RIAA Website Hacked

gattaca writes "A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday. The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things. The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports."

Let me be the first to cry

[AndGodSed]

Justice!

Re:Let me be the first to cry

[gnick]

No, this falls far short of justice. Justice would have been posting a bunch of copywritten songs and announcing to the world where to find them. Even better:
* Record an original piece
* Post it
* Sue the RIAA for hosting it

Just blanking a site is lazy.

Re:Let me be the first to cry

[LordEd]

So you're saying that wrecking a database on an informational website that could likely be replaced from backup in less than an hour is the equivalent to the RIAA's normal business practices?

Well there you go Slashdot, we're even now. No complaining about the RIAA until they do something new.

Re:Let me be the first to cry

[eclectic4]

"Is there hope for Christianity?"

No, no there isn't.

Re:Let me be the first to cry

[phillymjs]

Just blanking a site is lazy.
--
This space intentionally left blank.

Irony, thy name is gnick.

Re:Let me be the first to cry

[webmaster404]

Or at least post press reports of dropping the charges to people who download. Then see if the judge ruled that it was hacked or if it was legitimate. Then we can use the RIAA's tactics in court to sue them.

Re:Let me be the first to cry

I don't think you understand what the word "justice" means. Maybe you mean "karma"?

Re:Let me be the first to cry

I don't think you understand what the word "justice" means. Maybe you mean "karma"?

I don't think you understand what the word, "karma," means.

Neither do most people, though; so it's okay.

Re:Let me be the first to cry

[ps236]

This sounds like the best idea for what should have been done. (Except with a few hundred pieces, not just one, as the penalties are based on the number of items available for download AIUI, whether or not anyone actually downloaded them).

If they then used the 'But we were hacked, it wasn't our fault' defense, and win because of it, that would then be easier to use as a defense by anyone else whose website/PC was used for distributing copyrighted materials. The RIAA could not then say 'you should have taken reasonable care to secure it'.

If they lose, then all their fines could go to the funds to defend innocent people against them.

Re:Let me be the first to cry

[smittyoneeach]

Irongnick?

Re:Let me be the first to cry

[smittyoneeach]

If they just restore the site from backup, without patching the SQL injection vulnerability, then the RIAA is RIAAlly st00p3d.
Now, parking a whole bunch of Scientology materials on their server would be quite funny.

Re:Let me be the first to cry

Oh, dear... a forehead slap and imaginary mod points to you, smitty. Wish I had some real mod points, but none today.

Re:Let me be the first to cry

[rifter]

No, this falls far short of justice. Justice would have been posting a bunch of copywritten songs and announcing to the world where to find them. Even better:
* Record an original piece
* Post it
* Sue the RIAA for hosting it

Just blanking a site is lazy.

I would have thought true justice and victory would be achieved if someone had deleted the RIAA's database of targets^wfilesharers. Of course those who were already at a point where dead trees were involved would still get troubles, but it would still slow them down. Even better: get the information then wipe it and share the info.

Re:Let me be the first to cry

[SoulRider]

I heard the scientology site got hacked this weekend and so did the RIAA website. Someone...PLEASE!...someone do it again only this time post negaive scientology propoganda on the the RIAA website and RIAA properties on the scientology website. They would have to sue each other, and considering the tactics both sides like to use the resulting trial could take 100 years or more.

Re:Let me be the first to cry

[MacWiz]

Their web guy wanted to make a backup, but when he produced a spindle of CD-Rs, someone yelled, "Pirate! He's stealing our stuff!" He was lucky to make it out of there alive, but they did jam two subpoenas up his ass before they threw him out the door.

Re:Let me be the first to cry

[Khashishi]

I wonder if by posting these ideas on /., this will actually _be_ done now. There's a good chance the crackers (or some copycats) read /.

Re:Let me be the first to cry

[snaptography]

Lol - before you sue the RIAA you gotta get thousands of people to download it. Then you can charge them some insane amount of money per download.

Re:Let me be the first to cry

[gnick]

If I could get people to start calling me Iron-gnick, I would.

Well

[Chas]

Normally I don't advocate cracking someone's site. It's childish and petty. Kinda like the RIAA itself.

But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it.

This probably makes me a bad, biased person.

C'est la vie!

Re:Well

[notmyusualnickname]

Same here. *Rubs hands and indulges in a meglomaniacal chuckle*

Re:Well

[morgan_greywolf]

But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it. Four words: They had it coming.

You can't really going around acting like an ass and then expect to be treated with respect by anyone, especially if your site is riddled with basic security problems like SQL injection. Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone, their 80-year-old grandmothers and their 6-year old children into oblivion.

Re:Well

You can't really going around acting like an ass and then expect to be treated with respect by anyone, especially if your site is riddled with basic security problems like SQL injection. Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone, their 80-year-old grandmothers and their 6-year old children into oblivion.

Yeah, that's pretty much what I said when the Pirate Bay got hit much, much worse than this. If you're going to run around bragging about what a 1337 w4r3z h4x0r you are, you might want to secure your site first before your moron users find out what it really means for information to be free.

Re:Well

[MasterClown]

Would this count as one of the Top Hits of 2008?

Re:Well

[Z00L00K]

Just blanking a site doesn't say much - it can be anything from the last M$ update to a hardware failure.

And if you are going to hack a site, why not keep the site but insert and modify the pages just slightly so that the meaning of some statements will be slightly off the target. Harder to do, harder to spot but a lot mor fun for the world to figure out.

Even better if no backups exists for the site... Or if it isn't spotted until the backups are recycled!

Re:Well

[luna69]

> Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone,

That assumes they could actually FIND one to work for them...

Re:Well

[slarrg]

Next time, hire a Web developer who isn't a stupid fscktard.... Real programmers wouldn't work for the RIAA.

Re:Well

[Lunarsight]

I agree. Cracking somebody's website is a real slimeball thing to do.

Although, considering the RIAA are the kings of slimeball, I thoroughly enjoy them getting a taste of their own medicine.

My only complaint is that it's already back up.

Couldn't they hit them with a Denial-Of-Service attack lasting several months?

(Yes, it's unethical, but is it any different from what the record labels do, dragging out court cases with little to no evidence, simply to run down the financial resources of the defendant? Payback is a real bitch.)

Why wipe it?

[Loibisch]

It would have been so much better to make it a temporary mirror for thepiratebay.org :D

Wonder if they would have started a lawsuit against themselves...

Re:Why wipe it?

[webmaster404]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself. Or how about a plea to stop DRM by saying "it is not working" or at least informing people about the evils of DRM. The possibilities are endless, just blanking a page.... how unprofessional, it did no good to the world the way then the way it could have been done.

Re:Why wipe it?

[Speare]

If one of your neighbors is disappointed in your lawn care or your dog's poops, there are positive ways of stating the disagreement, and there are negative ways. Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary. Likewise, defacing the website with a thoughtful "open letter" isn't likely to actually communicate anything.

Re:Why wipe it?

[techpawn]

But, could that open letter be used as evidence? It came from their website then if they try to use "well, anyone can make things on the internet look that way! Just because the IP address and website are ours it doesn't mean it's our data!" couldn't we counter argue that with their IP sniffing and screen shots or whatever?

I know it would never work. The judge would ph34r t3h ev1l h4xx0rz! But, if fun to dream isn't it?

Re:Why wipe it?

[Otter]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself.

I think we get enough of New York Country Lawyer's imbecilic legal theories as is. There's no need for him to be squeezing in "precedent from postings on defaced website" between "innocence by reason of single motherhood" and "innocence by reason of cerebral palsy".

Re:Why wipe it?

[vertinox]

just blanking a page.... how unprofessional, it did no good to the world the way then the way it could have been done.

Hrm... To me a blank page would most likley mean a server problem than a hack. Maybe the server had an issue and everyone assumed that the site had been hacked and someone pretended to claim responbility?

Re:Why wipe it?

[Machtyn]

My question is how often does the average consumer really visit a website like mpaa.org, riaa.org, or any other corporate entity presence? For me, it is less than 0.005 (or less than a 1/2%). I think the last time I visited riaa.org was a couple years ago when /. mentioned the site had been hacked. I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent. I've just never had the desire.

I suspect that the average person visits their favorite news site, gaming portal (like games.yahoo.com or legitgames.com or whatever), fark/digg/slashdot, and blogs of the different varieties. My wife will occasionally do searches for recipes, information on baby stuff, etc. We'll hit newegg.com, amazon.com, or other storefronts.

Am I wrong in my thinking that the average person would visit a site like mpaa.org, riaa.org, or other industry specific org sites? We all use tires to drive on, have you ever visited the site for Michelen or Dunlap tires? Do they have a trade org site that issues news, warnings, and user information regarding recalls/defects of certain tires? If so, I've never even considered searching it out.

My point is that very few people would see it to make it worth putting information touting your propaganda. However, if it was outrageous enough, perhaps it would make news and people might visit (by which time it would be too late, as the site would be fixed).

Re:Why wipe it?

[Rich0]

How about posting a song written by an independant artist who could then sue the RIAA for copyright infringement and facilitation of copying by virtue of running insecure software on their website?

Re:Why wipe it?

[CaptDeuce]

Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary.

Y'all ain't ever lived in a trailer park, have ya?

Re:Why wipe it?

[greginnj]

They did, actually. I was tracking some of the fun while it was live; the extent of the vulnerability was allowing access to the news archive -- so setting up a full mirror wasn't (yet) possible. After the real archive was deleted, though, somebody figured out enough field names to submit a link titled "get free warez here" or somesuch, and it linked to TPB.

Re:Why wipe it?

General Motors just introduced its new oil infused cereal today! ...I think you wanted to say General Mills

Re:Why wipe it?

[__aahmnf219]

I think we get enough of New York Country Lawyer's imbecilic legal theories as is. There's no need for him to be squeezing in "precedent from postings on defaced website" between "innocence by reason of single motherhood" and "innocence by reason of cerebral palsy". Why the hate there, Otter? You an RIAA member or stockholder, or just a grumpy old sod?

Re:Why wipe it?

you would use this as an argument against them.

Their logs saying this IP address did... whatever... doesn't mean anything!

Re:Why wipe it?

[Jtheletter]

I think we get enough of New York Country Lawyer's imbecilic legal theories as is

I think we'll all be waiting for you to post the court transcripts where these theories were presented during cases. Oh wait, there's a difference between forum posts seeking to encourage discussion and actual legal theories. Are you also implying that the RIAA has never stretched the truth or used irrelevant info to try and make their case sound stronger? Because that too is a load of crap.

Re:Why wipe it?

[PitaBred]

Yeah, well, if my neighbor's dog shits on my lawn, I just toss it back on his lawn. I don't think that's an inappropriate response, do you?

Seems about like what's been happening here, once you think about it...

Re:Why wipe it?

Thank fuck I'm not the only one who isn't constantly sucking NYCL's dick for every minor thing.

Re:Why wipe it?

[enrgeeman]

not only that, you can use it to do your laundry!

Re:Why wipe it?

[Machtyn]

Oh, yeah. That sentence is confusing. What I meant was, "I've never visited General Motors website or my favorite cereal company's website, or my laundry detergent's manufacturer's website." I was trying to cover a wide base of products.

Re:Why wipe it?

[budgenator]

or just redirecting to jamedo.com or Dmusic.com that offer CC licensed music.

Re:Why wipe it?

[WK2]

I don't think the grand-parent poster was referring to communicating with the RIAA. They are beyond reason. I think he was referring to attempting to educate people visiting their website.

Re:Why wipe it?

[ArsenneLupin]

And, even if they lacked the creativity to come up with plausible and funny faux-news, why the hack didn't they just fucking goatse it?

Blanking the page? What a waste of a perfectly good SQL injection hole!

Re:Why wipe it?

I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent.

that's funny, I always thought that GM made cars.

Re:Why wipe it?

[Lunarsight]

If one of your neighbors is disappointed in your lawn care or your dog's poops, there are positive ways of stating the disagreement, and there are negative ways. Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary. Likewise, defacing the website with a thoughtful "open letter" isn't likely to actually communicate anything. This IS the positive way.

Considering all the despicable things these bastards get away with, a website hack seems almost like letting them off easy to me.

In the olden days, they probably would have just been confronted by an angry, torch-bearing mob, who would burn down their buildings, and drag them away to an almost certain demise.

(Not that I advocate that, of course - it would break fire code, most likely.)

Re:Why wipe it?

[glitch23]

My question is how often does the average consumer really visit a website like mpaa.org, riaa.org, or any other corporate entity presence? For me, it is less than 0.005 (or less than a 1/2%). I think the last time I visited riaa.org was a couple years ago when /. mentioned the site had been hacked. I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent. I've just never had the desire.

Well GM isn't that far fetched given they sell vehicles. When searching for my first new car I went to many different sites that I haven't gone to since (Honda, Nissan, Chevy, Mitsubishi, GM, etc.). As far as some other sites though, I take it you don't go to a site in order to find information on how to contact a corporation to provide them your opinion or suggestions? I exercise my right to do that often even if I'm not a customer of the company. I may never go to the site again but I at least go there one time to contact them. Obviously I can't and dont go to every one of them (more .com than .org too) but I try to do my fair share as a Christian, American, health-conscious consumer.

Re:Why wipe it?

[WebmasterNeal]

Average people don't visit the site, but stories posted on their site seem to make it to other sites ALL the time (slashdot, wired etc.) so while we don't visit their site, we still get a lot of the bad news.

Re:Why wipe it?

I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent.

Introducing the newest from General Motors cereal line:

Chocolatey Suds!

When you're too tired in the morning to distinguish between your detergent and your cereal box, don't worry! Now, one box is good
for both. Not only do they taste delicious, but they'll get out those tough coffee stains as well! Guaranteed to leave a fresh, clean
taste in your mouth, too!

I wouldn't have wiped...

[blake1]

instead I would have used my cunning to download the latest Britney album to their server in DRM-free MP3 format. And then promptly reported them to themselves.

Re:I wouldn't have wiped...

[calebt3]

Britney album Post something that people want, for crying out loud!

Re:I wouldn't have wiped...

Naw, it wasn't arbitrary execution. It was just a SQL injection vulnerabilty. There are only few cases where that's useful for getting arbitrary access, and as big an asshole as RIAA is, surely they are not THAT stupid.

Re:I wouldn't have wiped...

[blake1]

Never! This would definitely be a double-blow.

Re:I wouldn't have wiped...

[mjmeyer]

Come on, not even I am that cruel.

It would've been funnier

[SirLurksAlot]

if they made innocuous little changes here and there, such as changing the words "do not support file-sharing" to "fully support file-sharing." It probably would've the RIAA much longer to realize they've been had, and I'm sure they would've gotten some interesting calls and e-mails :-D

Re:It would've been funnier

[dattaway]

Unfortunately, very few visit the RIAA site and would have caught it. The only way to get visitors is to let everyone know its hacked.

Re:It would've been funnier

[webmaster404]

No the RIAA gets LOTS of visitors... they are just part of a DDOS though.

Re:It would've been funnier

[peragrin]

exactly why completely destroy a website when slow gradual changes are so much more fun.

they probably could have gotten away with it longer too.

ZOMG!!!

[Kranfer]

ZOMG!!!!11111oneone!!1! The RIAA got hax0rzed. Well I guess they had it coming to them. While I understand their cause, I do not understand their tactics, their methods, or how they say they fight for the artists. I must say good job to the people who found the SQL injection flaw. May their programmers be whipped and stoned... well... I guess they would just throw lawsuits and blank CD's at their programmers and accuse them of stealing MP3's. Oh well. still great news.

Re:ZOMG!!!

[Tourney3p0]

Am I the only one who stops reading as soon as they see ZOMG, 111one111, etc, even in jest? Of course, anyone who agrees with me already stopped reading as soon as I described what I was talking about.

RIAA will use this

[BadHaggis]

to justify further restrictions on P2P software. I'm sure they will be able to twist this attack into some type of political message to show that the P2P community is just a bunch of cracking criminals which need to be stopped.

While I hold little sympathy for RIAA in this matter, I would rather people found different and legal ways to thwart the RIAA's mission.

Re:RIAA will use this

[webmaster404]

We have found legal ways. Its called not buying albums or buying into DRM. However, the RIAA thinks that it is always P2P networks that are to blame for every loss that they suffer. So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music. The RIAA has no logic, they are used to being a monopoly. Even when we win we lose.

Re:RIAA will use this

Exactly. Defacing is illegal no matter how you look at it and accomplishes nothing other than proving the "bad guys" the RIAA is fighting really are criminals.

Re:RIAA will use this

[chortick]

From a recent Economist article http://www.economist.com/business/displaystory.cfm?story_id=10498664:

"IN 2006 EMI, the world's fourth-biggest recorded-music company, invited some teenagers into its headquarters in London to talk to its top managers about their listening habits. At the end of the session the EMI bosses thanked them for their comments and told them to help themselves to a big pile of CDs sitting on a table. But none of the teens took any of the CDs, even though they were free. "That was the moment we realised the game was completely up," says a person who was there."

Re:RIAA will use this

[east+coast]

So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music.

Ok, so you go find a truely indy band and compare the number of hits you get for them versus the number of hits you get for, say, Pink Floyd on eMule. You'll find that at least a good portion of the RIAAs suspicions are well founded. If it were really a matter of so many people turning to P2P to get non-RIAA music than why is it that for years we've seen an RIAA story about every 2 days and 97% of those involve lawsuits? Why is it that tens of thousands have already settled? Let's not be ridiculous about the numbers here. Most of the music available on P2P networks is from RIAA sponsor labels and most of it is still in print.

The RIAA has no logic, they are used to being a monopoly.

Uh, since when? Indy has been around for longer than the RIAA. Maybe your politics (or more likely your fear of prosecution) has finally opened your eyes to the "indy" labels/bands but they've been around for a long time and the RIAA is neither a monopoly nor a music producing company. You've had a choice all along. These people bitching about the artists supposedly getting pennies per sale have had the same choice all along too. No one got uptight and self righteous until they found a way to get free music and suddenly started getting busted for it. If P2P and MP3 didn't exist today 99% of the people on here who bitch and moan about the RIAA would still be buying their product because if they want the music they'd have little choice. The only thing that has made this such a hotplate issue for the masses is that the labels can't beat the "free" price tag.

The vast majority of those involved in this issue have little to do with this pseudo-political awareness squabbling about copyright, fair use and home recording that goes on here and even fewer give a damn about the artists.

Even when we win we lose.

Win what? Free music? Someone's got to lose in that case because anytime a product is produced money and/or time is involved someone has to pitch in to see the product come to existance. Otherwise it's just an idea rolling around in someone's head. So feel free to think that downloading music is a "win" situation but unless people put their money where their mouth is and support the artists who's music they take there will be a general decline in music.

Or if you mean "win" in the case of defacing a website? You know, I kind of cheer these people (website hackers) on in a real shallow way but when you deface a page and just put up slop in it's place I feel really cheap for doing it. In this case these guys had all the tact of hacking the NAACP's website just to throw up pictures of Klan lynchings with a bunch of hate speech written by a 12 year old. They had an opportunity to make a real statement and they blew it. If they get caught I won't feel bad for them as their motive appeared to be little more than to destroy something just to destroy it. These guys aren't doing a peace sit-in for God's sake, they're poking fun at a section of the music industry. Let's try to keep some perspective on their place in all of this.

When it comes right down to it if the music is crap and not worth the price don't buy it. If you're stealing it you're proving that the labels still have viable product and that they're losing money. The only way to tell the labels that they have a product that isn't worth buying is to boycott it in every way. Or do you think the store owner who has his store broken into thinks that he should charge less for his product to avoid future theft?

Re:RIAA will use this

[geminidomino]

Yes, because as everyone knows, "Legal == right" and "Illegal == wrong."

Make enough laws and the most honorable man becomes a criminal.

Re:RIAA will use this

[moosesocks]

to justify further restrictions on P2P software. I'm sure they will be able to twist this attack into some type of political message to show that the P2P community is just a bunch of cracking criminals which need to be stopped.

"In this post-1/21 world....."

We must never forget!

Re:RIAA will use this

[repapetilto]

so is there a list somewhere of all "RIAA-protected" bands so I can know what its safe to download

Re:RIAA will use this

[TheCRAIGGERS]

Yes, it's called the RIAA Radar.

http://www.riaaradar.com/

Re:RIAA will use this

[nurb432]

Perhaps the CDs they offered were just garbage and not worth taking. Most current 'industry' recordings arent worth the trouble to take home and use as a coaster.

Besides would YOU take something from the devil ( or the coyote if you are a bird ) if he had it laying out on a table with a sign that said 'free'?

Re:RIAA will use this

[webmaster404]

First, most indy bands are rather unheard of, Pink Floyd has been around for a very long time, most people know Pink Floyd while fewer people know most indy bands, that's why most of them are indy. I am not saying that people don't download RIAA music, its a fact, however it seems that with any loss the RIAA receives it isn't because of bad music but pirates.

In the age of records and tapes, most people didn't know about most indy bands, the internet has changed that. It used to be that the only way to go from the garage to people in other towns recognizing you was to get signed by a record company. While indy bands have been around for ages, it is only in the recent years of the internet and high-bandwidth connections that the record company is no longer needed to get them noticed. If P2P and MP3 didn't exist today, then I think that many bands wouldn't be noticed. There are only so many radio stations and they can only play so many songs without the internet today, there would be much less money to be made.

What I mean by winning is that the RIAA realizes that they can't go suing people with little evidence with assumptions of them sharing music. Not to mention the absurd amount of money they charge $1,000 per song and up!?! It also would mean copyright reform, where fair use is protected in the digital age, no DRM and no software patents. By winning, the RIAA's reign of terror would be over with little hindrance of legal P2P technologies.

Re:RIAA will use this

Wait a second, EMI was giving away CD's??! Something sounds fishy there... I wouldn't take one either! Probably infected with DRM.

Re:RIAA will use this

[adona1]

Unfortunately, it also includes albums released on small independant labels that are distributed by the bigger labels. It's a good guide, but sometimes a little misleading.

Re:RIAA will use this

If these bands are so big that they're taking this share of the RIAA label sales away than your point is moot. Hell, take a lesser known band. Put them up against Grand Funk Railroad. They're still in print.
 
Fair use is already protected. Sadly, fair use is often misrepresented around here.
 
DRM has nothing to do with copyright. Don't like it? don't buy it.
 
Patents are not copyright. Don't confuse the issue.
 
And if people were putting P2P to better legal use there would be no need for the RIAA to attack. Please stop acting naive. It's really an insult to both of us.
 
-east

Re:RIAA will use this

I don't see how Pink Floyd's music not being free benefits the useful arts. Yes, I'm a huge fan of Pink Floyd and The Constitution.

Re:RIAA will use this

[You're+All+Wrong]

How can you say that the RIAA are not a monopoly?

RIAA members create, manufacture and/or distribute approximately 90% of all legitimate sound recordings produced and sold in the United States.

If that's a not a monopoly, what is?

Re:RIAA will use this

[Fuzzypig]

Fantastic! Sorry lads, the indie labels realised years and years ago that to cut it, they have to be honest with the CD buyers, else they will go down. So honest niche music labels get off their arses and get to the clubs, listen on the grapevines. Then they know that what they are promoting will sell, 'cos they have already spoken to the fans in said clubs and bars. They are not a bunch of MBA, suit wearing posuers who know that just 'cos a bunch of target group 9 years olds like some old pap that played to them, then 50 million bored housewives will buy it in TESCO/Wal-Mart on a Saturday weekly shop!

Re:RIAA will use this

Unfortunately, the article doesn't indicate whether the kids declined the offer because of philosophical reasons (RIAA, etc) or if they just didn't like the format (CD media, as opposed to digital).

-M

Re:RIAA will use this

[east+coast]

The RIAA itself does not manufacture or distribute any of these recordings. The RIAA is an advocacy group. The do not control the product, they do not decide what does and does not get published. Even on their sponsor labels they have no control of what gets produced. How can you be a monopoly if you don't control anything?

If Sony wanted to put out an album of a homeless guy banging on an empty garbage can and screaming obscenities there's is nothing the RIAA can do to stop it. (See Yoko Ono for reference)

If Island Records decides that it wants to make Anthrax's Persistence of Time album public domain there is nothing the RIAA can do to stop it.

If Columbia wanted to pull every album they publish off the shelves and take it all out of print there is nothing the RIAA can do to stop it.

Some monopoly. They have zero control.

Re:RIAA will use this

[east+coast]

And don't think that only big labels are members of the RIAA. 'Giant' labels such as Taang!, Equal Vision and Wrong Records are RIAA members.

Re:RIAA will use this

[pxlmusic]

maybe they should have legal ways to do what they do...

It's curious...

Odd how this completely inconsequential defacement is news here, but the compromise of the Pirate Bay, with loss of extensive user information, wasn't...

Opportunity

[SonicTheDeadFrog]

Isn't this kinda like going to the RIAA's headquarters and spray painting profanity on it?

Not that I don't get a good chuckle out of petty vandalism, but I'd rather people beat them at their own game.

But if they're going to go the vandalism route, couldn't they at least have done something clever like insert a redirect for IP's outside of the RIAA's own range that sent visitors to thepiratebay.org?

Now fhat they can be used for good ...

[waterford0069]

... like taking down the pro-coal lobby's propaganda sites. E.g.,
        http://www.coalamericasenergyfuture.com/

Re:Now fhat they can be used for good ...

I found that site informative, and have urged my congressman & senators to encourage more coal use. I have just received a reply from all 3 of them, and they agree 100%.

Thanks for the info!

You would think that

[rolfc]

they were using copyprotection on their site.

Re:You would think that

[Pingmaster]

And we ALL know how effective their copy protection schemes are...

Re:You would think that

[fahrbot-bot]

Ironically, their material is copyrighted and stored in a public folder. Their intent to share and distribute is clear. Removing the material is the only way to prevent theft...

Or is it?

[mach1980]

Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

RIAA may now turn their media machine to connect evil hackers with the pirate bay and try to put them in the same corner as child molesters and nazis.

Re:Or is it?

[zifn4b]

You are giving the RIAA too much credit. If they were that smart they would realize that copy protection and DRM is an exercise in futility and that their own existence is pointless.

Re:Or is it?

[oojimaflib]

Do we assign this to malice or stupidity?

Given the RIAA's highly sensible business practices, I think their stupidity is the only sensible assumption in this matter.

Re:Or is it?

[ScentCone]

Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

OK, I won't rule that out. Also, you should not rule out that all of the people who are ripping off movies are possibly - on purpose - doing it in a very easy-to-track way so that they'll get caught appearing to be too cheap to use netflix even though all they're really trying to do is get a day in court to show that information, especially the kind that stars their favorite actors, wants to be free, to them personally, like beer ought to be, dude. Fight the power, man!

You know what? I think this was just some idiot script kiddies. If your tinfoil hat scenario were true, they'd have hacked the content in a way that specifically made the I-want-all-of-my-entertainment-for-free crowd actually say that.

Re:Or is it?

[repapetilto]

come on at least say ignorant rather than stupid, they mean two different things

How did they get in?

I'm Impressed that the attackers had to go as far as SQL injection. Last time it was through robots.txt, so this time I was expecting like URL hacking. Perhaps Riaa.org/../../../../ or something like that.

Or maybe one of the RIAA execs playing a Sony CD.

Reddit in-joke time

[91degrees]

But what does this have to do with Ron Paul?

What should have been hosted

[IndustrialComplex]

If you are going to break into a website, then you need some sort of plan for when/if you succeed.

How about a statement like this:

"The protections applied to this website were more robust than the Digital Rights Management that is applied to CDs DVDs and other forms of digital media. Yet even that didn't stop a determined individual. If this website were a CD, it would be leaked all over the internet, and once cracked, DRM simply becomes an impediment to the legitimate users."

At least they could have tried to make it relevant. However, it is quite possible that they didn't have all that much time or total access to the site. (though if you can erase something, I'm pretty sure that is as close to total access as you need) I'm not too familiar with databases and websites so I don't know how far they could go with it.

Re:What should have been hosted

[PitaBred]

I dunno... I've seen moronically configured FTP sites that will allow erase, but not write or create. Could be the case here... I wouldn't put much past them.

Re:What should have been hosted

[ruiner13]

They should have put up songs to download on there. That way, when they try to sue someone for "stealing", a good lawyer could draw a parallel to their client's machine being compromised to serve up music the same way their own site was. If a judge could just easily see how easy it is for someone to be falsely accused or even set up, it may make a difference, instead of just believing what the **AAs say.

This gives reddit a bad name

[maynard]

I like the site a bunch, so I say this with a twinge of reluctance. And I certainly don't like the RIAA. But that kind of behavior is plain criminal. Doesn't matter who owns the computer, it is private property and deserves respect as such.

Re:This gives reddit a bad name

[webmaster404]

Reddit only reported it, much as how Slashdot would have reported it. No where in the story does it say that Reddit hacked it, no more so then if FOX or CNN reports a murder did they murder that person.

Re:This gives reddit a bad name

[maynard]

But the community joined in on the hack with gusto. The comments are worth a read too.

Re:This gives reddit a bad name

C'mon man - it's not like they hacked in to COPY the site, god dammit.

Re:This gives reddit a bad name

[Pulzar]

Reddit only reported it, much as how Slashdot would have reported it. No where in the story does it say that Reddit hacked it, no more so then if FOX or CNN reports a murder did they murder that person.

How's that the same? Reddit didn't report that the site was hacked, they reported that it can be hacked and how, and then somebody hacked it.

Re:This gives reddit a bad name

[migloo]

it is private property and deserves respect as such
On the other hand, if you park your private property across my backyard, I should feel free to dump my shit on it.

Re:This gives reddit a bad name

[wroshyyr]

I've seen a few of these "please don't hack the riaa site" posts. If a similar flaw would be found with the pirate bay's website I'm sure these same "hackers" would also go out and exploit it. Boys will be boys.

Re:This gives reddit a bad name

It was somewhat worse than that; there was at least one reddit story whose link was a tinyURL-obfuscated SQL injection attack against the site. That one didn't actually do any direct damage -- it just ran a mySQL benchmark() -- but it's probably fair to say at a minimum that redditors were using the site to mount a DDoS on the RIAA's site.

Re:This gives reddit a bad name

[Rahga]

Can you co-opt the police and feds to conduct raids of private property on your behalf? No? The RIAA can and regularly does, confiscating anything that could conceivably be used to produce and distribute music, including vehicles and computers. It doesn't even matter if an organization, such as authorized mixtape producers, are acting within the law... their property is confiscated first and questions are asked later, usually past the point where a business can survive.

The RIAA are among the least of those who deserve to have their property rights defended.

Re:This gives reddit a bad name

[acedotcom]

seriously though, those assholes had it coming

Re:This gives reddit a bad name

[neoform]

If I post a bug report on a vulnerability in some piece of software, am I doing something wrong?

It is not my obligation to report it to the people who made the vulnerable software.

Your mentality is that of the DMCA.

Re:This gives reddit a bad name

[RHSC]

No matter how many times the RIAA repeats its mantra, making any form of information available is not a crime

Re:This gives reddit a bad name

[um_atrain]

That comparison does not hold. Most people should hopefully be smart enough to kill somebody if they wanted to, though they would probably need instructions to hack the site.

It is like FOX or CNN reporting about a murder, and afterwards discussing easy ways to kill people without being caught.

As for the community: Of course their gonna join in. Free revenge, click here! Who's not going to go for that!?

Re:This gives reddit a bad name

[maynard]

> If I post a bug report on a vulnerability in some piece of software, am I doing something wrong?

How about if you use that bug by submitting a link to the exploit, and in the submission title promote the use of that hack? How about if then a large segment of that community joins in? And by that action they collectively takes down a privately owned server and cause damages? Who is responsible then? Nobody?

Re:This gives reddit a bad name

If I post a bug report on a vulnerability in some piece of software, am I doing something wrong?

It depends on your motives. See, when it comes to ethics, motive is very important. It's clear that these people wanted to see the RIAA hacked and aided that cause. That's not ethical. It might even be illegal. And it was definitely very funny.

Re:This gives reddit a bad name

Actually, it hit the front page as "This link runs a slooow SQL query on the RIAA's server. Don't click it; that would be wrong." The link used SQL injection to run about a million pointless hash computations. Hardly "just reporting".

Re:This gives reddit a bad name

[neoform]

Only when malice is involved.

God Movie?

[AndGodSed]

Is that the one called "The God that wasn't there?"

If so, I can rest easy... its way full of holes. We actually discussed that one on http://godgab.org/

Good chat, that.

Re:God Movie?

[AndGodSed]

I know, bad form and all...

I checked and it was that movie, and just for interest sake here is the link to the full thread where we discussed the movie:

http://www.godgab.org/viewtopic.php?t=1712

sorry, too lazy to html...

Re:God Movie?

[eclectic4]

"Way full of holes"? Really? I read the entire thread of "discussion" that you pointed to, and found very little in the way of actual discussion. Did you provide the right link?

Also, here are some FAQs with replies to some questions about the movie.

Re:God Movie?

[AndGodSed]

Yeah I also re-read the discussion after I posted and thought "well genius, you just set yourself up..."

I still think that The God that Wasn't There is not a good critique of Christianity. Did you follow the other link I provided in the thread?

Wait, here it is:

http://www.answeringinfidels.com/index.php?option=content&task=view&id=87

I will follow your link after posting and see what they say.

Maybe the RIAA's New Plan Caused It

[briggsb]

Maybe it was people protesting the RIAA's plan to put RFID chips on CDs to combat piracy that caused the attack.

Re:Maybe the RIAA's New Plan Caused It

I'm pretty sure thats a joke, dude.

Re:Maybe the RIAA's New Plan Caused It

RIAA has it here on their website

Pics or GTFO

[sayfawa]

Anybody got a screen capture?

Re:Pics or GTFO

[Is0m0rph]

http://img301.imageshack.us/img301/724/riaaaask8.jpg

Re:Pics or GTFO

[nizo]

Soon after hackers were making merry, turning the site into a blank slate....

Here is the screen capture:

wow

[kellyb9]

So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

Re:wow

[Osurak]

So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

Ninjas.

Re:wow

Do not insult Ninjas if you value your life. It was clearly the corporate Robots running the site. Enemy of both Pirates and Ninjas.

Re:wow

[budgenator]

Muhahahaha, we planted exploding dye pellets in the web site, now the attackers are marked!

Re:wow

[maxwell+demon]

Well, at least those robots cannot have been from the Sirius Cybernetics Corporation. The RIAA wouldn't ever buy from a company with the motto "share and enjoy!"

Well-It's all relative.

"Four words: They had it coming."

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming". What's that? Society says it's not OK? So's copyright infringement and that's not stopping anyone. Why should this be any different?

Re:Well-It's all relative.

[morgan_greywolf]

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming" That's why we call it 'the scales of justice'. The difference is is that would be unequal justice.

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Re:Well-It's all relative.

[sponglish]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Yeah, well... You're not from Chicago.

They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. That's the Chicago way... Now do you want to do that? Are you ready to do that? I'm offering you a deal. Do you want this deal?

Re:Well-It's all relative.

[hoggoth]

> If someone pulls a knife on you, do you pull out your grenade launcher?

Ummm... yes.

If someone escalates to lethal force with me, I will respond with lethal force and it will be very important to *win*. Therefore, yes, I will respond to a knife with a grenade launcher.

Hell, I say nuke them from orbit.

Re:Well-It's all relative.

[soarkalm]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Once the knife comes out, you basically have to assume life and death. In this case, you make your opponent take up the unwise position of bringing a knife to a gunfight.

Re:Well-It's all relative.

[Captain+Splendid]

If someone pulls a knife on you, do you pull out your grenade launcher?

Sounds like the annual Cheney family reunion to me.

Re:Well-It's all relative.

[derfy]

Hell, I say nuke them from orbit.

It's the only way to be sure.

Re:Well-It's all relative.

[MobileTatsu-NJG]

"Four words: They had it coming."

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? Because... ruining people's lives with lawsuits isn't equivalent to murder?

Re:Well-It's all relative.

[Firethorn]

Cheney's a classic case of the wrong load for the job, or why birdshot in a self defense case is stupid.

Somebody pulls a knife on me, I'm pulling a gun, and not because I generally don't carry a knife.

Note to all Muggers, Burglars, Robbers out there: Birdshot is a GREAT round for your needs! Pick the highest gauge possible - #20 is much better than #12.

Re:Well-It's all relative.

[Mercano]

If someone pulls a knife on you, do you pull out your grenade launcher?

No, that's just not a good idea. I mean, if someone is coming at you with a knife, he's probably at very close range, so if you tried using a grenade launcher, you'd probably taking yourself out with him. (The range for splash damage is probably understated in most video games.) A shotgun or a submachinegun would be a far better choice.

Re:Well-It's all relative.

[smittyoneeach]

Hell, I say nuke them from orbit.

Weapons in space are a big no-no:
http://en.wikipedia.org/wiki/Outer_Space_Treaty

Re:Well-It's all relative.

[budgenator]

the kill radius is 5M for a 50% probability of kill with 40mm grenades, but that doesn't mean that getting hit by shrapnel when your 50M away is impossible or wouldn't hurt like hell if it didn't kill you outright.

Re:Well-It's all relative.

[CastrTroy]

Well, the punishment always has to be worse than what someone did, otherwise they may just keep on doing it. If someone steals $500, you can't just fine them $500. Because then they would just run around stealing $500 from everybody, and keeping the profit from those which they weren't caught from. No, you make the punishment $10,000 fine, or a month in jail (where they can't work so they lose money) so that it's too much risk for most people to do it

Re:Well-It's all relative.

captcha: disarms

I don't know--what are they punching me in the face with, their fist or knuckle dusters? Is it the jaw, or near the orbital bone where I'll have to risk blindness/disability the rest of my life if they don't stop immediately? Maybe the temple and risk of hemorrhaging to death? Fists can be deadly too...

If a launcher is all I have, I recall if I am in a confined space that would increase the risk to others. I check to see if there are others nearby who might be injured. I look to see if it might bounce somewhere dangerous or that would throw shrapnel in an unduly dangerous manner. If the risk is acceptable--I frag them. They chose to utilize a tool whose nominal purpose in this situation is to terminate my existence. The fact that I have something more lethal is irrelevant after they made that decision.

Some states say I should run first, or back away, or ask three times to stop...and I guess in that situation one must act appropriately. But it doesn't change the reality.

Re:Well-It's all relative.

[CompMD]

"If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?"

You've obviously never seen the cinematic masterpiece that is "Deathwish 3."

Re:Well-It's all relative.

[PitaBred]

That treaty hasn't stopped us here in the grand US of A from researching the things.

Re:Well-It's all relative.

[smittyoneeach]

Right on. The hint that the US is capable of doing something is as important as the doing itself, and possibly a better deterrent.

Re:Well-It's all relative.

[admdrew]

If someone escalates to lethal force with me...

Just remember:

Someone ever tries to kill you, you try to kill 'em right back.

Re:Well-It's all relative.

[admdrew]

Well, sometimes it can be useful to rocket jump away from your knife-wielding assailant, so a rocket launcher would work well in those situations.

Re:Well-It's all relative.

[UnknownSoldier]

> If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Why stoop down to their level?

Violence only begets more violence.

Being agressive back is not the ONLY way of defending yourself.

Re:Well-It's all relative.

[funkatron]

If someone pulls a knife on you, do you pull out your grenade launcher?

If someone is within knifing distance taking them out with a grenade is probably not a great idea.

Re:Well-It's all relative.

[russotto]

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming".

Remember the Eleventh Commandment.

These are people who would have many of us raped in prison for defying the laws they bought, if they thought it would serve as an example to others. I find it hard to work up any moral outrage at anything you might to do them.

Re:Well-It's all relative.

[DavidShor]

$10,000?

That's not justice either. You want to make penalty so that the total benefit from stealing is 0, not negative. So let n be the pentalty, and p be the probability of being caught. You want the payoff from theft, 500-p*n=0, n=500/p. At a 30% chance of getting caught, that makes the penalty $1200.

Re:Well-It's all relative.

[BattleApple]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

it worked for Indiana Jones

Re:Well-It's all relative.

[Stealth+Potato]

You're joking, right? If somebody on the street attacks me with a knife, the only thing non-violence is going to beget is me being dead. Fuck that. Running isn't always an option. If I don't feel I can make good my escape while ensuring my safety and the safety of those around me, I will respond with whatever force I have available that will be necessary and sufficient to decisively end the threat. Usually, this will be 9 rounds of .45ACP.

I don't consider this "stooping" to any level, and if anything, a street criminal being gunned down by one of his victims will beget less violence, as other lowlifes begin to understand that the next person they try to rob or rape might just be their last.

Re:Well-It's all relative.

[IdeaMan]

I had a co-worker that was in Naam, and he related to me how he would play with GL's. He said he would shoot at telephone poles within 20 feet of him, and you would be able to see the nice little ring of spikes in the pole. I believe the modeling of grenade launchers is highly inaccurate.

Re:Well-It's all relative.

[Jeian]

Yeah, well, that's what the GDI thought too. :|

Re:Well-It's all relative.

[ozbird]

They pull a knife, you pull a gun.

That's not a knife; this is a knife.

Re:Well-It's all relative.

[budgenator]

That sounds like a flechette round shot from the grenade launcher more like a standard shot gun shell rather than the HEDP, High Explosive Dual Purpose, grenade.

Re:Well-It's all relative.

[teh+moges]

In a perfect world, you also need to factor in the costs of the police to track down and arrest the person, the prosecutor to convict the person and the prison to hold the person in the case they don't pay their fine. Complete justice would involve the cost to society being 0, not the criminal.

Over-fining is much better then working this out. Especially if you don't know the correct percentage that the person will be caught.

Re:Well-It's all relative.

[fireforadrymouth]

no one said anything about surviving

Re:Well-It's all relative.

[Architect_sasyr]

The way of the leaf is not for everyone, but to those who choose to accept it...

Personally, I currently have a court case and around 8 or 9 knife cuts on my arms from an incident similar to this recently. I didn't stoop to his level, he decided to throw a few punches before I struck back, and when he realised he couldn't defeat me he pulled the weapon.

Re:Well-It's all relative.

[DavidShor]

"In a perfect world, you also need to factor in the costs of the police to track down and arrest the person, the prosecutor to convict the person and the prison to hold the person in the case they don't pay their fine. Complete justice would involve the cost to society being 0, not the criminal'

Not really, those things need to be funded anyway in order to make the threat credible. The lawyers and prosecutors would be paid anyway, though I suppose you could factor in danger pay.

"Over-fining is much better then working this out. Especially if you don't know the correct percentage that the person will be caught."

How? It's a bit complicated for a back of the envelope calculation, but it wouldn't take an applied mathematician more then a day or two. And considering the costs of over-fining, the investment would be worth it. And if you look at crime data, it is extremely stable. We can estimate the probability of getting caught pretty well.

From a purely economic point of view, money taken from fines are just as damaging to society as money stolen. Once you take this to account, and assume a Pareto income distribution(and assume that people commit a crime when the expected value of the crime is above their wage rare), it's surprisingly easy to find a fine that minimizes the total amount of money stolen(by criminals or government).

It's x/p-c/p, where c depends on income inequality. So actually, an optimal fine would be less than what I naively calculated earlier.

Re:Well-It's all relative.

[hobo+sapiens]

Even if the RIAA weren't about what they are about, they'd still deserve it. Let's say the RIAA was all about giving out fluffy bunnies to children with Leukemia. If they chose to put a site on the hostile environment that are "teh intarwebs" which contained SQL injection vulnerabilities, they had it coming. Seriously. An SQL injection has to be the most well documented and easiest to use vulnerability of all time. It is also one of the easiest to fix, and if a site is vulnerable that raises *serious* doubts about the competence of the developer. And if something is easy to crack, then you have to assume it will be. Especially if you are the RIAA and have a massive bullseye mounted on your back.

The funniest part of it all is that I'd imagine that with an SQL injection-type attack it is really hard to prove malicious intent. So if they caught the people who did this and they walked because their lawyers were somehow able to cast doubt on malicious intentions, that would just be poetic justice for the RIAA (sir, I was just trying to create the userID ";truncate table users;"). Heck, XKCD just about says it all!

Re:Well-It's all relative.

[Lunarsight]

Hell, I say nuke them from orbit.

It's the only way to be sure. It wouldn't work. The RIAA is run by cockroaches, and it's been established that cockroaches can survive a nuclear blaat.

What we NEED is a giant can of RAID.

Re:Well-It's all relative.

[CastrTroy]

The hard part is determining the proper fine to fit the crime, if you try to factor in the probability of being caught, then that doesn't do much to stop the smarter than average crimnal. There's a lot of dumb criminals. So if you for instance, say that 20% of people get caught stealing, but then somebody sets up an organized crime unit, in which they only get caught 10% of the time, and only the lower members of the crime unit get caught, then the big kingpin has found an easy way to make money.

Re:Well-It's all relative.

[CSMatt]

A shotgun or a submachinegun would be a far better choice. Or you could just meelee the guy with the grenade launcher. Who says you have to actually launch grenades?

Re:Well-It's all relative.

[lordSaurontheGreat]

Godmode?

Re:Well-It's all relative.

[brassman]

"Because... ruining people's lives with lawsuits isn't equivalent to murder?"

I'd say it's close enough to make this an interesting topic of debate.

Re:Well-It's all relative.

[stridebird]

They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. That's the Chicago way... Now do you want to do that? Are you ready to do that? I'm offering you a deal. Do you want this deal?

no. stop watching television.

Re:Well-It's all relative.

[billcopc]

No no no, you've got it all wrong.

If someone punches me in the face, not only do I smash my beer glass into their eyes, but I follow that up by fucking either their wife/gf/mother, whichever one's hottest.

If someone pulls a knife on me, I run them partway through a wood chipper, but spare everything above the waist, then drag their torso halfway across the country, towed behind my car over gravel roads. Then I fuck their mother. To death.

Oh ya, don't mess with the French! :)

Re:Well-It's all relative.

[LingNoi]

That would be criminal whereas copyright infringement is not.

Re:Well-It's all relative.

[Ghaan]

And even then...

If it moves, shoot it. If it doesn't move, shoot it once more.

Re:Well-It's all relative.

[MSZ]

Shooting grenade launcher at knife fighting distance... not a best idea.

(see? Quake taught me some useful knowledge ;-))

Re:Well-It's all relative.

[Gandalf_Greyhame]

"The way of the leaf" - damn, it has been too long since I last read the Wheel of Time. You have just given me something to do for the next couple of months (man it is a long series)

Re:Well-It's all relative.

[You're+All+Wrong]

I hear that The Pirate Bay have an absolutely enormous quantity of RAID. Hoorah for them.

Re:Well-It's all relative.

[hey!]

Really, Chicago has only one way?

Now Boston is a city neighborhoods. The Beacon Hill Way is to have the footman give the rascal a jolly thrashing, while you sail from Bar Harbor to Edgartown and calculate your trust fund income. The South Boston way is to let to have henchmen with names like "Steven the Rifleman Flemmi", and let would be assailants draw their own conclusions about the advisability of messing with you. Nobody know anything about the Charlestown way because while bodies do show up regularly, nobody saw nuthin' and if they did don't keep their mouths shut nobody will see nuthin' if they were to accidentally, say, throw the back of their head into the path of an oncoming bullet.

Re:Well-It's all relative.

[ultranova]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back.

If someone punches me in the face, they propably cause a significant amount of damage and a sense of detachment due to my brains getting rattled around inside my skull. This state isn't exactly conductive for calm, rational judgement of appropriate response, but rather an instinctive self-protective one. In other words, if someone punches me in the face, and I happen to be holding a crowbar for whatever reason, I most likely will beat them to death with it.

You can't act like a ruffian and expect to be treated like a lady.

No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

If someone pulls a knife on me, he's propably standing right next to me, so throwing a grenade at him might not be such a good idea regardless of any consideration of ethics.

Re:Well-It's all relative.

[Fjandr]

Assuming you hit them, it should actually work out just fine. Grenade launchers need a long enough flight path to arm, otherwise they don't explode. At knife-fight distance, the impact will kill them (hopefully) and the grenade will not have enough time to arm (so no explosion).

Re:Well-It's all relative.

[DavidShor]

"but then somebody sets up an organized crime unit, in which they only get caught 10% of the time, and only the lower members of the crime unit get caught, then the big kingpin has found an easy way to make money."

So how exactly would you set fines?

Re:Well-It's all relative.

[UnknownSoldier]

Why aren't you being more aware of your surroundings in the first place?

Obligatory Nelson quote

[ndtechnologies]

"HA HA!"

Slashdotting

[megazork]

The OP should have posted a link to RIAA.org so that it could have been slashdotted. =)

Re:Slashdotting

[mmalove]

...

Wait, can't we just do that anyways?

If everyone on slashdot accessed RIAA.org at the same time every morning, we could just permajam their website. DOS, but kinda legal, since you can't sue an individual for loading your website once a day.

Sigh - then again, the formula "if everyone did X" results in a lot of miracles that will never actually happen.

Re:Slashdotting

[shark72]

"If everyone on slashdot accessed RIAA.org at the same time every morning, we could just permajam their website. DOS, but kinda legal, since you can't sue an individual for loading your website once a day."

Some people had that idea about six or eight years ago, IIRC. I think the first few DDOSes worked, but then the RIAA put the necessary stuff in place to help prevent it. If the RIAA site could be DDOSed, the script kiddies would be doing it 24/7.

I won't argue with you whether DDOSing the RIAA is a good use of your time. But, jumping on your "if everybody..." idea, why not work to be the pirate that you would like the media to see, and not the pirate that the RIAA is painting you as? Here are some ideas:

• You probably agree that artists aren't paid enough. Start a label and pay the artists 50% or more of the sale price. Surely some smart Slashdotters can figure out how to do this.
• If, on the other hand, you're in the crowd that decries the "millionaire artists," start a record label with a model that pays the artists little or nothing (so they will be in it for the art, not the money), and donate all of your profits to a worthy cause like the EFF.
• It's common knowledge among Slashdotters that artists don't need record labels any more because it's trivial to record, mix, produce and promote music. Since many artists don't have the time and skill to do all of these things, why not donate your time? Build a studio in your home and offer it for free to any non-RIAA artist or band. Offer your mixing or producing skills. Donate some of your time to set up and run a website for an artist. If we leave these tasks in the hands of the record labels -- who insist on a profit motive -- they will keep charging money for music. If all of these tasks are taken up by Slashdotters who aren't in it for the money, music can be truly free.
• Write a letter or send an email to your favorite band urging them to get out of their label's contract. Tell them you can help them find free resources for recording their music and help them set up a PayPal donation page if they like, then help them distribute their music via BitTorrent. Tell them about labels like Magnatune, and services like CDBaby.

There's a lot of talk about how the money-centric music business is based on greed, and not quality product. We can solve the problem by DDOSing the RIAA web site (as you have suggested), or we can step up and do things differently. The choice is up to us, and it starts with you.

Torrentfreak has the screenshots.

[Spy+der+Mann]

http://torrentfreak.com/riaa-website-hacked-080120/

From the screenshots:

Who we are.
It appears that the article you requested has been temporarily removed.

Press releases and Statements
ThePirateBay.org - Get free music and movies!

Error
The page at http://riaa.com/ says:
RIAA sucks ... XSS ftw?

If you want my opinion, it was an inside job. The RIAA got so jealous over they content that they decided to delete it than share it :P

Slashdot will use this

"We have found legal ways. Its called not buying albums or buying into DRM. However, the RIAA thinks that it is always P2P networks that are to blame for every loss that they suffer"

Right. Just the ten or so downloads a month from this site

Sigh.... missed opportunity

[Maxo-Texas]

First... I agree that shutting someone else up is not a great way to have a conversation...

But if you are going to do something like this, then have a little panache.

For example, you could upload a few Mp3's with links to download them from the site.

Or upload some key quotes "Copyright should be good for forever less one day".

Or upload Jefferson's statements on copyright.

ah well...

I would prefer

that someone report them for using unlicensed software.

Re:I would prefer

[Sesticulus]

Now that would be funny; BSA vs. RIAA death match.

Two overbearing industry organizations enter, one overbearing industry organizations leaves!

RIAA Site

[Velcroman98]

How about some screenshots?

Re:RIAA Site

[black2d]

Pictures are at http://torrentfreak.com/riaa-website-hacked-080120/

Re:RIAA Site

[chubs730]

here's one they posted on reddit: http://img301.imageshack.us/img301/724/riaaaask8.jpg

This is not good

Attacking their website will only aid them in public opinion. This gives credit to their argument that people who oppose them are criminals.

Re:This is not good

[syd02]

I agree. I watch way too much C-SPAN to think that this is good news.

Re:This is not good

[RealGrouchy]

OTOH, it also gives credit to the argument that they're incompetent.

- RG>

retribution

[Grampaw+Willie]

you people are just a band of scoff-laws

Re:Why didn't they wipe the database of names?

[sglewis100]

Because that list wouldn't be stored on that server.

Screenshots of the Hack

[Velcroman98]

I slapped as many of the screenshots I could find together. I'll try to update. Either way, here's the hack...

Velcroman98.googlepages.com/riaa/

Re:Screenshots of the Hack

[emurphy42]

Fixed link

Oops...

[Hanners1979]

Looks like someone was using the RIAA web server's CD-ROM drive to listen to their Sony album collection again...

All I have to say is....

[Kildjean]

Hackers: 1
RIAA: 0

Goooooooooooooooooooooooooo!! Hackers!!!!!!!!

Re:All I have to say is....

[ScentCone]

Goooooooooooooooooooooooooo!! Hackers!!!!!!!!

Yeah, man! Now everyone, including legislators, will definitely see that the people who want free music and movies aren't punk-ass vandals! This will definitely result in a thoughtful reconsideration of copyright law in congress, and will certainly make musicians and filmakers want to give more stuff away. Goooo hackers.

Don't click this

http://riaa.com/goldandplatinumdata.php?table=tblDiamond&resultpage=1&action=%22%3E%3Ch1%3ERIAA%20SUCKS%20COCK%3C/h1%3E%22

Ojectivity

[firesyde424]

For whatever reason, as much as I try, I can't bring myself to feel sorry for the RIAA. They stand between me and the reasonable use of content that I purchase with my hard earned cash. If I purchase an MP3, I expect to be able to listen to that MP3 anywhere that I listen to music. But thats not the case. While I can listen to it on my computer, I can't lug my desktop out to my car with me. So I must use my mp3 player. Except, my mp3 player is a 6 year old creative jukebox. Not compatible with any modern DRM scheme. I must then spend MORE money on a newer mp3 player or risk legal implications by stripping the DRM away from the mp3. That's like buying an orange at the grocery store and being told that I can't use my fingers to peel it because my fingers aren't "compatible" with the skin of the orange. Instead, I must buy a knife to legally peel the skin from the orange. But I can't just buy any knife. I hafta buy an "iKnife." As a consumer, I feel no sympathy for the RIAA.

Whether by ignorance or lack of attention to detail, the RIAA left a security hole big enough to drive a truck through. Someone figured out where the hole was and then posted instructions on how to drive the truck. It was only a matter of time before someone jumped into the drivers seat. While my understanding of SQL isn't exactly at a mastery level, it seems to me that this exploit could have been easily avoided. So, as a system admin, I again feel no sympathy.

Having said that, this is/was illegal. Those who helped deface the RIAA website have done nothing more than stoop to the level that the RIAA has made its home in for some time now. The RIAA is not averse to using tricks, legal games, and outright dishonesty in pushing its agenda. How is hacking their website any better?

There are better and more legal ways to fight the greed that the RIAA represents. All hacking their website does is add another dimension to an already complicated problem. Way to go guys.

Just because you can, doesn't mean you should.

Re:Ojectivity

[shark72]

Being an early adopter is a pain, isn't it? I have plenty of six-year-old gear of my own that was cutting edge in its time, but is worthless now. As for your Nomad, MP3 players have come really far in the past six years and I think you'll be impressed with the latest models.

From a practical standpoint, you don't need to worry about the legal implications of stripping the DRM from the audio files you've purchased, if you're doing it purely for personal use. So many people try to reinterpret "putting the files in my share directory" as personal use, so this gets muddy, but if it's just so you can load them onto your ancient and creaky MP3 player, then you need not worry -- no matter how much sabre-rattling the RIAA might try.

I can understand that you do not have sympathy for the RIAA's web site being hacked because you have to take some extra steps to make the music you buy work on your first-gen MP3 player. But, keep in mind that this battle is already won -- a few of the labels have started selling music in DRM-free MP3 format, and the rest will likely follow shortly. If this is one of the rationales behind the hacking, it's a bit misguided.

Re:Ojectivity

[geminidomino]

As for your Nomad, MP3 players have come really far in the past six years and I think you'll be impressed with the latest models.

Not sure I agree there... They've gotten smaller and support more myriad forms of DRM. Other than that, I still can't find anything that an iPod, Zune, or Sansa has on my old Neuros II, which is too bad, since it's getting a little long in the tooth, but I can't find anything that makes a suitable replacement.

Re:Ojectivity

[firesyde424]

It's not the old technology that matters. My nomad is cranky and intolerant of any kind of movement. Technology ages like milk. If you keep it too long, it will eventually go sour on you.

My beef is with the lack of choice. For instance, if I want to play music downloaded from iTunes in my car, I have to either purchase an iPod or pay extra for iTunes "Plus." I am one of the 4 people in America who don't like standard iPods. I've never liked apple's sense of style or design. Simple as that. I do, however, like the iTunes Store. While the price might be just a tad high, they have a great selection and purchasing music is fairly easy to do and manage.

I am not sure how much of the proprietary game is related to the RIAA. After all, it's not like this is a new idea.(I'm looking at you, Cisco) But I have a great deal of respect for Steven Jobs, and none for the RIAA. And yes, I'm biased.

Re:Ojectivity

[Bushido+Hacks]

The "iKnife" can actually be used for other things. So now they want you to use something less versatile, such as the "iSpoon" which means you must change your arm service or else you won't be as trendy.

The RIAA attack was more of an exploding van than truck. These guys don't really give a damn.

Nuke them from orbit.

[Chas]

Actually, the only way to be "sure" is to nuke them in person.

Otherwise there's always the real possibility that they were able to take cover.

Re:Nuke them from orbit.

[budgenator]

We vote to give you the privilege of pushing the button up close and personal and as a reward, when you get to the promised land, you can download 72 songs from Itunes free of charge.

Re:Nuke them from orbit.

[Fieryphoenix]

But you'll have to finish listening to them within 24 hours.

Re:Nuke them from orbit.

[orgelspieler]

when you get to the promised land, you can download 72 songs from Itunes free of charge.

Yeah, but they can only be from the Virgin label.

Re:Nuke them from orbit.

[jonaskoelker]

the real possibility that they were able to duck and cover.

Fixed ;)

Re:Nuke them from orbit.

[Chas]

Duck and cover merely means your ass gets roasted a few microseconds before the rest of you...

Murder by Fractions

[Dr_Barnowl]

Given that socio-economic status has a strong correlation to both absolute and "healthy" life expectancy, each successful "life-ruining" lawsuit which results in a corresponding drop in socio-economic status could be interpreted as being some fraction of a murder.

I'm sure they have accumulated enough fractions by now to cover the members of the board, and maybe a few tiers of upper management too. Since they are the most compensated, they must be the most responsible, right?

NB. Tongue is firmly in cheek.

Wasted Opportunity

[hyades1]

Others have noted that a splendid opportunity to do something really insidious to the RIAA site was wasted. It's worse than that. Even a brain-damaged idiot has enough sense to hire somebody to make the site 'way more difficult to hack next time.

So when somebody finds the next vulnerability, allow me to suggest that before they act, they view "The Yes Men vs The WTA". It's funny, it's subversive in the best sense of the word, and it shows what you can accomplish with a little imagination.

When you've got a bunch of asshats like the RIAA bent over a chair with their pants to their knees, letting them go with a warning verges on criminal irresponsibility.

You're doing it wrong...

[Xenographic]

No, the OP should NOT have posted a link to RIAA.org, that could cause it to be Slashdotted. :]

Ya kno' I don't care about 'em anymo'

[crovira]

The RIAA can sue its own ass off. I only support any company which isn't on their client list.

The only way to get them to listen is by NOT listening.

Mullah Omar was right but for all the wrong reasons.

Possible Trojan Injection?

[Jtheletter]

A lot of the posts on this news seem to focus on what could have been done instead of just blanking the site, but do we have any evidence that the wipe was the only thing that occurred? If the person/people who did this really wanted to hurt the RIAA then this would be a good way to get some trojans onto RIAA computers. To be really sneaky they might have even done some research on which IP blocks are most likely assigned to RIAA and member networks and only infect computers coming from those blocks, thus sparing most innocent visitors. Then you've got a direct line into RIAA operations and much more valuable data than whatever is on their web servers. Not that I'm advocating this, merely postulating that there could be more at work than a simple website wipe.

Thieves show their true nature yet again

The peope who whine and complain about the RIAA are the real criminals. They play the victim, but this is yet another example of their true nature. They're thieves and they get what they deserve.

Re:Thieves show their true nature yet again

[Grampaw+Willie]

see: someone nailed ya with a -1 for dis-agreeing with the establishment

in this geek cult doing the right thing has been replaced with "because I can"

well, guess what kids: as William Penn noted: "Those who will not be governed by [conscience] will be ruled by [judges] "
( secular version )

Hell's a commin' and bringin' Big Brother with

you guys have created a real mess with all this pirating, phishing, pharming, spammming, DNS attacking, bot-nets, ad ware, spyware, trojans, RATS, bank robberies, power house shut downs etc. etc

most of it with un-authorized programming

if ever there was a call for a warrant you guys have created it

in spades

enjoy

Re:Thieves show their true nature yet again

[maxwell+demon]

I didn't know that complaining about the RIAA is now a crime.

You seem to take the mistaken view that everyone who complains about the RIAA etc. also does filesharing. Well, I've got news for you: While there's certainly a large intersection of both groups, they are not identical. I for one am very pissed by the current developments of copyright legislation, DRM etc. But I've never in my life started a file sharing program. Neither to download, nor to upload.

That doesn't mean I buy lots of CDs or DVDs, though. But then, they still get their share for every data backup I do, because of the fees on the blank CDs/DVDs. Not that those backups contain anything they have the copyright on, mind you.

That took a while.

[dtml-try+MyNick]

I'm actually surprised this happened only just now.

The RIAA must be one of the most hated computer related organizations on the planet.
I'm pretty sure a lot of people have attempted to hack the RIAA in one way or another. I mean c'mon, if you're into the "black-hat" thing and you're looking for a new target wouldn't the RIAA be a very obvious and satisfying target?
'I took the RIAA' down!, now that would be one hell of a e-peen enlarger.

Though the method used now was really really sloppy on their side. I can imagine their internal IT team must deal with a lot of attack attempts, so this being the first time, doesn't that make the RIAA pretty much bulletproof?

That being said...

HA! :)

I keep checking whether or not its still up

[bizitch]

I am really worried that http://riaa.org/ is still up - so I load it in my browser and then I keep hitting refresh every second to make sure its still there ;)

Re:Well Anyone remember "Use Netscape..."

[davidsyes]

... "YOOZ Netscape... YOOZ Netscape... YOOZ Netscape... YOOZ Netscape..." from, oh, around 1999?

Well, seems like RIAA could be a scratched record... "They had it coming... They had it coming... They had it coming... They had it coming..."...

LASR Disc (Like A Scratched Record)

Clarification:

[jberryman]

There was some confusion over at Reddit yesterday as to whether the database actually had been wiped or if it was simply overloaded from all the crazy querying. It started when someone posted a link to the riaa site that had an XKCD comic superimposed via a XSS attack. The site was also basically DOSed at some points from all the reddit/digg traffic.

Archive.org

[RAMMS+EIN]

Fortunately for the RIAA, the old content of the site has been archived by the Internet Archive.

Although that poses a rather uncomfortable dilemma for the RIAA: should they thank archive.org for saving their content...or sue them for copyright infringement?

Still vulnerable?

[HappySmileMan]

I'm pretty sure the SQL injection is still there... I amn't getting any SQL errors, but appending "' AND '1'='1" to a certain URL will return the desired result, whereas "' AND '1'='2" doesn't.

The RIAA website is still vulnerable

[angevin]

PHP and Apache are both outdated on their (RIAA) website with both an HTTP Trace method vulnerability and PHP vulnerability : http://osvdb.org/show/osvdb/12184 http://osvdb.org/show/osvdb/877


"Religion is something left over from the infancy of our intelligence, it will fade away as we adopt reason and science as our guidelines." --Bertrand Russell

You bring to mind an interesting point

[Weaselmancer]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself.

The linchpin of the RIAA's lawsuit factory rests on the supposition that an IP address is exactly identical to a person. What the IP address does is legally identical to a person doing it. That's their argument.

So, if their website were to be hacked, wouldn't that exact same rule apply to whatever content was there? Their IP address is legally the same as the person/corporation/entity who owns it, right? That IS their argument, after all.

So why not use that against them in a legal sense?

It would be brilliant. The RIAA lawyers when they were brought into court for whatever happened to be uploaded there would have to make the argument that an IP address DOES NOT equate to the owner of the IP address in order to defend themselves.

They'd have to make our argument for us, and in front of a judge.

You couldn't ask for a better precedent.

Re:You bring to mind an interesting point

In your brilliant plan, I see a tiny flaw. They claim to own any and all content you put there.

Re:You bring to mind an interesting point

[jflin]

You forgot the full joy of the Catch-22: Apply DRM to a signature on it, maybe a public key signature to someone interesting (wide choice here, pick someone with a well-known public key) (Maybe RMS? He'll tilt at the windmill...) Apply the DRM to their original home page Then see how it works if they try to break the DRM, by oh, replacing with the original....

Fooey.

[Weaselmancer]

RIAA will use this to justify further restrictions on P2P software.

So far, the RIAA hasn't shown any signs of restraint whatsoever. I don't think haxx0ring their webpage is suddenly going to spur them on to new heights.

They're already about as depraved as you can get anyways.

Yeah. And...

[Weaselmancer]

...so were the Founding Fathers when they signed the Declaration of Independence. And Martin Luther King when he fought established racism with peaceful civil disobedience. And Gandhi when he fought for civil rights and against discrimination and foreign domination. And Rosa Parks when she sat in the front of the bus.

Being a scofflaw puts you in pretty good company.

NMAP results

[pilsner.urquell]

FTA

The RIAA has restored RIAA.org, although whether it's any more secure than
before remains open to question, TorrentFreak reports.

root@fosters:/home/kevin# nmap -A -v -P0 riaa.org

/* Deleted content */

TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: All zeros
OS and Service detection performed. Please report any incorrect results at
http://insecure.org/
Nmap finished: 1 IP address (1 host up) scanned in 97.560 seconds
Raw packets sent: 3595 (166.500KB) | Rcvd: 1082 (50.154KB)
root@fosters:/home/kevin#

Apparently not

In other news...

The Bush administration will find some way to connect Al-Qaeda to this.

Re:Yeah. And...

[ggvaidya]

Not sure about the others, but Gandhi broke laws he considered unfair, then submitted himself for the punishment for those crimes, informing the court (and press) that as soon as he was let out, he would break the law again. He didn't commit other crimes while trying to further his political position.

I wonder if it's possible for someone to donate most of their wealth to charity, then break copyright law as a protest. What are the penalties in civil court if you cannot afford to pay the damages?

Being a scofflaw puts you in pretty good company.

[Grampaw+Willie]

Being a scofflaw puts you in pretty good company.

It might

But that is rather like claiming "all change is progress"

Do you have a personal guide to doing the right thing? If you don't you will wander through these discussions and only conclude that the Biggest Bear Wins the Fight

If force is all you are able to understand please take your club and go back to your cave

We're all indebted to Gabby Johnson...

[Weaselmancer]

...for clearly stating what needed to be said. Not only was it authentic frontier gibberish, but it expressed a courage little seen in this day and age.

Vigilante Justice

[fugue]

There is a notion that when society has decided that something is wrong, then it should be codified as law and enforced by the government, which, as Eric Raymond says, tries to maintain a monopoly on violence. Vigilante justice is the antithesis of this: an individual who believes that something is wrong and punishes the offender can cause no end of trouble, since for any act at all, someone believes that it is wrong.

The Tyranny of the Majority is a terrible thing, and so there are supposedly checks and balances built into the system. Here in the USA there's something about inalienable rights (free speech, bearing arms (hmm), driving a fucking huge sociopathic SUV, etc). But people are supposed to be punished according to the Law, which reflects the rational consensus of the People.

But what happens when the consensus of the People and the Law have little in common? As has been said earlier in this thread, laws in the USA are bought and often written by corporations, and their motives have nothing to do with the good of society. So the law becomes farther and farther removed from right and wrong.

What's the answer? Well, really, if control can't be wrested from the hands of corporations, revolution will be necessary, but it will of course be very difficult to buy more guns than the US Army (yes, that's right, since Bush declared martial law, the Army is permitted to use deadly force on US soil against US citizens). I hate to use a term like cyber-warfare, but it is not unreasonable to expect that the revolution will initially take the form of crackers vandalising corporate faces. I'd be surprised if this did any good--it's more like a mob throwing rocks at tanks--but I'd be surprised if we didn't see more of it in the coming decades. Pirating music scarcely counts as warfare: it's nice to think that it's depriving the corporations of their lifeblood, but most /.ers know how much evidence there is that that actually works that way.

But yes, things are getting worse and not better, and we should be seriously wondering what can be done to make things better again.

Of course, the only political battle that matters a whit is whether we ward off global warming, deforestation, groundwater toxification, ozone depletion, topsoil degradation, overpopulation, air toxification, ecosystem destruction, and giant mutant carnivorous ducks. I'm not saying that wresting control from the corporations isn't important for that--it is vital and urgent. I'm just saying that where your music comes from doesn't matter worth a damn if we have a planet of perpetual war over diminishing resources. It's already begun, but you ain't seen nothin' yet.