RIAA Website Hacked

gattaca writes "A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday. The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things. The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports."

It would've been funnier

[SirLurksAlot]

if they made innocuous little changes here and there, such as changing the words "do not support file-sharing" to "fully support file-sharing." It probably would've the RIAA much longer to realize they've been had, and I'm sure they would've gotten some interesting calls and e-mails :-D

Re:Why wipe it?

[techpawn]

But, could that open letter be used as evidence? It came from their website then if they try to use "well, anyone can make things on the internet look that way! Just because the IP address and website are ours it doesn't mean it's our data!" couldn't we counter argue that with their IP sniffing and screen shots or whatever?

I know it would never work. The judge would ph34r t3h ev1l h4xx0rz! But, if fun to dream isn't it?

Re:This gives reddit a bad name

[Rahga]

Can you co-opt the police and feds to conduct raids of private property on your behalf? No? The RIAA can and regularly does, confiscating anything that could conceivably be used to produce and distribute music, including vehicles and computers. It doesn't even matter if an organization, such as authorized mixtape producers, are acting within the law... their property is confiscated first and questions are asked later, usually past the point where a business can survive.

The RIAA are among the least of those who deserve to have their property rights defended.

Re:RIAA will use this

[chortick]

From a recent Economist article http://www.economist.com/business/displaystory.cfm?story_id=10498664:

"IN 2006 EMI, the world's fourth-biggest recorded-music company, invited some teenagers into its headquarters in London to talk to its top managers about their listening habits. At the end of the session the EMI bosses thanked them for their comments and told them to help themselves to a big pile of CDs sitting on a table. But none of the teens took any of the CDs, even though they were free. "That was the moment we realised the game was completely up," says a person who was there."

You bring to mind an interesting point

[Weaselmancer]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself.

The linchpin of the RIAA's lawsuit factory rests on the supposition that an IP address is exactly identical to a person. What the IP address does is legally identical to a person doing it. That's their argument.

So, if their website were to be hacked, wouldn't that exact same rule apply to whatever content was there? Their IP address is legally the same as the person/corporation/entity who owns it, right? That IS their argument, after all.

So why not use that against them in a legal sense?

It would be brilliant. The RIAA lawyers when they were brought into court for whatever happened to be uploaded there would have to make the argument that an IP address DOES NOT equate to the owner of the IP address in order to defend themselves.

They'd have to make our argument for us, and in front of a judge.

You couldn't ask for a better precedent.