How To Frame a Printer For Copyright Infringement

An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."

Glad it's in a reputable media source

[pwnies]

While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on /.) will soon realize just how ludicrous these methods are.

Re:Glad it's in a reputable media source

[Tom90deg]

Nobody expects the Spanish Inquisition!

Re:Glad it's in a reputable media source

[TheRedSeven]

Yes, but will this sort of study ever make it to trial in any shape or form that is likely to put the kibosh on the MAFIAAs strongarm tactics?

Unless the little guys can pony up the cash to get these guys as expert witnesses, the MAFIAA will simply commission their own, contradictory study in order to discredit this one.

I hope at some point (and some point SOON) we get a critical mass of people and evidence against the big industry players so that they'll stop this crap. I don't think it'll happen though--there's just too many dollars at stake for them to give up.

Re:Glad it's in a reputable media source

[Mephistro]

I'm a spanish Inquisitor, you insensitive clod!

Re:Glad it's in a reputable media source

[Eudial]

Nobody expects the Spanish Inquisition! Our three weapons are fear, surprise, and ruthless efficiency. And bogus copyright claims. Our four, ... no. Amongst our weaponry are such diverse elements as: fear, surprise, ruthless efficiency, and bogus copyright claims. ... I'll come in again.

Re:Glad it's in a reputable media source

[Hyppy]

Somewhat offtopic, but related to your post. The EFF maintains a mailing list for technologists who would be willing to assist as witnesses or in other ways for cases such as this. When an attorney needs an expert witness for, say, a defense case against the RIAA, the EFF happily forwards it to this list. http://www.eff.org/about/opportunities/volunteer

Re:Glad it's in a reputable media source

[liegeofmelkor]

I think there is another reason to be glad that is more important than being in the media, IMHO. An NSF grant-backed publication from a large research institution will carry some weight in court.

IP address spoofing has been invoked by the defense in previous lawsuits to attack the prosecution's investigation methods, however, this assertion has always had to be provided by an expert witness. A scholarly publication backed by the U of W and the NSF will bolster this point. It might even stick with a jury (who knows). Anyway, this will come in handy in the courtroom, I think.

Re:Glad it's in a reputable media source

[PhreakOfTime]

The other favored method these days seems to be sending out non-sensical Cease and Desist Letters claiming all sorts of things, including copyright infringement, and CRIMINAL charges because someone has a domain that you want.

Caton Commercial engages in this, and seems to find this practice acceptable.

Re:Glad it's in a reputable media source

[DoofusOfDeath]

Nobody expects the Spanish Inquisition!

Ha HAH! The Spanish Inquisition never expected a Hewlett Packard !

Re:Glad it's in a reputable media source

[Shinmizu]

I expected the Spanish Inquisition, but I got mustard instead. Stupid Burger King.

Re:Glad it's in a reputable media source

[city]

Then think of the Inquisitees, you insensitive clod!

Re:Glad it's in a reputable media source

[illeism]

and you are quite unexpected

Re:Glad it's in a reputable media source

[MobileTatsu-NJG]

I'm a spanish Inquisitor, you insensitive clod! Insensitive? He made that joke expecting you to not show up!

Re:Glad it's in a reputable media source

[sm62704]

You must be new here. Amongst our weaponry are such diverse elements as fear, surprise, ruthless efficiency, an almost fanatical devotion to the Pope, and nice red uniforms - Oh damn! I can't say it - you'll have to say it.

Re:Glad it's in a reputable media source

[greed]

"You are accused of heresy, in thought, word and deed! How do you plead?"

PC LOAD LETTER

Re:Glad it's in a reputable media source

[Deadstick]

Oh, bugger.

rj

Re:Glad it's in a reputable media source

[JustOK]

I was expecting ...

PC CARTA de CARGA

Re:Glad it's in a reputable media source

[networkBoy]

Tell me about it
-nB

Re:Glad it's in a reputable media source

And during the trial, when the printer's defense lawyers try to prove its innocent, the witness a.k.a. the fax machine yelled: "You can't handle the truth."

Re:Glad it's in a reputable media source

[rbg]

Bring out the comfy chair!!!!

Re:Glad it's in a reputable media source

[just_another_sean]

...nice red uniforms ... And... A comfy chair!

Re:Glad it's in a reputable media source

[HTTP+Error+403+403.9]

Only old people expect the Korean inquisition.

Re:Glad it's in a reputable media source

[budgenator]

I thought she left because of all the red she made

Re:Glad it's in a reputable media source

[nbowman]

PC Load letter, what the fuck does that mean?!

Re:Glad it's in a reputable media source

[jonbryce]

You have A4 paper in my tray. The computer has asked me to print on Letter sized paper. Please could you insert some Letter sized paper in the tray. (or fix MS Word to use A4 as the default paper size)

Re:Glad it's in a reputable media source

[SleptThroughClass]

It's saying that your letter is not Politically Correct.
To print the letter you have to fix your thinking process and produce a Politically Correct letter.

Re:Glad it's in a reputable media source

[hitmark]

not so sure, it could explain those printer on fire messages i have been seeing lately...

Re:Glad it's in a reputable media source

[anexkahn]

someone should start spoofing MPAA machines of sharing music and RIAA machines of sharing movies...that should make for some fireworks!

Re:Glad it's in a reputable media source

Whoosh!

Indeed this subtle joke was missed by the HP Printer posting on slashdot.

Re:Glad it's in a reputable media source

[sabt-pestnu]

NewYorkCountryLawyer reads Slashdot, and is involved in RIAA copyright litigation, as well as running a fairly informative site on the subject.. I'd say the odds were pretty good.

Re:Glad it's in a reputable media source

[nanoflower]

If people are going to frame innocent people why not make it really useful like framing the MPAA/RIAA servers, or the head of the MPAA. Nothing like setting the MPAA to go after itself for copyright infringement.

Re:Glad it's in a reputable media source

[Fmuctohekerr]

Double whoosh. Also wrong-ish:

The non-intuitive message confuses people for several reasons. The abbreviation "PC" is misleading because it is widely understood -- especially in the context of electronic office equipment -- to mean "Personal Computer", suggesting to many that the problem lies in the computer, not the printer.

http://en.wikipedia.org/wiki/PC_Load_Letter

PC= paper cassette

PC!= computer

PC= personal computer

PC!= the only thing that might use the printer

Re:Glad it's in a reputable media source

[Fmuctohekerr]

that made me laugh very, very hard

Re:Glad it's in a reputable media source

[Hal_Porter]

What's really annoying about it is that if you press OK (or maybe it was called Enter. Basically the big button on the printer), it would go right ahead and print the document rescaled to A4. But you had to be there and know what "PC Load letter" means to do that.

It's actually a sign that you haven't installed Word properly, just used the US defaults instead of picking the correct one for your country. And HP printers don't (or maybe didn't) have the "rescale to fit page" option set by default. Now if you're the sort of person who Googles cryptic error messages and reads all the settings when you install you'll fix it quickly.

But it only takes one non geek in an office to fail to do one of the other of these to gum up the print queue. I've actually seen people walk into the printer room, see the message, swear and reboot the printer and try to print again. Needless to say that means everyone else loses their document. I worked somewhere where I'd see people go into the printer room regularly because "it needed rebooting" until I helped them track it down.

Of course, in a big company all the machines are ghosted with an image containing an OS and Office installed correctly, so you won't see this. But in small companies it causes havoc.

Re:Glad it's in a reputable media source

[rapiddescent]

PC LOAD LETTERMAN

Re:Glad it's in a reputable media source

[pryoplasm]

I, for one, welcome our Inquisitive Spanish overlords...

Re:Glad it's in a reputable media source

[DeadMan3000]

I've emailed that link to one of the people who wrote that paper. Hopefully they will add their names to the list.

Re:Glad it's in a reputable media source

[BuckaBooBob]

They just need to Push the envelope and get the owner of the Printer Served trial documents :)

PC LOAD MUSIC

[GigaHurtsMyRobot]

Maybe now my employer will have to take down that LaserJet IIIp and upgrade to a newer model.

Re:PC LOAD MUSIC

PC Load Music?

WTF does that mean?

Re:PC LOAD MUSIC

[conteXXt]

it's an old printer error message

PC (Paper Cartridge) Load LETTER

(out of letter sized paper)

Re:PC LOAD MUSIC

[omeomi]

whoosh!

Re:PC LOAD MUSIC

From God^H^H^HWikipedia:

The term was popularized by the comedy cult film Office Space. Michael Bolton (David Herman), one of the three main characters, reads the error message from the LCD status display on a fax machine, after which he asks, "'PC Load Letter'? What the fuck does that mean?"

Re:PC LOAD MUSIC

[KillerBob]

http://www.imdb.com/title/tt0151804/

and as somebody else said... *whoosh*...

Re:PC LOAD MUSIC

[porcupine8]

It's an old printer error.

It means you need to restart the printer's download of Geto Boys MP3s.

Re:PC LOAD MUSIC

[LanMan04]

Die mothafucka die muthafucka DIE!

Sweet!

[Hankapobe]

An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of âoeIron Manâ and the latest Indiana Jones film.

1. Download movies and sell them
2. pin it on cop's printer
3. in the meantime while they're arresting the printer
4. Profit!

Re:Sweet!

[McFly69]

1. Download movies 2. Pin it on RIAA's website IP address (76.74.24.143) 3. Let the cops arrest RIAA 4. Peace and Quiet 5. Profit! But seriously... if you can spoof using any IP address (Printer, Website, etc), then everyone can claim it was not them downloading anything and there is not sure way to prove it. Just food for Thought.

Re:Sweet!

[TheGratefulNet]

pc-load-letter.mycompany.com - now I finally have you! bwahahaha.

Re:Sweet!

[despe666]

Ding ding ding! You figured it out. I'm guessing these guys will be very busy being expert witnesses in upcoming trials.

Re:Sweet!

[gstoddart]

But seriously... if you can spoof using any IP address

I don't think you can spoof any IP address. I think you'd still need to be on the same subnet/domain in order for routing to work.

You can spoof your neighbor, but you can't spoof something in a different network range.

At least, I don't think you could spoof an arbitrary IP address.

Cheers

Re:Sweet!

[blitzkrieg3]

Untrue. If the RIAA is able to download copyrighted material from an IP in the network (what the authors termed Direct Detection), then they can confirm that the peer was indeed hosting that material. We are just lucky to have this defense because they leave this step out when dealing with bit-torrent.

Re:Sweet!

[xappax]

From the report:

based on the inconclusive nature of the current monitoring methods, we find that it is possible for amalicious user (or buggy software) to implicate (frame) seemingly any network endpoint in the sharing of copyrighted materials
(emphasis added)

Re:Sweet!

[Stray7Xi]

If I want to send packets to you spoofing as google, then I have to control a piece of networking infrastructure (router, proxy, gateway, switch) between you and google. Otherwise you'll send your replies to google and I'll never see them. But by owning the infrastructure I can intercept the reply and send it back to my real IP.

Presumably they were on the same subnet as the network printer and were just eavesdropping the traffic to the printer.

So short answer is you can't do it for any arbitrary IP (at least two way communications) unless you're part of a major telecom. Otherwise you could possibly blindly send out forged packets advertising they have the file. In TCP protocol they'd have to predict sequence numbers (which are supposed to be randomly generated to prevent this kind of attack), in UDP it may be possible.

Re:Sweet!

[Vancorps]

It is not technically possible to impersonate an address outside your local subnet, however, if they had say a tracker, they could register the ip address in the tracker and when the bad guys connect to the tracker to get the IP addresses they would then have implicated the printer.

There are exceptions of course, you can send out a packet saying it's from any address out there but you can't get two-way communication. Additionally most organizations don't allow source-routed packets these days so doing this is quite difficult as your traffic is more than likely to be blocked.

Re:Sweet!

[complete+loony]

http://wiki.theory.org/BitTorrentSpecification#Tracker_Request_Parameters

# ip: Optional. The true IP address of the client machine, in dotted quad format or rfc3513 defined hexed IPv6 address. Notes: In general this parameter is not necessary as the address of the client can be determined from the IP address from which the HTTP request came. The parameter is only needed in the case where the IP address that the request came in on is not the IP address of the client. This happens if the client is communicating to the tracker through a proxy (or a transparent web proxy/cache.) It also is necessary when both the client and the tracker are on the same local side of a NAT gateway. The reason for this is that otherwise the tracker would give out the internal (RFC1918) address of the client, which is not routeable. Therefore the client must explicitly state its (external, routeable) IP address to be given out to external peers. Various trackers treat this parameter differently. Some only honor it only if the IP address that the request came in on is in RFC1918 space. Others honor it unconditionally, while others ignore it completely. In case of IPv6 address (e.g.: 2001:db8:1:2::100) it indicates only that client can communicate via IPv6. Depending on the tracker, you may be able to impersonate anyone at all.

Re:Sweet!

[Kazrath]

But keep in mind... Comcast and other major service providers are made up of very large subnets. You literally have thousands of choices in your region.

I remember back 7 or so years ago installing PCanywhere and just randomly connecting into dozens of peoples computers (Because they did not setup the security and it was left in wide open access)

Re:Sweet!

[Vancorps]

Actually no, they all use VLSM (Variable Length subnet masks), it is quite rare that you have direct IP communication with your neighbor.

Now if you're talking about something like PC Anywhere that will travel through your ISP's router and go to the correct location, you can test this behavior by removing the default gateway from your machine and seeing what you can still connect to. My bet is that especially with Comcast it will be very little.

Re:Sweet!

[mysidia]

Sorry, I have to debunk the theory that it is only technically possible to spoof a source address on your local subnet, it's just not true.

First of all, you can send people in your local subnet messages with any fake outside source IP you want, and there are various techniques to convince your local subnet's router to send _you_ the response traffic instead of the rightful recipient, so you can have full socket connectivity in both directions.

(I.E. ICMP redirect packets sent to the default gateway, static routes, etc)

Also, there are methods to spoof source IPs outside your subnet, even when sending to destinations outside your subnet, unless your provider is specifically using techniques to block spoofed traffic (which possibly, some are now).

If you can guess the right sequence numbers and port numbers (very hard), then you can even inject data into someone else's live TCP connection, or just force that connection to close (by sending a RST)

Use of technologies such as SSL or TLS protect against sending unauthorized commands or allowing corrupt data to be transmitted, but don't protect against a third party forcibly closing the connection.

Spoofing outside the subnet is just extremely difficult, and fairly improbable for targets utilizing modern TCP stacks -- but theoretically possible; IRC networks used to have problems with script kiddies generating spoofed clone floods.

(This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)

Receiving traffic in both directions over a spoofed connection is also possible, but hard, I.E. requires hijacking the legitimate equipment's IP, and fooling network equipment into sending traffic to the wrong place (the spoofer's computer).

I'm not saying it's easy, safe, invisible, non-destructive, or you won't easily get caught, but I must say that such spoofing is 100% possible.

Re:Sweet!

[mysidia]

Actually no, they all use VLSM (Variable Length subnet masks), it is quite rare that you have direct IP communication with your neighbor.

VLSM alone isn't enough; your PC still needs a valid subnet mask, which can't be 255.255.255.255, and you _do_ still need to have (indirect) IP connectivity with your neighbors' IPs, to share files, or chat, for instance.

The ISP either NATs you, gives you a /30 (1 IP, 1 network id, 1 broadcast address), or utilizes equipment that does something more creative to conserve IPs.

On an old cable network, there is a faint possibility you have Layer 2 physical connectivity (or fall within the same broadcast domain) with your neighbor.

But it is more likely that the subnet you see is merely an illusion created by your provider's equipment. The other "local subnet" ips are actually ip addresses bound to the ISP equipment, I.E. Your ARP traffic received only by the ISP device. And for any IP you request an ARP binding for, the ISP equipment responds with the MAC address of your default gateway, and only the ISP equipment sees any of your Layer 2 (broadcast) messages.

Re:Sweet!

[Vancorps]

Sorry, at some point when it's so extraordinarily difficult to do you just accept that it's impossible. Sending source-routed packets out is very difficult these days unless you have an old school ISP like an AT&T or a business pipe.

Most of the problems of the 90s were indeed solved and much of the issues you describe went the way of the dodo then. At this point is so easy to secure against these types of attacks that any ISP would be negligent not too.

Also most of your techniques involved compromised routers, once you have a router compromised anything is possible so the whole discussion is moot.

Still, OSPF on the inside an BGP on the outside all use authentication if done properly so much of what you describe is exceedingly difficult to the point where it's not worth mentioning. Two-way traffic is pretty much impossible without compromising other systems first as as you said.

It's like physical security, it's never 100% safe, but at a certain point you accept that it's not going ot be compromised. This behavior shouldn't prevent you from doing due diligence in the future to maintain security since it is a process but your focus is on other attack vectors.

Re:Sweet!

[Vancorps]

Yes, we agree exactly. Indirect IP connectivity is through the ISP's router and not a direct connection to your neighbor. Some cable providers don't do this well as you say, they are in the same broadcast domain with their immediate neighbor but there are never very many customers on a single pop.

A good number of ISPs use transparent proxies as you describe as well which further makes direct connection difficult. Of course most of the transparent proxies only function with HTTP traffic so anything with a different protocol bypasses the proxy and goes straight out but still has to go through a router before it hits another customer.

Re:Sweet!

[mysidia]

Sorry, at some point when it's so extraordinarily difficult to do you just accept that it's impossible.

Believed to be exceedingly difficult doesn't equal proven impossible.

The word 'impossible' refers primarily to occurences that would create a logical contradiction or physical law, so that they actually can never happen.

If something might happen, via difficult known techniques, or via unanticipated techniques (of unknown difficulty), the word impossible does not apply.

If business pipes exist, and one is needed to spoof an IP, you can bet the bad guys will find a business pipe.

Remember the Youtube IP hijacking? Very recent.

There's not very much reason to believe business networks are so trustworthy. Their systems can possibly be compromised also, hence a method of IP spoofing.

Also most of your techniques involved compromised routers, once you have a router compromised anything is possible so the whole discussion is moot.

Compromise of a Tier-1 ISP border router might occur.

There is no basis for assuming that they cannot be compromised by techniques we currently do not know about (but an attacker potentially does).

It's true that security is never 100% safe. I also never hear of anyone being able to use the phrase "impossible to hack" system.

Just because you don't currently know of an easily-exploitable vulnerability does not mean that it is impossible to compromise the system.

Extraordinary difficulties are often taken by the bad guys as 'challenges to be overcome', and there is no proof they can't overcome them, hence the word 'impossible' again does not apply.

Re:Sweet!

[Thelasko]

So you're saying there's a chance.

Re:Sweet!

[xappax]

It's as you say - some bittorrent trackers allow you to specify a different IP than the one you've connected from as the peer IP.

Then, the MPAA connects to the tracker and gets a list of peers, including the fake IP you register. And since they're lazy, they don't bother to actually download the torrent, they just make a list of all the IPs and start sending out letters.

Re:Sweet!

[Vancorps]

Oracle used the term "unbreakable" for quite some time and didn't stop because it was broken.

As I said, at some point other attack vectors are far more important to spend your energy and resources on which is why I said it's not worth worrying about.

If a Tier 1 border router is compromised then that provider has serious issues and is likely to go under considering how much traffic goes through peering links.

Also in regards to the Youtube IP "hijacking" which is not what it was at all, that was a situation where a government ordered a private party with access to make the change. This is a different attack vector.

In the case of business pipes if you are doing anything illegal with them your ISP will have no trouble shutting you off unless you're buying a 9gig pipe. There are always a way around the system, but even business networks are starting to get filtered due to worm attacks of the past.

The only time my firewall warns me of IP spoofing is when an internal server does something unexpected which causes me to go and look at the server. Usually a developer did something funky or I had routing issues in the past when everything was all static routing and not OSPF.

Security is indeed a process, it's also a risk management game, if you spend time on vulnerabilities that are exceedingly unlikely to happen then you will neglect more important vectors and end up with a compromised system.

Re:Sweet!

[Phroggy]

Sending source-routed packets out is very difficult these days unless you have an old school ISP like an AT&T or a business pipe. Or full control of a virus-laden Windows box at a company connected through a business pipe from an old-school ISP?

Re:Sweet!

[irc.goatse.cx+troll]

(This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)

I thought that was more to prevent people from abusing open FTP sites with the 'ftp bounce attack' All you had to do was upload a text file containing the commands you wanted, like
USER ADFGHDFKJGH KSDJGSDF KGH SDKF H
NICK GJKHDSKJGFS
JOIN #COOLKIDS
PRIVMSG #COOLKIDS: AAAAAAAAAAAAA
PRIVMSG #COOLKIDS: AAAAAAAAAAAAA
PRIVMSG #COOLKIDS: AAAAAAAAAAAAA
[etc]

then download it back off the server, but telling the server your ip/port you want to recieve the file is irc.whatever.org 6667

This of course depends on the ftp site allowing remote ips to be used, but most did and a lot still do.

Re:Simply send this message to the printer:

[Jor-Al]

What the hell does that mean?

Wow ....

[gstoddart]

So, will we have a variant on the Chewbacca defense?

"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit ... if the toner cartridge won't fit, you must acquit."

Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.

It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."

Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman. :-P

Cheers

Re:Wow ....

[OglinTatas]

Why would a printer, an inanimate object with no reproductive organs... In other news, printers now have reproductive organs

Re:Wow ....

[gstoddart]

In other news, printers now have reproductive organs [slashdot.org]

Time for some hot printer on printer porn. "American Printer Bukkake" should be a best seller I figure. :-P

Cheers

Re:Wow ....

[sunwukong]

What the .... ?

Why the hell is this printer out of toner, again?! And where the hell is all of the kleenex?

Re:Wow ....

[rmadmin]

Rule 34, in full effect. *unF*

Re:Wow ....

[fmobus]

just registered some domains for it http://www.hotprinterporn.com/ http://www.2printers1toner.com/

Sweet!

[Layer+3+Ninja]

Time to exact my revenge on that stupid Lexmark E240 of the 5th floor.

Re:Anonymous Coward

Oh shut the fuck up Anonymous Coward.

And?

[Colin+Smith]

Were the printers imprisoned?

Re:And?

[Idbar]

More important, do they have to be defended by lawyers, or can the fax machine do the job?

Re:And?

[powerlord]

I'm not sure, but I hear the PBX is looking to consolidate things into a Class Action.

Re:And?

[EMeta]

Just the fax, ma'am. Just the fax.

Re:And?

[kiehlster]

I dunno, I hear those fax signatures can be forged. You're gonna have to put the washing machine in spin cycle and have a waffle iron notarize it.

Re:And?

[kesuki]

but where will we get a jury of their peers? the local area network?

Re:And?

[no1home]

But what about actual evidence? Were the movies and MP3s sitting there in the printer's output try?

Re:And?

[catbertscousin]

My keyboard is now covered in coffee. That was beautiful.

Re:And?

[Oktober+Sunset]

Printers are evil demons sent from another realm to taunt us. They only work as cover, until they are accepted into the office ready for the moment when the most important document ever come along so they can mangle it then taunt the user with bizarre messages and trap their fingers in rollers as they try to extract bit of paper from their innards.

As I said

[davburns]

It's so nice when one's uniformed speculation is proved correct.

Yay.

Re:As I said

[KevinKnSC]

I don't see how what you wear while speculating is relevant.

Re:As I said

[davburns]

Good catch. One missing 'n' makes a lot of difference. I *did* preview. And spell-checked. A grammar checker would not have helped.

Oh, well. Have fun.

Re:As I said

[FooAtWFU]

It all depends on the uniform. Someone dressed like a cop or Secret Service agent will get more credibility than, say, the attendant at the local Hot Dog On A Stick.

Re:As I said

[Kamineko]

Presumably, while speculating, you'd at least wear glasses.

If the right people get framed...

[the_womble]

....it might change things. Legislators in the US and EU, for example.

Re:If the right people get framed...

[Jor-Al]

Nah, they'll weasel themselves out of it through some sort of retroactive immunity.

Re:If the right people get framed...

[anotherdjohnson]

Either that or they'll blame some poor lowly intern.

Re:If the right people get framed...

[CraftyJack]

...or "overzealous staffer".

Re:If the right people get framed...

[Thelasko]

....it might change things. Legislators in the US and EU, for example. I don't like to name names, but...
*Cough*Cough*
excuse me.

Clippy helps me steal

[DeadDecoy]

Clippy: Looks like you're making a letter. Would you like help?
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *

Re:Clippy helps me steal

[DaveM753]

See, this is exactly why nobody likes Clippy. If Microsoft wants people to like Clippy, get him (it) to say stuff like

Clippy: Looks like you're infringing on a copyright. Would you like DVD5 or DVD9? ...much more useful. (Uh oh. I'm off-topic... apologies)

iron man url and tracker

[conteXXt]

I appreciate them giving me a tracker and url for iron man. Haven't seen it yet.

(just kidding, I'll wait for it to be released on dvd first)

Re:iron man url and tracker

[PopeRatzo]

(just kidding, I'll wait for it to be released on dvd first)

How quaint!

Re:iron man url and tracker

[Rob+T+Firefly]

(just kidding, I'll wait for it to be released on dvd first) You're in luck. Yesterday in the subway I walked past a guy who had a dozen copies spread out on a blanket in front of him.

Re:iron man url and tracker

[Taibhsear]

I appreciate them giving me a tracker and url for iron man. Haven't seen it yet.

(just kidding, I'll wait for it to be released on dvd first) So you can get a good quality torrent? Man those cams suck... I mean...

Ridiculous!

[saterdaies]

This is completely ridiculous and I'm sure any judge would see a printer downloading copyrighted songs as completely silly.

So, anyone wanna help me get NetBSD on my Epson?

Re:Ridiculous!

[myxiplx]

This is slashdot... home of geeks... think outside the box a little, then re-read the parent post.

Too flimsy

[Endo13]

While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.

1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.

Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.

We need some heavy ammo to shut them down, and I'm afraid this is not it.

Re:Too flimsy

[gstoddart]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Well, it does two things.

First, it shows that you can get a subpoena for not actually doing anything illegal. Presumably, connecting to a tracker isn't illegal.

Second, it begins to dispel the myths that the content holders have perpetuated about how they actually gather their evidence and if the collection methodology is valid.

I think actual University research which is covered by the NYT might be an awful good start. It's by no means everything that needs to happen, but starting to establish that their data collection is faulty is better than nothing.

Cheers

Re:Too flimsy

[link-error]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing. Actually, that is the worst part.. they are sending out take-down notices/suing people that didn't download anything..
    Remember, innocent until proven guilty. They aren't even trying to actually determine this.

Re:Too flimsy

[Bryansix]

Maybe you missed the part where they framed the printer? The point is they just connected to a tracker but in real life what is more likely is that the guy in the dorm next to me is actually downloading the film that he didn't pay for but he pins it on me who wasn't involved in doing any copyright infringing at all. THAT IS THE POINT. Too many cases get brought up that are accusing the WRONG PERSON of doing the infringing.

Re:Too flimsy

[s.bots]

It only points out two things, both of which are already commonly known by almost everyone in IT. And that's why this is relevant. Because it is not common knowledge outside the IT field, and it makes an appearance in the New York Times. The article could be more in-depth, or provide more conclusive evidence I agree, but getting the facts out there to the average (NYT reading) Joe is a good first step.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing. True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate.

Re:Too flimsy

Did you miss the part where any malicious client can send an alternate client IP address to a tracker which supports the appropriate protocol extensions; the tracker will then report that IP address as participating in the swarm?

Also, consider this: As commonly compressed, each reported peer takes up essentially 6 bytes; 4 for the IPv4 address, 2 for the port, because the less data the trackers have to push out during a scrape, the better.

That gives a two-third chance that any corruption (undetected by the embarrassingly small IP checksum) of any single byte in that packet would falsely implicate an IP address.

Look at how often your client gets bad data owing to something corrupting it on the way or faulty network gear; corruption that BT itself detects through piecewise SHA-1 hashing.

But the scrape is not protected against this, and given the number of automated requests issued, it's highly likely that many innocent IP addresses have been targeted (and indeed, ask around; all the anecdotal evidence strongly supports that hypothesis).

Further, this is solid evidence that the same enforcement companies providing data used for RIAA and MPAA lawsuits have a methodology which is not only flawed, but falls far short of what might be considered due diligence; they are believing the responses of servers which could very well detect that these are so-called "Judas nodes", and deliberately provide responses seeded with bogus requests... ...or servers set up by other monitoring organisations as malicious trackers, which are, amongst other things, deliberately reporting non-existent clients to attempt to frustrate their malicious torrents.

Even worse if they're believing peer exchange or DHT inserts. This is actually pretty damning evidence against their reliability.

It also contains easily enough information for just about anyone with enough resources (for example, The Pirate Bay) to identify with a high probability all of the IP addresses currently used by reporting agencies. And block them, and maybe even tell us what they are, because the agencies are rapidly running out of blocks (especially if they're going to launch synfloods from them and risk getting their transit cut off).

Thanks, guys. Nice work there. I hope one of you springs for the printer's bail bonds. :-)

Re:Too flimsy

Connecting to the tracker does not violate any laws, period. Actually downloading or uploading might.

What this exposes is that the *IAA are basing their take down letters on you simply connecting to a tracker. They are not doing any investigation to see if you ARE file sharing, just assuming you are and sending letters, lawsuits, etc.

Re:Too flimsy

[Applekid]

[This] article is very weak . . . [it] only points out two things, both of which are already commonly known by almost everyone in IT. Granted, but the study is being reported in the New York Times, not a trade magazine. Now we don't have to stroke our neck beards and demand the ignorant just understand, we can just point with "hey, look, it's in the New York Times," and continue to stroke our neck beards because, frankly, it's quite soothing.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing. Here's the detail, though, should connecting to another computer, something as simple as a handshake, immediately trigger a Cease & Desist? If it goes for BitTorrent connections to trackers, why not just web pages that serve .torrents that have instructions for the BT client to connect to a tracker? Why not the search engine that crawls the page? Is it ok that someone gets on some scary BOLO list for the FBI just by pinging Google to see if their connection is up because Google could be used to assist in finding torrents to use in infringing copyright?

MAFIAA tactics like this one only demonstrate that they are systematically exploiting the fact that it is extremely difficult for the courts to make a distinction between connecting to a tracker with intent to violate copyright and, you know, actually swapping packets with someone with the goal of collectively violating copyright.

No matter where you stand on Intellectual Property clearly any method of discovery that could implicate a PRINTER of all things is the wrong way to go.

Re:Too flimsy

[Endo13]

The point is, if you're caught connected to a tracker for a copyrighted torrent, it's valid to assume you're not there just to monitor it (unless of course you're one of *them*). I do totally agree with the whole innocent until proven guilty point, but that hasn't seemed to stop them much so far. It's just, I'd be surprised if they don't have one of their own guys tear apart this article and cause it to backfire somehow. And who knows to what ends they might go to get a law passed, enforcing all DHCP connected to the internet to be documented every minute. After all, people are "stealing" their stuff, and it's just not fair if they can't rob them for 1,000x more than the "stolen item" was worth.

Re:Too flimsy

[gstoddart]

Actually, that is the worst part.. they are sending out take-down notices/suing people that didn't download anything..
        Remember, innocent until proven guilty. They aren't even trying to actually determine this.

Nope, these are civil matters.

Not innocent until proven guilty. Innocent until we can make it look probable, mostly with the use of faulty techniques for gathering data and identifying individuals.

This is not a case when innocent until proven guilty comes into play.

Cheers

Re:Too flimsy

[Endo13]

and the burden of proof needs to rest with the RIAA to demonstrate that you are a "pirate" by your actions, not simply guilt by association I could not agree more. The problem is, currently IP addresses are the only means of "proof" they can reasonably get. There really is nothing else. Sure, they can take that extra step and make sure every IP address they're accusing is actually transferring portions of the torrent files, but really what's the point? If you're connected to the tracker, odds are about 99,999,999,999 to 1 that you're uploading or downloading -- or at least trying to. And whether or not you are is kind of a moot point - their results are still only as valid as the only data they can collect: IP addresses.

In short, all this information can ultimately do is put more burden on everyone else to keep better records of IP addresses so their "proof" is valid.

Re:Too flimsy

[Endo13]

[sarcasm]Yes, of course I missed the part about the printer.[/sarcasm]

What I did miss was their explanation in the article on exactly what they did to get the printer implicated.

Re:Too flimsy

[sm62704]

And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

And Linux users commonly connect to torrent trackers to download new distros. Mucic lovers commonly connect to trackers to download indie music the copyright holder wants shared.

So what, exactly, is your point there?

Re:Too flimsy

[bigstrat2003]

No, it's still innocent until proven guilty. The standard of proof is just different.

Re:Too flimsy

[assassinator42]

The IP spoofing described in this paper wouldn't allow for that. It involves telling a tracker another IP address to use instead of the one you're connecting from. Thus he couldn't actually download the illegal content.
The article does talk about mistaken identification based on a shorter DHCP timeout than tracker timeout, which might be closer to what you're talking about. That could be extended by manually setting your IP address to one authenticated by someone else. This is especially possible in a dorm setting where you're on the same LAN. Just copy the MAC an IP addresses of someone who's already authenticated but has since disconnected.

Re:Too flimsy

[link-error]

    They spoofed the return IP address in the packet they sent to the tracker. Of course, the reply was returned on deaf ears, but the the MAFIA had already logged the source IP as an offender.

Re:Too flimsy

[Endo13]

Even more interesting is another thing they mention in the paper, but conveniently leave out of the article: not all trackers can be spoofed in this manner.

Also, you'll run into some issues trying to copy someone else's IP on a LAN. You'd first have to force another IP address to their PC before you could grab the one they had. Which would be just as effective, unless your DHCP server keeps a time-stamped record of all IP addresses and changes.

Re:Too flimsy

[Sloppy]

If you're connected to the tracker, odds are about 99,999,999,999 to 1 that you're uploading or downloading -- or at least trying to.

Not anymore. Thanks to this paper, people are going to connect just to inject noise into the system.

Re:Too flimsy

[SBacks]

True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate. First off, I totally agree with what you're saying. Someone who was totally innocent got accused of doing something wrong, and that shouldn't happen.

However, this is what court cases are for. They determine if you were actually doing something illegal, or if you were just an innocent bystander.

Actually getting arrested/sued doesn't require a massive amount of evidence, nor should we really expect that. Imagine a warehouse full of drug dealers dealing their drugs. You're there, but neither selling nor buying drugs, just watching it all. If the place gets raided, you certainly wouldn't be shocked if you were arrested along with everyone else.

Re:Too flimsy

[Endo13]

And that's why this is relevant. Because it is not common knowledge outside the IT field, and it makes an appearance in the New York Times. The article could be more in-depth, or provide more conclusive evidence I agree, but getting the facts out there to the average (NYT reading) Joe is a good first step. And the **AA's can just as easily get some of their own IT "professionals" to put out an article pointing out flaws in this study. That's what concerns me. A study like this with even some of its credibility cast in doubt is generally worse than none at all.

True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate. Yes, but when has the **AA ever cared about that? They'll find some way to make this everyone else's fault as well.

I know I'm being too cynical, but somehow in light of all they've managed to get away with over the past few years, this just doesn't look like it's going to be strong enough stuff to hurt them at all.

Re:Too flimsy

[Endo13]

You're probably right. And that could be the one good thing that comes from this.

Re:Too flimsy

[spazdor]

Given that it's legal (maybe not easily explainable) to monitor a tracker without downloading it (naturally this is the case, otherwise RIAA/MPAA could not gather evidence without themselves breaking the law) then that will be our "I'm Spartacus!"

Let's write a client that automatically spiders the torrent searches and connects to the trackers. Thousands at a time. We are all just watching the tracker for informational purposes, as is our right.

Re:Too flimsy

[Bryansix]

Wait a second here. Do you really think the RIAA has the ability to get a hold of DHCP logs? They usually never have access to that stuff to start with. They send the take-down notice before they file a court case. This is the point!

Re:Too flimsy

[quanticle]

No, they were just connecting to the tracker.

Well, they connected to the tracker yes, but the key point of the research is that they were able to frame IPs that were not connected to the tracker (like the network printer and wireless access point). In other words, they were able to pass the blame onto a completely innocent bystander.

And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

And who says you have to be a pirate to connect to a tracker? What if you just want to get a baseline for the amount of bittorrent traffic on the internet? What if you're doing research into the use of bittorrent-like protocols to implement a distributed storage system? There are many legitimate reasons to connect to a tracker and "do nothing", as it were.

Re:Too flimsy

[coyote-san]

I vaguely recall there being a key legal point that you have to be able to simultaneously point to one party and exclude all others. Check with a lawyer (or law school student) to be sure.

The reason is to prevent an "I was framed!" defense as much as preventing framing innocent parties. It's not unheard of for people to plant evidence of their own guilt. Discredit the planted evidence and most people will (reasonably) have a lot of doubt about the rest of it.

Re:Too flimsy

[Necreia]

Imagine a warehouse full of drug dealers dealing their drugs. You're there, but neither selling nor buying drugs, just watching it all. If the place gets raided, you certainly wouldn't be shocked if you were arrested along with everyone else. Now imagine this same situation where you're not even home that day, and you get arrested. That's what's happening with these printers. They weren't connected to the tracker, but they got dinged because that IP was spoofed.

Re:Too flimsy

[tribaal]

If you're connected to the tracker, odds are about 99,999,999,999 to 1 that you're uploading or downloading -- or at least trying to. So all that tracker operators have to do, is include a few "legal" files (indie music, linux iso) to download/upload. There would be a valid reason to connect to that tracker, so without content inspection, there's no way of if it is legal or not.

Re:Too flimsy

[jimicus]

[sarcasm]Yes, of course I missed the part about the printer.[/sarcasm]

What I did miss was their explanation in the article on exactly what they did to get the printer implicated. Clue: It's in the paper the article references.

Re:Too flimsy

[networkBoy]

What is your defense was that you actually monitor *tons* of trackers, looking for say popularity spikes/curves/what have you; and when they try to bulldog you you produce the data of your analysis:
I.e. linux distro trackers surge in the hours following a release, the curves for TV shows, movies, games, books, whatever.
So long as you don't claim you didn't download anything you have committed an error of omission, not a factual lie (IANAL), assuming you did download the torrent in question. However, so long as you didn't download that particular item you could in-fact claim you did not.

Might even be helpful to release an oss tool that simply connects to trackers and compiles this kind of data, if enough people ran it (distributed ap?) you could vastly increase the noise level.
-nB

Re:Too flimsy

[jabuzz]

Except printers are generally assigned static IP addresses, cause it just makes life so much easier. Yeah you can do dynamic DNS updates in tandem with the DHCP offer, but it is just not worth the effort, and still has issues.

Would you put your file server on a dynamic IP address? Didn't think so, you don't put servers on dynamic IP's and a printer is effectively a server.

Re:Too flimsy

[Bryansix]

Yes but in reality they could borrow my DHCP lease by cloning my MAC address while my computer was off. If they did it quick enough I would get the same IP back later and it WOULD look like I was the one doing the downloading.
Furthermore even if this didn't happen a future downloader might tell the tracker of millions of spoofed IP adresses just to throw up a dust cloud around it's own activity. These people might in turn receive real take-down notices even though they did nothing.

Re:Too flimsy

[Endo13]

Yes, I knew it was. Notice the careful wording of my post you responded to. Given that the big "shocker" part of the story is the fact that they got a printer implicated, you'd think they'd have the decency to at least give some small explanation. But of course, the just left it in the 'fine print' since the method they used isn't one that even works all the time.

Re:Too flimsy

[Endo13]

I would think they could get a warrant to see such logs. After all, it's exactly the kind of proof we're saying they should have before they send take-down notices.

Re:Too flimsy

[Bryansix]

Well do me a favor and look up the last time anyone got a warrant over a copyright infringement. Hint: It's not a criminal offense.

Re:Too flimsy

[complete+loony]

Sure he could. He can still get a list of peers from the tracker or from the tracker-less protocol or from other peers running the peer exchange extension. He wouldn't get any incoming connections if nobody knows he exists, but he can still connect out to other peers if he can find where they are.

Re:Too flimsy

[schon]

The point is, if you're caught connected to a tracker for a copyrighted torrent, it's valid to assume you're not there just to monitor it No, the point is, if you're not connected to a tracker, but their software says you are, you still get harrassed.

Unless you care to explain to me how an unmodified printer can connect to a tracker.

However it's quite obvious (from the use of your term "copyrighted torrent") that you have no idea what you're talking about. (Hint: if you mean a torrent in which the files are copyrighted, that would include *EVERYTHING*, including Fedora or Ubuntu ISOs.)

Re:Too flimsy

[Endo13]

No, the point is, if you're not connected to a tracker, but their software says you are, you still get harrassed. Yes, that's the point they were trying to make. It's not the point of this particular thread. And your post is off-topic.

However it's quite obvious (from the use of your term "copyrighted torrent") that you have no idea what you're talking about. (Hint: if you mean a torrent in which the files are copyrighted, that would include *EVERYTHING*, including Fedora or Ubuntu ISOs.) Unless you're a lot dumber than I'd think you are, you knew exactly what I meant. And no, I'm not interested in your semantics game.

Re:Too flimsy

[reiley]

No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing. Well maybe we all SHOULD connect to many trackers and do nothing with the file being tracked. That would cause havoc for anyone trying to see whos downloading what.

Re:Too flimsy

[irc.goatse.cx+troll]

Your ip would still be under the hash that is for an illegal file -- They aren't just running netstat on the tracker box, the IP's are listed based on hash they asked for/advertised.

That, and the presence of legal content really doesn't help. Just ask Napster. Or mp3.com

Rigged to involve printers...

[An+anonymous+Frank]

How many printers does it take to pretend to download a file?

or...

How many peers on an "infringing" torrent might actually be, ..., "just looking"?

Won't these (scientists) fall under a reasonable false-positives margin, considering it's not in a peer's nature to sit back and enjoy the smell of fresh pulp?

Re:Simply send this message to the printer:

[cashman73]

Sadly, said printer didn't just go to Federal PMITA Prison. Oh no! It got the Death Penalty,...

Re:Too flimsy...not really

[Fallen+Kell]

Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.

Frame everybody

[FranTaylor]

With this approach, it seems like it would be possible to frame every Internet user, or at least a significant number of them. What a monkey-wrench that would throw into the works! The modern version of 'I, Spartacus'.

Any other bright ideas?

[kiehlster]

How about we start framing security cameras and other IP-enabled devices. This brings new meaning to automated homes. "I swear officer, it was my toaster oven that was downloading those mp3s."

Re:Big surprise!

Please don't confuse an RIAA investigation with a police investigation. The RIAA are not the police (yet....)

Re:Simply send this message to the printer:

[compro01]

But I'm trying to print on legal!

The time has come

[gmuslera]

We need an UN declaration on Machine Rights. There are no punishment for smash, throw out windows, sued for file sharing without a fair judgement or even (is hard for me to write this, human cruelty have no limits) install windows in them.

How you think a singularity will decide to show up in such environment?

Re:Big surprise!

[gorbachev]

"In fact, isn't it a crime to try to fool the police into thinking you're committing a crime?"

But they're not fooling the police. They're fooling MAFIAA. They're not the police.

Yet.

Trial by Jury

[FnordX]

I hope that the printer gets a good lawyer and demands a trial by jury.

Hell, I hope that it even takes the stand in its own defense!

Re:Trial by Jury

[Cro+Magnon]

Hell, I hope that it even takes the stand in its own defense!

I wouldn't recommend that until I know what file system it uses.

Re:Trial by Jury

[PRMan]

The printer may not have much to say on the witness stand, but I bet it submits a top-notch affadavit.

Re:Trial by Jury

[Ant+P.]

In all seriousness they should go to court with this. I'd love to see how long they can drag the case on before the judge throws it out.

Re:Big surprise!

[steelfood]

Your analogy is flawed. For starters, murder is a criminal act. Said copyright infringement (for now) is by and large civil.

The police's job is to maintain public safety and order. They are bound by certain rules of engagement, like warrants and probable cause. The MPAA is a trade association, and a representative of media corporations. They are not bound by anything except the size of their wallets.

has the mafiaa ever fought an IT guy?

[TheGratefulNet]

I have not read about this - has anyone heard any anecdotes on this subject?

I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?

so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.

Re:has the mafiaa ever fought an IT guy?

[TheGratefulNet]

that wouldn't be a blackhat, then, in my book ;) it would be someone who points out how WEAK an 'ip address == one person' attack is.

wouldn't it be funny if some high profile politician's home IP appeared on the mafiaa hit list.

the current US administration is really big on 'the end justifies the means' and so maybe it WOULD be justified if a BH/WH spoofed an IP block belonging to someone 'rich and famous'. bad ideas and bad laws need the light of day shown on them or no one will know.

Re:has the mafiaa ever fought an IT guy?

[powerlord]

that wouldn't be a blackhat, then, in my book ;) it would be someone who points out how WEAK an 'ip address == one person' attack is.

Nah ... its just someone trying to get the U.S. to move to IPv6 :P

Re:has the mafiaa ever fought an IT guy?

[rhizome]

so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.

Sure, just tell them you don't understand what they're looking for. Make them describe it in detail over multiple replies, up to and possibly including their flying and/or hiring someone to tell you how to do it on-site. Just play dumb.

Re:has the mafiaa ever fought an IT guy?

[irc.goatse.cx+troll]

; but I wonder if anyone who knows networking ever called their bluff

The problem is anyone that actually knows their stuff is first off likely busy and can't take the time off work/potentially huge financial loss from fighting it, and second off is likely guilty on some level. Maybe not of the exact crime listed, but I find it hard to believe theres any knowledgable sysadmin types that have never broken copyright law (knowingly or not), considering how easy it is to do so. You pretty much have to go out of your way not to.

Re:has the mafiaa ever fought an IT guy?

[TheGratefulNet]

you raise 2 points:

1) that its expensive to fight city hall. it may be true in terms of your time, but my question was that if you represented yourself as an expert (assuming that you are) - do they have any REAL evidence that can stand up to technical scrutiny? many sysadmins are salaried and they are not on the clock every single hour. life happens and if you are sued, you have to deal with it - just like any other life event.

2) that you may have downloaded 'stuff' before. so what? are you using some kind of 'guilty concience' excuse for them? either they have real factual info about person X breaking the law by downloading Y or they do not. any previous actions of this person (or future ones) don't enter into this situation.

so I repeat - is there any example - OTHER THAN SPECULATION (which is all I've seen in this comment thread so far) where a tech savvy defendant asked for actual and specific info? I'm curious what info 'they' are presenting and what defense strategies have or have not worked. if no real examples, then I guess the next best is speculation but I'd really like to know if anyone has come across defendants in real cases calling their bluff or at least successfully defending themselves.

it seems that the mafiaa are basing their WHOLE premise on "one IP = one person" and that just has no technical weight at all, especially given NAT address compression that *most* people run on their home networks. are the courts really so dumb that they'd agree with IP==person argument that the mafiaa uses?

The New Way To Evade Detection

[Nom+du+Keyboard]

1: Find a network printer assigned an IP address.
2: Set your NATting wireless router to mimic that printer's MAC address.
3: Insert your NATting router between the printer and the LAN and steal its IP address.
4: Connect to router and fileshare to your heart's content.
5: Watch printer be arrested for your piracy.
6: PROFIT!

Re:The New Way To Evade Detection

[digitrev]

Umm, they did mention that only about 5% of the swarms actually accepted their spoofed IP addresses. So you're rolling a d20 and hoping for a 1 to survive.

Re:The New Way To Evade Detection

[kesuki]

i think using onions routers or whatever would be easier.

Re:The New Way To Evade Detection

[DRAGONWEEZEL]

A rolling a 1 on a D20, while maybe not the best of odds, is a pretty good chance as n rolls increases.

If you had a 1/20 chance of winning say a free tank of gas every time you fill up at joes gas station, would you fill up there? Even if it cost a few pennies more / gallon?

I don't know about you but I fill up about 28 times / year @~ $60/tank. Even if gas was $.06 or even $.12 more / gallon it'd probably be worth it.

LoL @ car reference jokes to follow.

Really though the internet is massive. 5% isn't bad at all.

Frame Mitch Bainwol...

[AmishElvis]

...Chairman and CEO, Recording Industry Association of America.

Re:Big surprise!

[Sneftel]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder. Investigated, sure. They'll cordon off your yard, bring in body-sniffing dogs, dig everything up, search your garbage bags, find nothing, and conclude that you were just fucking with them. They would do this, rather than immediately strapping you to the electric chair, because "first degree hacking up of people into little bits" is a criminal matter, not a civil one, and circumstantial evidence is not sufficient for a criminal conviction. It's not "beyond a reasonable doubt". In the civil arena, though, the standards are much looser. The evidence that the **AA collected, and used to send threatening notices, are the beginning and the end of the investigation. They are the full extent of the evidence presented in court, and up until now that's often been good enough for the court to find in their favor. IOW, if you can get a takedown notice sent to your printer, you can get a thousands-of-real-money-dollars legal judgment levied against some random guy you don't like. That's what's a surprise. (Or not.)

Re:Big surprise!

[bhtooefr]

The point is that they... #1, only connected to the tracker, and didn't download anything, and #2, were trying to prove a point. They successfully proved that point.

Also, they weren't trying to make the police think they were doing something illegal, they were trying to get C&Ds from the RIAA.

Re:Big surprise!

[d34thm0nk3y]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.

Re:has the mafiaa ever fought an IT guy?YES

[Nom+du+Keyboard]

I have not read about this - has anyone heard any anecdotes on this subject?

Yes. There are many stories now by the people who have had to process them of the RIAA sending DMCA takedowns and subpoenas with IP addresses and timestamps where the logs show no DHCP or static IP addresses allocated for the times in question. Some IP addresses were in ranges never allocated.

Re:Big surprise!

[xortin]

Terrible analogies How about mediadefender sharing fake files that compares to your "fake gun" that looks real otherwise besides connecting there is no action your saying someone who shares files (faked) and downloads files (fake) would still be breaking the law which is maybe true. This compares to your fake body in front yard. This is in fact not what they did.

Is this safe?

[Nerdposeur]

What's to prevent the RIAA from having fake "experts" volunteer to do this, only to offer easily-refuted arguments in court?

Re:Is this safe?

[gstoddart]

What's to prevent the RIAA from having fake "experts" volunteer to do this, only to offer easily-refuted arguments in court?

What? Conspire to subvert the legal system, and come close to perjury? I say, bring it on and let the jail terms fly.

Presumably, the EFF would vet their people, but I should think intentionally doing what you suggest might get you some kind of sanctions.

Then again, your cynicism might not be completely unfounded. Which, is a depressing thought.

Cheers

Re:Is this safe?

[jd]

British Nuclear Fuels Limited used to do that all the time, during lawsuits over dangerous levels of contamination in the environment.

Re:Is this safe?

[budgenator]

They don't need "fake" experts they just need "real" experts that emphasis points that they want heard and minimize points they don't. In an adversarial legal system each side does this; it's up to the jury to decide which expert is full of it. The other thing you have to realize is that "experts" that whore themselves out to lawyers usually have a level of expertise that is less than that you wouyld expect from an expert that actually makes his/her living in their field of expertise rather than forensics.

Re:Is this safe?

[Original+Replica]

They don't need "fake" experts they just need "real" experts that emphasis points that they want heard and minimize points they don't. In an adversarial legal system each side does this; it's up to the jury to decide which expert is full of it.

Your point makes me wonder if in this day and age we don't need non-biased experts in the same way we need non-biased jurors. I would propose that each court district should have and online listing of which experts are needed, and volunteering to fill that need would fulfill one's jury service obligations.

Re:Is this safe?

[AK+Marc]

Depose them. Coach them. If they change what they say in court, they will only ever appear in court once from the EFF's list. And, if they do that, try to link them to the RIAA and file charges against them for conspiracy. They wouldn't try it because it's easy to detect and really bad if you get caught.

Re:Is this safe?

[budgenator]

Expert witnesses get paid $300.00 to $600.00 and hour; expecting them to be unbiased is like expecting Gartner to give Linux a fair reveiw in a Microsoft funded study

Re:Is this safe?

[6Yankee]

Is that what BNFL stands for? I always thought it was "Better Not F****** Leak".

Hm.

[Sneftel]

You know, the new comment system would be a lot more awesome if it wasn't so effective at concealing the fact that five other guys already said the same thing I did.

My printer...

[rthille]

Is a linux box with an ftp server, (Brother MFC), so of course it could be guilty of copyright infringement. Or rather, it could be the source of copyright materials that I assume I or my wife would be responsible for the infringement related there-to. Or something like that.

We'll see how funny this is...

[MiniMike]

...when these printers are found guilty in court! Time to swap in the legal tray, before Bubba starts abusing the collator...

Re:Big surprise!

[gstoddart]

So they're trying to make it look like they are committing copyright infringement and they are investigated.

Well, they fell well short of attempting, or even simulating copyright infringement. They had a bot connect to a tracker site (not actually download anything), masquerade as a printer, and then get identified by the RIAA as having done the infringement. If the attorneys provided a list of songs/movies they allegedly downloaded, then that list is false, and they're reaching a conclusion not supported by their evidence.

In fact, isn't it a crime to try to fool the police into thinking you're committing a crime?

This is not the police. This is not law enforcement. This is people, hired by the stakeholders, who are gathering evidence (for use in court) which they claim provides evidence of copyright infringement. To date, courts have listened to their evidence. This could change that quite significantly.

I'm not saying there are no problems with copyright enforcement, or the tactics of the RIAA, but being able to frame your printer is not a good example of that.

Being able to provably demonstrate that their evidence is unreliable since you have nothing to support it was the machine in question, and being able to show that their entire evidence is based on tenuous connections at best -- I think that's huge.

If you can undermine the basis of the evidence which they present in court, well, they have nothing, do they? Demonstrating how hollow and erroneous their methods are might force them to a new standard of evidence.

I should think this would be the equivalent of fighting a ticket from a red-light camera, only to get into court and see that the only evidence is a crayon drawing of a blue sedan when you drive a red wagon. The entire basis of claim they are making is based on this evidence. Discredit that, and their whole legal case collapses.

Cheers

Re:Big surprise!

[xortin]

good point death

Re:has the mafiaa ever fought an IT guy?YES

[TheGratefulNet]

what logs are you referring to?

'home users' (even clueful ones) often don't keep 'logs' of AP activity. or, they simply roll-over and over-write log data, like a circular buffered log would do.

I keep intrusion logs from my firewall but that doesn't log ALL activity, just break-in attempts. and if you run an open AP that is outside your firewall (as is prudent to do) then there is no NEED to keep a log on that - its 'open' afterall. and if they want to get into your private LAN they need to jump thru your firewall just like any other traffic from the WAN would.

I have no logs other than simple unix syslogs (on my unix boxes) and some firewall logs intermixed (remote syslog). I would hope that simply NOT having 'logged all data' would not be held against me (?). home network users should not be held to ISP level logging and accounting standards.

my defense would be to compel THEM to show definitive data and not just that torrent was running (I could be grabbing the latest linux .iso) but that copyrighted files were being downloaded or explicitly 'shared'. I should not have to produce logs showing that there was NOT downloading. that's just absurd. the burden of proof should be on the accuser to show, without any doubt, that I participated in an 'illegal share'.

if its mandatory that home users keep detailed logs, then this is a huge jump over what expectations we have right now about 'home computer users'. I wonder if expecting home computer users to be experts (keeping detailed logs to SHOW their innocence) is reasonable in the eyes of the court?

finally, if you run a home NAT then simply saying IP of a.b.c.d is just not enough. and most users do run some kind of NAT device in their home networks. its really hard to see how a single IP could back-point (so to speak) at the device that is being NAT-mapped.

Re:Big surprise!

[Grym]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder. If I build a large enclosure in my backyard, and fill it with heating lamps which use a prodigious amount of electricity and generate a lot of heat, and I sit on my front porch smoking a leafy substance wrapped in paper, I'll probably be investigated for running a grow-op. If I show up at school carrying a fake, but real-looking machine gun, it will probably draw the attention of the authorities.

In fact, isn't it a crime to try to fool the police into thinking you're committing a crime? Usually it gets a disorderly conduct charge or something like that.

As much as the "copyright police" may like to pretend that they're law enforcement (complete with little .jpg images of copper badges--lol), they are not the police. Copyright infringement is a civil charge. As such, the content industries should not get any special treatment when it comes to these cases. If it can be shown that the content industry's methods of obtaining evidence is fundamentally flawed, it calls into question if the DMCA takedown notices and C&D letters are truly filed with good faith as to the validity of their contents. Without those, none of their lawsuits could go forth because they would not be able to request ISPs to release account records.

If I as an individual can't sue random individuals on spurious grounds and demand legal-ransom (err.. "settlement"), why should the industries be able to?

-Grym

Re:Big surprise!

[TheRedSeven]

A better analogy (and a bit of a 'social experiment' I actually did once out of boredom):
It's not illegal to destroy your own property when you're done with it. Say, to tear up old, out-of-date travel guide books about Spain. It's your property, you can do what you want with it. It's not even illegal to do so on public property. I could do that and throw out the pieces in a public park, for instance.

However, if you try to do that in a public library, some old(er) ladies will have a fit...

When I was in college, I took several old travel guides to the library and started shredding out pages in the main reading area. Several people noticed and, I assume, told the staff. They approached me quickly and freaked out, telling me to stop. I said, "It's OK. They're my books. No harm to your books at all." And they responded by demanding that I leave, which I quickly did.

The point? Even if you're not committing any sort of crime, the appearance of doing so is likely to get you under close scrutiny. In the RIAA's case in this instance, they gave out Take Down Notices. In the situation given, they are ridiculous because no downloads had occurred. However, without actually filing suit against the authors of the study, this is just analogous to 'higher scrutiny'.

If I had been actually destroying the public library's books, I would have not only been a bad citizen, but also in violation of some misdemeanor vandalism charges most likely. If the authors of the study had been actually illegally downloading copyrighted materials (over against not downloading anything, downloading materials under fair use, etc etc), they would have been making themselves liable for civil suit(s), and the RIAA would likely have gone after them with a lawsuit.

The big difference is that the RIAA seems to be blanketing everyone who is mistreating the books in any way, shape, or form, rather than looking for people who are actually destroying actual library books. It's the throw-it-all-against-the-wall-and-see-what-sticks approach to filing suit. And it's about the least responsible way to do it (if not the least effective).

What if everyone did this...

[mschallmo]

What if the developers of the popular torrent software were to code in something that randomly connected to trackers of high risk torrents? Not to actually download anything but just as a spoof to waste the time of the RIAA. If a whole mass of people were to do this, wouldn't it be some sort of deterrent to the RIAA, or would it just mean more letters and more people unknowing thinking they need to pay up?

Re:Big surprise!

[RManning]

Not to be argumentative, but aren't those all cases that fall under criminal law? Isn't small-scale copyright infringement a civil issue?

{1}There's another takedown notice on the printer!

{2} 'ere! How do you know its ip?

{1} It's barcoded on the side of its base.

{2} It's a fair cop, but technology's to blame.

etc., etc....

Re:Printer

[argent]

Why on earth would a printer have its own public IP?

Because it's on a network with a public IP address space?

You're on to something there

[Weaselmancer]

Apparently since a DDOS is a legal move in this game (if you'll recall the MediaDefender fiasco recently), maybe we could use this technique and flood P2P space with false positives.

I'll bet once every single judge in the USA gets a "Cease and Desist" letter they'll eventually see that the RIAA's tactics aren't valid.

Re:You're on to something there

Great idea.. now to just find a list of the home addresses of Federal judges, and their internet providers.. and some fsking way to figure out their IP addresses... and then.. we wait.

Slashdot: accept no substitutes

This entire thread is the sort of pure comedy gold that you'll never get at digg.

Now if only they could get rid of the big green splotches all over the pages.

line printers always were musical

[circletimessquare]

if they were printing say, graphics rendered via ascii art, they would basically turn into a sonically attractive drum section

maybe the laser printers were just jealous?

Any IP Address??

[EnOne]

Make the RIAA and the MPAA the IP address they are sending a cease and desist letter to. I think if the judge presiding over the case starts getting identical cease-and-desist letters from the MPAA and RIAA he might question the validity of their claims.

Re:has the mafiaa ever fought an IT guy?YES

[beegle]

At a previous job, I had to spend some time processing the DMCA notices. They were obviously auto-generated, and it was pretty common for them to just not make sense. IP address but no timestamp (very handy for dynamic address ranges), indecipherable protocol in the url (really. When even Google's no help, you need to at least provide a -hint-.), etc. When I'd respond with simple questions, it would take them weeks to respond. Meanwhile, they expected people to jump on their requests within hours.

article didn't answer the most important questions

[circletimessquare]

did the laserjet printers enjoy the movies? did they think robert downey jr. aced the role? did they find the non-religious artifact theme an acceptable deviation from indiana jones canon?

come on new york times. i expect the important questions to be asked!

Re:Simply send this message to the printer:

[Actually,+I+do+RTFA]

What the hell does that mean?

Networked printer needs paper, badly.

I have been getting these five years ago

[guacamole]

I used to work as a sysadmin in academia and we used to get such false infringement notices on a regular basis. Here is a typical story. Some professor, let's call him Smith, puts some tar and zip files on this webpage or on his ftp site, which naturally has a URL like ftp:somehost.edu/pub/users/smith/bundle.zip

Eventually we get emails some trade association: "We are asking you in good faith to remove the material that infringes on out IP rights. The site in question is such and such and it contains a copy of a Nintendo game "Mr. Smith's Day Out"" or some other non-sense like that. I found those amusing.

Re:Simply send this message to the printer:

[Mozk]

You must have watched the censored version on Nickelodeon.

"Watch out for your [VEGETABLE CAVITY], bud."

Let the copyright cops have thier way

[jeffc128ca]

This is funny as hell. The fact they pinned it on a printer is telling of the ineptitude of the copyright leaching industry. But I am not sure if the general public or our public representitives understand whats going on.

I am starting to think we should step back and let the MPAA and other legalized mafioso have thier way for a while. Let's have DVD's with 10 minutes of forces comericials. Let the MPAA and MPA sue your IP enabled toaster. Let's see as content gets so locked down people won't buy a movie, ring tone, or networked device out of fear and disgust as "content owners" sue anything that answers a ping request.

It will be painfull for a while but after a critical mass the public revolt will come with such a ferocity the execs at the MPA and MPAA will have to leave in getaway planes to far away lands never to return like exhiled dictators. Politicians everywhere will be demanding the heads of the very same people they currently take bribes from hoping we don't lynch them in the process. Share prices will plummet, theaters will be vacent, and share holders will want blood.

Once it's all done no one will ever want to have draconian copyright measures enshrined in law ever again.

Re:Let the copyright cops have thier way

[jeffc128ca]

I kept using MPAA when I should have been using RIAA. Forgive my moment of dyslexia.

given recent news...

[WheresMyDingo]

how do we know the printer wasn't framed by another printer?

Re:Simply send this message to the printer:

[Jor-Al]

Nope, I just inadvertently changed fuck to hell.

Re:Anonymous Coward

[Maxo-Texas]

And thus... a potential new Slashdot meme dies an early death downmodded to oblivion.

Anonymous...we hardly new ye.

lol.

Re:Too flimsy...not really

This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.

Well, this study showed that false positives can occur and can be made to occur, but it doesn't say anything about how often they do occur. I know the folks who process these complaints at my school, and the false positive rate is a little less than 3%.

I can see the lawyers moving in now...

[centron]

"Do you deny that your client, LaserJet 4250dn 23JU6450, did knowingly and habitually engage in illegal file downloading and sharing?"

"The defense would like to point out that while their client is a network device, it is also just a printer. As such it is entirely incapable both of downloading and sharing copyrighted material of its volition, but in fact has no volition to speak of?"

"Your honor, the prosecution intends to prove beyond a reasonable doubt that the defendent meets all of the criteria of a peer to peer file sharer under the Digital Millennium Copyright Act. The defendent not only had the ability to receive and make illegal copies of files, but used a hacker language called Post-Script to communicate copyrighted material to other illegal file traders."

Easier Way to Frame someone

[Thergrim]

A much easier way to frame someone for infringement. You will need; -the IP address of the target -a copy of what an infringement letter looks like (find them on the Internet) -software to alter or create a fake infringement letter Using the target's IP address, look up their ISP's snailmail address. Fake up your Infringement letter. Mail it to the ISP. Do this 3 to 5 times and your target will get booted from their ISP. ISP's do not check the validity of these letters.

Re:Easier Way to Frame someone

[DigitAl56K]

The only problem is that in the process you are committing one or more of perjury/fraud/identity theft.

wrong brand

[bill_mcgonigle]

So, anyone wanna help me get NetBSD on my Epson?

I was poking around a Ricoh/Savin copier/printer recently and a process listing sure looked BSD'ish!

Oh come on now...

[Taibhsear]

It's not like the printers can get up and hop in their car and head to the movie theater. How else are they going to see ironman? Won't somebody think of the printers?!

Best Paragraph in the Paper

[blitzkrieg3]

Blacklists on-the-fly: Just as we expect enforcement agencies to shift from indirect to direct methods of en- forcement, we also expect P2P developers to evolve IP blacklisting techniques. Currently, blacklists are cen- trally maintained and updated without systematic feed- back from P2P users, ignoring a rich source of data: the observations of users. Many P2P networks include ex- plicit mechanisms to identify and reward "good users"; e.g., tit-for-tat mechanisms reward contributions in Bit- Torrent and eDonkey. Future P2P networks may employ similar mechanisms to identify monitoring agents, gos- siping this information among peers. Our traces show that the properties of monitoring agents today make this a straightforward task: they appear to share no data what- soever, occur frequently in swarms, and are drawn from a small number of prefixes. Alternatively, sophisticated users may also try to generate honeypots (much like our own) that do not infringe or aid in copyright infringe- ment, but that will be better able to detect (and hence dissuade) spurious DMCA takedown notices and coordi- nated monitoring. It would be interesting to see all of the trackers on something like Pirate Bay to get together and create an international blacklist of IP's. Once one tracker observes an IP connecting, scraping a list of users, and disconnecting, they can publish that info to a list somewhere. Then all of the other trackers can set a filter not to allow connections from that IP.

Re:Best Paragraph in the Paper

[Thergrim]

Peer Guardian? phoenixlabs.org/pg2/

Re:Best Paragraph in the Paper

[AmiMoJo]

It's a bit more complicated than that, but the basic idea is sound. Since it is going to be almost impossible for any company to get huge numbers of IP addresses (short of starting their own botnet, which I wouldn't put it past MediaDefender to do) any large tracker could quite easily spot IP addresses that connect to large numbers of swarms, and add them to a blacklist.

Even better, why not just have the tracker stop returning requests from those IP addresses for a week or two.

Re:Big surprise!

[porcupine8]

But a) they weren't originally trying to make it look like they were downloading anything - they were just monitoring the traffic for a different study, and then happened to get all these takedown notices and were like, hey, we should look into this.

And b) the point isn't that they made it look like THEY were committing infringement, they made it look like SOMEONE ELSE WAS. Big difference between bringing a fake gun to school and planting the fake gun in someone else's backpack. If you can put it in their backpack, someone else could too, and the school administration should allow for the fact that the kid whose backpack it's in might be innocent.

Re:has the mafiaa ever fought an IT guy?YES

[TheGratefulNet]

did you ever get final resolution? IS there such a thing as final resolution?

alternately, how long could you keep deferring things (ahem) by questioning them? even that could be a useful thing to know (and share).

They won't be fazed...

[Stanislav_J]

I think the way the **AAs would counter the argument would be the analogy: suppose there is a raid on the local whorehouse, and you are there, and you claim that you weren't actually doing anything illegal, but just "hanging around" or "doing research" or "visiting a friend." The odds are infinitely against that being the case, and while we acknowledge that there is a CHANCE you were actually innocent, if you hang out there you should not be surprised if you get swept up in the dragnet.

And they might also counter the "but there are legitimate uses for p2p" argument with the same scenario. Maybe the madame of the whorehouse also occasionally sells a jar of her homemade chicken soup to someone, but we know 99% of the visitors to that house are seeking to satisfy a different kind of appetite.

(Don't think all of this is farfetched -- after all, most prostitution busts do not rely on any actual proof that money was exchanged or that services were rendered -- the actual passing of bills or manipulation of body parts is rarely observed, but merely inferred. If you are driving at 3 am in a known prostitution area, and you are caught with a known prostitute in your car, you WILL be busted, and the judge will laugh off any "innocent" defense.)

A New Plan

[camperdave]

1. Install embedded processor and storage in printer
2. Download stuff
3. If RIAA come a'knocking, point to the printer
4. Watch them go away embarrased
5. Retrieve downloads from the printer
6. Profit

NYT should do better

[blitzkrieg3]

From TFA:

An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of âoeIron Manâ and the latest Indiana Jones film. HTF is a printer less animate than a desktop computer?

Re:Big surprise!

[CraftyJack]

So they're trying to make it look like they are committing copyright infringement... Back up one step. They are not trying to make it look like they are committing a crime. What they are doing is showing that some of the information that the RIAA uses to haul people into court isn't as definite as has been claimed, and probably shouldn't be used for that purpose.

In fact, isn't it a crime to try to fool the police into thinking you're committing a crime? It might be. I think it's also a crime to try to fool the police into thinking someone else committed a crime.

Case 08OV003345

[Mateorabi]

I liked Case # 08OV003345:

CVS PHARMACY STORE 6 24 8 402 130 08OV003345 0 SALE OF EXPIRED BABY 1-7 Arraignment

I mean what gall they have to sell expired babies to their customers!

Re:Case 08OV003345

[DMUTPeregrine]

Baby bones lose the satisfying crunch after a few days, and the flesh is just not nearly as flavourful. Selling expired babies should be a crime.

Some like this can get you off in criminal court.

[Joe+The+Dragon]

Some like this can get you off in criminal court and there new laws that are pending that may make Copyright Infringement a criminal thing.

Here's how I think it works..

[Terrasque]

I've just read the nytimes article, but I think I know how this works.

A bittorrent tracker just keeps a list of clients that have said they're interested in the file, and gives ip's to new clients. The researchers probably connected a client to see how many was connected (get the list of ip's), and not actually downloading or uploading. I will guess that this is the exact same thing that *AA does, and don't check if any of those ip's the tracker gives actually do trade data.

Further on, you can manually set your ip address in most torrent clients, which gets reported to the tracker. Putting 2 and 2 together, you set the ip to some victim's ip, connect, and when *AA vacuums the tracker for ip's, the tracker gives out the fake ip address. No need for advanced mumbo jumbo, just tell the tracker that's your ip, and it'll believe you and tell all its friends.

The bittorrent protocol specification can be found here, btw. Look under "Tracker Request Parmenters", at the "ip" field.

Now, do anyone know the IP address of some judge/lawyer's home networks? ;)

DoS applications

[blueworm]

Flooding peer to peer networks with software agents that appear to be downloading copyrighted content but which actually never accept a bit of the content might constitute a clever denial of service attack on these enforcement agencies. Of course, it's just a thought I had -- one that might not really work.

Easily spoofed

[nurb432]

Thats why you tell the *aa to take a hike when you get the letter.

Why waste time on a printer?

I work in IT at a large state university. We have a zero-tolerance policy for P2P infractions in the workplace: if you get caught once, you are fired. I'd find it most amusing to implicate the IP of the workstation of the Provost that passed that resolution, just to see the wheels of injustice grind on that problem.

Alternately, the workstations belonging to: student conduct, university legal affairs, or even our DMCA copyright officer all seem interesting targets to get this *AA blackmail scam exposed for what it really is.

Re:Big surprise!

[Alpha830RulZ]

but if the only evidence presented at the case was the odd behavior you would be found not-guilty

Unless you're black or hispanic and live in Texas.

Subtlety is not required - brute force it

[Weaselmancer]

An interested party could figure out a judge's address. And when you've got that then you'd know who their potential local providers are. And once you know those you know the range of possible IP addresses. And once you've got that - brute force. Ping everyone. Any return ping gets a spoofed false positive. Or if you're of the 'nuke it from orbit' mindset, false positive the whole subnet.

Piece of cake. If someone were so inclined, that is. Not that I'd advocate anyone ever doing this, of course. Oh heavens, no.

Clippy got fingered

[Spy+der+Mann]

Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?

* Throws computer out window * Hmm.... that reminds me of a certain video clip taken from a (not-so) famous sketch. I wonder...

"You hear that, Clippy? You're gonna pay!
He's a filesharer. He's a fiiiiiiiiiiiiiiile sharer!!
AAAAAGH! *crashes on window*

Re:Too flimsy...not really

You were thinking that 3% was a low number? 3% of "tens of thousands" is hundreds of people. Not to mention, how are you measuring false positives? How do you know the people you're assuming are guilty actually are?

This just in

[greymond]

Apparently IP spoofing still works.

There. I just saved you 7 pages of walled text.

Re:This just in

[CSEMike]

Actually, the technique used to frame the printer is not IP spoofing. You should read the walled text 8).

Re:Simply send this message to the printer:

[VGPowerlord]

Find paper to print reports.
Client computer crashed the program!
Networked printer is It.

An Opportunity to Overload the System

[dlevitan]

The article states that the researchers were able to get 400 DMCA letters just by monitoring the P2P networks. So what happens if many, many more users all simultaneously start monitoring the networks. Not downloading. Just monitoring. I'm curious what the RIAA/MPAA would do. If we could get 10,000 people involved, will they send out 4,000,000 letters? What if every P2P client started including the monitoring software and one million users started doing this? At some point the RIAA/MPAA just won't be able to handle the load and the people actually downloading will just be a small signal in the overwhelming noise.

Re:Big surprise!

[Blakey+Rat]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

Hm, good point-- I better start using the back yard.

Re:Easy way to get it into court.

[no1home]

It'd be even more effective if someone 'acquires' the fax or email info of the jury so they can be included in this. (Yes, horribly illegal!! But funny and effective.)

Here's what I say...

[DRAGONWEEZEL]

First, lets post pictures of common *.iaa (note not capitalized out of lack of respect) leaders. Everywhere. This way they can't go out in public, without fear. Ask people to just politely ask them why they hate us why music & DVD's cost so much every time someone sees them. Ask why it costs more to buy a movie on DVD than it is to see it in a theater? Ask them why BlueRay is 3x the cost. Ask Politely but Furiously my friends.

Make them fear the public eye. Just like we can't connect to the interwebs w/o fear of legal action.

Grab your Megaphones and Come w/ me!

Blame everyone!

[Bones3D_mac]

How difficult would it be to coordinate a spoofing system like this that is gradually directed at every used IP across the internet? If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board, maybe someone might actually begin questioning the current system used to identify those illegally download copyrighted material.

Think of it... the most respected and powerful people in every community simultaneously getting bogus cease and desist letters. (Lawyers, judges, politicians, etc...) I'd be inclined to think *something* just might happen after that.

Re:Blame everyone!

[joocemann]

How difficult would it be to coordinate a spoofing system like this that is gradually directed at every used IP across the internet? If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board, maybe someone might actually begin questioning the current system used to identify those illegally download copyrighted material.

Think of it... the most respected and powerful people in every community simultaneously getting bogus cease and desist letters. (Lawyers, judges, politicians, etc...) I'd be inclined to think *something* just might happen after that. Social Engineering is afoot.

On the topic:
I wonder if the RIAA/MPAA will see any reprimand or recourse for their loose litigious activity. Isn't there a crime for false accusation?

The printer does commit copyright infringement

[JaLooNz]

It should be very obvious to them that the laser printers are the prime suspects in copyright infringement cases. You definitely need a laser printer to print out the files the printer downloads, doesn't surprise me a tiny bit.

second time this week??

[commodoresloat]

It's the second time on this page!

Re:Big surprise!

[Fmuctohekerr]

Well said. However, if you would read through some of the other comments, you would see that you are a bit late to the party. The comment system is sort of broken I think and sometimes it is kind of easy to miss things though.

How to catch a of copyright infringer

[rdlmorgan]

Catching someone suspected of copyright infringement isn't all that hard. The KEYKatcher Keylogger can do it rather easily. Forensics experts use it all the time to catch employees participating in illegal activity among which is copyright infringement. Both the home and corporate versions are available on my web site. Trade secrets and company information being leaked is not an uncommon problem but with this hardware available to the public, a forensics expert need not be engaged. http://officialsafetyandsecurity.com/keykatcher

wooosh

[conureman]

When I lived in Hollywood, I got to fantasizing about getting one of those big Barrett rifles.
Damn helicopters.

Lets face it, you can't Torquemada anything

[Kodack]

Torquemada do not beg him for mercy!
Torquemada do not ask him for forgiveness!
Let's face it, you can't Torquemada anything!

Re:Big surprise!

[xortin]

There is no gun there is no faking even of anything duh seriously how does this not make sense to you. to keep it within the terminology used (comparing sharing files) your saying that a file you downloaded was put in your friends computer. they never download anything or upload or try to pretend to even getting close to commiting something illegal nothing illegal goes on or fake illegal even

This will probably spur RIAA made legislation...

[plasmacutter]

this will probably spur a new law to force more rigorous guidelines for network identification.. in other words.. "re-engineer the internet and remove that pesky 'privacy' thing"

not public

[xortin]

it is not public neither is the one on the computer. put your actuall ip gets listed in torrent programs. they spoofed

... more true than you think.

[plasmacutter]

If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board,... insert "virtually" before every and you have the truth.

How many myspace sites, imageboards, or third party copies of official news organization articles actually have authorization for the media present there?

Under the berne convention even a picture photocopied by a third grader's art teacher is a copyright infringement. The only real difference between the RIAA/MPAA content and the rest is ... the rights holders for the rest are not vicious, paranoid, luddite control freaks.

Notice I didn't even touch on how huge a hotbed of libel, trademark infringement, unauthorized commercial exploitation.. and the rest of the amazingly wide array of litigious offenses that this despicable "internet" is.

They will be fazed...

[enjahova]

That analogy doesn't map well enough. It should be that they raid a whorehouse, flip through the guestbook and get the name and address of all past clients. They then raid your house and arrest your dog.
It's not about you being in the whorehouse, its the fact that anybody could write down your address and give up your dog's name which calls into question the reliability of using the guestbook to arrest people for prostitution.

Re:Big surprise!

[porcupine8]

how does this not make sense to you.

Pretty easily, given your writing style.

The obvious next step?

[znerk]

So, how hard would it be to load a stripped linux kernel into the firmware of a laser printer, and push an ssh proxy?

I mean, if the printers are gonna get blamed anyways...