Aussie Security Research Hacks Music Charts, Puts His Own 'Songs' Up Top
from the nothing-to-it dept
Rather than spend years practising an instrument and writing songs, he compiled music from clunky electronic MIDI files and later by applying algorithms that squashed together public domain audio.He then posted the tracks to a variety of different platforms via CDBaby, apparently including Spotify, Rdio, MOG (from Telstra), Pandora, iTunes and some others -- and then the fun part:
He then purchased three Amazon compute instances and wrote a simple bash script to simulate three listeners playing his songs 24 hours a day for a month.This move apparently pushed the music up the charts on various systems -- hitting the very top of the Rdio chart for Australia. In response, he released a second album, and saw it jump to the second spot (behind his first album) within a matter of weeks. Any human listeners, not surprisingly, were not particularly happy, and he got flooded with bad reviews, but it didn't much matter. His favorite comment: "I call it troll music." There was also one that said: "it might sound good on cocaine like when it was made, but this isn't music." He did get a single iTunes purchase, though.
MOG and Spotify actually appeared to suspect something was up and cancelled certain accounts. Spotify killed the accounts he had set up to listen (but not the actual music accounts) though he's not entirely sure why -- though he suspects a few things that made it obvious they weren't legit (he didn't try that hard to cover his tracks). With MOG, he suspects it was because almost no one uses the service, so someone probably noticed the anomaly situation pretty quick. Rdio, however, kept the albums up at the top, and even sent out promotional emails to people pushing his albums.
At this point, he created a third album, called A Kim Jong Christmas, which was all just actual public domain music, so that if anyone listened to it, they wouldn't immediately realize it as "noise." As that one shot up the charts as well, users were confused, with one commenting: "There ain't no party like the Korean Worker's Party. But seriously -- what the hell is this doing on High Rotation?"
In the end, he apparently spent a grand total of about $30, but brought in decent royalties. Of course, once the story came out, his music's been pulled from most of these services, though he's started posting it to his own website, though even he admits that he can't listen to it the whole way through.
Of course, this was all done for the purpose of research. He was interested in a variety of things, including the fraud-checking on various music services, how royalties on these services work (he's got some data there as well) and various other things about how to make this kind of setup work. He also noted that when his accounts were suspended, almost no info was given, and he points out that this could also lead to a way for someone to attack a rival musician to get their works taken off of these services without warning or explanation.
The other question that I have is if Fillmore has opened himself up to any legal risk. It looks like he made about $1,000 in royalties, so I could potentially see some companies arguing it was a type of fraud. If he were in the US, I could even see some crazy CFAA charges thrown at him, because that's the sort of crap that happens in the US under the CFAA. Hopefully calmer minds prevail and this is viewed in the spirit it was done: as a research project which popped out some rather interesting results (and some really bad music).