Slashdot Mirror
Leaks Prove MediaDefender's Deception
Who will defend the defenders? writes "Ars Technica has posted the first installment in their analysis of the leaked MediaDefender emails and found some very interesting things. Apparently, the New York Attorney General's office is working on a big anti-piracy sting and they were working on finding viable targets. It also discusses how some of the emails show MediaDefender trying to spy on their competitors, sanitize their own Wikipedia entry, deal with the hackers targeting their systems, and to quash the MiiVi story even while they were rebuilding it as Viide. Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."
You know, I hope people keep this incident in mind if they are considering going to work for a disreputable company, a company whose primary missions is screwing people, especially when those people that are being screwed have a Robin Hood-like reputation and are a lot smarter than you. The sad fact is that there will undoubtedly be a lot of collateral damage due to this episode. As pointed out in the Ars Technica article, a secretary who happened to be working for MediaDefender whose worst crime was answering phones and getting coffee for his or her bosses now has the social security number, home address and phone number, and salary information out there for everyone to download and look at.
I think that an even worse fallout of all this is that companies are going to be even more anal about stuff like e-mail policies and such. At my company now, they content-block us from accessing Gmail. I'll be that companies will start doing crap like blocking employees from even sending e-mail to Gmail now, the attack vector that allowed these e-mails to get leaked.
But still, even after having said all that, I love it when an evil company doing evil things gets their due like this. It's entirely possible that MediaDefender might go out of business because of this. If you're one of their customers whose detailed contract information got leaked, how likely are you to do business with them again? Although it occurred in a totally scummy way that I just can't endorse, I can't deny the end result of big media companies being a little more skittish to hiring these outfits to do their dirty work is a Good Thing.
Heavens, a company discussing how to "deal with the hackers targeting their systems"? What a scandal.
so MiiVi was a complete failure, what do they do make a new site and call it Viide
no one would notice eh?
i wonder from a legal point of view can these emails constitute as evidence in a court, or is the manner in which they were leaked make any prosecution impossible??
I think this revelation brings to light the extent to which companies will go - to deceive the public, the mainstream media... and then continue with their illegal practices after a short time.
Microsoft's recent downplaying of the unexplained Windows Updates is another case in point. Where is Mark Russinovich's article that does a 'diff' of the replaced files, and explaining the 'new behaviour' in detail - like he did in the Sony rootkit case?
It is a bit sad that many of these incidents do not figure in the mainstream media - which seems to be in the powerful grips of these Corporate thugs.
If you keep throwing chairs, one day you'll break windows....
Don't despair!
Now don't get me wrong. I'm neither squeamish, nor easily offended. But in professional, corporate email communications such a tone has about as much justification as surfing porn at work.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
there are more leaks!
MediaDefender Phone Call and Gnutella Tracking Database Leaked
Some smart yet misguided people have their plot foiled by the weakest link, the human. I'm glad this whole miivi thing has been exposed. I think how it has been brought to light serves as a good reminder to the rest of us. No matter how secure your app, or how great your plan, all it takes is one person who doesn't understand policy or the consequences of following it and all is lost. Cheers
I wonder if any evidence produced by media defender can be used in court, since their systems are hacked and it is perfectly possible that they do now show in court what they initially found, but they show data that was modified by hackers.
The phone hack makes clear that hackers are quite deep into their systems.
I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).
Would it have killed someone to have rewritten the submission so that it explained:
?
I can go Google all that stuff and find out for myself, but why would I bother, if it's not clear to me why the story is important in the first place?
Read my blog.
nice one, thats my evening's humorous reading sorted out then. Purest, addictive, schadenfreude - what a delight.
:-)
its always cute when you see a big firm like that caught with its breeches down, but when its the sneaky bugger who where behind MiiVii on the receiving end its extra juicy.
tell you one thing, I wish we could get a current tap on their email to see what they are saying about this one!
on a more serious note, this came out because one single employee forward all his email to a gmail account which was then compromised, I would sure hate to be in his shoes right now.
Is this a good time to mention that access to these internal emails was gained illegally? Sure, he was stupid enough to use the same password on different systems, but that doesn't mitigate the invasion of privacy.
What those who want activist courts fear is rule by the people.
Of course, in a country with a sensible data protection regime, forwarding personally identifiable information to a weakly-protected gmail account would be a non-no in and of itself, One of the problems with the US's absolute lack of constraints on companies' use of personal data is that the casual mailing of SSNs can go on, and management have no reason to deal with it. In europe, that sort of stuff is locked down into HR department systems.
Chinese Nintendo ripoffs.
In case someone wants to have a look, Here is a on-line mailbox with all the leaked emails
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
While it's unfortunate that the innocent (or semi-innocent) are paying a price too, you can't tell me that the secretary had no idea what business they were in. She may not have appreciated the kind of backlash she was risking, you can't tell me that she didn't have to deal with angry calls all the time letting her know what people thought of this "business."
SJW: Someone who has run out of real oppression, and has to fake it.
When celebrities have their sex tapes stolen no one goes around saying what a tragedy a crime has been committed. We say what kind of idiot would tape themselves having sex. So why on earth would you think that when MediaDefender has their internal e-mails and tracking database stolen people are going to feel pity for them especially when they do business for such an unsympathetic cause. Instead people are gawking and gloating at this the same way they gawk and gloat when some celebrity they don't like gets caught with their pants down.
I think the invisible hand of the market has its middle finger extended
--A wise old fart named SC0RN
Wikipedia entries tend to be sanitized for companies anyway asa a matter of company policy. Employees aren't supposed to post- its in almost every contract there is. Every contract I have ever seen for a major company has something that basically states you may not act as the PR agent for the company or speak publically for the company. This is basically what you are doing by posting on wikipedia.
So the guys in PR are the only ones in the company posting over the long term. Anyone else doesn't work for the company, or won't be working there long (yerfired!).
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
MiiVi would be such a cool name for a text editor. Especially if it ran on Nintendo consoles.
Glancing through the news and some of the e-mails, the good news is the best way not to be implicated in any of this is to be an old fogy -- I don't think any media mentioned in these e-mails is from the previous century. Apparently us old geezers who like 1980s and 1970s music get a free pass.
sig?
Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."
Duh, most of us that are here too much can pick out those shills. They are very obvious to anyone paying attention. I believe there is a website out there that tracks them and even links accounts on different sites to specific people at Idiot-defender.
What they do is ineffective except for catching the 13 year old girls that dont know anything. they dont even put a mild dent in the real sharing groups. One of the guys at work was running around with a new DL DVD he got in the mail from a group member full of zero day songs and even stuff that has not been released yet all at incredibly high bitrate. He also had a copy of the Simpsons movie in 1080i which was mind blowing, it had to be a digital conversion from a not released yet BluRay master or someone broke the digital cinema format to convert it in a theater projection booth with a laptop.
Do not look at laser with remaining good eye.
I don't see any mention in the article of even an attempt to get the NY AG's office to comment on this story. Nor do I see any mention of it on the AG's own web site. If ars were a newspaper, the editors wouldn't have let this story appear at all without at least an official "no comment" by the Attorney General's office.
A quick search this am for "new york attorney general mediadefender" turned up no mainstream press reports about this story.
According the ars piece, by the way, the AG's office appeared to be interested in porn downloads, not, as the editors here put it, "working on a big anti-piracy sting and they were working on finding viable targets." From TFA, "Although the full scope of the project cannot be extrapolated from the e-mails, the information available indicates that MediaDefender intends to provide the Attorney General's office with information about users accessing pornographic content. Other kinds of information could be involved as well." (That last sentence is so vague and general that it could refer to almost any information of any kind anywhere on the planet.)
Don't the editors at least read the stories themselves before they post them to Slashdot?
None of these comments is a defense of either MediaDefender or the NYAG. I'm more concerned about the shoddy reporting that passes for journalism on geek news sites like this one and arstechnica. Particularly the latter, since the articles I've read there in the past gave off the semblance of decent journalism.
Following the Nintendo pronunciation of Wii (as Wee), would this not be sound like ViiDi would be pronounced "Vee Die" I'd check to see if they are scandinavian and suicidal.
The average mouse is not stupid enough to fall for the average mousetrap. Instead, you will get the really greedy and the really stupid ones. Which in turn means two things. First of all, you think your mousetrap is working (because you catch mice) and second, you breed more intelligent mice.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
That transcript is a black-hat's wet dream.
For those that don't want to read through it, it's classic PHB scumbag B.S. They're running exchange on one side, so there's going to be trouble finding a compromise unless the disks are taken out of production.
The buzzword B.S. level is so high I think I threw-up in my mouth a little.
Got Trader Joe's? friendwich.com RSS feeds work now!
The WSJ got a 'no comment' from the NY AG ( http://www.moneyweb.co.za/mw/view/mw/en/page94?oid=161203&sn=Detail ). The AG's case was definitely related to child porn; not piracy.
...the word on the street is simply that one of their staff signed up to a torrent site from one of MediaDefender's IPs with the same gmail address as username and password as he used for his gmail account where all these e-mails had been archived.
It's true that simple mistakes lead to major errors, you only have to look at the Half-Life 2 source code leak where a member of staff was e-mailed a key logger trojan giving the attacker all the info they needed to get the code out of there.
From TFA:
"When Douglas pointed out that information about MiiVi had been added to the MediaDefender Wikipedia page, Saaf decided that he wanted it taken down. "Can you please do what you can to eliminate the entry? Let me know if you have any success," Saaf wrote. "I will attempt to get all references to miivi removed from wiki," developer Ben Ebert replied. "We'll see if I can get rid of it.""
They wanted to remove all links between themselves and Miivi. When there definately was a link. They knew it was true, they just didn't want anyone else to know about it.
That's not the intended use of the tool that is Wikipedia.
All scandinavians are suicidal you insentive clod!
I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).
Related Stories[+] Your Rights Online: MediaDefender Denies Entrapment Accusations 104 comments
Ortega-Starfire writes "We've previously discussed the subject of MediaDefender setting up a site to catch movie pirates. Ars Technica covers the response from MediaDefender, which basically states the entire thing was a mistake and was only an internal site they forgot to password protect, and that they were not using this with the MPAA. The article asks: 'If this is true, why did MediaDefender immediately remove all contact information from the whois registry for the domain? Saaf said that after everything hit the fan, the company decided to take everything on the site down because it was afraid of a hacker attack or "people sending us spam." Yes, spam. The MPAA's Elizabeth Kaltman also chimed in to say that they had no involvement with MiiVi: "The MediaDefender story is false. We have no relationship with that company at all," she told Ars.'"
[-] IT: Internal Emails of An RIAA Attack Dog Leaked 412 comments
qubezz writes "The company MediaDefender works with the RIAA and MPAA against piracy, setting up fake torrents and trackers and disrupting p2p traffic. Previously, the TorrentFreak site accused them of setting up a fake internet video download site designed to catch and bust users. MediaDefender denied the entrapment charges. Now 700MB of MediaDefender's internal emails from the last 6 months have been leaked onto BitTorrent trackers. The emails detail their entire plan, including how they intended to distance themselves from the fake company they set up and future strategies. Other pieces of company information were included in the emails such as logins and passwords, wage negotiations, and numerous other aspect of their internal business."
You can't take the sky from me...
Wikipedia is clear that it is AGAINST policy to self-edit. Read the Code of Conduct.
Just because they don't have a very effective police force preventing rude, deceptive bullcrap does mpt mean it is acceptable behavior.
And YES, changing what OTHER people wrote about you without admitting who you are IS an indication of guilt. When I defend myself from something I do NOT do it anonymously.
excitingthingstodo.blogspot.com
That article was some interesting reading...I'll bet someone got yelled at this morning! Damn I'd hate to be in his shoes. What was he thinking forwarding this stuff to his Gmail account? This company is toast. They can infiltrate p2p networks all they want, but they have a new p2p model to worry about now: private and encrypted p2p. How can they fight private p2p networks set up by individual groups of friends? GigaTribe is one example: http://www.gigatribe.com/
If you dish it out, you shouldn't be surprised when something comes back your way.
Again I agree with the post above I feel sorry for some of the employees caught in the middle, but have little sympathy for the company.
When you actively seek to disrupt somebody else's activities (legal or not), especially with questionable tactics it won't make you popular and there is going to be backlash.
Law enforcement activities should be left to law enforcement officers that have been empowered by democratically elected governments and are accountable for their methods and activities. When individuals or companies begin acting as vigilantes ( URL:http://en.wikipedia.org/wiki/Vigilante ) it undermines the very stability and fairness of a legal system. Fair applications of law require law enforcement and police officers to follow a legal process that minimizes the effect an investigation has on innocent bystanders, all further controlled by legal system and the judiciary.
I find it most disconcerting that a government law enforcement entity (New York Attorney General's Office) is apparently supporting this vigilante behaviour by turning a blind eye to let someone else do their dirty work.
There is no doubt that some people are using P2P networks to commit acts of piracy but that does not justify disrupting P2P networks and affecting innocent bystanders, using P2P for legitimate purposes.
----- "Profanity is the one language that all programmers understand."
i think my shirt sums up the past few days pretty nicely.
With MD and the MPAA/RIAA's tactics in general, I'm quite surprised they aren't recruiting employers from Harry Mudd college (for those that know old Trek). Their attitudes seem to be much the same.
I think this shirt is more appropriate.
This story would mark the end of professional IT media. I have read some of mails randomly, it is some sort of Big media Watergate scandal of 2000s. All those large media companies show up either as customers or people who they demostrated their technology to. There is a media company asking their PIRACY data to decide which single they should release next.
Slashdot is not claiming to be a media site, it is a portal, it links to sites. If IT media is sold out, Slashdot can't setup IT sites just to link.
Check "The Register", there isn't a MENTION of "media defender" to this moment.
Does it have something to do with famous British record company which actively works/teams with leaked mail company?
This is much more than Anti-P2P.
Slashdot is not claiming to be a media site, it is a portal, it links to sites. If IT media is sold out, Slashdot can't setup IT sites just to link.
I'm not asking that Slashdot become a "media site." All I'm asking is that they check to see that the summaries they post are, in fact, consistent with the article that is cited. In this case, we were told the AG's involvement had to do with piracy while the article said it had to do with pornography. A day on Slashdot contains perhaps one or two dozen articles, not hundreds. I don't think it's asking much of the editors that they read the articles they post to ensure the summaries are correct. It took me, at most, five minutes to read the arstechnica article and see the discrepancy.
"Things like illegally violating copyright, and hiding what we're doing and who we are?" Um... none of those things are likely to get you thrown in prison.
"I'm a Laver, not a Phyto[plankton]"
Don't the editors at least read the stories themselves before they post them to Slashdot?
You must be new here.
-- Alastair
What are the legal implications of this... obviously the people who broke into the gmail account/etc could be in trouble, but is there any laws against downloading these leaked emails (social security numbers, etc)? What are the chances they try to go after all the people hosting and downloading these files on bittorrent?
Looks like archie and gopher are safe.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
radarjd dreams of infinite public gullibility:
it seems just as likely (if not more) to me that people simply don't care.
and asks is Sony and M$ have suffered for their bad behavior. The answer is an unmitigated "Yes". Not only have those companies suffered, the entire industry around them has taken a beating. People don't like being ripped off.
In the Sony case, CD sales are down even further than might be expected by the lack of new releases and general crapitude of traditional broadcasting. The industry's reputation could not be lower right now and people are really turned off. Music and entertainment are all about sharing. People want nothing to do with digital restrictions.
In the M$ case, Vista is a huge failure that's sucking down hardware sales. At the six month mark, retail sales of Vista trail XP by 60%. Big IT might start rolling it out in three years. People are sick of bloated crap and want nothing to do with digital restrictions.
Did I mention that people want nothing to do with digital restrictions? Business as usual is no longer good enough, and digital restrictions are even worse.
"Damage control" can't hide the real nature of the power grab that big media is trying to pull and meatier methods have backfired entirely. No one wants the future to be even more restrictive than paper and broadcast were. The future people really want is what you see at YouTube, Wikipedia and the free software world in general. People want to share, information wants to be free and corporate dickwads are just going to have to learn how to make an honest living. The harder the dickheads push, the worse it gets. They might have been able to keep playing games with non free software and hardware, but the lawsuits against innocent people turned the issue into the stuff revolutions are made of: they threatened the very prosperity that would ordinarily lead to the complacency media shits hope will save them. Free software advocates have been handed wonderful weapons in the promotion of Free Culture. Just owning non free media and software can now cost you your house and life savings. They might as well try to sell rusty cylinders of nerve gas and promote it with lottery based arson for their best customers.
Vista is a failure? I wasn't aware they stopped selling Vista. As I pointed out before, I am waiting to see how the first service pack turns out. I waited to purchase Windows XP till it was out for a few years. No operating system is perfect. I don't have time to talk about the rest of your rant.this would never happen to me, simply because I have a 99 character password, use firefox and HTTPs when I access gmail, and have an application level firewall.
I've had plenty of guys come after me, and I've buried them all, Hobos, Sea Captain, Joey Bishop.
there are 10 types of people in this world; those who get this joke, and those who don't
Actually, there are those who are waiting for the first service pack. You constantly compare Windows Vista to Windows ME. Windows ME was a failure for sure. It was unstable and vulnerable to numerous attacks. Windows XP is extremely stable and IMO secure, however it wasn't always that way. No operating system is 100% secure. It would be wise to wait a few years before considering it a failure. Who knows what will happen in the next couple years.
As for free software, free does not always mean it is the better choice. Which is the better choice between Photoshop and the GIMP? That depends on who uses it. Some will consider the Gimp to be better while others will consider Photoshop to be better. Some will even consider neither one to be any good and use Paint Shop Pro. Although I prefer to use Photoshop CS3 as it does what I need it to do, I will still use Gimp portable when I need to.
BTW, I haven't called you any names, but yet you seem to call people stupid and use childish names such as Windoze and M$. You are no different than those who call GNU/Linux "Linsux" or anyone that uses it "Retarded Slashdot Sheeple"
Someone creating a link on wikipedia is not the same as one existing (although it often correlates with reality) and there's nothing illegal about changing wikipedia.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
already crushed!!!
www.tdobson.net #### Dare to Dream #### blog.tdobson.net
...if MediaDefender has a license to distribute Wall Street Journal's articles as a PDF from their own site:
http://www.mediadefender.com/news/20070622_WSJ.pdf
It's apparently printed out to PDF from the WSJ website by someone named "randy". It doesn't really look like something they'd get by buying the publication rights from WSJ...
Money for nothing, pix for free