MediaDefender's Denial Of Service Attack On Revision3

from the how-friendly-of-them dept

Lots of you are probably familiar with MediaDefender. They've been around for many years (we first mentioned them back in 2000) with the business proposition of basically helping big entertainment companies disrupt any sort of unauthorized file sharing. In the early days, that just meant putting up spoof files to annoy people. But it's become a lot more sophisticated since then -- including tricking people into downloading spoof files with malware that actually scans your computer for infringing files. Then, of course, there was the infamous attempt to create an entire fake honeypot file sharing system to try to catch people for unauthorized file sharing. The company has also been accused of a variety of different denial of service attacks against sites it believes are promoting file sharing. On the whole, pretty much everything the company seems to be associated with would be considered dirty tactics. What's amazing is that in pulling all these dirty tricks, MediaDefender never seems to get in much trouble for it. However, it may have picked the wrong target this time.

Over the weekend, there was a lot of buzz about the fact that online video company Revision3 was taken totally offline thanks to a denial of service attack. As a whole bunch of you are sending in, Revision3's CEO has now put up a post explaining how it was actually MediaDefender that very obviously launched the denial of service attack on Revision3. There are some details missing, but effectively what has been pieced together is that Revision3 uses BitTorrent (properly and legally) to help offload the bandwidth costs of distributing its videos (this is exactly what BitTorrent was originally built to do). MediaDefender, however, used a backdoor into Revision3's BitTorrent tracker to inject its own nefarious torrents -- basically piggybacking off of Revision3's tracker. Revision3 noticed the backdoor and closed it -- at which point, MediaDefender's system started flooding Revision3's servers with over 8,000 pings per second (MediaDefender claims it should have been once every 3 minutes).

So, it doesn't appear to have been a malicious attack by MediaDefender on Revision3 -- just a sneaky, poorly implemented one (which, at this point, seems par for the course on just about everything MediaDefender does). And, in doing so, it took a totally legitimate business nearly completely offline for a few days, and doesn't seem particularly apologetic about it. And these are the guys that the entertainment industry trusts to save it from the "evils" of unauthorized file sharing.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Chronno S. Trigger, May 29th, 2008 @ 1:47pm

    Thanks

    Thanks for pointing out Revision3 to me. I've been looking for something like this for a while now. I also love how he wrote the article. Oddly enough, it seems something else happened to their servers. I can't get back into their main page.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous of Course, May 29th, 2008 @ 1:48pm

    What was injected and why?

    I tried to read the Rev3 article but get no
    response. Maybe it's too popular at the moment.

    What was media defender injecting into Rev3's
    torrents.

    Rev3 seems to be doing nothing wrong what is
    media defender's interest in their business?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Rose M. Welch, May 29th, 2008 @ 1:54pm

    Can you prosecute people for downloading copyright material if it was fake, non-copyrighted material?

    Isn't sending malware just as illegal and infinitely more harmful than downloading a copyrighted file, especially in these days of zombie computer networks?

    WTF?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonmous of Course, May 29th, 2008 @ 1:57pm

    I found this works

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    teknosapien, May 29th, 2008 @ 1:57pm

    route add

    route add 207.171.0.0/18 127.0.0.1

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 2:14pm

    Like Rose said...
    I'm pretty sure that getting someone's personal information without their knowledge and then sending it to an outside organization is either a. very illegal or b. just makes them even more of a dick.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    TriZz, May 29th, 2008 @ 2:14pm

    Re: What was injected and why?

    The story is on the front page of Digg (owned by Revision 3). It's also the most dugg story of the day, so they probably just have a HUGE load right now...

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Hank, May 29th, 2008 @ 2:21pm

    reversal of roles

    So basically, MediaDefender, in trying to find sites breaking the law, and stop them, found a site that was not breaking the law, then attacked them anyway, and shut down their business for a period of time, which in itself is breaking the law.

    If I was Rev3 I would sue for revenue lost during the down time caused by MediaDefender; and because we are in America where anyone can be sued for anything, I would sue everyone associated with MediaDefender as well.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Dan, May 29th, 2008 @ 2:30pm

    Re:

    I would say both

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Matt, May 29th, 2008 @ 2:37pm

    revision3 will be down for a day I suspect

    They've been slashdotted, which is known to take down some of the biggest websites across the web among the broad coverage everywhere.

    /welcome revision3 to what google size traffic can do to a server: aka nuclear warfare lol

    Anyway, with that said, MD has admitted to illegal actions. On many many levels according to people on groklaw there are avenues for recourse that Revision3 may be able to pursue. This will be a hell of an interesting case explaining that "yes, I am using someone else's legitimate servers without their consent, its only a coincidence that I bombard them if they cut me off"
    IANAL but that will be a fun case.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Eric the Grey, May 29th, 2008 @ 2:54pm

    Re: Re: What was injected and why?

    It's also the current top story on slashdot, which adds another big hit on their servers.

    Check back in a couple of hours after everything has calmed down.


    EtG

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Chronno S. Trigger, May 29th, 2008 @ 3:37pm

    Re: revision3 will be down for a day I suspect

    According to the article on Revision3, the FBI are involved so this should be fun.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    ehrichweiss, May 29th, 2008 @ 3:56pm

    Re:

    "Can you prosecute people for downloading copyright material if it was fake, non-copyrighted material?"

    If you and everyone you know doesn't convince their congress critter to stop the bill that will make *attempted* copyright infringement a punishable crime, yes they will be able to do that soon.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 4:02pm

    Re: reversal of roles

    dont forget to use MediaDefender's buddies the RIAA/MPAA's favorite method of counting lost damages...

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    PaulT (profile), May 29th, 2008 @ 4:19pm

    Wow

    You've got love this. In order to attack "pirates", MediaDefender run a network exploit on an the servers of an innocent 3rd party's server. They use this to run illegal torrents through a backdoor in order to try and catch people who might be downloading in an unauthorised manner, and do so without notifying said 3rd party. When said 3rd party tightens its security, their systems' response is to cause the 3rd party to shut down.

    I'm in awe of the stupidity, incompetence and short-sightedness of MediaDefender's actions, as well as the balls it must take to say "sorry we shut down your business over Memorial weekend, but tough s**t" (paraphrasing, obviously).

    Surely they can be prosecuted for various hacking and computer/wire fraud crimes? They should at least be sued for the lost revenue.

    The amusing part about this: they apparently feel no shame because Revision3 happen to use BitTorrent, a perfectly legitimate file distribution method. Remember, these are meant to be the "good guys". We need to feel sorry for MediaDefender because those *other* companies they work for (RIAA/MPAA members) might be losing money and those companies are richer and therefore more important than Revision3...

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    PaulT (profile), May 29th, 2008 @ 4:35pm

    It gets better...

    Finally got the full article to load, and this is gold:

    "MediaDefender claims that they have taken steps to ensure this won’t happen again. “We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”, promised Grodsky, “and first will make a communication that says, hey are you aware of this.”"

    Erm, shouldn't they actually be checking who the trackers belong to anyway? I'm no expert on this subject, but I know that back when I used to do support for a hosting company, most servers that were distributing P2P or torrent files illegally turned out to have been hacked or had rootkits installed. They were always fixed/pulled as soon as this became apparent, usually with the blessing of the customer. I'd guess that most people running illegitimate trackers would like to know about it themselves...

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    GeneralEmergency (profile), May 29th, 2008 @ 4:59pm

    Gee..I'd really like..

    ...to know who MediaDefender's 9Gb Pipe ISP is.

    Here we have an ISP that must have a TOS policy that permits Denial-of-Service attacks.

    Or did MediaDefender --LIE-- when they signed up?


    No. I simply can't believe that a company hired by the RIAA/MPAA would ever lie. That wouldn't be ethical.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 5:57pm

    Re: Rose and Erich's Comments

    I believe there are still laws against entrapment, though.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 9:13pm

    Re: Re: revision3 will be down for a day I suspect

    According to the article on Revision3, the FBI are involved so this should be fun.
    The RIAA/MPAA have the FBI in their pocket. The FBI isn't going to do anything but say "OK, we'll look into it" and then let it quietly fade away.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 9:19pm

    Is the name "MediaDefender" appropriate ?
    Possibly MediaDestructor would be more in line with their actions.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, May 29th, 2008 @ 9:27pm

    Re: Gee..I'd really like..

    Here we have an ISP that must have a TOS policy that permits Denial-of-Service attacks.
    You're just used to consumer terms. Many ISP's give their big or otherwise special customers special terms that can be quite a bit more liberal than their published terms that would apply to you or me. These special terms appear in the contract on what the industry commonly refers to as a "yellow sheet". I imagine MediaDefender has a yellow sheet on their contract.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    GeneralEmergency (profile), May 30th, 2008 @ 4:45am

    Re: Re: Gee..I'd really like..

    Then the contract yellow sheet is invalid. Even I know that two parties cannot hve a contract to do something --illegal--.

    This is first week of Business Law 101 stuff.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Ferin, May 30th, 2008 @ 5:11am

    Perp Walk?

    Does anyone know, can they be prosecuted for executing a DoS een if it's shown that it occurred because they can't configure their software properly? I'd love to see these idiot's heads roll, but it sound like they're trying for a defense of "boy, was that a bad glitch in our system!"

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, May 30th, 2008 @ 6:11am

    Re: Wow

    MediaDefender has never been the good guy. It doesn't matter what they say, it doesn't matter what their handlers say, it doesn't matter what the government says. They have always been hostile to the public, and that makes them the enemy.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    thecaptain, May 30th, 2008 @ 7:18am

    Re: Perp Walk?

    They CAN be prosecuted.

    However, they WON'T be prosecuted. Money talks.

    The U.S. lawmakers, politicians and the A.G. offices are hopelessly corrupt in the amount of money they receive from media companies such as the MPAA and RIAA. As such, MediaDefender is COMPLETELY free to hack with impunity.

    Until laws change, until the political process changes and until these companies lose the ability to buy the law, this will continue.

    Land of the free indeed.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Chronno S. Trigger, May 30th, 2008 @ 10:34am

    Re: Re: Perp Walk?

    That may be true, OK it's probably true, but it would be interesting if Revision3 pushed the matter. With all the free publicity that MediaDefender just forced down their throats, it would be a good time to turn this around and possibly make laws change. They'll have a lot more money to pad their legal budget.

    By the way, I'm now a happy member of Revision3. Thank you Mike. Now I want to figure out where the torrent part comes in so I can share.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    James, May 30th, 2008 @ 1:26pm

    Re: Re: Re: Perp Walk?

    revision3 won't push the matter,
    MediaDefender will give them gobs of money to settle.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, May 31st, 2008 @ 11:47pm

    Re: Re: Re: Gee..I'd really like..

    Then the contract yellow sheet is invalid. Even I know that two parties cannot hve a contract to do something --illegal--.
    Just because the yellow sheet does not specifically prohibit DOS attacks does not make the yellow sheet invalid. It probably doesn't mention murder either but that doesn't make it invalid.

    This is first week of Business Law 101 stuff.
    If your business law class taught you that contracts have to list everything that is illegal in order to be valid then you need to ask for a refund.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Bob Mclawren, Jun 2nd, 2008 @ 5:42pm

    DDOS Mitigation

    Hey,

    You guys should look into a provider called ypigsfly (ypigsfly.com) as they provide ddos mitigation (called securepig) of up to 2gig/sec and 2 mil packets per second. They do advance detection based on ip/protocol anomaly + behavioral detection as well as the traditional tcp-syn fin/reset attacks along with icmp/udp protection. They also do rate limiting based on a per policy so you can limit the amount of connections a service receives from a source ip or network.

    cheers

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This