Internal Emails of An RIAA Attack Dog Leaked

qubezz writes "The company MediaDefender works with the RIAA and MPAA against piracy, setting up fake torrents and trackers and disrupting p2p traffic. Previously, the TorrentFreak site accused them of setting up a fake internet video download site designed to catch and bust users. MediaDefender denied the entrapment charges. Now 700MB of MediaDefender's internal emails from the last 6 months have been leaked onto BitTorrent trackers. The emails detail their entire plan, including how they intended to distance themselves from the fake company they set up and future strategies. Other pieces of company information were included in the emails such as logins and passwords, wage negotiations, and numerous other aspect of their internal business."

Torrent or it didn't happen

[Anonymous Coward]

http://thepiratebay.org/search/mediadefender [thepiratebay.org]

http://torrents.thepiratebay.org/3806944/MediaDefender.Mail.200612.200709-MDD.3806944.TPB.torrent [thepiratebay.org]

enjoy !

Re:Distance?

[Atlantis-Rising]

You can't be entrapped in civil court. Entrapment is a statutory creation of criminal law. (Sorrells v. United States, although later supreme court precedent leads us to believe that rather than the statutory creation theory, they are moving more towards dealing with entrapment in a supervisory sense.)

Re:Distance?

[ctishman]

Regular people (like you or me or, in the court's eyes, the RIAA) can't commit entrapment. It's a police-only crime.

Torrent Download

[the angrybaby]

http://thepiratebay.org/tor/3806944/MediaDefender.Mail.200612.200709-MDD/ [thepiratebay.org] GO! GO! GO!

Re:Hahahaha, no.

[spikestabber]

Their SSN's, home addresses, birthdates, wages and all are included in a spreadsheet attachment. They're screwed.

Unclean Hands

[bmo]

It was only a matter of time. Heh. Not a honeypot, eh? Rrrrriiight.

I just had to dig up an old post of mine that needed reposting...

Msg: 35175 of 43019 7/9/2007 4:27:06 AM Recs: 32 Sentiment: Not Disclosed
By: Boyle M. Owl Send PM Profile Ignore Add To Favorites
Legal Crows Come Home To Roost. Media Defender Says "We Didn't Mean It"

Media Defender backtracks on 'entrapment site'

It was all a terrible mistake

By Nick Farrell: Monday 09 July 2007, 07:14

THE MOVIE industry's private dick division has denied that it set up a P2P site designed to catch people pirating.

Media Defender admitted that it set up a site, called MiiVi, which looked exactly like a P2P site but claimed it was never meant to go live and was not designed to entrap pirates.

According to Ars Technica, Media Defender claimed the story has been blown far out of proportion and was started by sites like The Pirate Bay and TorrentFreak. MediaDefender's Randy Saaf told Ars Technica the story was "completely made up".

Well, not completely made up. He said Media Defender was working on an internal project that involved video and didn't realise that people would be trying to go to it and being a security company it didn't password-protect the site.

Saaf said that it was not an entrapment site, and Media Defender was not working with the MPAA on it. He claimed that the MPAA didn't even know about it.

However Ars asked theme why MediaDefender immediately removed all contact information from the whois registry for the domain if the site was so innocent. Saaf said that it was afraid of a hacker attack or people sending it spam.

It is not clear what Saaf was planning to do with all the details of would-be P2P users who might have logged into the site while it was accidently online or if anything was collected.

-------

Not an entrapment site? Walks like a duck...

Yeah, uh, Media Defender (nee Sentry) is in a heap of trouble because it gives the MPAA two things:

An unclean left hand and an unclean right hand. Media Defender's software installed a secret scanner that uploaded data on any "copyrighted files" to MPAA goons that may have resided on the computers of the dupes who went there.

You can't be breaking into people's computers and violating things like RIGL 11-52-3 by installing nefarious software. Many states have similar laws, and some states have laws specifically against spyware. "Evidence" gathered with unclean hands (this is an actual legal term and concept) angers judges to no end. Any "evidence" by the MPAA shown to be gathered by Media Defender now is under a very dark cloud.

That's why Media Defender is in deep shit. They committed felonies _and_ screwed their client. Thus all the "we didn't know people would actually _go_ to our honeypot"

Whoops.

--
BMO

-------

Fast forward to today...

http://thepiratebay.org/tor/3806944/MediaDefender.Mail.200612.200709-MDD/ [thepiratebay.org]

And now it's proven that they really _did_ set it up as a honeypot. This weekend has turned out pretty good so far.

Hats off to the leaker. Now the _feds_ might have something to go after MediaDefender and the MPAA with. Oh, what delicious irony, with cream and sugar.

--
BMO

Torrent Comments

[Dubpal]

Comments from the torrent for the leaked emails make for an interesting read also:

MediaDefender-Defenders proudly presents 9 months worth of internal MediaDefender emails

By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services.

A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account, and using the really highly secure password: blahbob

So here it is, we hope this is enough to create a viable defense to the tactics used by these companies, also there should be enough fuel to keep the p2p bloggers busy for quite some time.

Re:Distance?

[Em Adespoton]

entrapment involves the use of a technique that ends up in a crime being committed that under normal conditions would not have happened. would the crime have been committed without mediadefender setting up a trap? in all probabiliy it would. It would just happen elsewhere. it isn't strictly entrapment but it sure is evil.

If they hadn't set up the website, this specific "crime" COULDN'T have happened.

Think about what you said, with respect to, for example, VICE squads:

"Would Joe have been busted for possession of marijuana if the cop didn't sell it to him? In all probability he would have; it would just have happened elsewhere."

This is incorrect. It would NOT have happened; he MIGHT have been busted for possession of OTHER marijuana sold by someone else. On the other hand, he might not.

All of this is moot anyway, as you can't be entrapped in civil court. If they passed federal charges (under the DMCA), then an entrapment suit might possibly be in order if those entrapping were operating "above the law". Otherwise, either THEY were committing a crime by distributing the content, or those downloading weren't committing a crime as they would have been given legal permission to download the data. The worst thing they could be asked to do if those distributing the data didn't have permission to do so would be to remove their copy from their computer by the court. Of course, in most sane countries, possession of copywritten data isn't a crime, infringement, or anything similar; only distribution is. All you can be sued for is breach of contract in civil court (assuming there was some sort of contract).

Re:I wonder who did it

[CharonX]

According to the .nfo one of their employees had the presence of mind to forward all e-mail to their Gmail account. I guess all that e-mail protection stuff got in the way or something.
And the password of said account was *drumroll* blahbob.

Re:They seemed to appreciate utorrent

[Rufus211]

First google result for bittorrent interdiction [google.com] is a resume [linkedin.com] from a former MediaSentry (a competitor of MediaDefender) director. The juicy bit (in case it goes away):

Director of Interdiction Development
MediaSentry Div of SafeNet
(Public Company; 501-1000 employees; SFNT; Computer & Network Security industry)
September 2004 -- November 2005 (1 year 3 months)
Lead team of software developers and systems engineers developing interdiction solutions for P2P networks.
Designed and deployed new Linux based 300+ host distributed infrastructure for p2p decoy distribution with automated command, control and monitoring. Designed and deployed network of filtered eDonkey servers. Managed roll out of new BitTorrent interdiction infrastructure. Implemented multiple p2p file trading clients on hosts utilizing VMware.

It seems like it's basically a distributed network of clients that feed garbage data, trying to slow down everyone's downloading. Sadly for them it seems that uTorrent defeated [utorrent.com] their work:

After more in-depth analysis...we've determined that the new version DOES affect our interdiction in a negative way. They've added a new "bt.ban_ratio" field that takes into consideration how many good pieces a client has uploaded.
[....]
We still see a lot of hash_check fails...but now the only peers getting banned are ours. This also affects MediaSentry's interdicted torrents. They are no longer effective on the newest version either.

Re:They seemed to appreciate utorrent

[Aim Here]

Not the whole story. They must have made it work again, because this one is dated September 7th, later than the email you quote:

Subject: RE: utorrent
From: Daniel Lee
To: Randy Saaf , qa ,
                torrents
Cc: Ty Heath , Jay Mairs

Yep, we checked yesterday and interdiction still works on the latest
version.

Re:Distance?

[Kjella]

In additional to only applying to agents of law enforcement or those acting as such, entrapment also only applies to making you commit a crime that you wouldn't otherwise make. So unless either the old or the new company did that, it wouldn't be entrapment. And if there was entrapment, it wouldn't have anything to do with their secret change.

Interdiction

[E IS mC(Square)]

From ARSTechnica article in the "News" section of Mediadefender.com - http://www.mediadefender.com/news/20070318_ARSTechnica.pdf [mediadefender.com])

Four main methods

Decoying. This, in a nutshell, is the serving of fake files that are generally empty or contain a trailer. The goal is to make legitimate content a needle in a haystack, so MediaDefender works hard to ensure that its copies of files show up in the top ten spots when certain keywords are searched for. Everything about the file is tailored to look like the work of pirates, from the file size (movies are often compressed enough to fit on a CD) to the naming conventions to the pirate scene tag. With massive bandwidth and plenty of servers, the company has little trouble in getting these decoy files to appear at the top of search results, but decoying has a down side: the bandwidth. Because MediaDefender actually serves these large but bogus files, it incurs a significant bandwidth bill by using this technique.

Spoofing. Spoofing sends searchers down dead ends. MediaDefender coders have written their own software that interacts with the various P2P protocols and sends bogus returns to search requests, usually directing people to nonexistent locations. Because most people only look at the top five search results, MediaDefender tries to frustrate their first attempts to download a file in hopes that they will just give up.

Interdiction. While the first two techniques try to prevent searchers from locating files, interdiction prevents distributors from serving them. The tool is generally used when media is leaked or newly released; the goal is to slow its spread in those crucial first days. MediaDefender servers attempt to create constant connections to the files in question, saturating the provider's upstream bandwidth and preventing anyone else from grabbing the data.

Swarming. Though he acknowledges the BitTorrent networks can be hard to disrupt, Lee points out that MediaDefender can use "swarming" to make life more difficult for users trying to download copyrighted content. BitTorrent works by using a hash file to reassemble a file from many pieces, each of which may have been downloaded from a different user. MediaDefender simply serves up its chunks of these files, but instead of providing the proper data, its chunks contain static or nothing at all. When the file is eventually reassembled by the user, it may contain clicks, silent spaces, or odd skips. This can make the viewing/listening experience less pleasurable, but it's most effective with software downloads since even small errors can prevent programs from running.

not an internal leak!

[the Plums in us]

A lot of comments here seem to be talking about what might happen to whatever MediaDefender employee leaked the email and soforth. This info suggests that it's not actually a renegade employee at all, just a stupid one who's gmail account got cracked.

Re:Intentional?

[Anonymous Coward]

Unlikely, as the information they've allowed to leak is not only pretty sensitive (ftp account credentials, employee contact information, countless other stuff), but in doing so they've violated their contract with UMG; unless the contract draft attached was just an elaborate fabrication. "5. Confidentiality. Each of MediaDefender and Customer agree to keep confidential any information concerning the other party's business affairs, customers, vendors, finances, properties, methods of operation, computer programs, and documentation, and other such information, whether written, oral, or otherwise related to Customer or MediaDefender. It is further agreed that all the facts of entry into this Agreement and the rendering of Services to Customer are in themselves confidential and cannot be disclosed to any person or entity without express written consent of the non-disclosing party. All such information concerning MediaDefender and Customer is hereinafter collectively referred to as "Confidential Information." Notwithstanding the foregoing, each party may disclose Confidential Information on a "need-to-know" basis under an obligation of confidentiality to its legal counsel, accountants, banks and other financing sources and their advisors, so long as such entities have executed a written confidentiality agreement to protect the confidential nature of the Confidential Information that is no less restrictive than this Section. MediaDefender acknowledges and agrees that it will not discuss the Confidential Information with any of Customer's employees or representatives other than those designated by Customer on Exhibit D attached hereto which Customer may modify in writing from time to time. Nothing in this Agreement shall prevent the receiving party from disclosing Confidential Information to the extent the receiving party is legally compelled to do so by any court of competent jurisdiction, or governmental or judicial agency pursuant to proceedings over which such agency has jurisdiction, or otherwise as my be required by law; provided, however, that prior to any such disclosure, the receiving party shall (a) assert the confidential nature of the Confidential Information to the agency; (b) immediately notify the disclosing party in writing of the agency's order or request to disclose; and (c) cooperate fully with the disclosing party, at the disclosing party's expense, in protecting against any such disclosure and/or obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality. 6. Non-Disclosure. Each of MediaDefender and Customer agree that, except as expressly directed or authorized in writing by the other party, it will not at any time during or after the Term of this Agreement disclose any Confidential Information to any person whatsoever and that upon the termination of this Agreement it will turn over to Customer or MediaDefender (where applicable) all documents, papers, and other matter in its possession or control that relate to the other party. MediaDefender and Customer further agree to bind its employees and subcontractors to the terms and conditions of this Agreement. MediaDefender and Customer acknowledge and agree that neither party will disclose any Confidential Information to the press or issue any press statement whatsoever concerning or related to this Agreement.'" UMG: Well, what do you have to say for yourselves? MediaDefender: lol Whoops?

Re:What's interesting about that (to me) is...

[Anonymous Coward]

It isn't Google's fault either. Maris signed up to a bittorrent forum using his gmail address and password, then accessed his account from an IP that was already marked by PeerGuardian.

Re:It'll never be admissible in court.

[bongk]

IANAL as well, but its my understanding that only Law Enforcement can perform and illegal search. If someone steals information and gives it to Law Enforcement its still admissible.

Otherwise, if I thought that the police were about to crack down on my best friend's counterfeiting operation, I could just steal all the stuff related to the operation and drop it off at the police station, basically nullifying all of it as an illegal search.

The defense's best tactic would be to claim that there's no way to know if the messages have been tampered with (unless the originals can be subpeona'd off MediaDefender's systems). Though I'm sure MediaDefender is in a tailspin right now trying to figure out if they should be purging all the email from their systems quickly, or if there's already a substantial likelihood of legal action - which would forcing them at this point to retain all the related email they have today.

Re:What's interesting about that (to me) is...

[IgnoramusMaximus]

The info on the intertubes is that Mr. Maris, otherwise known as The Putz of the Century, after having forwarded all his corporate mail to his Gmail account, signed up for one of the p2p forums he was "investigating" using that very Gmail address and the same password as his gmail account had.

And he did so from an IP address already known to belong to Media Defenders.

You figure out the rest.

Re:Interdiction

[jandrese]

Don't Bittorrent clients do a checksum against every block downloaded? How can the swarming work? I know I have seen my client report that a chunk has a bogus checksum and re-download it. It's pretty rare but it does happen. It doesn't even have to be malicious, some people have dodgy computers that will silently corrupt data or frankly the TCP checksum isn't all that strong and it's not impossible for corrupt data to get through it.

Re:How to open .mbox -- Step by Step

[Adeptus_Luminati]

Step by Step with screenshots
http://kb.wisc.edu/helpdesk/page.php?id=6436#500 [wisc.edu]

Adeptus

HTML Format :)

[jrwr00]

Ive Converted the emails into HTML (With attachments)

http://jrwr.hopto.org/ [hopto.org]

Link to deposition

[SL Baur]

An article was just posted yesterday; here's the main link:
http://yro.slashdot.org/article.pl?sid=07/09/14/1723253 [slashdot.org]

A direct link to the deposition is here:
http://info.riaalawsuits.us/umg_lindor_070223JacobsonDepositionTranscript.txt [riaalawsuits.us]

Warning: It's long, but inherently pornographic in nature as the "expert" witness isn't wearing any clothes by the end of it. Enjoy!

now with actual phonecalls

[supplex]

MediaDefender-Defenders Date: 2007-09-16 MediaDefender-Defenders proudly presents some more internal MediaDefender stuff... more will follow when time is ready. MediaDefender thinks they've shut out their internals from us. Thats what they think. The past 9 months we also monitored MDs phone systems. This is just one phone call, 25 minutes long, with the New York State General Attorney. Spread it like the wind! Someone willing to transcribe this so the search engines will find it as well? MediaDefender-Defenders