Slashdot Mirror
MediaDefender Explains Itself
I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."
I'd think bittorrent would be a great way to distribute manuals on which forms you need to fill out for which situation.
'Sensible' is a curse word.
Seems like this is as least as destructive as 1 billion people "illegally" downloading digital media .
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
If they law does not apply to MediaDefender then surely it can't apply to anyone else either!
If MediaDefender is allowed to
1. use Revision3's tracker in an unauthorized mannor
2. DOS them
Then I say we are free to ignore any laws we don't like with regaurd to MediaDefender. Dose anyone know where their offices are? Since they seem so fond of vandalism I say some local Slashdot'ers drop by and do a little painting.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Off topic but, in my country it works the opposite. If you sell fake crack, you can get arrested for fraud. But not for selling drugs. This has happened, I read about one case where the victim (buyer) turned in the dealer. Both were eventually convicted for different things.
If I broke into your house and put someone else's stuff in your room, then phoned the police that you have stolen property in your room... how nice would that be? Its not like that though! Its more like:
If I broke into your house and put someone else's stuff in your room, then waited until you came home and then smashed all your car windows with baseball bat while sceaming "theif" and your stood by in confused amazement, and then after I got done with that called the cops on you about the stolen property in your room... how nice would that be?
No very nice, and if anyone else tried it, even if you had really stolen the property and put it in your room my actions would still be a crime of their own. MediaDefender are criminals and the people operating those servers can't be so ignorant of the actions not be accountable for them. We might not be able to get the kingpins but at the very least the doers should be arrested and charged. I know slashdot does not like to go after the little guy but MediaDefenders developers, network, and server admins deserve jail time! If my boss asks me to do something illegal I am still obligated to refuse otherwise the law will hold me responsible. Its imporatant that even these little guys get PUNISHED. The only way you stop getting organizations like MediaDefender from being above the law is to make sure nobody will work for them, because no salary they can offer will be worth doing time for!
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Someone, someday, will find a legitimate use for a torrent tracker in an hospital. But simply imagine an illegal tracker run by a rogue employee. MediaDefender uses it for its tactics. The sysadmin notices the tracker, and shuts it down. MediaDefender's Stalin organ goes amok and shuts down the entire hospital network.
Because of a BT tracker. Yeah, right.
In Revision3's case, there might have been illegal file sharing occuring - thats only a civil case if memory serves - and certainly MediaDefender's attack was criminal. In the hospital's case, MediaDefender would risk becoming downright murderers.
...for tracker operators. "Umm...Not my files...They must have been put there by MediaDefender"
:)
I wonder if that now becomes a viable defense. If MD can get in to leave files, so could anyone else
Wouldn't that be considered some sort of 'frame up'?
I mean if i'm hosing legal content, and they come along and inject fake/illegal content then sue me how the hell is that stand up in court?
---- Booth was a patriot ----
"Our servers did it" definitely induced a head-scratch from me. Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access? That doesn't make sense, even from their twisted viewpoint..
After browsing their site, I found this open dir: http://www.mediadefender.com/marketing/ . How is spreading an mp3 of Kanye West or Timbaland legal? Should they now DoS their own webserver?
Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act. So is MD above the law?
I think they'd have an excellent chance of being found guilty in a criminal prosecution. The roadblock will be getting a prosecutor or press charges. Once they are in court, they really ahve no defense. Far as I know, the "I didn't know the gun was loaded" excuse has a very bad track record. Any random jury would be very likely to send these crooks to prison, and rightly so.
A few years back, i think in 1999 (give or take a couple years as im not sure) I remember reading an article where someone cracked into a hospitals blackberry management server while on the inside of the hospital network, which he accidentally broke and took down their blackberry communications for a time. He was not only charged with the normal computer trespass laws, but also with some weird form of attempted man slaughter, and a number of counts of it too, thou i'm sure they just calculated that by how many pages were placed to doctors and surgeons during that time frame, not all of which i would imagine are life threatening.
Granted, that is just one example, but it goes to show that a judge will not look kindly upon mucking with medical related things, and let the book be thrown at you.
Back on topic, you do realize hospital servers host copyrighted content as well (owned by the hospital), which by MediaDefenders logic is the exact type of people they go after, as proven by the case with rivision3 whom owned the copyright to everything they distributed.
I see no error of logic in expecting MediaDefender to have no issues with DDoSing a hospital, or even burning it to the ground from their hatred of anyone that has copyrighted material, despite the owner of the copyright on it having the legal right to choose how it is distributed, not to mention the point of todays copyright is to allow one to grant limited rights to others to their own works, which MediaDefender says is also illegal sharing.
Also since you asked, I don't know of any pacemakers on a wired network (or even using wires), but they DO use RF communication for logging, and programming adjustments back to the device, and they Are hackable. In a healthy body this might just result in pain, but if you were healthy you probably wouldn't have a pacemaker installed! So simply ramping the sensitivity way up or down could very well kill a person.
The roadblock will be getting a prosecutor or press charges
Can't they just hire any lawyer for legal advice and then press charges themselves? It would stnd to reason that if you have the right to be your own lawyer for defense your could be your own lawyer for prosecution of crimes committed against you.
We are all just people.
Ankle-biters sometimes have a purpose ...
Still, if you look at the SCO case, "don't hold your breath" is good advice. MediaDefender will just go bankrupt. Mind you, R3 could use this as an excuse for LOTS of discovery, and post the results as video news. "Today we got the perl scripts that are the heart of MediaDefender ..."
Actually they can't get away with the "fake torrent" stuff either - the torrents they put up were for copyright material, which they then tracked to see who was downloading the stuff. In other words, they enabled copyright infringement, then went after the downloaders with "we know you've been infringing - contact the settlement center."
Since they were working with the blessing of the **AA, what that means is that anyone downloading from one of those torrents isn't guilty of copyright infringement, since the download was made available with the knowledge and consent of the **AA.
Discovery is going to be really nasty in this case.
is in control of one or more botnets. As Jim Lauderback mentioned in TWiT tonight, it was from multiple IPs (even though MediaDefender owned them all), and thus a distributed attack. If it were a DOS, they could have blocked the single IP and the attack would end.
-- "Freedom is the right of all sentient beings" -Optimus Prime
I think they'd have an excellent chance of being found guilty in a criminal prosecution. The roadblock will be getting a prosecutor or press charges.
The basic problem is "how do you get criminal law applied to a corporation in any meaningful way?" Which includes preventing them from being "business as usual" until the end of the trial.
If you abandon all attempts at logic and what we the
1. Bittorrent is only used for distributing illegal content. (Whoopsie, that's not always true)
2. Anyone who's running a bittorrent tracker is therefore distributing illegal content. (Only true if 1. above is. And if the entire world has identical copyright laws.)
3. We can determine who's using this tracker by persuading it to track the details of specific files and then subpoena the IP address of anyone who connects to us to download them. (Whoopsie! We can identify an IP address but it turns out that turning that into a guaranteed-correct person's name is actually quite difficult)
4. If they attempt to defend themselves (eg. by blocking the fake files injected in step 3 above), then they're as good as admitting guilt and also they're making it impossible for us to subpoena anything. Therefore, the correct course of action is to take their system off the Internet. (Whoopsie! Except that almost any country with even vaguely up to date laws would consider this highly illegal - and if our target is a legitimate tracker, it may get investigated).
Makes some sense if you're selling a service which claims to stop p2p.
First, anybody know of any patently identical incidents where this happened? If so, it debunks the folloing point.
I'm not taking their side, but the way I read this, the explination "our servers did it" indicates that they had things configured in such a way that they never made the connection between the two incidents. They tapped Rev. 3 to seed false torrents. Separately, they set up DoS attacks on servers hosting lots of torrents, but never made the connection as to what happens when their seeding loophole gets closed up.
Everyone on here acts like these guys are sitting in leather executive tall-back chairs with twisting their handlebar mustaches and wringing their hands menacingly while conjuring up new ways to unleash chaos on all things internet. I completely disagree with what they're doing, but a glaring lack of foresight resulting from stupidity is not the same thing as digital terrorism. I hope that Rev. 3 busts their balls and they end up in a solid set of legal crosshairs, but I find it a stretch to think that these kind of mistakes are premeditated. I understand "our servers did it" very well.
Of course if you truly want your servers to be safe, and who wouldn't, we are introducing a revolutionary new service. As long as you make regular payments, we will be able to verify your site as copyright violation-free, and you will be protected from further DOS attacks.
It gets better: Revision3 can sue MediaDefender under the terms of the very law that MediaDefender was supposed to use: the DMCA.
Think about it; Revision3 was inserting malicious code into the torrent stream, which is breaking through the "encryption" of bittorrent, which violates the DMCA. Content be damned, MediaDefender is guilty of more than just the DoS.
I am not a lawyer.
Use my userscript to add story images to Slashdot. There's no going back.
As a completely non-aggressive response, our servers should engage in an "internet shunning" of MediaDefender.
Every Linux admin on the planet should put TARPIT (or at least DROP) rules in their firewalls for any address range that comes from MediaDefender.
I'm surprised that most carriers (Sprint Net, AT&T, Comcast etc) don't do this just to protect themselves from those 9Gbps DOS attacks that come down that link.
TARPIT rules are the ultimate "you are not welcome here". They don't have to come to my site, and if they do my site will put them on hold.
It wouldn't stop a SYN flood, but it would stop them from being able to poison your trackers in the first place.
DROPS are second best, of course, but better to put someone on indefinite-hold than hang up on them, especially when both have the same cost for you.
Does anybody have the MediaDefender IP address range available to post?
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press