MediaDefender's BitTorrent-Based DOS Takes Down Revision3

Sandman1971 writes "Over the long Memorial Day weekend, Revision3 was the target of a malicious Denial Of Service Attack which brought R3 to its knees. After investigating the matter, it was discovered that the source of the attacks came from MediaDefender, the famed company hired by the MPAA and RIAA to try and stop the spread of illegal file sharing. The kicker? Revision3 was taken down for running a bittorent tracker to distribute its own legal content."

Criminal investigation?

[mrbah]

Looks to me like MediaDefender is in clear violation of at least two subsections of 18 USC 1030. Where is the federal criminal investigation?

Re:Criminal investigation?

[Penguinisto]

Hella nice! (TFA is 404'd here too).

So... how long until we see MediaDefender's board get perp-walked? (too much to hope for seeing the RIAA board getting arrested, but hey...)

*sigh*... I know, I know. MediaDefender will likely claim that some poor (scapegoated) bastard employee of theirs did it without authorization, yadda yadda... then said poor bastard will get to watch in horror as his entire life goes down the toilet.

Then again, if it does go down like that, it would stand as a prime example of how one should always give priority to personal ethics before accepting a job offer...

/P

Re:Criminal investigation?

[provigilman]

Even worse though, Media Defender allegedly committed a crime in response to a perfectly legal activity. The only thing on that torrent tracker, prior to Media Defender injecting all sorts of nastiness into it, was just their own videos and podcasts. Basically, it's no different than an RSS feed you'd get from some place like /., they just used BitTorrent to do it.

Re:Criminal investigation?

It still involves disruption of service and hefty fines can be pursued for loss of income within any given period when the site is down especially for malicious purposes.

Re:Criminal investigation?

So the ends justify the means? It's perfectly fine for any organization to side-step the justice system and act of their own accord should they feel slighted?

Thank god you don't run the show around here.

Re:Criminal investigation?

[ePhil_One]

Your argument contains one common fallacy. Corporate executives aren't even remotely normal. The executives aren't being sued, the company is. This sort of "Take-down" company is treading on thin ice legally, one such misfire as this and they can lose the company.

Trick is, they are well aware and have likely structured the company to allow a simple simple collapse w/ minimal loss, after which MediaProtector will be reborn from the ashes, a completely different company w/ the exact same staff and an identical client list.

Best bet is to go after the company that hired them; prove they paid this company to break the law for them. The RIAA/MPAA will have a harder time collapsing and reforming...

Re:Criminal investigation?

[NotBornYesterday]

Best bet is to go after the company that hired them; prove they paid this company to break the law for them. The RIAA/MPAA will have a harder time collapsing and reforming... Didn't Tanya Anderson sue them under RICO laws? What you describe is the kind of shell-game asset preservation that RICO was designed in part to thwart. IANAL, and can't say whether those particular laws would apply in this case, but I'd love to see the poetic justice of the mafIAA brought down by laws designed to take down the original mafia.

Re:Criminal investigation?

[Dan541]

SO your saying its ok to break the law when you disagree with something?

Go back to kindergarden.

Re:Criminal investigation?

[Joebert]

It's sitting on the bench right next to the investigation as to whether Mediadefender being the originator of the attack was due to spoofed information or malicious software that somehow made it onto their network.


The legal system should really be left out of the show being put on by the media companies & pirates, when you get right down to it huge sums of time and money are being wasted to protect something that's all in our heads, literally.

Re:Criminal investigation?

[mdmkolbe]

I could be wrong here but I believe 506(a)(1)(C) only applies when the work has yet to be released. The work has to be in the process of "being prepared for commercial distribution". Thus most music piracy would not be criminal. This is spelled out in detail in 506(a)(3).

The intent seems to be to distinguish between competing in the copyright holder's monopoly (and thus reducing their income) which would be civil and distributing before the copyright holder even gets started making money which would be criminal. Basically they are trying to stop leaks.

(Of course, things aren't quite that simple either. For some reason, theater movies have their own special clause to get them some extra protection. A movie that is in theaters, but not yet on DVD or VHS is considered to still be "being prepared". See 506(a)(3)(b).)

Re:Criminal investigation?

[magarity]

Will you accept a collect call from reality, Hatta?
 
You're kidding, right? Look what "Hatta" is advocating and tell me how likely it is he's thought everything through.

Re:Criminal investigation?

[mishehu]

Actually, the corporate shield doesn't provide complete immunity. This being a criminal offense being committed by the company, I highly doubt that the heads of the company could simply say "oh gee, so and so wanted us to do it, and we have this agreement with them that absolves us of all wrongdoing." IANAL but my lawyer has advised me of such in the past when I was asked by previous employers to sabotage clients' networks to generate more income for the company - I would have no legal shield saying "my boss said to do it so I did like a robot." He also reiterated that the same goes for the officers and board of a corporation along with its employees.

The more likely scenario is that they had some patsy of theirs perform this attack, and they'll feed him straight to the feds to save their asses.

Re:Criminal investigation?

[deniable]

And that's how MediaDefender (MediaOffender?) works. If they DOS people who aren't going to call law enforcement, then it's job done. In this case, they messed with people who are going to call the cops.

Re:Criminal investigation?

Posted anonymously because my case is still pending...

The FBI searched my car once and siezed all my burned CDs (essentially most of my music collection). I didn't have any data they were looking for, but if I had the CDs "hidden" in my CD changer, they would have never found them.

It's not too hard to hide something from a casual warrant search.

Re:Criminal investigation?

[gnasher719]

Here in the US we have one little legal principle known as "innocent until proven guilty". Perhaps you've heard of it, perhaps not. Essentially, it's what keeps the justice system from being a Jump to Conclusions mat. Who marked that as "insightful"? First, there is the relationship between companies. Company A hosted bittorrents. Company B thought company A was doing something illegal. There is no "innocent until proven guilty" here at all. If I believe a company rips off its customers, I won't buy from them. I don't care whether it is proven or not, what counts is what I believe. Same here, what counted for Mediadefender's actions was what they believed.

However, their actions were clearly illegal and breaking multiple US laws. First they were hacking into Revision3's servers, interfering with their intended purpose. That is illegal. Then when Revision3 figured it out and closed the holes allowing that attack, Mediadefender started a concentrated DoS attack against Revision3, taking the site effectively down. That is absolutely one hundred percent illegal. And it did not happen by accident, Mediadefender bought tons of hardware for the purpose of creating attacks like this one - which would be illegal whether Revision3 had done something bad or not.

The only _legal_ actions that Mediadefender could have taken would have been to take Revision3 to court, to call the police, or to write letters to the company asking them to stop doing what they are doing. If the told the police that Revision3 did something criminal, and Revision3 were dragged to court, _then_ "innocent until proven guilty" would come into play. In this case, none of this happened. Mediadefender just took some illegal action.

"Innocent until proven guilty" will also apply when Mediadefender is taken to court, since a criminal investigation is on its way. And in every future court case that relies on information from Mediadefender, the defense will ask Revision3 to appear in court and destroy Mediadefender's reputation.

Re:Criminal investigation?

[causality]

You have to be kidding. I've seen enough crooked cops to know that can not be a good thing.

That's a good example of not acting according to your conscience. It is actually an example of ignoring your conscience; people who do this are what the law is for.

Another function that the law should serve, but tends to utterly fail to serve, is to prevent one person or group from forcing their views on others. If a "crime" consists of an adult person ingesting a substance in a responsible manner without allowing this to harm others in any way ("offending" someone because they don't like the substance does not constitute harm) and therefore this "crime" has no victim, then the law has been perverted and the injustice of this makes a mockery of what was otherwise a good institution that served a good purpose.

Re:Really? Lucky We Have Laws

heh. I first read that as "...conviction, imprisonment, and execution..."

Where did they get the firepower?

[joeflies]

How did mediadefender get enough computing resources/bandwidth to launch a DOS? Did they launch it out of their own datacenter/domain, or do they have a network of locations?

No, I haven't read the article because the link is not coming up right now.

Re:Where did they get the firepower?

[DragonWriter]

They have a 9 gigabit connection dedicated to launching illegal DoS attacks.

Its going to be hard to blame that on a rogue employee.

A deliberate decision to acquire the instrumentality of a crime is frequently fairly convincing evidence of intent.

Re:Where did they get the firepower?

[blhack]

They have a 9 gigabit connection dedicated to launching illegal DoS attacks. I wish I was joking. The quote from the article was something like:

"6000 Servers connected to 6 gigabits worth of connection".

Think about how much money there is behind that.

Or is it entirely possible that a company who has no trouble using a backdoor to host torrents would have no problem using a backdoor to host syn drones.

Re:smells like...

[scubamage]

Not to mention any discovery in this matter can and WILL be used by states who are currently investigating mediadefender for performing investigations without proper licensing.

Re:Shouldn't have publicized it on their blog

[Frosty+Piss]

Revision 3 should have just sued, and sued BIG. By discussing it so glibly, and in such detail, on their blog they're jeopardizing their case...

How so? The facts have not changed just because they've talked about it in a blog. If it was illegal before, it's still illegal. IANAL, but I can't imagine a law that says you can't talk about it when someone commits a crime such as this against you...

Can you expand your comments on this to include a reason such a thing as you propose would be true?

Re:Shouldn't have publicized it on their blog

[NotBornYesterday]

That 'huge financial hit' would be years off at best. R3 is trying to hurt them now while they can. They know that with deep enough pockets, the RIAA & friends can keep justice at bay almost forever. Contrary to their public boo-hooing over the cost of "piracy", the RIAA and MPAA are full of money.

What they need is public opinion. In order for them to be successful in curtailing "piracy", they need to convince a large percentage of the public of 2 things - 1) that they are in a morally superior position compared to those sharing files, and 2) that bad things happen to those who share files.

R3 is taking this opportunity to show that 1) the RIAA is a morally bankrupt group of thugs in 3-piece suits, and 2) the RIAA makes bad things happen to good and bad people indiscriminately.

I'd be surprised if a whopping big lawsuit didn't follow this, but I haven't been able to RTFA.

And what about other trackers...?

It wouldn't be too big of a stretch of one's imagination to believe they use the same tactic against other trackers.

Maybe if the likes of PirateBay, Mininova and others looked more closely at their traffic patterns and found some "common problems" (such as web traffic from MediaDefender), there would be grounds for civil if not criminal proceedings against MediaDefender.

What IP#'s or subnets or networks does MediaDefender use?

Or better yet...

Maybe we should all run trackers with fake movies being shared and watch for MediaDefender DOS'ing us and create an ever larger case against these twits?

Re:Late Breaking News....

... This method is becoming increasingly common, and unlike DOS's from a single source, Db/. (Death by Slashdot) cannot be fought with conventional methods, as it is indistinguishable from normal traffic. So far, Db/. is usually fought by taking down the targeted webserver until the story leaves the front page.

Re:god save their souls

[scubamage]

Its doubtful that anyone will hack into any of those closed systems for the most part. However, I wouldn't be surprised to see mediadefender start getting nailed VERY hard bandwidth wise. I wonder how many syn packets or christmas tree packets it takes to fill up a 9gbps pipe?

Re:Shouldn't have publicized it on their blog

[Beardo+the+Bearded]

Revision 3 should have just sued, and sued BIG. By discussing it so glibly, and in such detail, on their blog they're jeopardizing their case...

How so? The facts have not changed just because they've talked about it in a blog. If it was illegal before, it's still illegal. IANAL, but I can't imagine a law that says you can't talk about it when someone commits a crime such as this against you...

Can you expand your comments on this to include a reason such a thing as you propose would be true?

The most important thing in legal matters is that you don't discuss a damned thing without talking to your lawyer first.

Let's use a hypothetical example: I've been injured by, let's say, "Mike Dammit!" (MD for short). Let's say MD stabs me in the arm.

I usually carry a small aid kit, so let's also assume that I manage to give myself First Aid and stop the bleeding. In the meantime, MD had stabbed four other people and run off before the cops arrive.

Someone then asks me how I'm doing. I say, "I'm fine."

Later, MD's lawyer will do their damned best to find anyone, anywhere, where I've said, "I'm fine." The goal is to make it look like I've suffered less than I actually have.

"After all, Mr. Beardo, if that IS your real name, if you were suffering so greatly, why did you tell the Paramedic that you were, in your words, 'fine'.?

"In fact, your injuries were so light that you were able to treat them yourself, isn't that right? So why should my client be forced to pay you more than an hour's last wages and the reimbursement for your first aid kit?"

It's not logic, it's the law.

I have a great real life example that, under the advice of my legal councel, I cannot share.

misuse of Revision3 servers?

[belmolis]

Revision3 refers to longstanding misuse of its severs by MediaDefender, before the current DOS attack. What exactly they were doing isn't clear to me. Anybody know? And is it a crime?

Good point.

[jd]

Although not a similar case, Clive Sinclair structured his company with an eye to surviving collapse. He split it into "Sinclair" (which carried all of the losses) and "Sinclair Research" (which carried all of the profits, intellectual property, et al). After the Sinclair C5 fiasco, "Sinclair" was sold to Amstrad for a small fortune (ie: he sold off the debt) and "Sinclair Research" (which had all the useful stuff and was now considerably richer) remained in his hands.

The idea MediaDefender is nothing more than a disposable front-end, therefore, is entirely possible and would make a lot of sense.

Re:Good point.

[mollymoo]

That wasn't the greatest deal ever. Alan Sugar[1] sold Sinclair's existing stock of Spectrums for more than he paid for the company. Clive Sinclair hasn't made billions since then, I'm not sure if he even made millions, but Alan Sugar has made billions[3] - though not all of the back of that purchase.

[1] Who happens to be the boss in the UK version of The Apprentice - the UK's Donald Trump[2], in that sense.
[2] When initially writing this post I couldn't remember his name, so it originally read "that guy with the tall buildings and bad hair".
[3] In US dollars at least. His net worth was a bit shy of a billion quid last time I looked.

Re:Good point.

[Tycho]

W.R. Grace and Company is the company responsible for 90% of the world's production of Vermiculite until the early 1990's. All of the vermiculite that W.R. Grace mined was mined from open pit mines located near Libby, Montana. All of the vermiculite from Libby had tremolite asbestos present in sufficient quantities to be carcinogenic to those who handled it. However, not all deposits of vermiculite have tremolite asbestos present. Unfortunately, the tremolite asbestos present in the vermiculite cannot be separated out. The dangerous types of asbestos are reasonably benign and of no immediate danger unless handled or disturbed in some way. Handling materials with asbestos will release asbestos fibers, which is surprisingly dangerous. Unless you are trained and have the proper equipment handling asbestos contaminated materials is a bad idea. Besides government standards allow for a reasonably high acceptable concentration of asbestos fibers in air. The asbestos fibers are released during natural weathering processes of natural rocks and soil and the fiber concentrations in the air should not normally be considered an issue.

Anyway, back to W.R. Grace and Company. The executives at W.R. Grace appear to have known about the toxicity of their vermiculite product since at least the 1970's and ignored the warnings. Additionally the executives appear to have covered up the information about the toxicity of their product as well. In 2000, W.R. Grace transfered assets worth about 4 to 5 billion dollars to spin-off companies. Shortly there after W.R. Grace filed for bankruptcy. This move appears to have been done to shelter assets from ongoing liability lawsuits brought against W.R. Grace from the sale and manufacture of asbestos contaminated vermiculite. Filing for bankruptcy could have ended any ongoing or new lawsuits for W.R. Grace. However the asset transfer scheme was discovered and now the current executives from W.R. Grace are now in even more trouble. This new trouble for the executives of W.R. Grace is of the criminal law type.

I think that in the case of W.R. Grace, the events seem to show that not all schemes of this type work.

Re:Really? Lucky We Have Laws

[stickyc]

Failure to achieve these things will not reflect well on the fitness of the rulers to rule. ... Or the people who elected them.

You mean lobbyists and campaign contributors, such as the MPAA, RIAA, Sony, and such? Please. This will get swept under the rug and the relentless juggernaut of "copyright justice" will roll on like it has for the last 10 years.

Free as in Freedom. My manifesto explains why.

[MichaelCrawford]

• Why Free Music?

I only have the scores to two of the songs so far. At the time I composed them, I couldn't read music, so I did it all by ear, and by memorization.

I stopped playing for a while because I got real depressed shortly after recording my album. That lead to me partially forgetting how to play Sahara, and completely forgetting how to play As Yet Untitled.

But I'm working on transcribing the scores from my recordings. It's taking me a long time, but eventually I'll be providing Lilypond source for them as well.

SYN Flooding?

[NimbleSquirrel]

SYN Flooding is one of the oldest DOS attacks around. The attack must have been truely massive to bring down the server... or the admins didn't have the protection in place for such an old style DOS attack.
Either way, if they can track the attack back to MediaDefender, then they have pretty good evidence to sue them, or at least get the FBI involved.
I think MediaDefender need to be taught a valuable lesson: just because other people break the law, doesn't mean you have the right to break the law in your crusade against them.

Re:First WTF

[Aladrin]

Exactly. And if a legit company tells them 'Go fsck yourself.' and they get DoS'd, Media Defender will have even more criminal charges against them. I hope other companies refuse to answer when MD asks them, so this will happen over and over.