MPAA RIAA Mercenaries Have Shady Activities Exposed

According to stories surfacing in The Wall Street Journal, Ars Technica, and others, a company called MediaDefender has sprung a leak of internal electronic correspondence that reveals some of the interesting activities the company engages in and with whom.

• The Wall Street Journal: Antipiracy Group Suffers Email Leak
• Ars Technica: Leaked Media Defender e-mails reveal secret government project
• Torrentfreak.com: The Biggest Ever BitTorrent Leak: MediaDefender Internal Emails Go Public

Over the weekend, a group calling itself MediaDefender-Defenders began circulating over 700 MB of internal company email and an interesting phone conversation on the web. The content appears to have been intercepted by employee snafu and shows the involvement of top executives at the company with the many dubious activities of MediaDefender.

What we find is that MediaDefender is basically a server for hire, mercenaries. The company’s clients include Universal Pictures, 20th Century Fox, Virgin Records, HBO, Paramount Pictures, BMG, and most recently, the office of the NY Attorney General.

Boasting an array of 2000 servers and a 9Gbps dedicated Internet connection, MediaDefender hires out to movie studios, record labels, and any others with money who would like to impose their own form of justice on file sharing networks.

The Many Faces of 'Big Brother'

Media companies claim to hire the service as a way to combat illegal piracy by making it difficult to download pirated content. But, as neither the various media company clients nor MediaDefender have any actual law enforcement authority, the actions taken are vigilante in nature, which is also viewed as an illegal activity, at least in the real world. The abstractions of cyberspace obscure the identical but parallel nature internet vigilantism for many, but as in the real world, Due Process must be served by officers of the law. MediaDefender is nothing more than the ‘posse’ out for a lynchin’.

The New York Attorney General (AG), Andrew Cuomo, also appears interested in MediaDefender's services to allow him to troll the Internet and drum up some ‘business’; make it look like he’s doing his job. In an attempt to make an end run around Due Process and standards that would not hold up to the Exclusionary Rule derived from the Fourth Amendment, the AG is interested in MediaDefender’s ability to collect personally identifiable Internet usage data to see if there are any criminals about. The Fourth Amendment only binds the government to Probable Cause, Warrants, and all that other stuff about lawful collection of evidence, but not private entities. So apparently the idea is to hire out to such a private entity to conduct activities that would be unlawful for the AG.

I seem to recall something about Accessory to a crime that I am sure the AG would be more than happy to charge citizens with when acting as a third party to illegal activity. While the private entities are not bound to legal restrictions on collecting evidence, its one thing if the entity does so of its own accord, but when hired by the AG, seems the same standards should be applied.

MediaDefender: Services Rendered

MediaDefender, and other companies such as MediaSentry, render their services by bogging down P2P networks with their computing resources. They attempt to overload file distributors, resulting in denial of service and also seed decoys, fake files for download that both fill the networks with traffic and leave downloaders with useless files. MediaDefender’s questionable methods include:

• Denial of Service attack (DoS)

• Spoofing attack

• Decoying

• Information/identity tracking

These activities are considered violations of the Internet Architecture Board's Internet ethics policy document RFC 1087:

An extract of RFC 1087 follows:

The IAB strongly endorses the view of the Division Advisory Panel of the National Science Foundation Division of Network, Communications Research and Infrastructure which, in paraphrase, characterized as unethical and unacceptable any activity which purposely:

• Seeks to gain unauthorized access to the resources of the Internet.

• Disrupts the intended use of the Internet.

• Wastes resources (people, capacity, computer) through such actions.

• Destroys the integrity of computer-based information.

• Compromises the privacy of users.

Wikipedia: Internet Ethics

Many of the above activities are considered illegal in most countries, falling under definitions of cybercrime or computer crime.

Here we also see the most likely source for data used by the RIAA’s boilerplate litigation campaign against college students sharing files.

The Email Leak

The leak has exposed over six months worth of MediaDefender's activities:

• names of clients

• fee schedules

• Internet disruption activities

• covert development of bogus websites

• damage control efforts and denial of said sites

• tracking software activities

• corporate espionage activities

MediaDefender was exposed earlier this year by a blogger at TorrentFreak.com who linked them to a fake video file sharing site called MiiVi, despite pains to hide the origins of the site. Created at the behest of the MPAA, MiiVi was intended to entrap users with the offer of high speed downloads of hit movies. The fake site would install tracking software onto user’s computers under the guise of client program required for the high speed downloading. The bogus software operates as a Trojan Horse delivering spyware that would snoop around the user’s computer, looking for copyright infringing files and then report back to MediaDefender and their clients.

After being discovered, MiiVi was taken down by MediaDefender who, along with the MPAA, then engaged in a campaign of denial and attempted to discredit the source of the discovery. The damage control efforts undertaken went as far as attempting to remove reference to MediaDefender’s tie to WiiVi in Wikipedia.

After being discovered the first time, MediaDefender apparently tried again under a new domain, Viide, which has now also been exposed by the email leak.

The Bad and The Ugly

MediaDefender’s tactics are identical to what Internet ‘criminals’ use when they grow a bot net of zombie computes using malware to control enough computing power and bandwidth that they can launch attacks on Internet sites and commercial networks. They only difference is that MediaDefender directly owns its computing power rather than borrowing it.

While it is commonly believed that much of the traffic on P2P networks is related to illegal copyright infringement, determining such as truth for each individual case is up to the Sheriff and the Justice of the Peace, not the MPAA or the RIAA and their Internet mercs to decide. Even if, after proper legal investigation, such were the case, not all of the traffic is illegal, so any legitimate users become victims of this vigilante action.

So when is it OK to thwart certain (presumed) illegal activities with other illegal activities?

According the MPAA and the RIAA: whenever acting as such benefits the bottom line.

The future is going to be wonderful.