Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cloud Firm MediaFire Flags Malware Samples For DMCA Violation, Bans Researcher

Posted by Soulskill on from the guess-we're-learning-this-lesson-the-hard-way dept.

chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

32 of 125 comments (clear)

  1. Could be legit by 0racle · · Score: 5, Funny

    Malware authors are content creators too. Don't they deserve the recognition and profits for their hard work?

    --
    "I use a Mac because I'm just better than you are."
    1. Re:Could be legit by icebike · · Score: 3, Funny

      Malware authors are content creators too. Don't they deserve the recognition and profits for their hard work?

      I agree, lets get them to stand up and take a bow. I don't think it's reasonable to hold an anonymous copyright and let all that hard work go unrecognized.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Could be legit by pixelpusher220 · · Score: 5, Insightful

      Since LeakID now claims ownership of this malware, can't we sue them for all damages it causes? After all, there likely wasn't a EULA with the 'malware'

      --
      People in cars cause accidents....accidents in cars cause people :-D
    3. Re:Could be legit by Hatta · · Score: 5, Insightful

      If the authors aren't named, it's not a valid DMCA complaint. The real problem here is service providers taking down material without a valid complaint.

      IIRC, the DMCA provides immunity for a service provider that takes down material persuant to a valid complaint. That implies that without a valid complaint, there would be a cause for action against the service provider. People need to start suing or there's no incentive for a service provider to obey the law.

      --
      Give me Classic Slashdot or give me death!
    4. Re:Could be legit by DragonWriter · · Score: 2

      IIRC, the DMCA provides immunity for a service provider that takes down material persuant to a valid complaint. That implies that without a valid complaint, there would be a cause for action against the service provider.

      This inference is incorrect. The safe harbor provisions of the DMCA protect a service provider (under certain conditions) from copyright liability provided they take down material once they receive a compliant takedown notice, and from any liability they might otherwise face for taking down material in response to a takedown notice meeting its requirements (provided they take other steps required in the safe harbor provision), and also provides similar safe harbor for them if they restore material that was taken down in response to a counter-notice that meets the requirements in the DMCA.

      Whether or not there would be any cause of action (e.g., for breach of contract for the takedown, or under copyright for the restoration) for any particular act within the safe harbor provisions depends on facts beyond the existence of the takedown/restoration and the deficiency of the notification.

      The reason the superficially-symmetric safe harbor provisions for notice/takedown and counternotice/restoration aren't really symmetric is because in many cases service providers relationships to users are structured in a way specifically to avoid any cause of action for taking down material posted by the user for any reason whatsoever, and often are structured to allow more extreme measures (like no-notice cancellation of service.) Consequently, the main safe harbor those service providers care about is the one for copyright liability that applies so long as they always takedown material when a proper a takedown notice exists, which is satisfied if the set of takedown they will accept is a superset of the set of the DMCA-compliant notices.

    5. Re:Could be legit by DragonWriter · · Score: 2

      Or take the easier action and just file a DMCA response that says the files are not copyrighted. The ISP has to restore the files.

      As I understand the safe harbor provisions of the DMCA, this is incorrect.

      They have a safe harbor from copyright liability if they restore them in response to a proper counter-notice, and if they do not restore them they lose the safe harbor benefit they had with regard to any cause of action the user may have had -- but the DMCA doesn't create a cause of action requiring restoration, so unless the service provider has an obligation imposed outside of the DMCA to restore the material -- such as a contractual obligation to the user -- losing the safe harbor benefit with respect to actions by the user is a non-event, since there was no cause of action available in the first place.

  2. In the absence of teeth... by icebike · · Score: 4, Interesting

    There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

    In the absence of any real penalty in the laws for filing false takedown notices, it seems to me that everyone should simply start filing takedown notices on every single thing they find on the net anywhere until the hosting companies realize that it is a total mess, and start demanding more than an automated statement, something like proof, a statement of the work it is supposed to actually violate, etc.

    Clearly if these files were compressed and encrypted, any hash or content match was random, and virtually any executable code or encrypted file might trigger a match with whatever engine these take-down artists were using.

    Perhaps there is a business opportunity to set up a company in East Timor or some such place that would automatically file a counter notices (putback), which then requires the takedown artists to file suit, or shut up. This puts the cost burden back on them, and at worst case, an improperly accused person has a ten day interruption of availability.

    As long as the hollywood darlings are in office I see no chance of this ever being corrected via legislation. The best bet is to get it to topple over of its own weight.

    --
    Sig Battery depleted. Reverting to safe mode.
    1. Re:In the absence of teeth... by Anonymous Coward · · Score: 5, Interesting

      This is happening to a friend of mine who is being stalked. An offshore firm has obtained access to her FB pictures, and filed takedown notices on every single one she has, even the ones from her phone. FB got tired of the DMCA notices (even though there was -zero- copyright liability anywhere) and suspended her account.

      I guess the answer is to hold your photo collection offshore and just link to the contents, or have one link to blog, etc.

    2. Re:In the absence of teeth... by Khyber · · Score: 5, Insightful

      Why isn't this little story of yours made public? This would be a perfect opportunity to blackeye FB and the DMCA.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    3. Re:In the absence of teeth... by TemperedAlchemist · · Score: 2

      There's a solution for this, just create a law that requires all international DMCA requests to send it through snail mail for processing. An optional online tool should be allowed, but only under an agreement that you're liable under US law for false DMCA requests.

    4. Re:In the absence of teeth... by girlintraining · · Score: 5, Interesting

      There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

      All easily solved by simply saying that the forum chosen by the plaintiff is inconvenient. It's a simple motion to file in most jurisdictions -- if I live in Texas, and I sue you in New York, you can request the venue (that is, where the court is located, not which laws apply) be changed to New York, as you are the defendant and the burden is on the Plaintiff to prove damages, etc. It's all under the 'innocent until proven guilty' -- and not granting such a motion would prejudice the defense.

      Unfortunately, such just and fair legal concepts have been thrown out... and nobody gives a damn. People are busy protesting crap like mortgage defaults, while the judiciary falls apart to the sound of silence.

      --
      #fuckbeta #iamslashdot #dicemustdie
    5. Re:In the absence of teeth... by Hatta · · Score: 3, Insightful

      There is a reason these takedown companies are all moving off shore. This way they avoid the perjury penalty for filing false reports. Who has time to fly to Paris to file perjury claims against this company on their home turf, in a French Court.

      The perjury claim is effectively impotent anyway. The ONLY thing you have to attest to under penalty of perjury is that you represent a(not the) rights holder who's work is allegedly infringed. That's any rights holder and any work. If you represent Prince, you can have any file removed from the internet by claiming that it is a copy of Purple Rain, even if you do not have a good faith belief that it is, and you cannot be touched by a perjury charge.

      --
      Give me Classic Slashdot or give me death!
    6. Re:In the absence of teeth... by Anonymous Coward · · Score: 2, Insightful

      When an AC posts a story like this it's likely a lie. That's why it isn't being made public.

    7. Re:In the absence of teeth... by sumdumass · · Score: 2

      First, you do not need to go to France or some other country to file charges on the firm or person making fallacious DMCA take down claims. It is a US law used to protect copyright owners and when it is used incorrectly, a US court can decide penalties or corrective action.

      Second, perjury is not the only penalty associated with fallacious DMCA take downs. Any damages caused by the take down plus legal fees can be recovered in much the same way as and that would be from where the harmed party exists. You would not need to go to France in order to sue a french company that used a false claim with a US law to harm you by removing your legitimate content. The DMCA protects only the network provider, not the user or the entity making the claim and regardless of where the legal entity making a claim resides, they sought out you in your hosting company's location to harm you with the false claims.

      This is no different then a French citizen coming to wherever you live or do business and punching you or filing incorrect police reports resulting in your arrest and legal harassment (actually imagine he is the body guard of someone else when this happens). You would not need to go to France to seek justice. You just need to go to anywhere they hold assets to collect any awards issued by the court and that can generally be done without leaving your lawyer's office. But if you sue the french company as an agent of the copyright holder, the copyright holder or the person/company employing them will be vicariously liable and you may be able to collect without trying ti seize or attach to assets in foreign lands.

    8. Re:In the absence of teeth... by sumdumass · · Score: 2

      You attach to assets they hold like the claimed copyrighted works and report the debt to the credit bureaus so the company has to clear it in order to do business or suffer penalties in trying to do so.

      This is why you sue the agent and the owner who will be liable too.

      If I was the only person suing, you might have a point. But if everyone who has been wronged by these things sue, then they cannot escape the reality.

    9. Re:In the absence of teeth... by fustakrakich · · Score: 2

      What's another black eye gonna do? Nothing. FB and the DMCA are both covered top to bottom in bruises, and they stand tall and proud, begging for more, they can take it. Oh well, this is the system we built. The tendency will be to reenforce it. DMCA not working? We need more!

      --
      “He’s not deformed, he’s just drunk!”
  3. Simple solution: by pushing-robot · · Score: 5, Insightful

    Charge these organizations a nuisance fee for false positives. Problem solved.

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:Simple solution: by Anonymous Coward · · Score: 2, Informative

      Reread the terms, most unfortunately, only part of a proper DMCA takedown notice is made "under penalty of perjury", and it's not the part most of these vandals (with apologies to the Vandals) get wrong.

    2. Re:Simple solution: by jkflying · · Score: 5, Interesting

      As AC alluded to, they can only be charged with perjury if they don't have rights to the work they claim is being infringed. If your work is nothing to do with the work they claim is infringed, you have no recourse. So to troll the system all you have to do is have a random copyright on something, and claim everything you see infringes on it.

      --
      Help I am stuck in a signature factory!
    3. Re:Simple solution: by leonardluen · · Score: 2

      a rather simple solution would be to attach a deposit to filing a DMCA notice. if the notice is unchallenged, or eventually goes to court and is won, then the deposit is returned.

      if the notice is challenged, and the organization does nothing, then the content is restored and they lose their deposit. or if it goes to court and the challenger loses the case, then they also lose the deposit. maybe even have the deposit automatically be awarded towards the legal fees of the defendant in this case.

      the deposit doesn't necessarily even have to be all that large. if it suddenly costs money to file a DMCA, the filers will at least double check before they file. right now it seems the really have no penalty if they are wrong, so they file first and ask question later.

  4. Hold them to the fire by Rurik · · Score: 5, Interesting

    LeakID (and/or their client) just claimed copyright over malware. Not just any malware, but targeted malware against a corporation for the intent of theft of intellectual property and unauthorized access of computer systems.

    IANAL, but LeakID should then be held liable and responsible for their "copyrighted works".

    1. Re:Hold them to the fire by oobayly · · Score: 3, Insightful

      Exactly, it might be a good idea to report LeakID to the FBI as they've publicised that they (or their client) own said malware.

    2. Re:Hold them to the fire by GIL_Dude · · Score: 3, Insightful

      Maybe they just claimed copyright on the original PDF and are holding the malware infested version as merely an infringing derivative work?

  5. Third Strike by Mike+Van+Pelt · · Score: 2

    Shouldn't this be considered a third strike for the whole concept of automated DMCA takedowns?

    1. Re:Third Strike by currently_awake · · Score: 2

      The DMCA was designed to let copyright holders take out stuff on the internet they don't like. It's doing that. Allowing automated "spam bot" DMCA filings is a feature not a bug.

  6. How to build a regulated Internet by ElitistWhiner · · Score: 2

    One takedown at a time.

    Next Licensing, tickets and penalties

  7. Paris? by toriver · · Score: 3, Interesting

    I hope that is Paris, Texas, since a company in Paris, France has fuck all to do with the United States' DMCA laws.

    1. Re:Paris? by mwvdlee · · Score: 5, Informative

      Thanks to international copyright agreements, French (and a shitload of other countries') copyrights apply in the US as well. And since you don't have to be a US citizen to take legal action to a US company or citizen under US laws, they can. It's the same reason why a certain Swedish site can be sued for infringement of US copyrights according to Swedish laws.
      You see it's a trade-off between security and freedom; companies gain security in exchange for citizens losing freedom.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  8. Re:soon anti spy apps can be banded under DMCA by Anonymous Coward · · Score: 3, Funny

    soon anti spyware apps can be banded under DMCA

    This is a masterfully crafted electrum spyware app. All craftsdwarfship is of the highest quality. It is finely colored with dimple dye. It menaces with spikes of cat and is banded with rings of copper.

  9. Mila Parkour by tangent3 · · Score: 3, Funny

    She was kicked off...

    No worries, she will grab on to the horizontal bar, swing 360 degrees around it then flip, somersault and land with a graceful roll.

  10. Someone injured by this malware needs to... by John+Hasler · · Score: 3, Insightful

    ...file suit against the malware authors and then subpoena LeakID's records to identify them.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  11. Encrypted? by PPH · · Score: 2

    The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010.

    So, how did LeakID determine these were copyright violations? They'd have to be breaking encryption on servers' contents and that would be a DMCA violation as well.

    --
    Have gnu, will travel.