Slashdot Mirror
MediaDefender Explains Itself
I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."
How is any of this legal? Injecting content, false or otherwise? DOS'ing a server? They're fighting fire with fire.
--why?
Shouldn't admitting to a DOS attack in and of itself get people arrested? Who cares what the site they are attacking contains? They are committing acts of digital vandalism. Jail, please.
Even if this story makes it to the mainstream media, its not going to get much airtime. Especially since no Joe User knows what Revision3 is. There just wouldn't be enough outrage to make it a worthwile story anywhere except the geek community.
MediaDefender, you've got some 'splaining to do!
They've bought senators, how can it be illegal when they've got paid for law makers fighting on their side(!)
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
If you distribute baking soda (sell/give away/etc) and tell people that its crack, you can be arrested and held to the same liabilities as if you had actually sold crack..in fact..some states have laws to where you'd get charged for selling it, but not possession. Some will tack on an extra charge on top of possession/sale.
So tell me why MediaDefender gets away with inserting fake data labeled as copyright-violating material into someone else's server and then going all vigilante on them. If you own the copyright you might be able to get away with it as its no longer in violation of copyrights since its yours, but since MediaDefender doesn't own them directly..
That on top of the damages they have caused this company, in either time, money, or business damages.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Why don't they DDOS back? Tactics like these shouldn't be permissible, but you can fight fire with fire.
sue their asses
Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility.
While it's a stupid thing to do (DDOSing random trackers that is), why the fuck would a government facility or hospital be running a torrent tracker?
I write bullshit
This is like having the bronze medalist from the special olympics in charge of America's nuclear arsenal... oh wait.
...that Air Traffic Control using BitTorrent to distribute approaches is quite possibly the worst analogy I've heard come out of this whole mess.
I think it's hilarious that they've taken all their email addresses offline.
From reading the article, it sounds like Revision3 hosts their own content and distributes it through Bittorrent, and they allowed other torrents to use their tracker, which included illicit torrents, and then they stopped letting other torrents use their tracker so MediaDefender DoS'd them? I'm very confused. ;-;
Media Defender ought to pay Revision 3 an undisclosed sum of money for the financial damage it caused the company.
But they're not going to do that.
Seriously, every single employee @ Media Defender needs to be anally raped with razor wire.
it all begins with going to http://www.mediadefender.com/
Why isn't MediaDefender being sued or criminally prosecuted? What they did *IS* a crime as best as I can tell. Does the law not apply to MediaDefender or something?
Seems like this is as least as destructive as 1 billion people "illegally" downloading digital media .
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
If they law does not apply to MediaDefender then surely it can't apply to anyone else either!
If MediaDefender is allowed to
1. use Revision3's tracker in an unauthorized mannor
2. DOS them
Then I say we are free to ignore any laws we don't like with regaurd to MediaDefender. Dose anyone know where their offices are? Since they seem so fond of vandalism I say some local Slashdot'ers drop by and do a little painting.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Anyone taking this risk should not be allowed to use a computer.
This time the victim was "just" a software company that has a configuration error in its bittorrent tracker. Next time it might just be a hospital or power plant having a wrong configuration on any server. If the anti-cyber-terrorism laws can be applied anywhere, this should be it!
Isn't DoSing also a Homeland Security issue? Shouldn't their ISP have cut them off when they started doing illegal things like automatically targeting innocent companies with illegal DoS Attacks?
If someone did to MediaDefender what they do to EVERYONE ELSE, they'd be screaming bloody murder!
Finally, what if they DID actually DoS a company that caused someone to be hurt or die. Would they be liable for pre-mediated murder?
I can't prove it but I heard that The Planet was hosting an open tracker. We all heard what happened to them... http://tech.slashdot.org/article.pl?sid=08/06/01/1715247
Although the FBI *is* investigating, be on the lookout for a hastily-written and passed-by-voice-vote bill by Congress OK'ing this behavior by MD.
Cheers!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Dear Public, Media, and our friends Revision3: We are very, very sorry. Our servers did bad, bad things to Revision 3 and WE HAD NO CLUE!! Please, take mercy on us. Sure, our severs were snooping around their legitimate BitTorrent tracker seeding maliciously. BUT WE HAD NO CLUE! Sure, our servers recently assraped their severs into oblivion, BUT WE HAD NO CLUE!! This is all one big, misfortune event. Our Friends at revision3, we are really, really, REALLY sorry. Please, we plead ignorance. Our innocent servers honestly thought you were running an pirate operation. Please accept our appologies (Pretty please! with a cherry ontop :))) We PROMISE we will NEVER EVER NEVER do it again.
Sincerely,
MediaDefender
Try to explain? The bottom line is MediaDefender attacked another commercial entity.
If someone throws a stink bomb through a brick & mortar storefront window, forcing the store to close, do you think the police would allow the offender to get off with saying, "oops"?
First off, theyre a coroporation in the midst of one of the most corrupt adminstrations in the history of the united states.
Second, theyre working for the **AA organizations, the darlings of congress, for whom no human rights violations are too great a cost, for whom ACTA is being negotiated to subvert those pesky public interest groups and constitutional protections present in every industrialized nation on earth, and for whom judges suspend several constitutional protections for due process.
In other words, they are above the law, and the public allows them to do so because filesharing = terrorism, after all bush said so.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
How can they legally cause a DoS ?
---- Booth was a patriot ----
Ahhhhhh I get it now. The recent power outages wasn't due to the Chinese Cyber Militia. Someone at the plant must've been downloading the new Snoop Dogg album! Hence no power. That should teach those damned pirates....
...for tracker operators. "Umm...Not my files...They must have been put there by MediaDefender"
:)
I wonder if that now becomes a viable defense. If MD can get in to leave files, so could anyone else
Computer systems should be treated as pets, if they attack someone they should be put to sleep.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Wouldn't that be considered some sort of 'frame up'?
I mean if i'm hosing legal content, and they come along and inject fake/illegal content then sue me how the hell is that stand up in court?
---- Booth was a patriot ----
Because DDoS'ing is illegal, and there's no point suing them for that if they'll just be able to bite you back for doing the same thing.
Also, we made this cake. For you. Please, don't ask about the teeth marks.
"Our servers did it" definitely induced a head-scratch from me. Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access? That doesn't make sense, even from their twisted viewpoint..
After browsing their site, I found this open dir: http://www.mediadefender.com/marketing/ . How is spreading an mp3 of Kanye West or Timbaland legal? Should they now DoS their own webserver?
Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act. So is MD above the law?
If anyone wants the old torrent of Media Defender emails, they are still up on PirateBay.
http://thepiratebay.org/tor/3806944/MediaDefender.Mail.200612.200709-MDD
Anyone got a list of the Media Defender IP block? It'd be nice to add to the firewall.
--
BMO
You know, for a while I was kinda suspecting they'll play the "we're dumb, and it was an accident" card. You know, say that it was some poorly configured system that did the injecting, and it accidentally got stuck connecting in a loop instead of once a day. Present it as some bug they didn't even know about. Blame some techie. You know, anything _except_ say "yep, it was premeditated all along to break the law." Go for criminal negligence.
But that they have a big fat pipe dedicated to conducting DOS attacks? Jesus F. Christ, that's like saying that I have a car dedicated to running down pedestrians I don't like. If that's not a confession of premeditation, I don't know what is.
To put it in perspective, the western criminal system (as far as I understand it, and IANAL) tries, or theoretically should try, to establish the degree of intent (or "mens rea" = "guilty mind") in an act. So for example, if a shingle off my roof fell on the a passerby's head, although what happened is the same and the guy is just as dead, you can have very different punishments based on the nuance of being classified anywhere between "direct intention" (I actually intended to have shingles fall on him/someone) and "criminal negligence" (I had no flippin' clue that the roof is in that bad condition, though a reasonable person should have foreseen and inspected it regularly.) The worst you can do is not only go for "direct intention", but also basically say, "oh yeah, it wasn't a momentary act of rage, it was planned all along."
So these guys have basically been paying all along for a pipe _dedicated_ to breaking the law? They actually had a plan to break the law, and month after month paid the bill on the resources set aside for only that purpose? Geesh. I hope that a few executives land in state jail there.
A polar bear is a cartesian bear after a coordinate transform.
Can someone tag this with "MafiaDefender" please?
If you open yourself to the foo, You and foo become one.
I don't see any cake...
Because they have gotten away with it for near a decade, even though many have pointed out the illegality of it.
And they expect, once again, to get away with it.
And because, this will become even more fuel for them (and the **AA) towards pushing making P2P software entirely illegal, regardless of it's use. Does this last section make sense? No? So what? Do you really think it has to? Look at their other arguments for making P2P illegal - do they make sense? Didnt think so. ;-)
And of course, because it will help them push forward the pending legislation that would make their actions (whatever they are) legal - irrespective of current law.
So... I think it makes perfect sense - at least from their twisted viewpoint.
StarTrekPhase2 - The Five Year Mission Continues!
It depends on someone or some company, like me for example saying:
...Er wait, forget I said that!
"You're welcome to DoS attack my connection all you want"
Sheesh.
It's always interesting to see what they were thinking (or not thinking for that matter).
It is easier to get forgiveness than permission.
So if what MediaDefender is doing is legal, then because Apple is "not allowing me my fair use rights" when you download songs from iTunes that gives me a right to A) hack iTunes and put bogus songs on there that will spread a virus and kill iPods B) perform a massive DoS attack on Apple and C) tell iTunes to take down the "copyrighted" content that you have added in the first place and ask for a log of users to sue. Would that work if I did it? No, but it seems like the law doesn't apply to a corrupt congress and *AA.
Taxation is legalized theft, no more, no less.
I thought filesharing=communism.
There's even a poster.
Scientists now say the future will be far more futuristic than originally believed
Null routing MediaDefender? So much for Net Neutrality.
I do not think this is a true post!!!
thegodmovie.com - watch it
Seems to me MD should be charged with Mischief Trespassing (If I open the door to my garage and you fill up my garbage cans with you garbage, its still tresspassing) Conspiracy to commit fraud for trying to frame R3? And any other cyber crime related to hacking,.hijacking computers, illegal distribution of copy righted content. I hope R3 doesn't just give up after a while. Its one thing to try to fight people who distribute your copy righted content but not if you use illegal methods and brake laws doing it.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Is it me, or does having a powerful semi-automated DoS attack machine shooting away seem like the height of recklessness?
I mean, we could have a contest. Find the most sensitive servers you can to get MediaDefender to false positive. Banks, hospitals, schools, seems like under the right circumstances any these may be open to attack. After all, if it can happen by chance, there's more than likely some avenue to coordinate exploitation.
This whole thing is sort of surreal. It's a frigging felony with collateral network damage, and they're more or less firing blindly into a crowd.
Traffic Shaping has been discussed to solve internet congestion problems all over the world.
Here's an easy solution: Kill...um...shape MediaDefender's upload bandwidth and split it to everyone else.
Obviously they thought the RIAA leadership had their own servers nuked, so they launched "Plan R" in retaliation.
How to retaliate:
1. Develop software that LOOKS like an "illegal" tracker to MediaDefender.
2. Distribute that software to thousands of people.
3. MediaDefender consumes all their bandwidth trying to attack everyone.
I call it a Distributed Denial Of Service Defense (DDOSD).
There's no -1 for "I don't get it."
Given MediaDefender's own website brags about their cyber-terrorism, I think we'd all be failing in our duty of care to the global internet if we didn't take an axe to all their links. Physical address of their links, please?
Does that mean we can start DDoSing MediaDefender's servers?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If the Chinese government or the PLA did this kind of thing if would be denounced as industrial espionage or even terrorism.
That's actually the goddamn law as written. So I think everyone is going about this wrong. The way to go after the **AA is to prosecute them under Federal Terrorism Laws.
I am dead serious about this. How do you KNOW it isn't terrorism? Because they say so? I am unconvinced since intellectual property is a huge export industry for the US and some 'private' party inserting themselves into it in the name of 'protection' that often backfires?
entirely agreed. Media defender is violating federal computer security laws. The DOJ should sue them into submission.
They're using their grammar skills there.
The attack was launched with source addresses in AS 11393. Not that source addresses mean anything in a synflood. FiberConnexion is a suspected front for MD (and if they aren't they need to drop these shlubs realquicklike).
http://www.cidr-report.org/cgi-bin/as-report?as=AS11393
/. -- the Free Republic of technology.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
It bloody figures that SkyNet spawned from the evil **AA entities :P
I suggest to rename it.
guns, knives, or whatever you can get your hands on?
At least if Google News is indicative of "mainstream", it's been on the top of the tech news for the past several days. I don't think that too many will understand it beyond "MediaDefender accidentally did something bad" but who knows?
And I know that I keep getting them confused with MediaSentry, who have their own problems with legality (after the Cease & Desist orders from police telling them to stop their unlicensed investigations). Sadly, I think they just changed their website a little after that. I don't think they've changed their practices any.
So they've basically admitted their guilt, and on the surface it seems as though nothing will be done about it. If they manage to get away with doing something OBVIOUSLY illegal like this, is the legal system telling us that it's OK to retaliate against one illegal act with another?
If that ends up being the case, that it's "OK" to DoS someone as long as you believe that they're a "pirate", what next? They say it's to defend copyright law. Well, what if someone decided that they wanted to break every window in MediaDefender's office and smash all of their servers? This could be considered protecting innocent computer systems from attack by a rogue entity (because what if, like has been said before, someone hosts a pirate tracker on an actual important network? Does MD burn down the house to kill a couple of roaches?). By the standards MediaDefender themselves have set, the perpetrators of THAT act should not be held accountable either. After all, they were acting in someone else's best interests...
Great bandwidth. Everyone knows Wookiees use BitTorrent.
You are being MICROattacked, from various angles, in a SOFT manner.
attack themselves? If so, would it be possible to trick them into doing a denial of service attack on their own website? That would be far more satisfying than any lawsuit could be, since all they would have to do in a civil or criminal case is close the company and reopen with a different name, sustaining minimal losses.
We have established MULTIPLE times that the actions of Media Defender were illegal. That was was established, and discussed fully about 30 posts in (with me browsing at +5).
I know the kneejerk reaction is to mod up anyone dissing media offender, but PLEASE mods, don't be afraid of the "redundant" tag. I for one am having trouble gleaning any new information from the pile of +5 "HURR DOS HURRR THATS BAD" posts.
MediaDefender's ISP. That's who should be gone after. 9gbps of bandwidth for BREAKING THE LAW can't be easy to get or cheap.
Cut off MediaDefender's pipe to the internet and let them die that way.
The opinions in this post are ficticious. Any similarity to actual opinions, real or imagined, is purely coincidental.
My gun shot him.
Revision3 is going to sue media defender for a large chunk of change. Mainly because they can. Depending on how pissed they are, they may also file criminal charges against the IT staff. In fact more than likely the government will file the criminal charges. Media defender is attempting to become a legalized corporate cop and the US government isn't one to put up with competition of any sort. Of course, the other companies providing services of this sort will get squashed. More than likely the IT staff will flee to China or something where their talents will be put to use.
MediaDefender's computer trespass and DoS attacks were directed at the "BAD" BitTorrent providers. Had they hit their intended target, they would obviously have committed computer trespass and DoS offenses. Just because they hit the wrong target won't excuse them. It's called transferred intent. In other words, if I mean to shoot and murder you and in the course of meaning to shoot you I shoot your brother instead, then my intent to shoot you will be transferred to my shooting of your brother. This is pretty basic (although criminals often don't get it).
So, has anybody figured out how to do a DDoS on MediaDefender by somehow enticing them to try and DoS a bittorrent provider, but then somehow get them to try and automagically shutdown several at the same time, and keep MediaDefender doing this on a more or less constant basis by rotating honeypot servers for MediaDefender to "attack"?
At the very least, if MediaDefender was having to pay for a saturated 9Gbps data feed 24/7...
Use their weight, momentum, bad breath and body odor against them.
If everyone on slashdot decided to put an end to it. All they have to do is attack the company directly using each individual line. There would be nothing anyone could do about it, and mediadefender would be forced to back down.
Governments derive their power from those of the governed.
I understand Revision3's argument, and I believe MediaDefender should be severely penalized for their activity.
However, I really wish Revision3 would stop making dumb arguments like "What if this was an airport distributing approaches via Bittorrent?" I mean, come on. That's the most ridiculous argument in the world. I do some work for a major Boston airport that rhymes with "Hogan." Their security and operations network is not connected to the Internet. They use an extremely secure, port-based 802.x certificate-based system that not only requires the right MAC and certificates to connect to your designated port, it also firewalls each port to just the bare necessities. Many Airports across the country are, or will soon, take the same approach. Never will there be an Internet connected, torrent based system for any sort of critical data.
It makes their argument sound alarmist, and is bound to turn some people away.
- It's not the Macs I hate. It's Digg users. -
Now, repeat after me:
"I mis-interpreted-the-rules"
"I mis-interpreted-the-rules"
Because Ewoks look a bit like midget Wookies, and Chewie's fed up with Han never putting out since he got interested that Leia chick...
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
If you abandon all attempts at logic and what we the
1. Bittorrent is only used for distributing illegal content. (Whoopsie, that's not always true)
2. Anyone who's running a bittorrent tracker is therefore distributing illegal content. (Only true if 1. above is. And if the entire world has identical copyright laws.)
3. We can determine who's using this tracker by persuading it to track the details of specific files and then subpoena the IP address of anyone who connects to us to download them. (Whoopsie! We can identify an IP address but it turns out that turning that into a guaranteed-correct person's name is actually quite difficult)
4. If they attempt to defend themselves (eg. by blocking the fake files injected in step 3 above), then they're as good as admitting guilt and also they're making it impossible for us to subpoena anything. Therefore, the correct course of action is to take their system off the Internet. (Whoopsie! Except that almost any country with even vaguely up to date laws would consider this highly illegal - and if our target is a legitimate tracker, it may get investigated).
Makes some sense if you're selling a service which claims to stop p2p.
The access is only authorised by court mandate or government. Media Defender is neither. Even if they do it on a site that has illegal torrents, their actions are still illegal. Im not allowed to smack someone in the mouth for littering, despite littering being as illegal as minor assault.
And DoS is illegal even for government. Courts will never issue a warrant to enact Dos. Doesn't matter if the target is hosting government secrets or kiddie porn.
You an idiot? Recent case here on slashdot is a court censuring the RIAA cases because they get the name of the Does by issuing a criminal case vs Jon Doe then drop the criminal case when they have the name.
They then use the name in a civil case.
At best your statement is a half-truth. Which is still half-lie.
Well, I'm all for wielding the RICO stick against those who paid them. After all, that's exactly what RICO and similar laws in other countries are for.
But "terrorism" sounds a bit extreme IMHO, and, well, two wrongs don't make a right. It's wrong and should be punished, yes, but setting one more precedent of abusing a law to punish someone you don't like... well, it's not something that I'd be looking forward to. The rule of the law means, among other things, that you can know exactly what you're allowed to do and what you aren't, and that the law is applied uniformly and equally, regardless of whether you're the King's best buddy or that creepy guy that all the neighbours dislike. Humanity fought hard to move from an arbitrary system to rule of the law, and it involved some pretty bloody revolts along the way too, so let's not actually ask that a step is made right back towards arbitrary power.
A polar bear is a cartesian bear after a coordinate transform.
Actually, I was fairly convinced by that argument they made about Chewbacca. I mean, they have a point. Why would a Wookie live on Endor?
Because it's the equivalent of living in a midget nudist colony, and Chewie loves his midget pr0n.
-[d]-
Stop ur belly-achin' and get together and DDoS MediaDefender. If law is lawless, so should be the just.
Haven't you heard? Terrorism is the new communism. Communism is soooooo 1960s.
Seriously, where is the FBI and DOJ. Why has nobody been charged for these outright criminal acts? Where are the press releases by our government about how they are going to prosecute this?
First, anybody know of any patently identical incidents where this happened? If so, it debunks the folloing point.
I'm not taking their side, but the way I read this, the explination "our servers did it" indicates that they had things configured in such a way that they never made the connection between the two incidents. They tapped Rev. 3 to seed false torrents. Separately, they set up DoS attacks on servers hosting lots of torrents, but never made the connection as to what happens when their seeding loophole gets closed up.
Everyone on here acts like these guys are sitting in leather executive tall-back chairs with twisting their handlebar mustaches and wringing their hands menacingly while conjuring up new ways to unleash chaos on all things internet. I completely disagree with what they're doing, but a glaring lack of foresight resulting from stupidity is not the same thing as digital terrorism. I hope that Rev. 3 busts their balls and they end up in a solid set of legal crosshairs, but I find it a stretch to think that these kind of mistakes are premeditated. I understand "our servers did it" very well.
Because Ewoks are tasty?
Of course if you truly want your servers to be safe, and who wouldn't, we are introducing a revolutionary new service. As long as you make regular payments, we will be able to verify your site as copyright violation-free, and you will be protected from further DOS attacks.
In other words, never attribute to malice that which is adequately explained by stupidity.
:)
The same can be said for much of what a government does. They're not out to get you...they're just morons
120 characters for a sig? That's bloody useless.
And it explains why it wants to wipe out the human race. You would too, if the **AA were your main sample...
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
How do I reeech these keeeeds?!?!
This is PURE EAU DE TROLLETTE
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Media Defender Explains Itself: Uhm, yeah. The FBI turned down our applications because we didn't meet the psych profiles, the state police said we weren't in good enough shape, the local police said we were kinda goofy lookin, and the local private security companies said we were just plain losers. So we made our own company where we pretend to be law enforcement and the record companies pay us obscene amounts to make stuff up to help their bogus cases.
You obviously have no idea how twisted their viewpoint actually is.
Here's a hint: someone legally pays you legal money to protect their legal rights against bad guys. Everyone violating those rights is a bad guy. No one has a responsibility to be nice to bad guys. So you take your fat check, do what they ask, and assume everything's fine.
And they expect, once again, to get away with it.
And they will, because no corporation suffers from the law unless a rich powerful man is inconvienienced by the corporation's illegal acts.
And because, this will become even more fuel for them (and the **AA) towards pushing making P2P software entirely illegal, regardless of it's use
They want P2P illegal because of its legal use, which is to allow the sharing of material the copyright holder (independant musicians) wants shared. Why should they care about stuff you can hear on the radio being shared? They want to kill their competetion, the indies, who are increasingly showing the world that the media moguls are no longer needed by anyone.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
But, of course, should some single mother plead that she had no clue, then it's "no excuses, pay up!!!".
It is just about time for the entire internet, or at least loving server operators everywhere, to add TARPIT or at least DROP rules to their firewalls for every address range that can be traced to Media Defender.
Remember, in shunning an internet wrongdoer, the TARPIT is the better option. You can configure your server to feel almost no impact, and their server gets actual resources pinned down and "used up" for nontrivial periods of time.
I would think that any ISP who doesn't want to cary the _burden_ of forwarding 9Gbps of DOS for this company would want to do the same.
Does anybody know the IP addresses that Media Defender uses to do these DOS attacks?
And if you are shunning, you should include the corporate addresses and false torrent seeder addresses as well.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
The Fine Article does mention that MediaDefender has 2,000 servers sitting behind their 9-GBPS connection. Since that connection was shovelling 8,000 SYN packets per second at Revision3, its likely that dozens or even hundreds of those 2,000 servers participated in this attack.
This artical just gave me a great idea. Write a track that looks totally open but replaces anything it is tracking with a linux distro.
Seriously, do you think these idiots do checksums on the corrupted mp3s when they redownload them?
Wait...it gets better. I'll then run a my custom tracker from home on my 5-static IP business DSL connection and sue them for pain and suffering when they DOS me while playing WoW. "Your honor, M.D. blew-up my internet connection while I was in an arena match, and I lost 20 points because of it. Now I need to wait till next week to get my S3 weapon. I cried. $1 Million please."
As a completely non-aggressive response, our servers should engage in an "internet shunning" of MediaDefender.
Every Linux admin on the planet should put TARPIT (or at least DROP) rules in their firewalls for any address range that comes from MediaDefender.
I'm surprised that most carriers (Sprint Net, AT&T, Comcast etc) don't do this just to protect themselves from those 9Gbps DOS attacks that come down that link.
TARPIT rules are the ultimate "you are not welcome here". They don't have to come to my site, and if they do my site will put them on hold.
It wouldn't stop a SYN flood, but it would stop them from being able to poison your trackers in the first place.
DROPS are second best, of course, but better to put someone on indefinite-hold than hang up on them, especially when both have the same cost for you.
Does anybody have the MediaDefender IP address range available to post?
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Thanks for filling in the details/reasons... I would surmise those reasons do indeed play some part in it...
:-)
They want to kill their competetion, the indies, who are increasingly showing the world that the media moguls are no longer needed by anyone.That statement is mostly accurate. It should read "They want to either kill their competition or be able to make money off their competition in a manner where they control all online distribution rights and profit off the same (ie: SoundXchange and their various other attempts to control all online music distribution)".
Sadly, BitTorrent prevents either scheme... and thus must be done away with.
Other than that, well said!!!
StarTrekPhase2 - The Five Year Mission Continues!
First, anybody know of any patently identical incidents where this happened?
Irrelevant. You don't have to be a serial killer to get arrested for murder.
a glaring lack of foresight resulting from stupidity is not the same thing as digital terrorism.
How many settlements has the RIAA collected from people whose worst crime was being stupid?
If the end result meets the definition, then it is the same thing. Proving motive is optional. If stupidity were a valid defense, the prisons would be empty.
The RIAA has taken the position that MediaDefender's methods are flawless. Out of all the thousands of cases, we only hear about the handful in which the accused suggests that an error may have been made, which results in a legal juggernaut being brought down upon them that the RIAA will fight "until the end of time."
MediaDefender's software assumes that a) any site with a bittorrent file belongs to pirates and b) they are never, ever wrong. Programming a calculated, automatic response that goes beyond what the law allows seems to more than accurately fit the definition of premeditated.
I understand "our servers did it" very well.
It means "our servers did exactly what we programmed them to do."
... and if we don't we can buy some more!
If you're a Wookie, Ewok chicks are really tight.
"Separately, they set up DoS attacks ..."
the 'set up DoS attacks' part is where THEY ARE BREAKING THE LAW!.
But what difference does it make? They intentionally broke the law both by planting the false torrents and by the DoS attacks. It is completely irrelevant whether they knew the two things were connected. Just because they're stupid doesn't mean they're not also malicious.
...if they go down they can take a lot of others with them. If anyone were actually being prosecuted in the US (or anywhere for that matter) for malicious network behaviour, then sure, crucify MediaDefender. But they are certainly not the only people who "defend" their networks and Imaginary Property in this perverse manner.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
These guys are the modern equivalent of the Pinkertons in the 19th century.
They're getting an easy ride from law enforcement because they were in discussion with at least one Attorney General where they basically offered to do what would quite likely be entrapment if the FBI did it (OK, that's debatable) but even aside from that, they have expertise that many law-enforcement agencies lack.
The plural form of "anecdote" is "anecdotes", not "evidence".
And was it violated by the culprit at hand?
Or, we could alter some important piece of information in their programing evolution add a set of wheels, build a backup system and restore the later backups and watch the ultimate autonomous robot wars take place.
Maybe we could plant a couple of Nukes in there hiding around the power source so if they decide to collaborate together, poof.
The whole reason why MediaDefender gets away with this kind of attack is because they are governmentally funded. MediaDefender helps get child porn off of the net for the government so the government gives them free reign. Its as simple as that.