05.29It’s time to put MediaDefender out of business
Over the past weekend, the online video network Revision3 fell victim to a distributed denial of service attack that took down their entire site and even crippled their internal email servers. And upon investigating the source of the attack, they discovered it had originated from MediaDefender, an antipiracy “defense” firm (owned by digital media entertainment company ARTISTdirect) that claims to use “non-invasive technological countermeasures employed on P2P networks to frustrate users’ attempts to steal/trade copyrighted content.”
What they really do is poison peer-to-peer networks with blank files, decoy files, and use what amount to targeted denial-of-service attacks to prevent users from accessing, uploading, or downloading files that Media Defender has been hired to protect. And what they did in the case of Revision3 was inject a bunch of torrents into a Rev3 p2p server that the company uses to legally distribute its own video files. And the way they injected these torrents was by exploiting a vulnerability in Rev3′s server configuration. And when Rev3 stopped its servers from pointing to MediaDefender’s faux torrents, the MediaDefender servers went DDoS nuclear. So, first they hacked Revision3, and then they trashed the place, all in the name of copyright “protection.”
A little history, if you’ll bear with me: According to this article from Ars Technica, MediaDefender counts almost every major record label and movie studio as a past or present client, and it charges from $5,000 and $15,000 per title for its various protection schemes.
After some 700MB of internal email data from MediaDefender was leaked online in 2007, it was revealed that MediaDefender was secretly operating a video site that let users upload and download copyrighted content, presumably as an entrapment scheme or, some have speculated, as a way to enlist zombie PCs for future DDoS attacks (MediaDefender denies both charges). The emails also revealed that MediaDefender was gathering information on file-sharing users who were accessing pornography and negotiating with the New York State Attorney General’s office to share that information. And MediaDefender reportedly launched DDoS attacks on sites attempting to host the leaked emails.
Since then, the company has essentially gone underground. But they’re back in the spotlight in a big way now, and I think we can all agree that this ought to be the point where someone comes in and shuts this operation right the hell down. I don’t know much, but here’s what I do know, to quote Jim Louderback: “Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act.” And whether their setup of a hidden honeypot video-sharing site or their injection of decoy torrents into networks both legitimate and illegitimate (and even “legitimacy” is up for debate) rises to the level of outright fraud, “deceptive” is a fairly mild label for MediaDefender’s overall activities.
I also know that Bittorrent technology is perfectly legal, and is in use by a variety of companies for legitimate content distribution, including Brightcove, Fox, Paramount, Warner Bros., MGM, Comcast, and of course, Revision3. And if MediaDefender is wantonly targeting p2p networks and servers, injecting torrents into them, and DDoSing them out of existence if they shut off access to those decoy torrents, isn’t it risking an attack on the very companies that pay its bills? More importantly, isn’t it about time the entertainment industry stopped paying the bills to this digital-era goon squad?
It’s bad enough that legitimate p2p nets are getting caught in the crossfire and shot to pieces by these ridiculous and possibly illegal tactics. But it’s downright insane to keep uncovering piece after piece of evidence of this secret war against file-sharers, and to see that despite all the “progress” we’ve supposedly made — the near death of DRM, the fact that iTunes is the biggest music retailer in the world, and the widespread adoption of digital distribution — there’s still this horrid little Black Ops company out there spying on you and poisoning legitimate businesses and building fake video sites that either entrap you or turn your computer into a zombie mindlessly carrying out future attacks. All in the name of making sure you pay for mindless-pap movies and overengineered pop songs. How sick is that?