The Beginning of the End For Hadopi?

zrbyte writes "TorrentFreak reports on the latest developments in the french Hadopi saga. 'The private company entrusted to carry out file-sharing network monitoring for the French government has been hacked. Trident Media Guard, which is responsible for gathering data for so-called 3 strikes warnings was hacked and now has some of its data out in the wild, an event which has the potential to upset the operation of Hadopi.' TMG temporarily suspended the gathering of data on file-sharers while they investigated the breach, later claiming that the attack was on 'an unprotected test server with no confidential data.'"

Beginning of the end

[milonssecretsn]

Isn't it "the beginning of the end" for everything today?

http://slashdot.org/poll/2174/The-world-will-end-

Re:Beginning of the end

[digitig]

The end began almost fourteen billion years ago (probably). The only question is how long it will take.

"hacked"

Can you talk about a hacking when the data was openly available for anyone to see and take ? Even TMG withdrew their "data theft" accusation...

follow-up

http://torrentfreak.com/french-3-strikes-suspended-due-to-anti-piracy-security-alert-110517/

Re:follow-up

More informations here : http://seclists.org/fulldisclosure/2011/May/434

In somewhat related news...

[BlueTemplar]

Sarkozy doesn't want any freedom of expression on the Internet:
http://www.laquadrature.net/en/frances-g8-focuses-on-control-and-restrictions-to-online-freedoms
http://kcrg.biz/2011/05/sarkozy-expels-the-freedoms-of-its-civilized-internet/

Sensationalist headings

What's with all these headings that don't really reflect reality? As far as I can tell, there is no indication at all that this breach will bring about the (non-temporary) end of this kind of system in France. Wishful thinking is fair enough, but it doesn't have to be the main attraction surely?

Hacked? Really?

[Trigger31415]

Quoting TorrentFreak: "Actually, hacked is probably too strong a word, since it appears TMG left the front door open." According to Bluetouff (the one who performed the 'hack'), the "Index of" wasn't disabled, so the data was left in the open. Oh, btw, Hadopi is about punishing people if they didn't secure enough their wifi / computer ...

Re:Hacked? Really?

Smells like a honeypot.

Which means they are either really fuckin' evil... or really fuckin' stupid.
.
.
Just kidding! They're both! ;)

Re:Hacked? Really?

[Yvanhoe]

It can't be a honeypot. Really, they have proven that they don't have the knowledge to even think of such an "advanced" concept. For someone who has followed the story a bit, there is no doubt about it : it is crass incompetence.

And if it was a honeypot, accessing data on a webserver is not (yet) forbidden by the law. Which is what they did. With just the IP of the computer, all the files were served on the port 80.

Re:Hacked? Really?

[KingBenny]

let's not get all mushy and semantic on this, they proved for one they are incompetent to handle what they are supposed to handle, if it was worse, someone could have like injected some data to prove saint Nicolas was the biggest file sharer in france, ergo : their authority has been breached, or maybe even nullified.
except for the fact that we have mass media perhaps. Who knows, the division is the generation who knows jack shit about it, and the generation who grew up with it. And then there's the minority of q we can observe here :p

Re:Hacked? Really?

Yeah, riiight. It's funny, how governments do evil over and over and over again, raping you 'till you are nothing but a gaping hole... ...and you still manage to rationalize it all away into "stupidity".

Well, maybe you're the ideal born cattle. And maybe, I should rape your ass too, as apparently, you'd just call me stupid, and offer me your ass right after.

Re:Hacked? Really?

[Yvanhoe]

Don't you think governments can be evil AND incompetent ?

Re:Hacked? Really?

Holy shit, batman, thank you Captain Obvious, look at my comment from above:

Just kidding! They're both! ;)

PROTIP: Me, #36212200 and #36203248... SAME PERSON. ^^

I'm so glad!

[Samantha+Wright]

The Apache Software Foundation should never have entered the distributed computing arena.

Wait, what?

Re:I'm so glad!

[vbraga]

I spent a few moments looking with at the headline and thinking what the fuck Hadoop has to do with three strikes and the French government?

Re:I'm so glad!

[Samantha+Wright]

My best guess is that they both have extremely awkward-sounding names (at least, in English.)

follow-up has good detail - mod up please!

[billstewart]

Just used my mod points on another article a few minutes ago, and then this shows up :-)

I'd like to believe...

but given the stubbornness that showed the French government since the very beginning of the law project, I seriously doubt it.
It's also said that the France president will make the three-strikes system one of the main subjects of the e-G8 coming soon, so sadly now is probably not the time of the end for Hadopi.

Re:I'd like to believe...

Well, if the media mafiaa whored carla bruni out to you, maybe you'd change your tune too...

So what?

[Opportunist]

I don't want Sarkozy and nobody cares, why should I care what the garden gnome wants?

Re:So what?

The G8 summit will care.

Draconian laws

[spikestabber]

Whats with the public of France bending over like this with such draconian copyright laws?
Its not fair at all, Sarkozy's just pussy whipped, his wife owns a record label so he passes all these one-sided
laws just to please her. It shouldn't be allowed and the public doesn't even seem to give a damn.

Re:Draconian laws

[BlackPignouf]

The majority doesn't even understand what it's about.
Newspaper don't care to explain what is it, and why it could be bad.
The minority who knows about it and gives a damn knows how to circumvent it, and use SSH/proxies/neighbour's wifi.

Re:Draconian laws

So that's like the tax system then.

Excuse me, but could someone clue me in

[Opportunist]

Now, it might be different how my company handles tests, but I'd have guessed it would be a bit more difficult to hack a "test" server because, well, it's used for testing. Not for public viewing. It may seem odd to the unsuspecting eye, but test servers are usually vastly better protected than productive systems. First, for the obvious reason that they are used internally and thus reaching them is usually a bit more tricky than accessing a system that needs external connections, and second because test servers are usually used for software that's not yet launched and hence usually a bit more "secret" than software that already made it into the open.

Is it me or is having a "hacked test server" not looking too well on their security bill?

Re:Excuse me, but could someone clue me in

They're lying. Simple as that.
Posting anonymously because I've already modded.

Re:Excuse me, but could someone clue me in

[Kjella]

Well, from what I gather these systems gather IP addresses from P2P networks and send "strikes", seems to me you could start over at any time with a blank database without any production data.

So you have an empty test server, you tweak it to work with new protocols and networks and whatnot - then you put those changes into production. I can see how that kind of server could end up not having much security.

The problem for them now of course is that it could have data from test runs - not that would be used in production but none the less data of real IPs sharing real files. In any case, I doubt they'll give up this easily it'll be back...

News is incomplete

[Trigger31415]

Also :
-Hadopi have severed the link between them and TMG, as a result of this hack
Source: telecompaper + the French media
(and it was their only source of monitoring)

-the CNIL decided to investigate TMG due to this lack of protection of what may be personnal data.

-TMG decided to sue the hacker, but then removed the complaint

How Hadopi Works.

It's pretty easy to demonstrate already how Hadopi works. 1. Back Trace, 2. Call Internet Police.

No hacking

(I'm french)

Actually, there was no hacking. Which makes things much worse.

They stupidly left data available to everybody on a server reacheable using a simple navigator. This is much worse than hacking, because we know that it's difficult to prevent a determined hacking, but letting the data on an internet connected webserver without any protection?

And this is not the first time that their competences have been challenged (let's not talk about ethics).

Re:No hacking

[SuricouRaven]

Under the common media definition of hacking, the one you'll find used by every non-techie, it means 'Anything illegal, computerised and beyond my understanding.'

Re:No hacking

(I'm rwandan)

Actually, there was plenty of hacking. We hacked those fucking tutsis to little bitty pieces. HAHAHAHAHAAA!

Just a test server?

[Charliemopps]

As someone that creates test servers all day long as part of my job I have to wonder what they mean by this. For us to create a true and proper test server it is a MIRROR of our production server. Then we make the changes we need... TEST it.. if everything works we make the changes on production. "Just a test server" really?

Re:Just a test server?

[aztracker1]

Wish I had mod points... In 222003, I was in the middle of setting up a test server, the updates were going to take 40 min. to download, so I figured I'd put it up so I could remote in to finish up at home (was the end of the day). 15 minutes later I was called because the internet was "down" ... actually flooding the connection as the server was hosed/controlled that quickly... Now, nothing gets in front f a firewall with good port restrictions... MS-SQL Server and the Slammer worm... sigh.

Re:Just a test server?

[Phishcast]

I believe it to also be common practice to sanitize production data that goes anywhere except where it's absolutely needed. The sensitive stuff in databases gets replaced with bogus data or whacked all together. If you had, say, credit card data on various prod servers there are regulatory reasons that would prohibit a straight mirror of that data to put on a test server to play with. Not to say they follow such regulations, but it may be reasonable that a test server was compromised and nothing of value was exposed.

We'll see.

[SeaFox]

TMG temporarily suspended the gathering of data on file-sharers while they investigated the breach, later claiming that the attack was on 'an unprotected test server with no confidential data.

So I suppose if this is really not confidential data they should have no issues with it being released on the Net then, huh?

Whats with it ?

[unity100]

if you even temporarily be a moron enough to vote any right-wing party, that happens. thats all that there is to it. the reason for you voting for the right wing party, does not matter. in this case, french voted for right mainly because of the culture clash in between migrant population, and anti-immigrant sentiments.

right wing parties dont do any shit for what you have actually voted for, but what they want to do when they are in power. and this is what's happening in france. its as simple as that.

Re:Whats with it ?

[cpghost]

There's no correlation between right-wing parties and copyright fascism. In fact, France is rather the exception than the rule. Just look at how in the US, it's the democrats who are the worst copyright talibans.

IMHO, Sarkozy is just taking orders from his Carla, the de facto chief lobbyist of their entertainment cartel. If it weren't him and his party, the P.S. would be just as gung-ho about copyright than the UMP.

Re:Whats with it ?

[unity100]

there is direct correlation in between right wing parties and copyright fascism. right wing believes everything is for sale. this includes army, police, judiciary. they just havent been able to outright do these up till now, but with the 'security contractor' bullshit in bush era they had enabled private armies.

and, no, it was the republicans who prepared acta, in first 1-1.5 years of bush administration. democrats are just serving the meal republicans cooked. had republicans been at it undisrupted until now, things would be much worse, as you can understand from what kind of filth acta was.

Re:Whats with it ?

How many **AA stooges were in Bush's administration?

How many are in Obama's?

I've been on that test server

The test server in question is used by media companies to verify the upload and registration for use of 'media signature files' - generated "fingerprints" of copyrighted media, where TMG is the repository of these media fingerprints for online companies to access and use in copyrighted-media testing against UGC uploaded to their servers by the pubic. So, if anything was 'stolen' it was the media signatures, the equivalent to stealing virus definitions from an anti-virus company. As usual, the uneducated are blowing everything out of proportion.
BTW, from my interactions with the technical staff at TMG, the IT staff seems competent while being stretched very thin, but IMHO their management are french silver-spoon aristocrats, clueless to the point of it feeling criminal to me the fact of them being tasked with the responsibility they've been granted (stewardship over the protection of all copyrighted streamed media within France).