MediaDefender Explains Itself

I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."

Mediadefender is the Punisher

[flerchin (179012)]

How is any of this legal? Injecting content, false or otherwise? DOS'ing a server? They're fighting fire with fire.

Re:Mediadefender is the Punisher

[Xiph (723935)]

I fully agree, they admit two doing two things that are not legal.

Unauthorized access and Denial of Service attack.

I'm not quite sure of the details though, were they using a bug to plant the torrents or was the tracker just negligently configured?
The above matters for whether they were hacking(non-geek) or simply using it without authorization.

anyway, "bad boy!" to MediaDefender, surprise surprise.
But will the shit stick all the way to those truly responsible?

I CONFESS!! IM GUILTY! Can I get off the hook now?

[Bananatree3 (872975)]

Dear Public, Media, and our friends Revision3: We are very, very sorry. Our servers did bad, bad things to Revision 3 and WE HAD NO CLUE!! Please, take mercy on us. Sure, our severs were snooping around their legitimate BitTorrent tracker seeding maliciously. BUT WE HAD NO CLUE! Sure, our servers recently assraped their severs into oblivion, BUT WE HAD NO CLUE!! This is all one big, misfortune event. Our Friends at revision3, we are really, really, REALLY sorry. Please, we plead ignorance. Our innocent servers honestly thought you were running an pirate operation. Please accept our appologies (Pretty please! with a cherry ontop :))) We PROMISE we will NEVER EVER NEVER do it again. Sincerely, MediaDefender

Re:I CONFESS!! IM GUILTY! Can I get off the hook n

[empaler (130732)]

Also, we made this cake. For you. Please, don't ask about the teeth marks.

Re:I CONFESS!! IM GUILTY! Can I get off the hook n

[Brian Gordon (987471)]

"Our servers did it" definitely induced a head-scratch from me. Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access? That doesn't make sense, even from their twisted viewpoint..

Re:I CONFESS!! IM GUILTY! Can I get off the hook n

[RobertM1968 (951074)]

"Our servers did it" definitely induced a head-scratch from me. Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access? That doesn't make sense, even from their twisted viewpoint..

Because they have gotten away with it for near a decade, even though many have pointed out the illegality of it.

And they expect, once again, to get away with it.

And because, this will become even more fuel for them (and the **AA) towards pushing making P2P software entirely illegal, regardless of it's use. Does this last section make sense? No? So what? Do you really think it has to? Look at their other arguments for making P2P illegal - do they make sense? Didnt think so. ;-)

And of course, because it will help them push forward the pending legislation that would make their actions (whatever they are) legal - irrespective of current law.

So... I think it makes perfect sense - at least from their twisted viewpoint.

:-(

Re:I CONFESS!! IM GUILTY! Can I get off the hook n

[iapetus (24050)]

Does this last section make sense? No? So what? Do you really think it has to? Look at their other arguments for making P2P illegal - do they make sense? Didnt think so. ;-)

Actually, I was fairly convinced by that argument they made about Chewbacca. I mean, they have a point. Why would a Wookie live on Endor?

Re:Why would a Wookie live on Endor?

[iapetus (24050)]

That doesn't answer the question, though.

You can see here, the Router orbiting the forest moon of Endor. Although the download systems on this Router are not yet operational, the Router does have a strong defense mechanism. It is protected by a firewall which is generated from the nearby forest moon of Endor.

The firewall must be deactivated, if any torrent is to be downloaded.

Once the firewall is down, our servers will create a tracker, while our admins hack into the system and attempt to inject the fake contact.

Re:I CONFESS!! IM GUILTY! Can I get off the hook n

[rrohbeck (944847)]

Why on earth would they have their servers set up to automatically commit serious crimes just because a server was public and then restricted access?

Their servers became self-aware on August 29, 1997.

Re:Mediadefender is the Punisher

[nurb432 (527695)]

I don't think you can use the unauthorized access if it was a public tracker, but i agree that i don't see how a DoS can be legal under ANY circumstance.

Take down letters, ISP turning your account off due to court order, sure.. But an intentional DoS? WTF?

Since when does 2 illegal acts cancel each other out ( not to mention no illegal act was being committed by Revision3 anyway )?

Re:Mediadefender is the Punisher

[qeveren (318805)]

While it was publicly accessible, I don't believe it was a public tracker, in that users other than Revision 3 staff should not have been able to upload new torrents to it; unless my understanding of the situation is completely off.

Re:Mediadefender is the Punisher

[LrdDimwit (1133419)]

More to the point, whether or not it was before, it became unauthorized access when Revision3 locked down the server. Then it got DoS'ed? I'm sorry, but I don't buy this explanation. If you see a lot of unauthorized activity from a tracker, then you take it thru the proper channels -- contact the admins, send proper DMCA takedown notices, etc. As much as everyone here hates the DMCA, if this kind of situation isn't what takedown notices are for, then they really are *totally* useless (and not just mostly useless). You don't simply assume it's a bad-guy tracker.

And then there's the part where they openly admit to using DoS attacks against trackers. That part is really brilliant. I'd like to see what law they're looking at where that's a "grey area".

Re:Mediadefender is the Punisher

[billcopc (196330)]

If I were to do this against any arbitrary server and got caught, I'd be sued to oblivion.

What do we have here ? We have evidence, a confession, and implicit admission of guilt (their system is designed to blast servers). What are we waiting for ? Jesus ain't coming back, so we're going to have to purge these bastards ourselves.

Re:Mediadefender is the Punisher

[cheater512 (783349)]

To increase speed, their tracker would track for any torrent id.
They wouldn't host arbitrary torrents, only track them.

They saw it was being used by other people so they disabled that.
You know the rest.

Re:Mediadefender is the Punisher

[Perp Atuitie (919967)]

I think they'd have an excellent chance of being found guilty in a criminal prosecution. The roadblock will be getting a prosecutor or press charges. Once they are in court, they really ahve no defense. Far as I know, the "I didn't know the gun was loaded" excuse has a very bad track record. Any random jury would be very likely to send these crooks to prison, and rightly so.

Re:Mediadefender is the Punisher

[schon (31600)]

the "I didn't know the gun was loaded" excuse has a very bad track record.

The thing is, this isn't even "I didn't know the gun was loaded." This is more like "I loaded the gun and pulled the trigger, but I didn't realize who I was pointing it at."

Re:Mediadefender is the Punisher

[Dragonslicer (991472)]

Can't they just hire any lawyer for legal advice and then press charges themselves? It would stnd to reason that if you have the right to be your own lawyer for defense your could be your own lawyer for prosecution of crimes committed against you.

If I remember correctly, the victim isn't the prosecutor in criminal cases, the state is (hence criminal trials always being "State vs. Doe"). If a crime has been committed, a prosecutor from the District Attorney's office is assigned to the trial.

Re:Mediadefender is the Punisher

[burroughsj1 (1273158)]

It would stnd to reason that if you have the right to be your own lawyer for defense your could be your own lawyer for prosecution of crimes committed against you.

In a criminal case, the "victim" is not the individual, but rather society as a whole. The State brings the charges, because the state is the "victim." That's why the individual doesn't get to decide whether or not charges are filed, or have the final say in punishment. The individual victim's recourse is to file a civil suit.

Re:Mediadefender is the Punisher

[Opportunist (166417)]

I wouldn't wait. It wouldn't be the first FBI investigation that turned up the result that is most politically favorable, do it would be a good thing to ensure the politically favorable result is the right one.

Re:Mediadefender is the Punisher

[RobertM1968 (951074)]

There are actually serious laws against this. If you or I did this, we'd spend quite some time in jail, and have to pay quite a large amount in fines. The criminal and civil penalties are not small. Not to mention the probability of losing (the "right" to) Internet access for some period of time (by court order). It's happened before (and been covered here).

But... how much you want to bet that MediaDefender gets off with less than a slap on the wrist?

With luck, at the very least, MediaDefender will lose the civil suit brought against them and pay that way.

Foot, meet mouth

[Moraelin (679338)]

You know, for a while I was kinda suspecting they'll play the "we're dumb, and it was an accident" card. You know, say that it was some poorly configured system that did the injecting, and it accidentally got stuck connecting in a loop instead of once a day. Present it as some bug they didn't even know about. Blame some techie. You know, anything _except_ say "yep, it was premeditated all along to break the law." Go for criminal negligence.

But that they have a big fat pipe dedicated to conducting DOS attacks? Jesus F. Christ, that's like saying that I have a car dedicated to running down pedestrians I don't like. If that's not a confession of premeditation, I don't know what is.

To put it in perspective, the western criminal system (as far as I understand it, and IANAL) tries, or theoretically should try, to establish the degree of intent (or "mens rea" = "guilty mind") in an act. So for example, if a shingle off my roof fell on the a passerby's head, although what happened is the same and the guy is just as dead, you can have very different punishments based on the nuance of being classified anywhere between "direct intention" (I actually intended to have shingles fall on him/someone) and "criminal negligence" (I had no flippin' clue that the roof is in that bad condition, though a reasonable person should have foreseen and inspected it regularly.) The worst you can do is not only go for "direct intention", but also basically say, "oh yeah, it wasn't a momentary act of rage, it was planned all along."

So these guys have basically been paying all along for a pipe _dedicated_ to breaking the law? They actually had a plan to break the law, and month after month paid the bill on the resources set aside for only that purpose? Geesh. I hope that a few executives land in state jail there.

Not only shamed, but pied as well

[Bananatree3 (872975)]

the "one two punch" MediaDefender did was not only reckless but dumb. They stealing bandwidth and poisoning the Revision3 tracker. Revision3 probably wasn't exactly running a Honeypot operation on their BitTorrent tracker, trying to attract pirate scum. Comes along MediaDefender and their server, finds an exploit and utilizes that. That, in of itself, should be illegal (and probably is). When Revision3 finds their blindspot and patches it, MediaDefender turns around and pies them in the face for finding the hole. What a way to say "thanks".

Sheesh.

Re:Mediadefender is the Punisher

[tomhudson (43916)]

Actually they can't get away with the "fake torrent" stuff either - the torrents they put up were for copyright material, which they then tracked to see who was downloading the stuff. In other words, they enabled copyright infringement, then went after the downloaders with "we know you've been infringing - contact the settlement center."

Since they were working with the blessing of the **AA, what that means is that anyone downloading from one of those torrents isn't guilty of copyright infringement, since the download was made available with the knowledge and consent of the **AA.

Discovery is going to be really nasty in this case.

Re:Mediadefender is the Punisher

[SpaceLifeForm (228190)]

Just A DOS, not a DDOS. We have no proof that MediaDefender is in control of one or more botnets.

Now, really?

[Perseid (660451)]

Shouldn't admitting to a DOS attack in and of itself get people arrested? Who cares what the site they are attacking contains? They are committing acts of digital vandalism. Jail, please.

Re:Now, really?

[Vectronic (1221470)]

According to Wikipedia...

"In May 2008, MediaDefender was publicly accused of allegedly being the source of a distributed-denial- of-service attack on Revision3. Jim Louderback, Revision3 CEO charged that these attacks violated the Economic Espionage Act and the Computer Fraud and Abuse Act. The Federal Bureau of Investigations is currently investigating the incident."

Although that may have been written as of 5 minutes ago... plus the FBI isnt exactly notorious for accomplishing things in any sort of justified, or timely manour, and may very well side with MediaDefender.

Re:Now, really?

[DarkOx (621550)]

Even if the FBI is investigating its still untter bullshit in terms of double standard. With this much evidence, and the seriousness other DOS attacks have been treated their should be imediate consequences. If Joe Slashdoter had done this s/he would get to wait in jail for up to 180 days while the FBI investigated her/him. Where are the responsible parties at Mediadefender tonight?

Re:Now, really?

[jd (1658)]

The responsible parties are drowning their sorrows in champaign, their guilt crushed under the weight of party hats and women of ill repute.

Re:You forget, theyre the "darlings" of congress.

[jlarocco (851450)]

Second, theyre working for the **AA organizations, the darlings of congress, for whom no human rights violations are too great a cost, for whom ACTA is being negotiated to subvert those pesky public interest groups and constitutional protections present in every industrialized nation on earth, and for whom judges suspend several constitutional protections for due process.

I'm sorry what? When has the **AA ever violated human rights? Sure they're scumbags, but try to keep a little perspective. They're not exactly selling people into slavery.

The solution to the problem of them being "in" with congress is to give congress, and the government in general, less power. Power is abused. Always. This seems to be a pretty good example of that.

In other words, they are above the law, and the public allows them to do so because filesharing = terrorism, after all bush said so.

Reference?

Re:You forget, they're the "darlings" of congress.

[funkyloki (648436)]

I thought filesharing=communism.

There's even a poster [russiablog.org].

Re:You forget, theyre the "darlings" of congress.

[klapaucjusz (1167407)]

When has the **AA ever violated human rights?

From the Universal Declaration of Human Rights:

Article 9. No one shall be subjected to arbitrary arrest [...]

Article 11. (1) Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law [...]

Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence [...]

Re:You forget, theyre the "darlings" of congress.

[jlarocco (851450)]

Not exactly, but threatening a lawsuit that will result in someone owing money to them for the rest of their life is a little too close to indentured servitude for my liking.

Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?

Right now, the legal choices are:

• Buy **AA's music and movies
• Don't buy **AA's music and movies
• Vote to get IP laws changed so filesharing is legal

There is no "Disregard the law and do whatever you want" option. If they're willfully breaking the law, it shouldn't be a very big surprise when they get punished for it. And right now the penalty for copyright infringement is a big fine.

Re:You forget, theyre the "darlings" of congress.

[Khaed (544779)]

Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?

Except there have been cases where the person did not violate their copyrights. They don't prove someone did it before threatening or suing them, and those people who are innocent still have to fight to prove they're innocent. Then the RIAA holds up paying damages in court for years -- like the case where they tried to claim they shouldn't be liable for attorney's fees. I can't recall the specifics but they were found to be wrong and the defendant then sued them for costs and they called her claimed attorney's fees "outrageous" then refused to publish their own lawyer fees*. It was on Slashdot a few months ago.

* "Objection, your honor!"
"On what grounds?"
"...It's extremely damaging to my case!"

Non-mainstream event

[eggman9713 (714915)]

Even if this story makes it to the mainstream media, its not going to get much airtime. Especially since no Joe User knows what Revision3 is. There just wouldn't be enough outrage to make it a worthwile story anywhere except the geek community.

Fry.

[Renraku (518261)]

If you distribute baking soda (sell/give away/etc) and tell people that its crack, you can be arrested and held to the same liabilities as if you had actually sold crack..in fact..some states have laws to where you'd get charged for selling it, but not possession. Some will tack on an extra charge on top of possession/sale.

So tell me why MediaDefender gets away with inserting fake data labeled as copyright-violating material into someone else's server and then going all vigilante on them. If you own the copyright you might be able to get away with it as its no longer in violation of copyrights since its yours, but since MediaDefender doesn't own them directly..

That on top of the damages they have caused this company, in either time, money, or business damages.

Re:Fry.

[cp.tar (871488)]

Assuming for a brief moment that copyright infringement is theft, just for the purpose of this analogy...
If I broke into your house and put someone else's stuff in your room, then phoned the police that you have stolen property in your room... how nice would that be?

I only have one question: how can we retaliate?

Re:Fry.

[DarkOx (621550)]

Assuming for a brief moment that copyright infringement is theft, just for the purpose of this analogy...
If I broke into your house and put someone else's stuff in your room, then phoned the police that you have stolen property in your room... how nice would that be?

Its not like that though! Its more like:
If I broke into your house and put someone else's stuff in your room, then waited until you came home and then smashed all your car windows with baseball bat while sceaming "theif" and your stood by in confused amazement, and then after I got done with that called the cops on you about the stolen property in your room... how nice would that be?

No very nice, and if anyone else tried it, even if you had really stolen the property and put it in your room my actions would still be a crime of their own. MediaDefender are criminals and the people operating those servers can't be so ignorant of the actions not be accountable for them. We might not be able to get the kingpins but at the very least the doers should be arrested and charged. I know slashdot does not like to go after the little guy but MediaDefenders developers, network, and server admins deserve jail time! If my boss asks me to do something illegal I am still obligated to refuse otherwise the law will hold me responsible. Its imporatant that even these little guys get PUNISHED. The only way you stop getting organizations like MediaDefender from being above the law is to make sure nobody will work for them, because no salary they can offer will be worth doing time for!

Re:Fry.

[AVonGauss (1001486)]

How can we retaliate?

Retaliate is not the word I would choose, but things you can do...

1) Be nice and professional, but write your congressmen, senators and governors and tell them how you feel about the issue.

2) Write the transit providers that provide peering agreements with MediaDefenders service provider. Their service provider and the transit providers that peer with their service provider are supporting their actions indirectly. If their service provider refuses to continue service with Media Defender then they will be forced to move. If other transit providers refuse to peer with their / or a service provider that supports their actions, their service provider will be forced to change their business position or go out of business.

3) MediaDefender is primarily funded by copyright holders, the irony being that the copyrighted works have absolutely no value if there is no demand. If XYZ studio, producer or artist employs the services of MediaDefender, do not purchase their products. Simple.

Re:Fry.

[jon787 (512497)]

If you distribute baking soda (sell/give away/etc) and tell people that its crack, you can be arrested and held to the same liabilities as if you had actually sold crack..in fact..some states have laws to where you'd get charged for selling it, but not possession. Some will tack on an extra charge on top of possession/sale.

Kaffee: It was oregano, Dave. It was 10 dollars worth of oregano.
Lieutenant Dave Spradling: Yeah, but your client thought it was marijuana.
Kaffee: My client's a moron that's not against the law.
Lieutenant Dave Spradling: Kaffee, I have people to answer to just like you do. I'm going to charge him.
Kaffee: With what? Possession of a condiment?

Re:Fry.

[lobStar (1103461)]

Off topic but, in my country it works the opposite. If you sell fake crack, you can get arrested for fraud. But not for selling drugs. This has happened, I read about one case where the victim (buyer) turned in the dealer. Both were eventually convicted for different things.

I think...

[by Anonymous Coward]

...that Air Traffic Control using BitTorrent to distribute approaches is quite possibly the worst analogy I've heard come out of this whole mess.

What I can't understand...

[Newer Guy (520108)]

What I can't understand is how MediaDefender has been getting away with illegal DoS attacks for years, when ANY of us would be put in prison for doing it. Who have they paid off to be able to break the law with impunity?

Isn't DoSing also a Homeland Security issue? Shouldn't their ISP have cut them off when they started doing illegal things like automatically targeting innocent companies with illegal DoS Attacks?

If someone did to MediaDefender what they do to EVERYONE ELSE, they'd be screaming bloody murder!

Finally, what if they DID actually DoS a company that caused someone to be hurt or die. Would they be liable for pre-mediated murder?

Revision 3 is lucky!

[mcbutterbuns (1005301)]

I can't prove it but I heard that The Planet was hosting an open tracker. We all heard what happened to them... http://tech.slashdot.org/article.pl?sid=08/06/01/1715247 [slashdot.org]

Explain?

[QuietLagoon (813062)]

Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3...

Try to explain? The bottom line is MediaDefender attacked another commercial entity.

If someone throws a stink bomb through a brick & mortar storefront window, forcing the store to close, do you think the police would allow the offender to get off with saying, "oops"?

Inexcusable

[Joebert (946227)]

Computer systems should be treated as pets, if they attack someone they should be put to sleep.

Full mp3s on their website

[ibaun (1300043)]

After browsing their site, I found this open dir: http://www.mediadefender.com/marketing/ [mediadefender.com] . How is spreading an mp3 of Kanye West or Timbaland legal? Should they now DoS their own webserver?

Re:Full mp3s on their website

[ionix5891 (1228718)]

just in case they remove this folder (and any evidence)

heres a listing of files
http://www.mediadefender.com/marketing/HBO_Watcher.avi [mediadefender.com]
http://www.mediadefender.com/marketing/HumanWeapon_Karate_SneakPeak.mov [mediadefender.com]
http://www.mediadefender.com/marketing/JAY-Z_LIMEWIRE.wmv [mediadefender.com]
http://www.mediadefender.com/marketing/Kanye_West-Graduation-Stronger.zip [mediadefender.com]
http://www.mediadefender.com/marketing/MP3_Music_Sponsorship_Presentation.ppt [mediadefender.com]
http://www.mediadefender.com/marketing/MediaDefenderP2PDemo.exe [mediadefender.com]
http://www.mediadefender.com/marketing/MediaDefender_one-sheet.pdf [mediadefender.com]
http://www.mediadefender.com/marketing/MediaDefender_presentation-8_15_07.ppt [mediadefender.com]
http://www.mediadefender.com/marketing/Sample_p2p_MarketingReport.ppt [mediadefender.com]
http://www.mediadefender.com/marketing/Sprint%20-%20Parking%20-%20H264.mov [mediadefender.com]
http://www.mediadefender.com/marketing/Timbaland-The_Way_I_Are.zip [mediadefender.com]
http://www.mediadefender.com/marketing/jayz_coca_cola.wmv [mediadefender.com]
http://www.mediadefender.com/marketing/lebron_yall.wmv [mediadefender.com]
http://www.mediadefender.com/marketing/sampleReport.ppt [mediadefender.com]

heres a screenshot of the folder
http://b.imagehost.org/0325/Image2.jpg [imagehost.org]

and here is a mirror of the folder contents
http://ifile.it/_rcytws3/mediadefender [ifile.it]

Re:Uh

[by Anonymous Coward]

Both government facilities and hospitals both rely on BT for a number of things. The government's idea of a database file is many gigabytes in size. Moving those around is MUCH cheaper and easyer with BT. Hospitals that are affiliated with universities usually do some sort of medical research on-site and also send/receive data to the campus. BT is used a lot with sending around things like DNA maps and decoded genomes; that sort of thing.

BitTorrent is a legitimate method of distributing data, no matter what kind of data. It just happens to be a great way to send your entire mp3 collection to 12 friends in very little time and that's why people associate it with piracy and the like.

Re:Uh

[jzu (74789)]

Someone, someday, will find a legitimate use for a torrent tracker in an hospital. But simply imagine an illegal tracker run by a rogue employee. MediaDefender uses it for its tactics. The sysadmin notices the tracker, and shuts it down. MediaDefender's Stalin organ goes amok and shuts down the entire hospital network.

Because of a BT tracker. Yeah, right.

In Revision3's case, there might have been illegal file sharing occuring - thats only a civil case if memory serves - and certainly MediaDefender's attack was criminal. In the hospital's case, MediaDefender would risk becoming downright murderers.

Re:Mail Servers

[tomhudson (43916)]

MediaDefender:
sales@mediadefender.com
info@mediadefender.com
jobs@mediadefender.com
president: try herrera@mediadefender.com, oh@mediadefender.com,
ceo: try randy@mediadefender.com (personal), saaf@mediadefender.com or rsaaf@mediadefender.com
controller: try: rr@mediadefender.com, rousselet@mediadefender.com

parent company: artistdirect (stock ticker: ARTD)
Investor relations: ir@artistdirect.com
Chairman: diamond@artistdirect.com
CEO: try villard@artistdirect.com, dv@artistdirect.com

Auditors: Gumbiner, Savett, Finkel, Fingleson & Rose, Inc
rgreene@gscpa.com (Ronald Greene) http://marketcenter.findlaw.com/scripts/display_profile.pl?id=173844 [findlaw.com]

Executive Vice President Ronald Greene is in his thirtieth year of providing litigation support services
...
Mr. Greene has sub-specialities in the food, wine and music industries.

Have fun.