October 19, 2017

Major Intrusion at MediaDefender

MediaDefender, a company providing technical countermeasures and intelligence gathering for copyright owners, suffered a severe cyber-intrusion over the past year or so. This was revealed last week when the intruders released what appears to be most of MediaDefender’s email from this calendar year, along with the source code for its products, and even one of the company’s VoIP phone calls.

Published analyses of the released material mostly confirm what was already suspected, that MediaDefender’s technical tactics had mixed effectiveness, and that the company may have edged across the ethical (and possibly legal) line by launching active cyber-attacks on suspected infringers.

The intruders, on the other hand, went far across the line, committing serious crimes. If caught, they’ll face severe punishment, and rightly so. No excuse can justify this kind of break-in.

Nor have the intruders struck a blow for online freedom. Instead, they have helped their opponents paint a (misleading) picture in which righteous copyright owners are under attack by a small cabal of scofflaw super-hackers.

Expect a backlash. And the main victims of that backlash, as usual, will be ordinary users who aren’t out to hurt anybody but just want some way to coexist peacefully with copyright owners.

[Correction (Sept. 25): Corrected the first paragraph, which previously said voice mail had been captured, to say that a VoIP phone call was captured.]

Comments

  1. “Published analyses of the released material mostly confirm what was already suspected, that MediaDefender’s technical tactics had mixed effectiveness, and that the company may have edged across the ethical (and possibly legal) line by launching active cyber-attacks on suspected infringers.”

    The justification is right there. What goes around comes around.

    These media companies are no more above the law than the intruders are. Regardless of what they and their supporters think.

  2. Most of the coverage I’ve seen so far — admittedly, from technogeeks — has focused on the horrible behavior of MediaDefender, and have glossed over the hackers, largely implying that their data is from an incompetent MediaDefender employee who forwarded all company email to an insecure account.

    A current Google news search for MediaDefender finds all lash, no backlash.

    Exposing MediaDefender’s illegal tactics isn’t going to help them or their supporters.

  3. “Hello”:

    MediaDefender’s transgressions don’t justify the intrusion. Every if we accepted that it’s okay to break in to gather evidence of bad behavior — and I don’t think we should accept that — the intrusion and disclosure went far beyond what would have been necessary to expose MediaDefender’s questionable acts.

  4. Question: what would the admissibility of these documents be in a court, were someone to file a lawsuit against MediaDefender?

  5. How far can we expect the backlash to play out? As far as I can tell, the MD break-in was a backlash. Or rather, a successful battle for the “pirate” (freedom?) side in what is becoming a long, drawn out war. Neither side is fighting fair, but hey — war’s hell. The main backlash I see coming from this is just the usual retaliation from the usual suspects: Another battle in a long war.

    I think, given this context, the leak is a blow for freedom, albeit perhaps it is in the same vein as dropping a nuclear bomb on Hiroshima; the means are inhumane, but the cause is the right one.

    Regardless of what the law says (which is clearly on the side of MD), the widespread online support for the leak seems to me to indicate a desire to live in a society where a company like MD is more clearly illegal. This is vigilante justice at work; our legal system as a whole has let us down, so one or two anonymous individuals decided to take matters into their own hands — to the joy and entertainment of the online lynch mob.

    When the appropriate authorities do finally catch up with the Media-Defenders-Defenders group they’re going to be faced with an unusual situation: Substantial public support for some individuals who have done something very, very illegal. And, if extradition is involved (which seems likely), you can be sure that the usual accusations of America throwing around its power excessively will come back louder than ever.

    The MDD group are martyrs in the making, and, while public support might not be enough to save them from the long arm of the law, public opinion matters in democracy. And if people see the law making martyrs, they’re going to try and change to the law in favour of the martyr’s cause.

    To sum up, while I think you’re right that act in isolation does nothing for the cause of freedom, I also think that if you look at the larger picture, the effect could be quite substantial.

  6. The leaked voice clip wasn’t voicemail, but actually a call between MediaDefender and the Justice Department in New York some months before the leaks started happening. They were on a VOIP connection which I figure made it an easier thing to snag.

    Seems they were mainly talking about MediaDefender’s security after someone from Sweden had tried to log in to something of MediaDefender’s using old credentials that had been circulated by email.

    The reason the justice department was talking to MediaDefender is that it seems MD were passing on information about people based in New York who were distributing child porn.

    It’s not a terribly interesting call by itself really, but the transcript is here: http://pastebin.com/f5ae055cf

  7. The call was not snagged via VOIP. The call information is in the emails. They simply called into the teleconference bridge before the call began, and recorded the conversation.

    Same with getting the emails – there was no magic involved. The idiot forwarding his messages to Gmail signed up to one of the pirate sites, from MD’s IP block, using his Gmail address *and the same password* he uses at Google.

    As for the source code, well, that took a bit more work.

    That said, I don’t think there’s going to be much backlash against MediaDefender-Defenders for the leak. The MDD folks are the same people that MD has been attacking for years, and they decided to exact some retribution. Already Pirate Bay is going after MD because the emails prove that MD has been involved in “infrastructural sabotage, denial of service attacks, hacking and spamming” their servers.

    Companies, especially companies like MD that are electronic targets, should have better policies in place to ensure their communications aren’t, for instance, forwarded to an employee’s Gmail account. I certainly don’t condone what the MDD people did, but it was certainly effective.

  8. Ed, aren’t you making the error of confusing “ought” and “is”? i.e., you may have a strong negative reaction, but as a statement of fact, that hardly means there will be a backlash.

    I mean, there’s plenty of times I’ve thought someone’s done something morally atrocious, and the general reaction seems to be ho-hum, or even attacking me for making an issue of it.

    I don’t see the basis for a backlash here. MediaDefender’s sort of hoist on their own petard. That is, the crackers had very little to lose in terms of public regard (they’re already pirate scum), but in contrast MediaDefender could go down a lot. They’re sort of stuck crying “Those blackguards showed we’re not pure ourselves”. Not exactly the most sympathetic rallying cry.

    I assume you’re not doing this as an exercise in “positioning”. So, what would convince you that the model you’re using is inaccurate?

  9. > The intruders, on the other hand, went far across the line, committing serious crimes.

    Are you sure about this? There was a recent California district court decision that the MPAA could legally use e-mail a hacker obtained from TorrentSpy. See http://blog.wired.com/27bstroke6/2007/08/mpaa-paying-hac.html

    Depending upon how the phone call or message was obtained, this may or may not be illegal. If the responsible party did as “Mark” suggests, it may have been improper – in many states, the permission of one or both of the parties involved in the call must give permission for the call to be recorded.

    However, at this point, it is not clear that we really know how the call was obtained and thus cannot say with any surety that “this is illegal”.

    Speaking as somehow who likes their privacy though, I do not think this was ethical even if it was legal.

  10. The backlash will come in the Washington debate, and in the words and actions of copyright holders. There’s an internal debate going on inside the big studios and record companies, in which the more forward-looking view has been gaining. The MediaDefender intrusion and information release will bolster the position of those within the industries who argue for taking a hard-line position.

  11. But doesn’t the hard-line approach require the use of MediaDefender-like tactics? Which are very likely to lead to more bad publicity for the copyright holders?

    Coverage of the RIAA lawsuits and the Sony rootkit has not been restricted to tech publications and the blogosphere. Aren’t the copyright holders concerned that the bad press will eventually catch up with them?

  12. Is it known to what extent the client media companies were aware of the illegal or questionable methods MediaDefender used?

  13. I don’t see it at all, from a business point of view.

    I understand the punditry and professional credibility aspect, that given all the PR flackery to identify opposition to maximal copyright with illegality, that requires those on the other side to make strong denunciations here.

    But in terms of “what’s good for the business” – which is a purel amoral consideration – where is anything changed in terms of the economics? The financial calculus isn’t any different.

    I mean, these people deal with far, far worse every day, not some kids playing around with some file-sharing, but real bona-fide commercial infringement operations that make huge amount of money. This incident should hardly matter on that scale.

  14. I have a hard time believing that Media Defender will last as a company if they’re not able to keep this kind of sensitive information within their walls.

  15. “The backlash will come in the Washington debate, and in the words and actions of copyright holders. There’s an internal debate going on inside the big studios and record companies, in which the more forward-looking view has been gaining. The MediaDefender intrusion and information release will bolster the position of those within the industries who argue for taking a hard-line position.”

    The material leaked will bolster the position of the other side in the same debate. It probably all comes out about even in the wash.

    P.S. why is the freedom-to-tinker.com Web server ignoring 90% of HTTP requests, and responding incorrectly to about 3/4 of the rest? (Usually with a small, content-free “503” page instead of the page that was requested, when the latter is clearly the only desirable response.) Please roll back its configuration to Monday’s; it was behaving normally on Monday. And, of course, whatever change was made in the intervening 48 hours should not be attempted again. I seem to recall that this has happened at least once before; there must be some tempting tweak that seems like it will get a bit more oomph out of the server, but backfires rather consistently for whatever reason. Resist temptation; next time think “if it ain’t broke don’t fix it”!

  16. Let’s suppose that Washington and the Media Companies get together and take a “hard line” position.

    Very few people like the media companies. The artists don’t like them (artists are regularly getting ripped off and have been for years) and the fans don’t like them either. For the most part, technogeeks are unimpressed by poorly educated legal eagles drafting laws that can arbitrarily turn anyone into a criminal just to prop-up profit margins in a failing business model.

    So their “hard line” approach will only convince a larger section of the moderates that the media companies are not their friends. That’s not to say that the “pirates” are doing the right thing (from a moral perspective) but for average Joe Sixpack (or young Betty Bebop) who represents a greater direct threat to them and their way of life?

    Many of the people involved are youths, just getting a vote. Put this together with the Iraq War (also massively unpopular), strong hints of electronic election fraud and other corporate corruption. I have a feeling that it will be Washington taking a dose of backlash here.

  17. It might be good to go back and read The Prince again. And try to match up this act with something in the book. And then match up what the U.S. gov’t is doing with what is in the book.

    The point is: the law is nice. Then there is reality, the good and the bad people.

  18. Sorry, they may have surpassed the legal line, but nevertheless, there are two points in their favour:

    – it felt really good to see MediaDefender going down, after all what they had done,

    – if the state surpasses the legal line, in an organised and massive way, why should regular citizens not at least try it for themselves, too?

    The second point is a very important one IMHO: it is already a backlash in and of itselves. Not against MediaDefender, but against higher-ups.

  19. @Bob Hogan:

    I searched and found Chapter 3

    In this way you have enemies in all those whom you have injured in seizing that principality, and you are not able to keep those friends who put you there because of your not being able to satisfy them in the way they expected, and you cannot take strong measures against them, feeling bound to them. For, although one may be very strong in armed forces, yet in entering a province one has always need of the goodwill of the natives.

    And not to forget Chapter 12

    Mercenaries and auxiliaries are useless and dangerous; and if one holds his state based on these arms, he will stand neither firm nor safe; for they are disunited, ambitious and without discipline, unfaithful, valiant before friends, cowardly before enemies; they have neither the fear of God nor fidelity to men, and destruction is deferred only so long as the attack is; for in peace one is robbed by them, and in war by the enemy.

    Seems relevant to the US Govt, maybe not so relevant to MediaDefender but no doubt these things are tied together.

  20. Chapter 3 could have been specifically written about Iraq and 12 about Blackwater.

    Tel, you’re onto something but I don’t think you realize the magnitude. The black wind begins to blow. So far in little breezes and puffs, but before long sh*t will hit the fan in multiple sectors in the economy and politics, and it will make the dot-bomb and the subprime mortgage problem look like minor rain squalls compared to a hurricane.

    A Category 5 one.

    Batten down the hatches.

  21. “Ed Felten Says:
    September 25th, 2007 at 7:56 pm

    The backlash will come in the Washington debate, and in the words and actions of copyright holders. There’s an internal debate going on inside the big studios and record companies, in which the more forward-looking view has been gaining. The MediaDefender intrusion and information release will bolster the position of those within the industries who argue for taking a hard-line position.”

    If the record companies fail to gain a “more forward-looking view”, the fault will lie in them. Felten is naive to think that they are benevolent and that they can be appeased. If they are good people then they will do the right thing regardless of whatever battles they lose. Felten is also an apologist for them by saying that the reason they won’t do the right thing is because their own shady dealings and methods have been exposed.

    Analogously I would say that Felten’s argument would be like if there were another terrorist attack in the United States, and that would be a reason for suppression of the “more forward-looking view” amongst some members of the Bush administration calling for the closing of Guantanamo Bay.

  22. “Things like the increasing hangup on “Valuable IP” and DRM and the Dirty Harry style of enforcement are all symptoms of grassroots economic and social strain. I can see a number of forces likely to increase that strain in the near future, no doubt leading to more symptoms.”

    I don’t think even a fiscal conservative government after 2008 will stop it; it’s already too late, and Bush’s spending extravaganzas in Iraq are only a fraction of the issue anyway. Between the imminent implosion of the advertising industry, collapse of some small bubbles in wireless and pharma, violent transition from broadcast media dominating to things like video-on-demand, and major regulatory crises in pharma and Chinese imports, not to mention the continued collapse of copyright, we’re looking at a perfect storm here, all in the very near future.

  23. On the subject of the iBricking, I have to wonder why anyone with a modified phone would install an update about which such warnings had been made? It seems to me that if you had a modified iPhone and knew it, heard that the forthcoming firmware update from Apple might not be so good for it given the modifications, and went ahead and installed that update anyway, then you did indeed do it to yourself. On the other hand, if you didn’t know that the phone had been modified (got it secondhand?) then you definitely have cause for complaint, though perhaps to the reseller that didn’t disclose the modification.

    Me, I’d have unlocked mine a while back, and then not downloaded let alone installed Apple’s update. All too often updates don’t offer any compelling benefits anyway; unless there’s a critical security flaw they address I’m skeptical of any patch by any vendor. It’s not like they ever seem to fix just-plain-bugs, however annoying, that aren’t security holes, after all, and often, like Windows Genuine Advantage Notifications, they have effects ranging from pointless to dangerous. Of course, some people seem to have been conditioned to install whatever update is put before them whenever Pavlov rings the bell… 😛

  24. Ethan Supporter says:

    seen no backlash myself

    and I most certainly did NOT think of mediadefender as victims in this escapade what with their evil tactics and Rather juvenile take down notices

    I saw it more as Noble rebels slaying a evil behemoth.

    I almost laughed myself to death to

    “Despite us being located in Canada if you actualy do figure out how to compose a valid DMCA , We’ll honor it, as sooln as were done laughing at you”