Slashdot Mirror
MediaDefender Explains Itself
I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."
How is any of this legal? Injecting content, false or otherwise? DOS'ing a server? They're fighting fire with fire.
--why?
Shouldn't admitting to a DOS attack in and of itself get people arrested? Who cares what the site they are attacking contains? They are committing acts of digital vandalism. Jail, please.
Even if this story makes it to the mainstream media, its not going to get much airtime. Especially since no Joe User knows what Revision3 is. There just wouldn't be enough outrage to make it a worthwile story anywhere except the geek community.
They've bought senators, how can it be illegal when they've got paid for law makers fighting on their side(!)
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
If you distribute baking soda (sell/give away/etc) and tell people that its crack, you can be arrested and held to the same liabilities as if you had actually sold crack..in fact..some states have laws to where you'd get charged for selling it, but not possession. Some will tack on an extra charge on top of possession/sale.
So tell me why MediaDefender gets away with inserting fake data labeled as copyright-violating material into someone else's server and then going all vigilante on them. If you own the copyright you might be able to get away with it as its no longer in violation of copyrights since its yours, but since MediaDefender doesn't own them directly..
That on top of the damages they have caused this company, in either time, money, or business damages.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
...that Air Traffic Control using BitTorrent to distribute approaches is quite possibly the worst analogy I've heard come out of this whole mess.
I'd think bittorrent would be a great way to distribute manuals on which forms you need to fill out for which situation.
'Sensible' is a curse word.
Seems like this is as least as destructive as 1 billion people "illegally" downloading digital media .
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Both government facilities and hospitals both rely on BT for a number of things. The government's idea of a database file is many gigabytes in size. Moving those around is MUCH cheaper and easyer with BT. Hospitals that are affiliated with universities usually do some sort of medical research on-site and also send/receive data to the campus. BT is used a lot with sending around things like DNA maps and decoded genomes; that sort of thing.
BitTorrent is a legitimate method of distributing data, no matter what kind of data. It just happens to be a great way to send your entire mp3 collection to 12 friends in very little time and that's why people associate it with piracy and the like.
If you read the article, you'll see that the FBI is investigating. This generally has to be done before they get prosecuted, so they know what exactly to prosecute them for.
If they law does not apply to MediaDefender then surely it can't apply to anyone else either!
If MediaDefender is allowed to
1. use Revision3's tracker in an unauthorized mannor
2. DOS them
Then I say we are free to ignore any laws we don't like with regaurd to MediaDefender. Dose anyone know where their offices are? Since they seem so fond of vandalism I say some local Slashdot'ers drop by and do a little painting.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Isn't DoSing also a Homeland Security issue? Shouldn't their ISP have cut them off when they started doing illegal things like automatically targeting innocent companies with illegal DoS Attacks?
If someone did to MediaDefender what they do to EVERYONE ELSE, they'd be screaming bloody murder!
Finally, what if they DID actually DoS a company that caused someone to be hurt or die. Would they be liable for pre-mediated murder?
I can't prove it but I heard that The Planet was hosting an open tracker. We all heard what happened to them... http://tech.slashdot.org/article.pl?sid=08/06/01/1715247
Although the FBI *is* investigating, be on the lookout for a hastily-written and passed-by-voice-vote bill by Congress OK'ing this behavior by MD.
Cheers!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Dear Public, Media, and our friends Revision3: We are very, very sorry. Our servers did bad, bad things to Revision 3 and WE HAD NO CLUE!! Please, take mercy on us. Sure, our severs were snooping around their legitimate BitTorrent tracker seeding maliciously. BUT WE HAD NO CLUE! Sure, our servers recently assraped their severs into oblivion, BUT WE HAD NO CLUE!! This is all one big, misfortune event. Our Friends at revision3, we are really, really, REALLY sorry. Please, we plead ignorance. Our innocent servers honestly thought you were running an pirate operation. Please accept our appologies (Pretty please! with a cherry ontop :))) We PROMISE we will NEVER EVER NEVER do it again.
Sincerely,
MediaDefender
Try to explain? The bottom line is MediaDefender attacked another commercial entity.
If someone throws a stink bomb through a brick & mortar storefront window, forcing the store to close, do you think the police would allow the offender to get off with saying, "oops"?
First off, theyre a coroporation in the midst of one of the most corrupt adminstrations in the history of the united states.
Second, theyre working for the **AA organizations, the darlings of congress, for whom no human rights violations are too great a cost, for whom ACTA is being negotiated to subvert those pesky public interest groups and constitutional protections present in every industrialized nation on earth, and for whom judges suspend several constitutional protections for due process.
In other words, they are above the law, and the public allows them to do so because filesharing = terrorism, after all bush said so.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Someone, someday, will find a legitimate use for a torrent tracker in an hospital. But simply imagine an illegal tracker run by a rogue employee. MediaDefender uses it for its tactics. The sysadmin notices the tracker, and shuts it down. MediaDefender's Stalin organ goes amok and shuts down the entire hospital network.
Because of a BT tracker. Yeah, right.
In Revision3's case, there might have been illegal file sharing occuring - thats only a civil case if memory serves - and certainly MediaDefender's attack was criminal. In the hospital's case, MediaDefender would risk becoming downright murderers.
...for tracker operators. "Umm...Not my files...They must have been put there by MediaDefender"
:)
I wonder if that now becomes a viable defense. If MD can get in to leave files, so could anyone else
No it wouldnt. That's one dollar.
Computer systems should be treated as pets, if they attack someone they should be put to sleep.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Wouldn't that be considered some sort of 'frame up'?
I mean if i'm hosing legal content, and they come along and inject fake/illegal content then sue me how the hell is that stand up in court?
---- Booth was a patriot ----
Also, we made this cake. For you. Please, don't ask about the teeth marks.
I'm as confused as you are. The complete absence of any sort of order of events makes things more confusing.
Things I'm fairly sure of. Revision3 had a security hole. MediaDefender saw the security hole, and seeded it with fake files. Revision3 noticed these fake files and disconnected them. As a result, MediaDefender - either due to misconfigured servers or malice - DOSed Revision3.
Not sure if pirates were using the security hole. It would seem a bit pointless given that there are plenty of pretty open torrent sites.
Also not quite sure how MediaDefender can defend their initial actions. This seems to be pretty clearly hacking. Exploiting a security hole in another machine to gain access is generally enough regardless of whether there was any further malicious intent.
"Our servers did it" definitely induced a head-scratch from me. Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access? That doesn't make sense, even from their twisted viewpoint..
After browsing their site, I found this open dir: http://www.mediadefender.com/marketing/ . How is spreading an mp3 of Kanye West or Timbaland legal? Should they now DoS their own webserver?
Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act. So is MD above the law?
You know, for a while I was kinda suspecting they'll play the "we're dumb, and it was an accident" card. You know, say that it was some poorly configured system that did the injecting, and it accidentally got stuck connecting in a loop instead of once a day. Present it as some bug they didn't even know about. Blame some techie. You know, anything _except_ say "yep, it was premeditated all along to break the law." Go for criminal negligence.
But that they have a big fat pipe dedicated to conducting DOS attacks? Jesus F. Christ, that's like saying that I have a car dedicated to running down pedestrians I don't like. If that's not a confession of premeditation, I don't know what is.
To put it in perspective, the western criminal system (as far as I understand it, and IANAL) tries, or theoretically should try, to establish the degree of intent (or "mens rea" = "guilty mind") in an act. So for example, if a shingle off my roof fell on the a passerby's head, although what happened is the same and the guy is just as dead, you can have very different punishments based on the nuance of being classified anywhere between "direct intention" (I actually intended to have shingles fall on him/someone) and "criminal negligence" (I had no flippin' clue that the roof is in that bad condition, though a reasonable person should have foreseen and inspected it regularly.) The worst you can do is not only go for "direct intention", but also basically say, "oh yeah, it wasn't a momentary act of rage, it was planned all along."
So these guys have basically been paying all along for a pipe _dedicated_ to breaking the law? They actually had a plan to break the law, and month after month paid the bill on the resources set aside for only that purpose? Geesh. I hope that a few executives land in state jail there.
A polar bear is a cartesian bear after a coordinate transform.
Can someone tag this with "MafiaDefender" please?
If you open yourself to the foo, You and foo become one.
Because they have gotten away with it for near a decade, even though many have pointed out the illegality of it.
And they expect, once again, to get away with it.
And because, this will become even more fuel for them (and the **AA) towards pushing making P2P software entirely illegal, regardless of it's use. Does this last section make sense? No? So what? Do you really think it has to? Look at their other arguments for making P2P illegal - do they make sense? Didnt think so. ;-)
And of course, because it will help them push forward the pending legislation that would make their actions (whatever they are) legal - irrespective of current law.
So... I think it makes perfect sense - at least from their twisted viewpoint.
StarTrekPhase2 - The Five Year Mission Continues!
Sheesh.
I thought filesharing=communism.
There's even a poster.
Scientists now say the future will be far more futuristic than originally believed
thegodmovie.com - watch it
The attack was launched with source addresses in AS 11393. Not that source addresses mean anything in a synflood. FiberConnexion is a suspected front for MD (and if they aren't they need to drop these shlubs realquicklike).
http://www.cidr-report.org/cgi-bin/as-report?as=AS11393
/. -- the Free Republic of technology.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
It bloody figures that SkyNet spawned from the evil **AA entities :P
Depends on the script language you use.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Currently working for large governemt department. We are assessing bittorrent as a method of distributing large read only databases to multiple servers as a way to reduce load on individual servers and speed up average deployment times. Having said that, the likelyhood of MediaDefender seeing our tracker would be very low as this would be on an intranet with very low exposure to the rest of the net.
This does highlight one important point for us. How do we protect our trackers form hosting any old thing?
A sig is placed here
To display how futile
English Haiku is
Great bandwidth. Everyone knows Wookiees use BitTorrent.
You are being MICROattacked, from various angles, in a SOFT manner.
sales@mediadefender.com
info@mediadefender.com
jobs@mediadefender.com
president: try herrera@mediadefender.com, oh@mediadefender.com,
ceo: try randy@mediadefender.com (personal), saaf@mediadefender.com or rsaaf@mediadefender.com
controller: try: rr@mediadefender.com, rousselet@mediadefender.com
parent company: artistdirect (stock ticker: ARTD)
Investor relations: ir@artistdirect.com
Chairman: diamond@artistdirect.com
CEO: try villard@artistdirect.com, dv@artistdirect.com
Auditors: Gumbiner, Savett, Finkel, Fingleson & Rose, Inc
rgreene@gscpa.com (Ronald Greene) http://marketcenter.findlaw.com/scripts/display_profile.pl?id=173844
Have fun.
If you abandon all attempts at logic and what we the
1. Bittorrent is only used for distributing illegal content. (Whoopsie, that's not always true)
2. Anyone who's running a bittorrent tracker is therefore distributing illegal content. (Only true if 1. above is. And if the entire world has identical copyright laws.)
3. We can determine who's using this tracker by persuading it to track the details of specific files and then subpoena the IP address of anyone who connects to us to download them. (Whoopsie! We can identify an IP address but it turns out that turning that into a guaranteed-correct person's name is actually quite difficult)
4. If they attempt to defend themselves (eg. by blocking the fake files injected in step 3 above), then they're as good as admitting guilt and also they're making it impossible for us to subpoena anything. Therefore, the correct course of action is to take their system off the Internet. (Whoopsie! Except that almost any country with even vaguely up to date laws would consider this highly illegal - and if our target is a legitimate tracker, it may get investigated).
Makes some sense if you're selling a service which claims to stop p2p.
The access is only authorised by court mandate or government. Media Defender is neither. Even if they do it on a site that has illegal torrents, their actions are still illegal. Im not allowed to smack someone in the mouth for littering, despite littering being as illegal as minor assault.
And DoS is illegal even for government. Courts will never issue a warrant to enact Dos. Doesn't matter if the target is hosting government secrets or kiddie porn.
First, anybody know of any patently identical incidents where this happened? If so, it debunks the folloing point.
I'm not taking their side, but the way I read this, the explination "our servers did it" indicates that they had things configured in such a way that they never made the connection between the two incidents. They tapped Rev. 3 to seed false torrents. Separately, they set up DoS attacks on servers hosting lots of torrents, but never made the connection as to what happens when their seeding loophole gets closed up.
Everyone on here acts like these guys are sitting in leather executive tall-back chairs with twisting their handlebar mustaches and wringing their hands menacingly while conjuring up new ways to unleash chaos on all things internet. I completely disagree with what they're doing, but a glaring lack of foresight resulting from stupidity is not the same thing as digital terrorism. I hope that Rev. 3 busts their balls and they end up in a solid set of legal crosshairs, but I find it a stretch to think that these kind of mistakes are premeditated. I understand "our servers did it" very well.
Of course if you truly want your servers to be safe, and who wouldn't, we are introducing a revolutionary new service. As long as you make regular payments, we will be able to verify your site as copyright violation-free, and you will be protected from further DOS attacks.
In other words, never attribute to malice that which is adequately explained by stupidity.
:)
The same can be said for much of what a government does. They're not out to get you...they're just morons
120 characters for a sig? That's bloody useless.
Media Defender Explains Itself: Uhm, yeah. The FBI turned down our applications because we didn't meet the psych profiles, the state police said we weren't in good enough shape, the local police said we were kinda goofy lookin, and the local private security companies said we were just plain losers. So we made our own company where we pretend to be law enforcement and the record companies pay us obscene amounts to make stuff up to help their bogus cases.
As a completely non-aggressive response, our servers should engage in an "internet shunning" of MediaDefender.
Every Linux admin on the planet should put TARPIT (or at least DROP) rules in their firewalls for any address range that comes from MediaDefender.
I'm surprised that most carriers (Sprint Net, AT&T, Comcast etc) don't do this just to protect themselves from those 9Gbps DOS attacks that come down that link.
TARPIT rules are the ultimate "you are not welcome here". They don't have to come to my site, and if they do my site will put them on hold.
It wouldn't stop a SYN flood, but it would stop them from being able to poison your trackers in the first place.
DROPS are second best, of course, but better to put someone on indefinite-hold than hang up on them, especially when both have the same cost for you.
Does anybody have the MediaDefender IP address range available to post?
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press