idea: The RIAA should ignore the fact that the internet exists. It will save them and us a lot of grief.