Hackers Smack Anti-Piracy Firm Again and Again

(Phonecall leaked and now source code of all their decoy and etc.. tools !!)

Hackers Smack Anti-Piracy Firm Again and Again
By Kim Zetter 09.18.07 | 2:00 AM from wired. com

Quote:

Hackers are taking credit for at least three breaches at anti-piracy firm MediaDefender. The newly revealed attacks threaten to turn what started as an embarrassing e-mail leak into a full-blown security meltdown for the company. The revelations began Saturday, when more than 6,000 internal company e-mails were exposed in a 700-megabyte BitTorrent download. A note from the hackers that accompanied the download points to a MediaDefender employee's personal Gmail account as the source of the purloined mail, which covered six months of internal correspondence. At least two more MediaDefender hacks have emerged since Saturday. In one, hackers obtained a copy of an internal company database identifying some of the decoy files the company has slipped onto peer-to-peer networks. In the other, intruders released a digital recording of a private phone call that appears to be a discussion between MediaDefender personnel and staff at the New York attorney general's office. In that phone call, ironically, a man who seems to be a MediaDefender official is heard reassuring law enforcement agents that the company's systems are secure. The stolen database may have been obtained after hackers noticed that the MediaDefender employee's e-mail contained the IP addresses of company servers, as well as server-login information and passwords. MediaDefender is an anti-piracy company that works with the entertainment industry to thwart the trading of copyright content on file-sharing networks. The company scans the networks and notifies content owners when their material appears on download sites. MediaDefender also posts decoy movie and music files to make it difficult for users to distinguish real from fake content. The first internal MediaDefender e-mail surfaced two months ago at a site called ZeroPaid. The message discussed a list of P2P download sites that MediaDefender was proposing (if the message is authentic) to monitor for Fox Studios. MediaDefender, which did not respond to calls for comment, appears to have been aware of the leak at the time, because the company seems to have discussed it in the phone call with the New York attorney general's office that was posted online by the hackers this week. According to the audio file of the phone conversation, the company was working under contract with the attorney general on a highly important and secretive global project to track child porn on file-sharing networks. The file appears to be a conversation between Ben Brodsky of MediaDefender and three investigators and analysts from the New York attorney general's office -- among them Mike McCartney, a special investigator with the state's Criminal Prosecutions Bureau. The call includes a discussion about the security of MediaDefender's server in light of the initial e-mail leak. An investigator says the attorney general's operation with MediaDefender is "extremely sensitive," and if the state is to rely on the company for criminal evidence related to child porn, it needs assurance that data on MediaDefender's servers isn't vulnerable to manipulation. In the recording, the voice that appears to be Brodsky acknowledges that his company is "a major target of hackers," but assures the investigators that the company's server wasn't compromised and that the e-mail must have been intercepted in transit. He also offers that if they want to be extra cautious, they could change the login and password for the data link they've set up between the two offices and communicate these login details only over the phone. "The e-mail isn't really an issue as long as we don't really say anything particularly sensitive in the e-mails," he says in the call. It's unclear how the conversation was recorded by the hackers, but a note from the person who posted the audio file on BitTorrent claims that intruders have been monitoring MediaDefender's phone system for nine months. When asked to confirm whether the audio file of the phone call was authentic, a spokesman for the New York attorney general's office refused to comment. Discussions on blogs have speculated how hackers obtained the e-mails from MediaDefender. A note from the hacker who posted them on BitTorrent thanked a MediaDefender employee named Jay Mairs for forwarding all of his company e-mail to his Gmail account. One popular theory holds that Mairs probably used his Gmail login to sign up with one of the file-sharing services he was monitoring, and used the same password as on his Gmail account. Then, so goes the theory, someone with administrative access to the account traced his IP address to MediaDefender, and then either decided to log in and take a look at Mairs' e-mail or provided the login information to a hacker. The blogger who first posted information about the e-mails being available for download at BitTorrent told Wired News that he learned about them when someone from a Swedish domain sent him an e-mail tipping him off.

Quote:

-={ MediaDefender-Defenders }=- Date: 2007-09-15 MediaDefender-Defenders proudly presents 9 months worth of internal MediaDefender emails By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services. A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account, and using the really highly secure password: blahbob So here it is, we hope this is enough to create a viable defense to the tactics used by these companies, also there should be enough fuel to keep the p2p bloggers busy for quite some time. -={ MediaDefender-Defenders }=-

mediadefender-defenders website
This is a list of the famous leaked MediaDefender e-mails, displayed neatly in both thread and chronological order. Enjoy!

GOOG pay for the Bounty !

http://www.news.com/Google+offers+30+million+to+land+on+the+moon/2100-11397_3-6207800.html

Whats next - Build a Time-Travelling-Machine and get 100 Billion !
btw, I dont need 100 Billion if i could travel in time ;)

MD's mailb0x & business Tactics

Read them all at
http://torrentfreak.com/mediadefender-emails-leaked-070915

JOb openings there !! :)

comment on MD when it comes to them serving notices to MD-D :
"MediaDefender's entire business model is been based on recognition of the inescapable fact that litigation cannot stop the spread of content on the Internet, so it is ironic when the same company has turned to legal threats against guys who leaked their mailbox."

The company's bread and butter continues to be P2P disruption of movies and music downloads. MediaDefender is quite good at this, as it should be after five years of antipiracy work. Unlike DRM providers that focus on protecting the product, MediaDefender tries to protect the distribution channel—and only for a limited time. Recognizing that it is impossible to shut down the sharing of copyrighted works, the company focuses instead on mitigation. Record labels and movie companies can pay between $5,000 and $15,000 per title for differing levels of protection that extend over different time periods.

For most content owners, MediaDefender's services are needed at the beginning of a product's life cycle. Lee points out that most movies and albums makes the majority of their money in the first few months after release. MediaDefender's value proposition is not that it can stop such files from being shared, but that it can make sharing difficult for a month or two in order to give the legitimate product more traction.

To work its magic on the various P2P networks, Lee describes four strategies that MediaDefender uses. All four are powered by a back end of 2,000 servers co-located around the world, and the company has contracts for 9GBps of Internet bandwidth. For a 60-person operation, these numbers are (to put it mildly) a bit high, but the scale of its system usually ensures that the company gets prompt attention and good deals when it goes shopping. It also means that employees who stay late after work to game on the corporate LAN always have a good connection.

Those 2,000 servers do four things that MediaDefender refers to as decoying, spoofing, interdiction, and swarming. Here's how they work...

Four main methods

Decoying. This, in a nutshell, is the serving of fake files that are generally empty or contain a trailer. The goal is to make legitimate content a needle in a haystack, so MediaDefender works hard to ensure that its copies of files show up in the top ten spots when certain keywords are searched for. Everything about the file is tailored to look like the work of pirates, from the file size (movies are often compressed enough to fit on a CD) to the naming conventions to the pirate scene tag. With massive bandwidth and plenty of servers, the company has little trouble in getting these decoy files to appear at the top of search results, but decoying has a down side: the bandwidth. Because MediaDefender actually serves these large but bogus files, it incurs a significant bandwidth bill by using this technique.

Spoofing. Spoofing sends searchers down dead ends. MediaDefender coders have written their own software that interacts with the various P2P protocols and sends bogus returns to search requests, usually directing people to nonexistent locations. Because most people only look at the top five search results, MediaDefender tries to frustrate their first attempts to download a file in hopes that they will just give up.

Interdiction. While the first two techniques try to prevent searchers from locating files, interdiction prevents distributors from serving them. The tool is generally used when media is leaked or newly released; the goal is to slow its spread in those crucial first days. MediaDefender servers attempt to create constant connections to the files in question, saturating the provider's upstream bandwidth and preventing anyone else from grabbing the data.

Swarming. Though he acknowledges the BitTorrent networks can be hard to disrupt, Lee points out that MediaDefender can use "swarming" to make life more difficult for users trying to download copyrighted content. BitTorrent works by using a hash file to reassemble a file from many pieces, each of which may have been downloaded from a different user. MediaDefender simply serves up its chunks of these files, but instead of providing the proper data, its chunks contain static or nothing at all. BitTorrent will discard such junk data, but a flood of it can slow a user's download to a crawl.

Does all of this really curtail P2P usage? Lee admits that the company will never stop file-swapping, but says that isn't the point of what it does. Instead, the goal is to make files hard to find for a short period of time so that studios, music labels, and artists can make money from selling the legitimate product. Companies that use MediaDefender's services will often run their own download tests (or contract with one of the firms that does this) to make sure that they are receiving a return on their investment.

Apparently, they are. MediaDefender counts every major music label and most studios among its clients, with the notable exception of Disney. Lee says that initially, his company expected to work largely with trade organizations like the RIAA and the MPAA. When it actually approached them, however, the trade groups were more focused on court cases and Congressional lobbying. While they approve of MediaDefenders's work, the actual contracts are signed directly with labels and studios, many of whom pay millions for the company's services.

A brave new world: advertising

In recent months, MediaDefender has shifted some of its efforts in a new direction: using its P2P technology and massive bandwidth to serve files, rather than stop them. Last year, the company partnered with Jay-Z and Coke in a widely-covered promotion that saw MediaDefender pushing a legitimate piece of Jay-Z concert footage to fans who searched for videos by the artist. In essence, these are "decoys" that contain real content.

The company has also helped promote Vitamin Water commercials that were deemed too "edgy" for network television, along with video game trailers and exclusive P2P remixes. The goal is to diversify—a necessary safeguard in an industry that has few clients. There simply aren't that many major movie studios and music labels, but there are millions of potential clients with fat ad budgets who wouldn't mind reaching the millions of young, tech-savvy people who make use of P2P networks.

Lee says that even music and movie companies have changed their stance in the last few years, and while none condone illegal downloads, they have realized that this is a huge potential market. This is especially true for smaller indie labels, for whom exposure is sometimes more important than legitimate sales. Some of these small firms have actually paid MediaDefender to serve content by their acts, often in response to users searching for a related (but better known) artist.

This mingling of licit and illicit content on P2P networks raises some questions, of course. How are users to know in advance if content is legal or not? Are some labels actually encouraging the use of such networks, even as their trade groups prosecute those who use them? Does serving legitimate content show confusion about what can and cannot be shared and downloaded?

This was, in fact, a major concern that the industry had. For years, content owners refused to place any legal material on P2P networks for fear of legitimizing them. That fear largely vanished in the wake of the Supreme Court's Grokster decision. Once it was well established that such networks could be held liable for copyright infringement, content owners actually felt more free to make use of the networks for legitimate uses of their own.

But antipiracy work still accounts for 99 percent of MediaDefender's work—work that Lee knows is not popular in all circles. Last year, for instance, the company began recruiting on college campuses for the first time. Students would approach company reps and tell them that they hated what they did. "But five minutes later," says Lee, "they came back and asked us for a job." Hackers, he says, "love screwing with each other," and MediaDefender gives them an impressive platform and some serious bandwidth to hack on. Besides, "you can't get that mad" about what the company does, Lee says with a laugh. "I mean, you're looking for pirated stuff!"

Update:

Various forum posters and bloggers have commented on MediaDefender's "swarming" claim in particular, arguing that BitTorrent's hash-based technology prevents file disruption and that MediaDefender could simply not disrupt the network. We contacted the company for clarification and were told that the details of their BitTorrent work remain secret, but that the company does indeed employ swarming on BitTorrent networks.

Because of the anti-corruption technology on such networks, MediaDefender tries to stall downloads and make files frustrating to grab by serving bad data. The file corruption discussed in the article should not have referenced BitTorrent; such swarming causes corruption only on networks without similar error-checking (the article text has been corrected). MediaDefender's goal with BitTorrent is to slow down transfers. Making them slow enough counts as a "win" for the company, though this does seem like a hollow victory, as the consumer still has the correct file in the end.

Bay-Tee-ISP ?

RLS down and its after-Fx discussion (Interesting) !!
http://www.rlslog.net/domain-suspended-what-really-happened/

File-sharers forced to play fair

Tribler has also been made to work with the PlayStation 3

Researchers have found a way to enforce good manners on file-sharing networks by treating bandwidth as a currency.

The team has created a peer-to-peer system called Tribler in which selfless sharers earn faster upload and download speeds but leechers are penalised.

Full article at http://news.bbc.co.uk/2/hi/technology/6971904.stm