Slashdot Mirror

← Back to Stories (view on slashdot.org)

RIAA Website Hacked

Posted by CmdrTaco on from the maybe-someone-just-typed-rm--rf dept.

gattaca writes "A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday. The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things. The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports."

20 of 247 comments (clear)

  1. Re:Let me be the first to cry by LordEd · · Score: 3, Insightful

    So you're saying that wrecking a database on an informational website that could likely be replaced from backup in less than an hour is the equivalent to the RIAA's normal business practices?

    Well there you go Slashdot, we're even now. No complaining about the RIAA until they do something new.

  2. Re:Why wipe it? by webmaster404 · · Score: 4, Insightful

    Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself. Or how about a plea to stop DRM by saying "it is not working" or at least informing people about the evils of DRM. The possibilities are endless, just blanking a page.... how unprofessional, it did no good to the world the way then the way it could have been done.

    --
    There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
  3. RIAA will use this by BadHaggis · · Score: 5, Insightful
    to justify further restrictions on P2P software. I'm sure they will be able to twist this attack into some type of political message to show that the P2P community is just a bunch of cracking criminals which need to be stopped.

    While I hold little sympathy for RIAA in this matter, I would rather people found different and legal ways to thwart the RIAA's mission.

    --
    Homo homini lupus
    1. Re:RIAA will use this by webmaster404 · · Score: 5, Insightful

      We have found legal ways. Its called not buying albums or buying into DRM. However, the RIAA thinks that it is always P2P networks that are to blame for every loss that they suffer. So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music. The RIAA has no logic, they are used to being a monopoly. Even when we win we lose.

      --
      There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
    2. Re:RIAA will use this by east+coast · · Score: 2, Insightful

      So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music.

      Ok, so you go find a truely indy band and compare the number of hits you get for them versus the number of hits you get for, say, Pink Floyd on eMule. You'll find that at least a good portion of the RIAAs suspicions are well founded. If it were really a matter of so many people turning to P2P to get non-RIAA music than why is it that for years we've seen an RIAA story about every 2 days and 97% of those involve lawsuits? Why is it that tens of thousands have already settled? Let's not be ridiculous about the numbers here. Most of the music available on P2P networks is from RIAA sponsor labels and most of it is still in print.

      The RIAA has no logic, they are used to being a monopoly.

      Uh, since when? Indy has been around for longer than the RIAA. Maybe your politics (or more likely your fear of prosecution) has finally opened your eyes to the "indy" labels/bands but they've been around for a long time and the RIAA is neither a monopoly nor a music producing company. You've had a choice all along. These people bitching about the artists supposedly getting pennies per sale have had the same choice all along too. No one got uptight and self righteous until they found a way to get free music and suddenly started getting busted for it. If P2P and MP3 didn't exist today 99% of the people on here who bitch and moan about the RIAA would still be buying their product because if they want the music they'd have little choice. The only thing that has made this such a hotplate issue for the masses is that the labels can't beat the "free" price tag.

      The vast majority of those involved in this issue have little to do with this pseudo-political awareness squabbling about copyright, fair use and home recording that goes on here and even fewer give a damn about the artists.

      Even when we win we lose.

      Win what? Free music? Someone's got to lose in that case because anytime a product is produced money and/or time is involved someone has to pitch in to see the product come to existance. Otherwise it's just an idea rolling around in someone's head. So feel free to think that downloading music is a "win" situation but unless people put their money where their mouth is and support the artists who's music they take there will be a general decline in music.

      Or if you mean "win" in the case of defacing a website? You know, I kind of cheer these people (website hackers) on in a real shallow way but when you deface a page and just put up slop in it's place I feel really cheap for doing it. In this case these guys had all the tact of hacking the NAACP's website just to throw up pictures of Klan lynchings with a bunch of hate speech written by a 12 year old. They had an opportunity to make a real statement and they blew it. If they get caught I won't feel bad for them as their motive appeared to be little more than to destroy something just to destroy it. These guys aren't doing a peace sit-in for God's sake, they're poking fun at a section of the music industry. Let's try to keep some perspective on their place in all of this.

      When it comes right down to it if the music is crap and not worth the price don't buy it. If you're stealing it you're proving that the labels still have viable product and that they're losing money. The only way to tell the labels that they have a product that isn't worth buying is to boycott it in every way. Or do you think the store owner who has his store broken into thinks that he should charge less for his product to avoid future theft?

      --
      Dedicated Cthulhu Cultist since 4523 BC.
  4. Or is it? by mach1980 · · Score: 4, Insightful

    Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

    RIAA may now turn their media machine to connect evil hackers with the pirate bay and try to put them in the same corner as child molesters and nazis.

    --
    Break the sound barrier - bring the noise.
  5. Re:Let me be the first to cry by webmaster404 · · Score: 2, Insightful

    Or at least post press reports of dropping the charges to people who download. Then see if the judge ruled that it was hacked or if it was legitimate. Then we can use the RIAA's tactics in court to sue them.

    --
    There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
  6. Re:Well by morgan_greywolf · · Score: 5, Insightful

    But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it. Four words: They had it coming.

    You can't really going around acting like an ass and then expect to be treated with respect by anyone, especially if your site is riddled with basic security problems like SQL injection. Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone, their 80-year-old grandmothers and their 6-year old children into oblivion.

    --
    My blog
  7. This gives reddit a bad name by maynard · · Score: 5, Insightful

    I like the site a bunch, so I say this with a twinge of reluctance. And I certainly don't like the RIAA. But that kind of behavior is plain criminal. Doesn't matter who owns the computer, it is private property and deserves respect as such.

    1. Re:This gives reddit a bad name by Pulzar · · Score: 4, Insightful

      Reddit only reported it, much as how Slashdot would have reported it. No where in the story does it say that Reddit hacked it, no more so then if FOX or CNN reports a murder did they murder that person.

      How's that the same? Reddit didn't report that the site was hacked, they reported that it can be hacked and how, and then somebody hacked it.

      --
      Never underestimate the bandwidth of a 747 filled with CD-ROMs.
    2. Re:This gives reddit a bad name by wroshyyr · · Score: 2, Insightful

      I've seen a few of these "please don't hack the riaa site" posts. If a similar flaw would be found with the pirate bay's website I'm sure these same "hackers" would also go out and exploit it. Boys will be boys.

  8. Re:Why wipe it? by Speare · · Score: 3, Insightful

    If one of your neighbors is disappointed in your lawn care or your dog's poops, there are positive ways of stating the disagreement, and there are negative ways. Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary. Likewise, defacing the website with a thoughtful "open letter" isn't likely to actually communicate anything.

    --
    [ .sig file not found ]
  9. Maybe the RIAA's New Plan Caused It by briggsb · · Score: 2, Insightful

    Maybe it was people protesting the RIAA's plan to put RFID chips on CDs to combat piracy that caused the attack.

  10. wow by kellyb9 · · Score: 5, Insightful

    So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

  11. Well-It's all relative. by Anonymous Coward · · Score: 5, Insightful

    "Four words: They had it coming."

    Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming". What's that? Society says it's not OK? So's copyright infringement and that's not stopping anyone. Why should this be any different?

    1. Re:Well-It's all relative. by hoggoth · · Score: 5, Insightful

      > If someone pulls a knife on you, do you pull out your grenade launcher?

      Ummm... yes.

      If someone escalates to lethal force with me, I will respond with lethal force and it will be very important to *win*. Therefore, yes, I will respond to a knife with a grenade launcher.

      Hell, I say nuke them from orbit.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
  12. Sigh.... missed opportunity by Maxo-Texas · · Score: 4, Insightful

    First... I agree that shutting someone else up is not a great way to have a conversation...

    But if you are going to do something like this, then have a little panache.

    For example, you could upload a few Mp3's with links to download them from the site.

    Or upload some key quotes "Copyright should be good for forever less one day".

    Or upload Jefferson's statements on copyright.

    ah well...

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  13. This is not good by Anonymous Coward · · Score: 4, Insightful

    Attacking their website will only aid them in public opinion. This gives credit to their argument that people who oppose them are criminals.

  14. Re:Why wipe it? by Machtyn · · Score: 5, Insightful

    My question is how often does the average consumer really visit a website like mpaa.org, riaa.org, or any other corporate entity presence? For me, it is less than 0.005 (or less than a 1/2%). I think the last time I visited riaa.org was a couple years ago when /. mentioned the site had been hacked. I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent. I've just never had the desire.

    I suspect that the average person visits their favorite news site, gaming portal (like games.yahoo.com or legitgames.com or whatever), fark/digg/slashdot, and blogs of the different varieties. My wife will occasionally do searches for recipes, information on baby stuff, etc. We'll hit newegg.com, amazon.com, or other storefronts.

    Am I wrong in my thinking that the average person would visit a site like mpaa.org, riaa.org, or other industry specific org sites? We all use tires to drive on, have you ever visited the site for Michelen or Dunlap tires? Do they have a trade org site that issues news, warnings, and user information regarding recalls/defects of certain tires? If so, I've never even considered searching it out.

    My point is that very few people would see it to make it worth putting information touting your propaganda. However, if it was outrageous enough, perhaps it would make news and people might visit (by which time it would be too late, as the site would be fixed).

  15. Re:Let me be the first to cry by ps236 · · Score: 3, Insightful

    This sounds like the best idea for what should have been done. (Except with a few hundred pieces, not just one, as the penalties are based on the number of items available for download AIUI, whether or not anyone actually downloaded them).

    If they then used the 'But we were hacked, it wasn't our fault' defense, and win because of it, that would then be easier to use as a defense by anyone else whose website/PC was used for distributing copyrighted materials. The RIAA could not then say 'you should have taken reasonable care to secure it'.

    If they lose, then all their fines could go to the funds to defend innocent people against them.