RIAA Website Hacked

gattaca writes "A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday. The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things. The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports."

Well

[Chas]

Normally I don't advocate cracking someone's site. It's childish and petty. Kinda like the RIAA itself.

But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it.

This probably makes me a bad, biased person.

C'est la vie!

Re:

[notmyusualnickname]

Same here. *Rubs hands and indulges in a meglomaniacal chuckle*

Re:Well

[morgan_greywolf]

But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it.

Four words: They had it coming.

You can't really going around acting like an ass and then expect to be treated with respect by anyone, especially if your site is riddled with basic security problems like SQL injection. Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone, their 80-year-old grandmothers and their 6-year old children into oblivion.

Well-It's all relative.

[Anonymous Coward]

"Four words: They had it coming."

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming". What's that? Society says it's not OK? So's copyright infringement and that's not stopping anyone. Why should this be any different?

Re:

[morgan_greywolf]

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies? After all "they had it coming"

That's why we call it 'the scales of justice'. The difference is is that would be unequal justice.

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Re:Well-It's all relative.

[sponglish]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Yeah, well... You're not from Chicago.

They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. That's the Chicago way... Now do you want to do that? Are you ready to do that? I'm offering you a deal. Do you want this deal?

Re:

[CastrTroy]

Well, the punishment always has to be worse than what someone did, otherwise they may just keep on doing it. If someone steals $500, you can't just fine them $500. Because then they would just run around stealing $500 from everybody, and keeping the profit from those which they weren't caught from. No, you make the punishment $10,000 fine, or a month in jail (where they can't work so they lose money) so that it's too much risk for most people to do it

Re:

[DavidShor]

"In a perfect world, you also need to factor in the costs of the police to track down and arrest the person, the prosecutor to convict the person and the prison to hold the person in the case they don't pay their fine. Complete justice would involve the cost to society being 0, not the criminal'

Not really, those things need to be funded anyway in order to make the threat credible. The lawyers and prosecutors would be paid anyway, though I suppose you could factor in danger pay.

"Over-fining is much bette

Re:

[ozbird]

They pull a knife, you pull a gun.

That's not a knife; this [vagabondish.com] is a knife.

Re:Well-It's all relative.

[hoggoth]

> If someone pulls a knife on you, do you pull out your grenade launcher?

Ummm... yes.

If someone escalates to lethal force with me, I will respond with lethal force and it will be very important to *win*. Therefore, yes, I will respond to a knife with a grenade launcher.

Hell, I say nuke them from orbit.

Re:Well-It's all relative.

[derfy]

Hell, I say nuke them from orbit.

It's the only way to be sure.

Nuke them from orbit.

[Chas]

Actually, the only way to be "sure" is to nuke them in person.

Otherwise there's always the real possibility that they were able to take cover.

Re:

[budgenator]

We vote to give you the privilege of pushing the button up close and personal and as a reward, when you get to the promised land, you can download 72 songs from Itunes free of charge.

Re:Nuke them from orbit.

[orgelspieler]

when you get to the promised land, you can download 72 songs from Itunes free of charge.

Yeah, but they can only be from the Virgin label.

Re:

[PitaBred]

That treaty hasn't stopped us here in the grand US of A from researching the things [popsci.com].

Re:

[smittyoneeach]

Right on. The hint that the US is capable of doing something is as important as the doing itself, and possibly a better deterrent.

Re:

[soarkalm]

If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?

Once the knife comes out, you basically have to assume life and death. In this case, you make your opponent take up the unwise position of bringing a knife to a gunfight.

Re:Well-It's all relative.

[Captain Splendid]

If someone pulls a knife on you, do you pull out your grenade launcher?

Sounds like the annual Cheney family reunion to me.

Re:

[Firethorn]

Cheney's a classic case of the wrong load for the job, or why birdshot in a self defense case is stupid.

Somebody pulls a knife on me, I'm pulling a gun, and not because I generally don't carry a knife.

Note to all Muggers, Burglars, Robbers out there: Birdshot is a GREAT round for your needs! Pick the highest gauge possible - #20 is much better than #12.

Re:Well-It's all relative.

[Mercano]

If someone pulls a knife on you, do you pull out your grenade launcher?

No, that's just not a good idea. I mean, if someone is coming at you with a knife, he's probably at very close range, so if you tried using a grenade launcher, you'd probably taking yourself out with him. (The range for splash damage is probably understated in most video games.) A shotgun or a submachinegun would be a far better choice.

Re:

[budgenator]

the kill radius is 5M for a 50% probability of kill with 40mm grenades, but that doesn't mean that getting hit by shrapnel when your 50M away is impossible or wouldn't hurt like hell if it didn't kill you outright.

Re:

[CompMD]

"If someone punches you in the face, do you beat them to death with a crowbar? No, you punch them back. If someone pulls a knife on you, do you pull out your grenade launcher?"

You've obviously never seen the cinematic masterpiece that is "Deathwish 3."

Re:

[MobileTatsu-NJG]

"Four words: They had it coming."

Well if we're going to use that excuse then why stop at web site defacement? Why not put out a contract on the heads of the music companies?

Because... ruining people's lives with lawsuits isn't equivalent to murder?

Murder by Fractions

[Dr_Barnowl]

Given that socio-economic status has a strong correlation to both absolute and "healthy" life expectancy, each successful "life-ruining" lawsuit which results in a corresponding drop in socio-economic status could be interpreted as being some fraction of a murder.

I'm sure they have accumulated enough fractions by now to cover the members of the board, and maybe a few tiers of upper management too. Since they are the most compensated, they must be the most responsible, right?

NB. Tongue is firmly in cheek.

Re:

[hobo sapiens]

Even if the RIAA weren't about what they are about, they'd still deserve it. Let's say the RIAA was all about giving out fluffy bunnies to children with Leukemia. If they chose to put a site on the hostile environment that are "teh intarwebs" which contained SQL injection vulnerabilities, they had it coming. Seriously. An SQL injection has to be the most well documented and easiest to use vulnerability of all time. It is also one of the easiest to fix, and if a site is vulnerable that raises *serious*

Re:

[luna69]

> Next time, hire a Web developer who isn't a stupid fscktard before gallivanting around, suing everyone,

That assumes they could actually FIND one to work for them...

Re:

[Z00L00K]

Just blanking a site doesn't say much - it can be anything from the last M$ update to a hardware failure.

And if you are going to hack a site, why not keep the site but insert and modify the pages just slightly so that the meaning of some statements will be slightly off the target. Harder to do, harder to spot but a lot mor fun for the world to figure out.

Even better if no backups exists for the site... Or if it isn't spotted until the backups are recycled!

Why wipe it?

[Loibisch]

It would have been so much better to make it a temporary mirror for thepiratebay.org :D

Wonder if they would have started a lawsuit against themselves...

Re:Why wipe it?

[webmaster404]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself. Or how about a plea to stop DRM by saying "it is not working" or at least informing people about the evils of DRM. The possibilities are endless, just blanking a page.... how unprofessional, it did no good to the world the way then the way it could have been done.

Re:Why wipe it?

[Speare]

If one of your neighbors is disappointed in your lawn care or your dog's poops, there are positive ways of stating the disagreement, and there are negative ways. Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary. Likewise, defacing the website with a thoughtful "open letter" isn't likely to actually communicate anything.

Re:Why wipe it?

[techpawn]

But, could that open letter be used as evidence? It came from their website then if they try to use "well, anyone can make things on the internet look that way! Just because the IP address and website are ours it doesn't mean it's our data!" couldn't we counter argue that with their IP sniffing and screen shots or whatever?

I know it would never work. The judge would ph34r t3h ev1l h4xx0rz! But, if fun to dream isn't it?

Re:

[CaptDeuce]

Certainly, if they spraypainted their message in 2ft high letters on the exterior of your house, you'd be understandably less interested in the actual message than in cleaning the graffiti and contacting the constabulary.

Y'all ain't ever lived in a trailer park, have ya?

Re:

[PitaBred]

Yeah, well, if my neighbor's dog shits on my lawn, I just toss it back on his lawn. I don't think that's an inappropriate response, do you?

Seems about like what's been happening here, once you think about it...

Re:Why wipe it?

[Machtyn]

My question is how often does the average consumer really visit a website like mpaa.org, riaa.org, or any other corporate entity presence? For me, it is less than 0.005 (or less than a 1/2%). I think the last time I visited riaa.org was a couple years ago when /. mentioned the site had been hacked. I've never visited a General Motors website, the company that makes my favorite breakfast cereal or laundry detergent. I've just never had the desire.

I suspect that the average person visits their favorite news site, gaming portal (like games.yahoo.com or legitgames.com or whatever), fark/digg/slashdot, and blogs of the different varieties. My wife will occasionally do searches for recipes, information on baby stuff, etc. We'll hit newegg.com, amazon.com, or other storefronts.

Am I wrong in my thinking that the average person would visit a site like mpaa.org, riaa.org, or other industry specific org sites? We all use tires to drive on, have you ever visited the site for Michelen or Dunlap tires? Do they have a trade org site that issues news, warnings, and user information regarding recalls/defects of certain tires? If so, I've never even considered searching it out.

My point is that very few people would see it to make it worth putting information touting your propaganda. However, if it was outrageous enough, perhaps it would make news and people might visit (by which time it would be too late, as the site would be fixed).

You bring to mind an interesting point

[Weaselmancer]

Nah, how about a bunch of press releases saying that "the RIAA was wrong to sue music fans for sharing songs therefore we are dropping all the charges" and then seeing if the judge would say that if it was a cracked site or the RIAA itself.

The linchpin of the RIAA's lawsuit factory rests on the supposition that an IP address is exactly identical to a person. What the IP address does is legally identical to a person doing it. That's their argument.

So, if their website were to be hacked, wouldn't that exact same rule apply to whatever content was there? Their IP address is legally the same as the person/corporation/entity who owns it, right? That IS their argument, after all.

So why not use that against them in a legal sense?

It would be brilliant. The RIAA lawyers when they were brought into court for whatever happened to be uploaded there would have to make the argument that an IP address DOES NOT equate to the owner of the IP address in order to defend themselves.

They'd have to make our argument for us, and in front of a judge.

You couldn't ask for a better precedent.

Re:

[Rich0]

How about posting a song written by an independant artist who could then sue the RIAA for copyright infringement and facilitation of copying by virtue of running insecure software on their website?

Re:

[__aahmnf219]

I think we get enough of New York Country Lawyer's imbecilic legal theories as is. There's no need for him to be squeezing in "precedent from postings on defaced website" between "innocence by reason of single motherhood" and "innocence by reason of cerebral palsy". Why the hate there, Otter? You an RIAA member or stockholder, or just a grumpy old sod?

Re:

[Jtheletter]

I think we get enough of New York Country Lawyer's imbecilic legal theories as is

I think we'll all be waiting for you to post the court transcripts where these theories were presented during cases. Oh wait, there's a difference between forum posts seeking to encourage discussion and actual legal theories. Are you also implying that the RIAA has never stretched the truth or used irrelevant info to try and make their case sound stronger? Because that too is a load of crap.

Re:

[greginnj]

They did, actually. I was tracking some of the fun while it was live; the extent of the vulnerability was allowing access to the news archive -- so setting up a full mirror wasn't (yet) possible. After the real archive was deleted, though, somebody figured out enough field names to submit a link titled "get free warez here" or somesuch, and it linked to TPB.

I wouldn't have wiped...

[blake1]

instead I would have used my cunning to download the latest Britney album to their server in DRM-free MP3 format. And then promptly reported them to themselves.

Re:

[calebt3]

Britney album

Post something that people want, for crying out loud!

Re:

[blake1]

Never! This would definitely be a double-blow.

It would've been funnier

[SirLurksAlot]

if they made innocuous little changes here and there, such as changing the words "do not support file-sharing" to "fully support file-sharing." It probably would've the RIAA much longer to realize they've been had, and I'm sure they would've gotten some interesting calls and e-mails :-D

Re:

[dattaway]

Unfortunately, very few visit the RIAA site and would have caught it. The only way to get visitors is to let everyone know its hacked.

Re:It would've been funnier

[webmaster404]

No the RIAA gets LOTS of visitors... they are just part of a DDOS though.

Re:

[peragrin]

exactly why completely destroy a website when slow gradual changes are so much more fun.

they probably could have gotten away with it longer too.

ZOMG!!!

[Kranfer]

ZOMG!!!!11111oneone!!1! The RIAA got hax0rzed. Well I guess they had it coming to them. While I understand their cause, I do not understand their tactics, their methods, or how they say they fight for the artists. I must say good job to the people who found the SQL injection flaw. May their programmers be whipped and stoned... well... I guess they would just throw lawsuits and blank CD's at their programmers and accuse them of stealing MP3's. Oh well. still great news.

RIAA will use this

[BadHaggis]

to justify further restrictions on P2P software. I'm sure they will be able to twist this attack into some type of political message to show that the P2P community is just a bunch of cracking criminals which need to be stopped.

While I hold little sympathy for RIAA in this matter, I would rather people found different and legal ways to thwart the RIAA's mission.

Re:RIAA will use this

[webmaster404]

We have found legal ways. Its called not buying albums or buying into DRM. However, the RIAA thinks that it is always P2P networks that are to blame for every loss that they suffer. So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music. The RIAA has no logic, they are used to being a monopoly. Even when we win we lose.

Re:RIAA will use this

[chortick]

From a recent Economist article http://www.economist.com/business/displaystory.cfm?story_id=10498664 [economist.com]:

"IN 2006 EMI, the world's fourth-biggest recorded-music company, invited some teenagers into its headquarters in London to talk to its top managers about their listening habits. At the end of the session the EMI bosses thanked them for their comments and told them to help themselves to a big pile of CDs sitting on a table. But none of the teens took any of the CDs, even though they were free. "That was the moment we realised the game was completely up," says a person who was there."

Re:

[east coast]

So if the RIAA loses sales, its not because more people are buying indie band CDs or downloading non-RIAA songs, its because of those pirates never ever because most of the music is more noise then music.

Ok, so you go find a truely indy band and compare the number of hits you get for them versus the number of hits you get for, say, Pink Floyd on eMule. You'll find that at least a good portion of the RIAAs suspicions are well founded. If it were really a matter of so many people turning to P2P to get non-

Re:

[east coast]

The RIAA itself does not manufacture or distribute any of these recordings. The RIAA is an advocacy group. The do not control the product, they do not decide what does and does not get published. Even on their sponsor labels they have no control of what gets produced. How can you be a monopoly if you don't control anything?

If Sony wanted to put out an album of a homeless guy banging on an empty garbage can and screaming obscenities there's is nothing the RIAA can do to stop it. (See Yoko Ono for reference)

You would think that

[rolfc]

they were using copyprotection on their site.

Re:

[Pingmaster]

And we ALL know how effective their copy protection schemes are...

Re:

[fahrbot-bot]

Ironically, their material is copyrighted and stored in a public folder. Their intent to share and distribute is clear. Removing the material is the only way to prevent theft...

Or is it?

[mach1980]

Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

RIAA may now turn their media machine to connect evil hackers with the pirate bay and try to put them in the same corner as child molesters and nazis.

Re:

[ScentCone]

Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

OK, I won't rule that out. Also, you should not rule out that all of the people who are ripping off movies are possibly - on purpose - doing it in a very easy-to-track way so that they'll get caught appearing to be too cheap to use netflix even though all they're really trying to do is get a day in court to show that information, especially the kind that stars their favorite actors, wants to be free, to them personally, l

What should have been hosted

[IndustrialComplex]

If you are going to break into a website, then you need some sort of plan for when/if you succeed.

How about a statement like this:

"The protections applied to this website were more robust than the Digital Rights Management that is applied to CDs DVDs and other forms of digital media. Yet even that didn't stop a determined individual. If this website were a CD, it would be leaked all over the internet, and once cracked, DRM simply becomes an impediment to the legitimate users."

At least they could have tried to make it relevant. However, it is quite possible that they didn't have all that much time or total access to the site. (though if you can erase something, I'm pretty sure that is as close to total access as you need) I'm not too familiar with databases and websites so I don't know how far they could go with it.

Re:

[PitaBred]

I dunno... I've seen moronically configured FTP sites that will allow erase, but not write or create. Could be the case here... I wouldn't put much past them.

This gives reddit a bad name

[maynard]

I like the site a bunch, so I say this with a twinge of reluctance. And I certainly don't like the RIAA. But that kind of behavior is plain criminal. Doesn't matter who owns the computer, it is private property and deserves respect as such.

Re:

[webmaster404]

Reddit only reported it, much as how Slashdot would have reported it. No where in the story does it say that Reddit hacked it, no more so then if FOX or CNN reports a murder did they murder that person.

Re:This gives reddit a bad name

[maynard]

But the community joined in on the hack with gusto [reddit.com]. The comments [reddit.com] are worth a read too.

Re:This gives reddit a bad name

[Pulzar]

Reddit only reported it, much as how Slashdot would have reported it. No where in the story does it say that Reddit hacked it, no more so then if FOX or CNN reports a murder did they murder that person.

How's that the same? Reddit didn't report that the site was hacked, they reported that it can be hacked and how, and then somebody hacked it.

Re:This gives reddit a bad name

[neoform]

If I post a bug report on a vulnerability in some piece of software, am I doing something wrong?

It is not my obligation to report it to the people who made the vulnerable software.

Your mentality is that of the DMCA.

Re:

[maynard]

> If I post a bug report on a vulnerability in some piece of software, am I doing something wrong?

How about if you use that bug by submitting a link to the exploit, and in the submission title promote the use of that hack? How about if then a large segment of that community joins in? And by that action they collectively takes down a privately owned server and cause damages? Who is responsible then? Nobody?

Re:

[RHSC]

No matter how many times the RIAA repeats its mantra, making any form of information available is not a crime

Re:

[Anonymous Coward]

C'mon man - it's not like they hacked in to COPY the site, god dammit.

Re:

[wroshyyr]

I've seen a few of these "please don't hack the riaa site" posts. If a similar flaw would be found with the pirate bay's website I'm sure these same "hackers" would also go out and exploit it. Boys will be boys.

Re:This gives reddit a bad name

[Rahga]

Can you co-opt the police and feds to conduct raids of private property on your behalf? No? The RIAA can and regularly does, confiscating anything that could conceivably be used to produce and distribute music, including vehicles and computers. It doesn't even matter if an organization, such as authorized mixtape producers, are acting within the law... their property is confiscated first and questions are asked later, usually past the point where a business can survive.

The RIAA are among the least of those who deserve to have their property rights defended.

Maybe the RIAA's New Plan Caused It

[briggsb]

Maybe it was people protesting the RIAA's plan to put RFID chips on CDs [bbspot.com] to combat piracy that caused the attack.

Pics or GTFO

[sayfawa]

Anybody got a screen capture?

Torrentfreak has the screenshots.

[Spy der Mann]

http://torrentfreak.com/riaa-website-hacked-080120/ [torrentfreak.com]

From the screenshots:

Who we are.
It appears that the article you requested has been temporarily removed.

Press releases and Statements
ThePirateBay.org - Get free music and movies!

Error
The page at http://riaa.com/ [riaa.com] says:
RIAA sucks ... XSS ftw?

If you want my opinion, it was an inside job. The RIAA got so jealous over they content that they decided to delete it than share it :P

Re:

[Is0m0rph]

http://img301.imageshack.us/img301/724/riaaaask8.jpg [imageshack.us]

Re:

[nizo]

Soon after hackers were making merry, turning the site into a blank slate....

Here is the screen capture:

wow

[kellyb9]

So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

Re:wow

[Osurak]

So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

Ninjas.

Obligatory Nelson quote

[ndtechnologies]

"HA HA!"

Slashdotting

[megazork]

The OP should have posted a link to RIAA.org so that it could have been slashdotted. =)

Re:

[mmalove]

...

Wait, can't we just do that anyways?

If everyone on slashdot accessed RIAA.org at the same time every morning, we could just permajam their website. DOS, but kinda legal, since you can't sue an individual for loading your website once a day.

Sigh - then again, the formula "if everyone did X" results in a lot of miracles that will never actually happen.

Re:

[shark72]

"If everyone on slashdot accessed RIAA.org at the same time every morning, we could just permajam their website. DOS, but kinda legal, since you can't sue an individual for loading your website once a day."

Some people had that idea about six or eight years ago, IIRC. I think the first few DDOSes worked, but then the RIAA put the necessary stuff in place to help prevent it. If the RIAA site could be DDOSed, the script kiddies would be doing it 24/7.

I won't argue with you whether DDOSing the RIAA is a g

You're doing it wrong...

[Xenographic]

No, the OP should NOT have posted a link to RIAA.org [riaa.org], that could cause it to be Slashdotted. :]

Sigh.... missed opportunity

[Maxo-Texas]

First... I agree that shutting someone else up is not a great way to have a conversation...

But if you are going to do something like this, then have a little panache.

For example, you could upload a few Mp3's with links to download them from the site.

Or upload some key quotes "Copyright should be good for forever less one day".

Or upload Jefferson's statements on copyright.

ah well...

This is not good

[Anonymous Coward]

Attacking their website will only aid them in public opinion. This gives credit to their argument that people who oppose them are criminals.

Oops...

[Hanners1979]

Looks like someone was using the RIAA web server's CD-ROM drive to listen to their Sony album collection again...

Wasted Opportunity

[hyades1]

Others have noted that a splendid opportunity to do something really insidious to the RIAA site was wasted. It's worse than that. Even a brain-damaged idiot has enough sense to hire somebody to make the site 'way more difficult to hack next time.

So when somebody finds the next vulnerability, allow me to suggest that before they act, they view "The Yes Men vs The WTA". It's funny, it's subversive in the best sense of the word, and it shows what you can accomplish with a little imagination.

When you've

Ya kno' I don't care about 'em anymo'

[crovira]

The RIAA can sue its own ass off. I only support any company which isn't on their client list.

The only way to get them to listen is by NOT listening.

Mullah Omar was right but for all the wrong reasons.

Possible Trojan Injection?

[Jtheletter]

A lot of the posts on this news seem to focus on what could have been done instead of just blanking the site, but do we have any evidence that the wipe was the only thing that occurred? If the person/people who did this really wanted to hurt the RIAA then this would be a good way to get some trojans onto RIAA computers. To be really sneaky they might have even done some research on which IP blocks are most likely assigned to RIAA and member networks and only infect computers coming from those blocks, thus sparing most innocent visitors. Then you've got a direct line into RIAA operations and much more valuable data than whatever is on their web servers. Not that I'm advocating this, merely postulating that there could be more at work than a simple website wipe.

Archive.org

[RAMMS+EIN]

Fortunately for the RIAA, the old content of the site has been archived by the Internet Archive.

Although that poses a rather uncomfortable dilemma for the RIAA: should they thank archive.org for saving their content...or sue them for copyright infringement?

Re:Let me be the first to cry

[gnick]

No, this falls far short of justice. Justice would have been posting a bunch of copywritten songs and announcing to the world where to find them. Even better:
* Record an original piece
* Post it
* Sue the RIAA for hosting it

Just blanking a site is lazy.

Re:Let me be the first to cry

[phillymjs]

Just blanking a site is lazy.
--
This space intentionally left blank.

Irony, thy name is gnick.

Re:Let me be the first to cry

[smittyoneeach]

Irongnick?

Re:

[webmaster404]

Or at least post press reports of dropping the charges to people who download. Then see if the judge ruled that it was hacked or if it was legitimate. Then we can use the RIAA's tactics in court to sue them.

Re:Let me be the first to cry

[ps236]

This sounds like the best idea for what should have been done. (Except with a few hundred pieces, not just one, as the penalties are based on the number of items available for download AIUI, whether or not anyone actually downloaded them).

If they then used the 'But we were hacked, it wasn't our fault' defense, and win because of it, that would then be easier to use as a defense by anyone else whose website/PC was used for distributing copyrighted materials. The RIAA could not then say 'you should have taken reasonable care to secure it'.

If they lose, then all their fines could go to the funds to defend innocent people against them.

Re:

[MacWiz]

Their web guy wanted to make a backup, but when he produced a spindle of CD-Rs, someone yelled, "Pirate! He's stealing our stuff!" He was lucky to make it out of there alive, but they did jam two subpoenas up his ass before they threw him out the door.

Re:Let me be the first to cry

[LordEd]

So you're saying that wrecking a database on an informational website that could likely be replaced from backup in less than an hour is the equivalent to the RIAA's normal business practices?

Well there you go Slashdot, we're even now. No complaining about the RIAA until they do something new.

Re:Let me be the first to cry

[smittyoneeach]

If they just restore the site from backup, without patching the SQL injection vulnerability, then the RIAA is RIAAlly st00p3d.
Now, parking a whole bunch of Scientology materials on their server would be quite funny.

Re:Let me be the first to cry

[SoulRider]

I heard the scientology site got hacked this weekend and so did the RIAA website. Someone...PLEASE!...someone do it again only this time post negaive scientology propoganda on the the RIAA website and RIAA properties on the scientology website. They would have to sue each other, and considering the tactics both sides like to use the resulting trial could take 100 years or more.

Re:

[ScentCone]

Goooooooooooooooooooooooooo!! Hackers!!!!!!!!

Yeah, man! Now everyone, including legislators, will definitely see that the people who want free music and movies aren't punk-ass vandals! This will definitely result in a thoughtful reconsideration of copyright law in congress, and will certainly make musicians and filmakers want to give more stuff away. Goooo hackers.

Re:

[emurphy42]

Fixed link [googlepages.com]

Re:

[shark72]

Being an early adopter is a pain, isn't it? I have plenty of six-year-old gear of my own that was cutting edge in its time, but is worthless now. As for your Nomad, MP3 players have come really far in the past six years and I think you'll be impressed with the latest models.

From a practical standpoint, you don't need to worry about the legal implications of stripping the DRM from the audio files you've purchased, if you're doing it purely for personal use. So many people try to reinterpret "putting the fi