The best defense is a good offense
May 29, 2008 12:05 PM Subscribe
Internet television host Revision3 was the victim of a denial of service attack this weekend. The source of the attack? None other than RIAA and MPAA-funded MediaDefender.
It's also pretty clear that the software that "glitched" was doing not-so-nice things in the first place.
posted by mfbridges at 12:22 PM on May 29, 2008
posted by mfbridges at 12:22 PM on May 29, 2008
But their software glitched because they were illicitly using Revision3's servers for their own nefarious purposes to begin with, and only "accidentally" launched the DOS when Revision3 kicked them off their server.
The DOS might have been an accident, but the deliberate hijacking most certainly wasn't.
posted by Malor at 12:22 PM on May 29, 2008
The DOS might have been an accident, but the deliberate hijacking most certainly wasn't.
posted by Malor at 12:22 PM on May 29, 2008
...It's pretty clear that their software glitched.
No. It's pretty clear that the executives at MediaDefender are claiming their software glitched. And, in the same breath, they freely admit to planting unauthorized files on Rev3's servers. This action alone seems to be enough to discount their claim that it was all a big mistake.
posted by Thorzdad at 12:23 PM on May 29, 2008 [5 favorites]
No. It's pretty clear that the executives at MediaDefender are claiming their software glitched. And, in the same breath, they freely admit to planting unauthorized files on Rev3's servers. This action alone seems to be enough to discount their claim that it was all a big mistake.
posted by Thorzdad at 12:23 PM on May 29, 2008 [5 favorites]
As Revision3 says in its own article: "In the end, I don’t think Media Defender deliberately targeted Revision3 specifically."
Not that Media Defender isn't evil, but not necessarily in this case.
posted by jabberjaw at 12:24 PM on May 29, 2008
Not that Media Defender isn't evil, but not necessarily in this case.
posted by jabberjaw at 12:24 PM on May 29, 2008
their software that 'glitched' was already performing unauthorized operations on someone else's network, and regardless of intentions a DOS attack was initiated.
posted by Large Marge at 12:24 PM on May 29, 2008
posted by Large Marge at 12:24 PM on May 29, 2008
It's like those magazine subscriptions that are easy to make but hard to get out of. There doesn't have to be a specific policy decreeing that you screw the customer over, you just have to not try very hard to be helpful. Likewise, to create an DoS you don't need to code up deliberately-malware, you just need to not avoid "glitches" like this very hard.
posted by DU at 12:28 PM on May 29, 2008
posted by DU at 12:28 PM on May 29, 2008
IMO calling it a denial of service "attack" signifies intent and is somewhat misleading. It's pretty clear that their software glitched.
You're right. Let's call it a denial of service "surge".
posted by davejay at 12:29 PM on May 29, 2008 [14 favorites]
You're right. Let's call it a denial of service "surge".
posted by davejay at 12:29 PM on May 29, 2008 [14 favorites]
It's pretty clear that their software glitched.
I'm interested in seeing the documentation for this glitch. Is it a glitch in fedora? If you could point me to the documentation for the glitch "send 8000 SYN packets a second to Revision3's tracker," I'd greatly appreciate it.
posted by shmegegge at 12:32 PM on May 29, 2008 [2 favorites]
I'm interested in seeing the documentation for this glitch. Is it a glitch in fedora? If you could point me to the documentation for the glitch "send 8000 SYN packets a second to Revision3's tracker," I'd greatly appreciate it.
posted by shmegegge at 12:32 PM on May 29, 2008 [2 favorites]
Uh, yea, software "glitching" (a claim I find dubious. I think the Revision3 guy was just being diplomatic) should not be any defense. If anything, it could have easily been planned.
"Hey, I got an idea! Instead of doing a direct DOS, let's set up a connection to their servers so a DOS will be initiated when they do x, y, and z. That way we can claim it was a glitch!"
If I DOSd the RIAA or the gov't under the same conditions, you really think I'd be off the hook because it was a "glitch"? Hell no. It's only because the attack was initiated by an arm of the *IAA that they'll avoid litigation.
posted by jmd82 at 12:32 PM on May 29, 2008 [3 favorites]
"Hey, I got an idea! Instead of doing a direct DOS, let's set up a connection to their servers so a DOS will be initiated when they do x, y, and z. That way we can claim it was a glitch!"
If I DOSd the RIAA or the gov't under the same conditions, you really think I'd be off the hook because it was a "glitch"? Hell no. It's only because the attack was initiated by an arm of the *IAA that they'll avoid litigation.
posted by jmd82 at 12:32 PM on May 29, 2008 [3 favorites]
they certainly put some considerable effort in writing their wikipedia entry (come on, anyone really think *that* was written by anyone else?). first time they seemed to have been mentioned on mefi though and first time I had heard of them beyond a brief blip on the radar when the digg thing was news. I wonder what the outcome will be for them... if their traffic because of this will be the best promotion for them they could have had...
anyway. has anyone watched their podcasts? are they worth trying?
posted by krautland at 12:52 PM on May 29, 2008
anyway. has anyone watched their podcasts? are they worth trying?
posted by krautland at 12:52 PM on May 29, 2008
Even if it was a glitch it still doesn't absolve MediaDefender of responsibility. Malice or negligence: choose one.
posted by Tacodog at 1:03 PM on May 29, 2008
posted by Tacodog at 1:03 PM on May 29, 2008
Also, considering that MediaDefender has a history of initiating DoS attacks, I'm not really willing to give them much benefit of the doubt. I hope Revision3 sues them bankrupt.
posted by sotonohito at 1:04 PM on May 29, 2008
posted by sotonohito at 1:04 PM on May 29, 2008
But what I do know is that the FBI is looking into the matter
In the end, I think I know exactly what matters will be looked into at least in terms of criminal charges. Hopefully these guys can at least get something in a civil suit.
“We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”
Which means even by their own admission they were targeting trackers willy-nilly, without even looking to see if there were copyright violations. I wonder how many other trackers distributing Linux and shit they attacked with whatever they were doing.
And speaking of that, what the hell were they doing with "injecting files?" It's not clear. I know they like to put fake files on trackers, but that doesn't even make sense to do without being able to upload a .torrent file for people to download the file.
There's a silver lining to MediaDefender, though, as the leaked emails reveal that their attacks generally don't accomplish much and accomplish nil on any of the half-decent torrent sites.
posted by TheOnlyCoolTim at 1:23 PM on May 29, 2008
In the end, I think I know exactly what matters will be looked into at least in terms of criminal charges. Hopefully these guys can at least get something in a civil suit.
“We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”
Which means even by their own admission they were targeting trackers willy-nilly, without even looking to see if there were copyright violations. I wonder how many other trackers distributing Linux and shit they attacked with whatever they were doing.
And speaking of that, what the hell were they doing with "injecting files?" It's not clear. I know they like to put fake files on trackers, but that doesn't even make sense to do without being able to upload a .torrent file for people to download the file.
There's a silver lining to MediaDefender, though, as the leaked emails reveal that their attacks generally don't accomplish much and accomplish nil on any of the half-decent torrent sites.
posted by TheOnlyCoolTim at 1:23 PM on May 29, 2008
has anyone watched their podcasts? are they worth trying?
I enjoy Diggnation and Totally Rad Show. Some of the others are humorous but nothing that I was interested in keeping up with.
posted by P.o.B. at 1:29 PM on May 29, 2008
I enjoy Diggnation and Totally Rad Show. Some of the others are humorous but nothing that I was interested in keeping up with.
posted by P.o.B. at 1:29 PM on May 29, 2008
On the left we have Randy Saaf, President of MediaDefender, and on the right we have Octavio Herrera, VP. In front of my monitor we have me laughing that they look like a pack of douchebags, too.
posted by TheOnlyCoolTim at 1:34 PM on May 29, 2008 [3 favorites]
posted by TheOnlyCoolTim at 1:34 PM on May 29, 2008 [3 favorites]
krautland: "they certainly put some considerable effort in writing their wikipedia entry (come on, anyone really think *that* was written by anyone else?). first time they seemed to have been mentioned on mefi though and first time I had heard of them beyond a brief blip on the radar when the digg thing was news. I wonder what the outcome will be for them... if their traffic because of this will be the best promotion for them they could have had...
anyway. has anyone watched their podcasts? are they worth trying?"
I like Systm and Tekzilla. There aren't many independent companies making well-produced shows in HD; Revision3 is one of them.
posted by aerotive at 1:49 PM on May 29, 2008
anyway. has anyone watched their podcasts? are they worth trying?"
I like Systm and Tekzilla. There aren't many independent companies making well-produced shows in HD; Revision3 is one of them.
posted by aerotive at 1:49 PM on May 29, 2008
Isn't the criminal on the hook for all damages resulting from the criminal act, regardless of intent?
posted by Sys Rq at 1:51 PM on May 29, 2008
posted by Sys Rq at 1:51 PM on May 29, 2008
IMO calling it a denial of service "attack" signifies intent and is somewhat misleading. It's pretty clear that their software glitched.
Prunes, what are you, an apologist for MD? They were illegally using Revision3's servers. When Revision3 cut them off, their software when into "scorched earth" mode. Who do you think programmed that mode?
This is bullshit of the highest order. MD deserve to lose big time for this.
posted by e40 at 2:03 PM on May 29, 2008
Prunes, what are you, an apologist for MD? They were illegally using Revision3's servers. When Revision3 cut them off, their software when into "scorched earth" mode. Who do you think programmed that mode?
This is bullshit of the highest order. MD deserve to lose big time for this.
posted by e40 at 2:03 PM on May 29, 2008
When Revision3 cut them off, their software when into "scorched earth" mode. Who do you think programmed that mode?
How on earth do you know that the software has a "scorched earth" policy? Considering MediaDefender had moles in their system collecting internal emails and voice mails for between 6 to 9 months and the source code to TrapperKeeper (MediaDefender's decoy software) was leaked a year ago, I think if they had such a system we would know about it.
Plenty of strange things can happen in software when you make incorrect assumptions, its not necessarily malicious. But you certainly can't say for certain.
posted by SweetJesus at 2:25 PM on May 29, 2008
How on earth do you know that the software has a "scorched earth" policy? Considering MediaDefender had moles in their system collecting internal emails and voice mails for between 6 to 9 months and the source code to TrapperKeeper (MediaDefender's decoy software) was leaked a year ago, I think if they had such a system we would know about it.
Plenty of strange things can happen in software when you make incorrect assumptions, its not necessarily malicious. But you certainly can't say for certain.
posted by SweetJesus at 2:25 PM on May 29, 2008
Aaaaaand Revision3 is down again.
cobracommander:~> date
Thu May 29 14:29:59 PDT 2008
cobracommander:~> ping revision3.com
Pinging revision3.com [209.237.233.179] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 209.237.233.179:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
cobracommander:~>
MediaDefender strikes again?
posted by mullingitover at 2:32 PM on May 29, 2008
cobracommander:~> date
Thu May 29 14:29:59 PDT 2008
cobracommander:~> ping revision3.com
Pinging revision3.com [209.237.233.179] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 209.237.233.179:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
cobracommander:~>
MediaDefender strikes again?
posted by mullingitover at 2:32 PM on May 29, 2008
If I DOSd the RIAA or the gov't under the same conditions, you really think I'd be off the hook because it was a "glitch"?
There is really only one way to be completely sure...
posted by quin at 2:43 PM on May 29, 2008 [1 favorite]
There is really only one way to be completely sure...
posted by quin at 2:43 PM on May 29, 2008 [1 favorite]
>MediaDefender strikes again?
Nah, it's just you and 40,000 other people checking if they're OK.
posted by pompomtom at 4:31 PM on May 29, 2008 [1 favorite]
Nah, it's just you and 40,000 other people checking if they're OK.
posted by pompomtom at 4:31 PM on May 29, 2008 [1 favorite]
The easiest way to deal with this is to perform a denial of service attack on MediaDefender using sledgehammers and oily rags.
posted by Pastabagel at 8:41 PM on May 29, 2008
posted by Pastabagel at 8:41 PM on May 29, 2008
Doesn't this run afoul of one of those digital acts the government has been blustering about for a while now?
How do we know for sure MD isn't a front for a terrorist organization?
I'm being flip, yes, but isn't this EXACTLY what those digital acts are for??
posted by Ynoxas at 8:56 AM on May 30, 2008
How do we know for sure MD isn't a front for a terrorist organization?
I'm being flip, yes, but isn't this EXACTLY what those digital acts are for??
posted by Ynoxas at 8:56 AM on May 30, 2008
« Older Ghost Bottle: No Maintenance Required | Wash Your Weave, Brush Your Bong Newer »
This thread has been archived and is closed to new comments
posted by prunes at 12:17 PM on May 29, 2008