MPAA Trying To Rootkit Universities?

from the how-nice-of-them dept

Just as the MPAA is strongly pushing for a new law that would require universities to take proactive measures to prevent unauthorized file sharing from happening on university networks, the group is also apparently pushing certain universities to install some MPAA-sponsored software to monitor network usage. However, after examining this "toolkit" some are noticing that it appears a lot more like a "rootkit" than a "toolkit." Depending on how a university's network is configured, it could actually reveal a lot of private info to the outside world. The software also phones home to the MPAA, despite promising not to report back any information. There are a few other oddities as well. While it could password protect some of the exposed content, it never prompts the user to do so -- and, at the same time, it disables logging who accesses the pages revealing all the info. While it could all be a coincidence, effectively the MPAA has made it so that it (and others) can spy on university network usage without being tracked in many cases. People in the article note the similarity to the Sony rootkit situation, where software designed to "protect" actually opened up huge security vulnerabilities.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    dazcon5, Nov 26th, 2007 @ 10:27am

    Stupid

    This is getting ridiculous... ISPs, schools, are not enforcers for these a$$hats. Wake up and smell the new markets available IDIOTS!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    SM, Nov 26th, 2007 @ 10:43am

    Unbelievable that the MPAA has the audacity to send a letter asking all of these Universities to police their networks. I hope all of those schools make it clear that they do not work for the MPAA, and that the MPAA doesn't get the free use of University resources for its own agenda.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 26th, 2007 @ 10:44am

    The lesson learned from the Sony rootkit episode was that the record companies are above the law (no one from Sony ever went to prison or was even charged over their rootkit). So now why shouldn't the movie companies think they can do the same? And you know what? They're probably right. The FBI is in love with these guys.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joe Smith, Nov 26th, 2007 @ 10:57am

    Paying the cost

    And is the MPAA agreeing to indemnify the Universities and all of the University users when their software crashes the system or results in a leak of private information?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      John Duncan Yoyo, Nov 27th, 2007 @ 5:32am

      Re: Paying the cost

      >And is the MPAA agreeing to indemnify the Universities
      >and all of the University users when their software
      >crashes the system or results in a leak of private >information?

      The upside on a MPAA rootkit causing the release of private information is that there would finally be grounds to sue them into oblivion.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Ken R., Nov 27th, 2007 @ 1:01pm

        Re: Re: Paying the cost

        Haha, I was just thinking of that possibility. Hopefully by the time I go to school, a number of information leaks will put them in check.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Dave, Nov 26th, 2007 @ 11:10am

    When it's time to cut and run...

    Anyone who has had on older car can tell you that there comes a time to cut your losses and buy a new car. The repair and maintenance costs far outweigh the costs and benefits of purchasing something newer. I think that time has come and gone for the RIAA and MPAA. The current business model is outdated and in grave danger of loosing the connection to it's buyers altogether. It's a different world than the one that record and movie dynasties are used to. They either need to adapt or they will run head long into the tar-pits of extinction themselves.

    If the new world of eBusiness is embraced by the entertainment industry, I think that there could be an exponential growth in revenue.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 26th, 2007 @ 12:55pm

      Re: When it's time to cut and run...

      I don't know...

      Maybe this is their new business model. They can't seem to make any decent films, maybe they've caught on to how entertaining it is to watch them bumble around like a bunch of clueless morons?

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    bmac (profile), Nov 26th, 2007 @ 11:32am

    universitytoolkit.com

    Anybody check to see if the GNU or GPL is being broken by their distribution of Xubuntu, Snort, etc.? They're distributing this toolkit as a bundled ISO install, but I don't see any evidence that they are also releasing the complete source code for this distro and the included tools.

    www.xenu.net

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    nedu, Nov 26th, 2007 @ 11:33am

    rootkit==teh 3/i1

    Via Kreb's blog, a quote from Steve Worona, director of policy and networking programs at EDUCAUSE:

    "The important thing about the Sony rootkit wasn't the details about what a rootkit was or why it ended up being put into those CDs, but rather what the intention was versus what the CDs really did," Worona said.

    IOW, it doesn't matter what a hacker might think is the definition of a “rootkit”. All you need to know is . . .

    r0ot|

    Run away!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 26th, 2007 @ 12:16pm

      Re: rootkit==teh 3/i1

      There have plenty of individuals (i.e. not corporate executives) convicted of computer crimes on the basis of what they actually "did" despite not really "intending" any harm. Intent (supposed) only seems to be a defense for corporate executives.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    matt, Nov 26th, 2007 @ 11:40am

    sadly, its breaking the law in a bad way

    they're basically asking you to give up your own rights by installing their software...so it might be a legal grey area.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 26th, 2007 @ 12:28pm

      Re: sadly, its breaking the law in a bad way

      they're basically asking you to give up your own rights by installing their software...so it might be a legal grey area.
      If they don't reveal what all it is going to do (and I don't think they have) then it's what's called a "trojan". The record and movie industries have been lobbying congress for laws to specifically make it legal for them to plant trojans for some time now. While they haven't gotten that yet I guess a promise of immunity from the Justice Department is almost as good.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Eric the Grey, Nov 26th, 2007 @ 11:43am

    On top of that...

    You know, they could save themselves a lot of bandwidth cost by using bittorrent to distribute that ISO image...

    EtG

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    nedu, Nov 26th, 2007 @ 11:43am

    Techdirt comment handling

    P.S. Techdirt has a comment handling problem in html post mode with both backslashes (unescaped) and with: & (ampersand)l (ell) t (tee) ; (semicolon).

    Backslashes showed up fine in preview. Backslashes disappeared on post.

    & (ampersand)l (ell) t (tee) ; (semicolon) also showed up fine in preview. Everything in rest of paragraph disappeared on post.

    Anyhow, "rootkit == teh 3vi1".

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Erv Server, Nov 26th, 2007 @ 12:54pm

    RIAA

    Leo LaPorte isn't gonna like this

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    teilo, Nov 26th, 2007 @ 12:58pm

    They think you are stupid

    Yes, that's right, MPAA. Nobody ever looks to see what the software they install is actually doing. Everybody just installs whatever you give them and takes your word for it that it's all safe and honest.

    After all, you are the trustworthy ones, and anybody who would question your right to distribute your "toolkit" is obviously a criminal.

    Once again, this proves that the MPAA and their ilk really do think the rest of the world is stupid.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Steve R. (profile), Nov 26th, 2007 @ 1:03pm

    Corporations Defining What is Legal

    To reiterate the prior posts, we seem to be descending into a society where corporations (in the name of protecting their profits) will deprive the consumer of any rights, will judge the consumer's guilt, will establish the penalty, and will invoke the penalty all without due process. We are becoming a Nation of, by, and for the corporations.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 26th, 2007 @ 1:50pm

    It's made from a linux variant, yet they don't make their code available. So, in fact, they are violating copyright law with this. Right?

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This