Who Is Downloading the Torrented Facebook Files?

eldavojohn writes "Gizmodo's got an interesting scoop on a list of IPs acquired from Peer Block revealing who is downloading the Facebook user data torrented this week: Apple, the Church of Scientology, Disney, Intel, IBM and several major government contractors just to name a few. The article notes that this doesn't mean it's sanctioned by these companies or even known to be happening, but the IP addresses of requests coming to one of the users' machines match to lists of IP blocks for each company."

needs control group

[FuckingNickName]

On an average popular torrent, are these companies also listed?

Re:needs control group

I bet they are.

At the company I worked for the IT department had a machine which was always on and whose only purpose was to download files like that over BitTorrent. Of course only a few people inside IT knew about this machine.

The company had about 10'000 employees. I guess a company like Intel (which has around 80'000 employees) downloading some random file over BitTorrent is absolutely nothing special.

Re:needs control group

[commodore64_love]

I'm surprised any employee gets away with that.

On my job, about five years ago, I installed torrent to grab some Doctor Who audio files to relieve the boredom, and the next day I came-in to discover my computer missing. They thought I had some kind of virus, wiped the drive, and handed it back to me a day later.

 

Re:needs control group

[linzeal]

Try it at Intel, you will be walked out of the door in 30 minutes. What kind of IT department would expose the company to liabilities like that ?

Re:needs control group

[PinkyGigglebrain]

Which highlights the point that whoever is downloading the torrent at Intel must be doing so with authorization.

As to your question of "what kind of IT department ..." I can answer that one. Last place I worked as IT manager, but not by my choice, I wanted to lock the firewall down and block everything but web, email and a VPN port. I was overridden by the Boss, seems one of the guy in the machine shop (who also did the IT support before me, Goddess! what a mess!) had been downloading torrents of MS Office, Solidworks, MasterCam, Win XP and just about every software app they had in the office. Every time I tried to bring up the issue and try to get auth to start getting licenses I was told it would be too expensive. This was during the same time that the boss/owner took $400,000 out of the company accounts to buy a new house, he was also laying people off because their wasn't enough work for them.

When the employee count got down to 25 I was laid off too on the premise that they didn't think they needed a full time IT department, the guy from the machine shop was going to babysit the network again. Thing that pisses me off if as long as he doesn't fuck with it will run smoothly until a hardware failure. I had set everything up to be just about idiot proof. Makes me think I did my job too well but its the only way I know how to do things.

Re:needs control group

[c0mpliant]

Just because an IT department is strict does not mean the IT guys themselves are. Many feel they are above the law.

You're right, which is why its usually a good idea to isolate your IT Security team from the IT department at large. Don't give them access to implement policy, just make it and monitor for abuses.

Re:needs control group

[stephanruby]

At a major corporation I used to worked for, the PR director used to purchase all the WetFeet reports and FuckedCompanies.com alerts (in addition to the more traditional news clipping service related to our company). If anonymous people within your company are going to be publishing internal gossip/information about your company, and if your job is Public Relations, you might as well try to do your due diligence and try to be the first one to see what they're saying about you. I suspect that in the case of this Facebook information, I wouldn't be surprised if one of the corporate drones was ordered to download the data set in order to compare it to a list of existing employees (or at least, to a list of senior executives). It's the job of PR to not only protect the image of the company, but the image of its more well-known employees as well.

As to Intel, I'm not surprised they're on that list. Intel has been known to go through the trash of its own employees as a counter-intelligence precaution. Early mornings, they'll pick up the trash of their own employees and switch their trash can with an identical one so as not to attract the suspicion of the targets they have under surveillance. Same goes with the Church of Scientology, nobody should really be surprised that they're on there either.

Having an easy to download data set to compare to an existing data set is an attractive proposition for someone in management who doesn't know about the possibility of creating his own downloadable data set from the YahooSQL/YSQL tool or google labs free custom search engine tool.

Re:needs control group

[PinkyGigglebrain]

The boss is not always right, but they are always the Boss.

And I did what I was told, most of the time.

I dug my heals in at times, refused to delete backups containing financial information rather than buy extra backup media, which would have been a felony under some of the laws that got passed after Enron, or refused to put the company at risk by trying to download apps on torrents, lest it attract the BSA's attention. I may be willing to follow orders but I was not going to risk jail time or the lively hood of my co-workers.

I think the biggest thing that got me was I did my job too well. When I started the network needed daily babysitting, some printer wasn't working, or a VOIP phone was buggy. Always something, so I was running around dealing with brush fires all the time, they saw that and thought "Oh, hes doing something". After I had cleaned up the network configs, updated phone firmware, etc., I spent most of my time in my office improving the automation, security and reliability of the IT operations. To an outsider it looked like I wasn't doing anything, and they didn't understand when I explained it to them. Hence I was considered unneeded.

Re:needs control group

[JWSmythe]

had set everything up to be just about idiot proof. Makes me think I did my job too well but its the only way I know how to do things.

    That's the best way to do it. It makes your job easier while you're there. As we've learned, there is no company loyalty. They expect us (the employees) to be loyal to the company, but when the time comes to save money, they aren't loyal to us.

    Don't worry, I'm sure he took your nicely configured system, and managed to mangle it in horrendous ways.

    The last real big place that I worked, I had everything running like clockwork. It looked like it was easy, because I did it so well. Within a month of them letting me go ungracefully, people started dropping me emails saying there were problems. They weren't related to the company, they just knew I ran everything. My only answer for them was "They fired me. I don't care. If they want me to fix it, I'd only go back with a huge raise and a bulletproof contract on my terms." They fixed problems. They made worse problems. Still, a few years later, I get the occasional email "their site is down.", which always gets the same response, "I don't care." :) The day they stopped paying me was the day I stopped caring. I do miss that job though. There's a certain feeling of accomplishment to have a well tuned machine running like clockwork.

    The thing in both of our cases is, we know they cut us loose because someone else said they could do it for a fraction of our price. And for that, we know they got someone with a fraction of our ability.

Not Really News

[CheshireCatCO]

Looking over the long list of companies, you see what amounts to a list of large employers. Since we can't know if the downloading was an individual or a company decision, this tells us exactly nothing. There's no story here because there's no useful information.

Heck, if I were a company that wanted that torrent, I'd get someone to download it at home and walk it in to our office. Companies aren't always that foresighted, of course, but they're also not generally stupid if they're successful.

(It's like noting that an IP from the NSA checks Slashdot. It could be Slashdot being monitored or, more likely, it could be a random employee just posting.)

Re:Not Really News

[bsDaemon]

Or, it could be a random NSA employee posting to provide a cover of plausible deniability to the monitoring! But seriously, the only thing the torrent does is make the information more easily obtained at one go. You can still click through the whole database and get all the information at http://facebook.com/directory. I really don't see where any actual news is involved in this story, even from the beginning.

Re:Not Really News

[Darkness404]

Exactly, so someone made a crawler to get publicly available information. This is not news at all anymore than its news that someone could do a google search and use web scrapers to make a profile of any /. user.

Re:I would not be too surprised

[phantomflanflinger]

Most of the traffic PeerBlock blocks is false positives. It blocks huge ranges of IP addresses, YOU could be on one of their lists. The Gizmodo article says "it should be mostly accurate". Lol.

It used to be called PeerGuardian, remember? The "lucky talisman" app that stops teh RIAA catching you? What a load of balls.

Re:Prone to prosecution?

[Darkness404]

See the thing is the profiles were all public someone just made a web crawler to create it then put it up as a torrent download. No privacy was violated that wouldn't be with a normal search.

Re:Prone to prosecution?

[brasselv]

The profiles are NOT private, nor there is anything "hacked" here.

This archive contains only the information that users made publicly available (consciously or not) - this stuff was just crawled from the web and put together in one large file.

There is no news here... if I were Apple or Cisco, I would crawl this public info myself, rather than relying on some dude that posted it on a torrent...

Re:hmm...Church of Scientology

[WrongSizeGlass]

I wonder what they want with Facebook info? I hope it isn't to harass people.

I'm sure they have a more palatable word for it. Perhaps "save", "convert", "assist", etc.

Program limitations

[SunSpot505]

I would question whether many people other than a major corp have the resources to work with that large a data set. It's not like Joe Schmoe can open that in Excel. Even if Joe could get it open, running any kind of query, even on indexed fields, would take forever. It can take up to 20 minutes for my quadcore to do a sort on our 300k record 200 field database.

Corporations seem like a much more likely consumer of this data than anyone else. I'm thinking about downloading it just to see... I'll let you know how the sort time goes....

Re:Program limitations

[betterunixthanunix]

I think the problem there is the use of Excel; I'm just going to quickly peruse the data with grep to see how many instances of my name are in there. It will take a while because of the size of the data set, sure, but I can just leave it running in the background while I do something else (since the work is done on a line-by-line basis and won't load the entire file into memory).

Re:Program limitations

[crow_t_robot]

Do you really manage a database that large in Excel? Does your computer shit parts of its motherboard out of its optical disk drive every time you open the file?

Tormented

[kamukwam]

What is a tormented Facebook file??

Re:I would not be too surprised

[WrongSizeGlass]

I would not be terribly surprised if the organizations that were listed had instructed their employees to download this torrent.

If a company sanctioned it (and that is purely an assumption) they could be looking for info on their own employees.

So should corps be held liable?

[gjyoung]

When they pull crap like "we just reset/changed/added some protection settings, everything you had guarded is now wide open, kthxbye!", especially when it is a blatant attempt to further their own business plan, and then someone sucks all the data off and makes it available like this entity did?

The old "permission change without warning" has happened with Yahoo and FB that I know of.

YA, TOS probably state they can do whatever they want, but with TOS like that there has to be a fine line crossed somewhere eventually that lands them in hot water.

There's nothing wrong with what they're doing.

[AnonymousClown]

Heck, if I were a company that wanted that torrent, I'd get someone to download it at home and walk it in to our office. .

Why? There's nothing wrong with what they're doing.

People put their lives up for public view. And if you made you profile private or whatever, then that's an issue with FB and not with these companies.

This is not different than reading someone's published autobiography.

Re:Prone to prosecution?

Actually, the profiles were all private, and then facebook changed the default privacy settings to make them public and 100 million chumps didn't know/care enough about their privacy to change things.

Re:hmm...Church of Scientology

[Runaway1956]

You can be assured that if they find their own MEMBERS acting out in unapproved ways, those members will be disciplined. The rest of the data? Maybe they'll sift through it, looking for potential rich converts. They can't rest on their laurels, after all. They need to continue bilking wealthy people out of their money!

Re:hmm...Church of Scientology

The Scientology word for it is "Audit."

Re:Prone to prosecution?

[nschubach]

I just downloaded this package, and all it has a lists of names and URLs to Facebook profiles. If they users made their profile private, you're not going to get anything more than their name.

Re:hmmm

[pandrijeczko]

No, they are completely different - one is a bunch of rich religious zealots trying to force their opinions on everyone else, the other was founded by L. Ron Hubbard.