Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Leaks Prove MediaDefender's Deception

CmdrTaco posted more than 6 years ago | from the well-lookie-there dept.

230

Who will defend the defenders? writes "Ars Technica has posted the first installment in their analysis of the leaked MediaDefender emails and found some very interesting things. Apparently, the New York Attorney General's office is working on a big anti-piracy sting and they were working on finding viable targets. It also discusses how some of the emails show MediaDefender trying to spy on their competitors, sanitize their own Wikipedia entry, deal with the hackers targeting their systems, and to quash the MiiVi story even while they were rebuilding it as Viide. Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."

cancel ×

230 comments

Sorry! There are no comments related to the filter you selected.

Mixed feelings... (4, Insightful)

KingSkippus (799657) | more than 6 years ago | (#20634905)

You know, I hope people keep this incident in mind if they are considering going to work for a disreputable company, a company whose primary missions is screwing people, especially when those people that are being screwed have a Robin Hood-like reputation and are a lot smarter than you. The sad fact is that there will undoubtedly be a lot of collateral damage due to this episode. As pointed out in the Ars Technica article, a secretary who happened to be working for MediaDefender whose worst crime was answering phones and getting coffee for his or her bosses now has the social security number, home address and phone number, and salary information out there for everyone to download and look at.

I think that an even worse fallout of all this is that companies are going to be even more anal about stuff like e-mail policies and such. At my company now, they content-block us from accessing Gmail. I'll be that companies will start doing crap like blocking employees from even sending e-mail to Gmail now, the attack vector that allowed these e-mails to get leaked.

But still, even after having said all that, I love it when an evil company doing evil things gets their due like this. It's entirely possible that MediaDefender might go out of business because of this. If you're one of their customers whose detailed contract information got leaked, how likely are you to do business with them again? Although it occurred in a totally scummy way that I just can't endorse, I can't deny the end result of big media companies being a little more skittish to hiring these outfits to do their dirty work is a Good Thing.

Oh, you moralists (2, Funny)

BadAnalogyGuy (945258) | more than 6 years ago | (#20634955)

Don't despair! [despair.com]

Re:Mixed feelings... (4, Informative)

dc29A (636871) | more than 6 years ago | (#20635111)

MediaDefender wasn't only screwing people. They were screwing their clients as well (the big labels). I read a few of their emails, and one particulary caught my attention. I think Universal asked MD to produce stats about illegal downloads after they started another wave of lawsuits to see if these lawsuits have any effect on downloading (they were hoping it goes down).

One MD scumbag then forwards this email to his lackeys and he adds: "If you want a good laugh" to the forwarded mail.

These scumbag know that what they are doing is worthless, it doesn't stop piracy, but they both piss off users and rip off their own clients.

They also received one confidential study from a think-tank in Washington DC, the nice presentation had some extremely disgusting stats: only about 17% of the piracy comes from illegal downloads, the vast majority comes from people borrowing CDs ... so much for the MAFIAA's claims.

Re:Mixed feelings... (1)

gravos (912628) | more than 6 years ago | (#20635237)

the vast majority comes from people borrowing CDs

What a second... you mean that those damaged CDs that don't work when you put them into a computer may actually help to curb piracy in some appreciable way? I am shocked and awed.

Re:Mixed feelings... (0, Flamebait)

packetmon (977047) | more than 6 years ago | (#20635131)

You know, I hope people keep this incident in mind if they are considering going to work for a disreputable company What you consider disreputable others consider reputable. Most businesses are in the business of making money, bottom line. There was a show I was watching yesterday where hot chicks were baiting married men to see if those men would cheat on their wives. How disreputable! To think that women would stoop so low to entrap someone will to do something illegal just makes me so mad.

I think that an even worse fallout of all this is that companies are going to be even more anal about stuff like e-mail policies and such. At my company now, they content-block us from accessing Gmail. Boo hoo. Work is work not meant for personal stuff. Although some companies may allow it, you're there to do a job not worry about your Gmail account so grow up and get real.

I'll be that companies will start doing crap like blocking employees from even sending e-mail to Gmail now, the attack vector that allowed these e-mails to get leaked. Poor policies allowed the company information to get leaked. Why the hell procedures weren't in place to prevent corporate email from going out on something other than a corporate server is puzzling but again, you're throwing personal feelings into the mix. Which part of *your* work contract specified "Check your Gmail hourly for personal mail". I don't think there is any corporate policy which specifies that.

But still, even after having said all that, I love it when an evil company doing evil things gets their due like this. Evil things like what? What they were contracted to do. Personal feelings aside would a security engineer at your company be an asshole because he decided to block all and allow in specified hosts? Its his job is he an evil ass?

Re:Mixed feelings... (5, Insightful)

lanswitch (705539) | more than 6 years ago | (#20635253)

Most businesses are in the business of making money, bottom line
and at the bottom line you'll only find the bottom feeders.

Re:Mixed feelings... (3, Insightful)

yoder (178161) | more than 6 years ago | (#20635341)

"and at the bottom line you'll only find the bottom feeders."

Spot on. Granted, businesses are there to make money, but unless they employ only robots, there is a human factor there as well. Oversimplifying this to the point that "money trumps everything else" is exactly how these companies get into such shitloads of trouble.

Re:Mixed feelings... (1)

Opportunist (166417) | more than 6 years ago | (#20635427)

First, there is a difference between providing a service or good and earning money that way, and ripping off your customers with snakeoil. When you sell something of value to your customer and you make money, more power to you.

Second, sometimes mailing policies in some companies are so off whack that you need GMail or similar services to get anything done. I do have a mail account strictly for business purposes on GMail, that I used to receive and send (encrypted) messages while working for a company that did not allowed any kind of attachment in mails. Yes, I do agree that sending an FTP link is more useful, but getting FTP access to the outside world would have been more of a hassle.

Re:Mixed feelings... (2, Interesting)

discogravy (455376) | more than 6 years ago | (#20635663)

congrats on not understanding strict security policy. you are the type of person who let this miivi/media defender thing go down: the guy who is technical enough to get around the security measures put in place to avoid things like this happening.

Thank God for Data Protection (4, Interesting)

igb (28052) | more than 6 years ago | (#20635143)

Of course, in a country with a sensible data protection regime, forwarding personally identifiable information to a weakly-protected gmail account would be a non-no in and of itself, One of the problems with the US's absolute lack of constraints on companies' use of personal data is that the casual mailing of SSNs can go on, and management have no reason to deal with it. In europe, that sort of stuff is locked down into HR department systems.

Re:Thank God for Data Protection (4, Interesting)

Martin Blank (154261) | more than 6 years ago | (#20635765)

"Casual mailing" of SSNs can (theoretically) get a company in trouble under federal HIPAA laws and under certain state laws like California's SB1386. Many companies are working on locking down their e-mail, often with smart filters that look for strings like SSNs or driver's license numbers, among other things, and automatically encrypting them before going out, sometimes even before leaving the department while remaining within the company.

This doesn't stop the need for laws which are much more clear and restrictive on the use and control of personally identifying information, and which have more bite when they are enforced.

Re:Thank God for Data Protection (3, Informative)

Anonymous Coward | more than 6 years ago | (#20636819)

"Casual mailing" of SSNs can (theoretically) get a company in trouble under federal HIPAA laws

As MediaDefender is not a Health Care provider HIPAA does not apply.

Re:Mixed feelings... (5, Informative)

badenglishihave (944178) | more than 6 years ago | (#20635297)

I do find it funny that people will be paranoid about GMail now... the only reason these MediaDefender-Defender guys got in is because they knew the password. Perhaps GMail is more insecure than other email providers; however, afaik they didn't hack into his account, they just found out his password from another site and used it to log into his email. Not exactly GMail's fault.

Roofers on the Death Star (1)

elrous0 (869638) | more than 6 years ago | (#20635303)

While it's unfortunate that the innocent (or semi-innocent) are paying a price too, you can't tell me that the secretary had no idea what business they were in. She may not have appreciated the kind of backlash she was risking, you can't tell me that she didn't have to deal with angry calls all the time letting her know what people thought of this "business."

Re:Mixed feelings... (1)

Opportunist (166417) | more than 6 years ago | (#20635387)

As pointed out in the Ars Technica article, a secretary who happened to be working for MediaDefender whose worst crime was answering phones and getting coffee for his or her bosses now has the social security number, home address and phone number, and salary information out there for everyone to download and look at.

To be blunt, my first thought was "work for them, hang with them". But where does that lead?

Yes, it would be pretty neat to bleed those companies dry by by "discouraging" people from working for them with such or similar tactics. Work for them and we make you a public person. Now imagine this backfiring. Write OSS, or worse, write P2P software, and we circulate your "favorite pastime" in our circles, don't try to get a job anymore.

Also, I think it would be generally more efficient against IT people than against Joe Average secretary. So... don't do it.

Mixed downloads. (0)

Anonymous Coward | more than 6 years ago | (#20635561)

"But still, even after having said all that, I love it when an evil company doing evil things gets their due like this"

Yes I can see how stopping illegal copyright violations would make one evil.

"It's entirely possible that MediaDefender might go out of business because of this. If you're one of their customers whose detailed contract information got leaked, how likely are you to do business with them again?"

How likely are you to do business with all the companies that have lost YOUR personal information?

"Although it occurred in a totally scummy way that I just can't endorse, I can't deny the end result of big media companies being a little more skittish to hiring these outfits to do their dirty work is a Good Thing."

I'm afraid you all haven't seen the full effect of this incident, and I wouldn't be breaking out any party favors and celebrating just yet.

Re:Mixed feelings... (1)

neoform (551705) | more than 6 years ago | (#20635857)

I'd want to punish Hitler's secretary (provided he/she wasn't forced into the job).

Re:Mixed feelings... (1)

LordSnooty (853791) | more than 6 years ago | (#20636117)

At my company now, they content-block us from accessing Gmail. I'll be that companies will start doing crap like blocking employees from even sending e-mail to Gmail now, the attack vector that allowed these e-mails to get leaked.
Interesting. Why did your company never view this 'vector' as a problem for sites such as Hotmail or Yahoo! Mail, which both launched as far back as 1996? The tools that GMail offers are not that much different, I'm sure the mass forwarding of mails to a web mailbox was possible B.G. (Before Google)

Re:Mixed feelings... (0)

Anonymous Coward | more than 6 years ago | (#20636725)

I can't speak for him. but his post does not state that only Google is blocked. That's you extrapolating. Providing a full list of such services was not the point he was trying to make anyway.

Indians and Russians (0)

Anonymous Coward | more than 6 years ago | (#20636283)

This is *not* a racist statement, it's a statement of fact: You can hire Indians and Russians to do anything.

Hmmm (1)

adam1234 (696497) | more than 6 years ago | (#20634911)

Heavens, a company discussing how to "deal with the hackers targeting their systems"? What a scandal.

Re:Hmmm (1)

grantek (979387) | more than 6 years ago | (#20635015)

Twah? The scandal bit is where they then discuss things such as using DoS attacks on third-party computers to achieve their aims.

Re:Hmmm (1)

morgan_greywolf (835522) | more than 6 years ago | (#20635047)

Heavens, a company discussing how to "deal with the hackers targeting their systems"? What a scandal.
The scandal is in likely how they were dealing with the h4x0rz. This company has a tendency to interrput P2P systems by essentially breaking the law -- ping flooding networks and other DoS attacks, employing h4x0rz to bring down web sites, etc. All illegal tactics, no matter what activity they are trying to stop. Things that if you or I did them would likely get us thrown in prison.

Hmmm-Picking pigs. (0)

Anonymous Coward | more than 6 years ago | (#20635863)

All it proves is that if you lie down with pigs, you rise up dirty. An illegal network, used to do illegal activity, by those who hide their identity and what they're doing. Who've now broken several laws to do another illegal act.

"Things that if you or I did them would likely get us thrown in prison."

Things like illegally violating copyright, and hiding what we're doing and who we are?

so (1)

wwmedia (950346) | more than 6 years ago | (#20634937)

so MiiVi was a complete failure, what do they do make a new site and call it Viide

no one would notice eh?

i wonder from a legal point of view can these emails constitute as evidence in a court, or is the manner in which they were leaked make any prosecution impossible??

Re:so (2, Informative)

sexybomber (740588) | more than 6 years ago | (#20635033)

IANAL(yet), but I believe the emails would be admissible in court. Even if the identity of the leaker was known, he/she would be protected under the laws we have regarding whistleblowing.

legal (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20635035)

I wonder if any evidence produced by media defender can be used in court, since their systems are hacked and it is perfectly possible that they do now show in court what they initially found, but they show data that was modified by hackers.

The phone hack makes clear that hackers are quite deep into their systems.

A lesson from this episode (4, Insightful)

jkrise (535370) | more than 6 years ago | (#20634945)

I think this revelation brings to light the extent to which companies will go - to deceive the public, the mainstream media... and then continue with their illegal practices after a short time.

Microsoft's recent downplaying of the unexplained Windows Updates is another case in point. Where is Mark Russinovich's article that does a 'diff' of the replaced files, and explaining the 'new behaviour' in detail - like he did in the Sony rootkit case?

It is a bit sad that many of these incidents do not figure in the mainstream media - which seems to be in the powerful grips of these Corporate thugs.

Re:A lesson from this episode (5, Insightful)

radarjd (931774) | more than 6 years ago | (#20635083)

It is a bit sad that many of these incidents do not figure in the mainstream media - which seems to be in the powerful grips of these Corporate thugs.
While it's possible that some corporation may be exercising some undue influence, it seems just as likely (if not more) to me that people simply don't care. Have Sony's CD sales been hurt by the rootkit incident? (And I mean on a meaningful level, not anecdotally.) Has Microsoft lost business from its anti-trust issues? Those have certainly received a great deal of media attention, but the greatest portion of the public seems not to care.

Re:A lesson from this episode (1, Funny)

Anonymous Coward | more than 6 years ago | (#20635243)

And I mean on a meaningful level, not anecdotally
Please don't take that away from us. This is Slashdot, and anecdotal evidence is all we have. That and Wikipedia articles that contain anecdotal evidence.

Re:A lesson from this episode (4, Insightful)

jkrise (535370) | more than 6 years ago | (#20635349)

While it's possible that some corporation may be exercising some undue influence, it seems just as likely (if not more) to me that people simply don't care.

I did address this issue in my original post. I speculated that this happens becasue Mainstream Media is simply reluctant to publish these issues, which have a vital bearing on true competition in the IT industry. The BBC has an article on the EU anti-trust ruling; but none at all on the Media Defender clowns circus. If it did, there would be much larger pressure on them, than discussions at Slashdot, Digg, Flexbeta ArsTechnica and so on.

In fact an email at MD discusses precisely this apathy in the mainstream media; and why they should relaunch the whole thing under a different name. Microsoft has simply relaunched the same core Office applications and the Windows operating systems in different names at different points in time. The intention is clear: To subvert proper competitive development, impede progress, ruthlessly maintain lock-in; etc. The media must resist such intereferences... otherwise such secondary media sites will make take away their business in tech reporting at least.

Re:A lesson from this episode (-1)

Anonymous Coward | more than 6 years ago | (#20635267)

Where is Mr. Russinovich's article, you ask? Ahahahahahahhaaa! Don't you know that he WORKS FOR MICROSOFT now? Of course they won't let him publish any such thing! MS bought SysInternals and its former owner months (possibly even a year) ago. Congratulations on staying informed.

Re:A lesson from this episode (1)

gEvil (beta) (945888) | more than 6 years ago | (#20635691)

Wow! Way to miss the point of the post. He was asking the question precisely because Russinovich now works for MS--he knows damn well there will never be such an article.

Re:A lesson from this episode (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#20635463)

The Wall Street Journal mainstream enough for you?

Re:A lesson from this episode (1)

Stavr0 (35032) | more than 6 years ago | (#20636395)

Where is Mark Russinovich's article that does a 'diff' of the replaced files, and explaining the 'new behaviour' in detail - like he did in the Sony rootkit case?

Ha! I see what you did there... (Russinovich sold to MS a year ago) but seriously, I'd like to see Steve Gibson's[grc.com] take on the Stealth WUA thing. He's got just enough of a tinfoil hat to uncover the juicy details...

Totally Unprofessional (4, Insightful)

CaptainZapp (182233) | more than 6 years ago | (#20634957)

This may be nitpicking, but I was somewhat shocked about the tone of the (paraphrased) emails. There seems a lot of f**k and s**t flowing around from the head honchos of this dodgy outfit right to the bottom.

Now don't get me wrong. I'm neither squeamish, nor easily offended. But in professional, corporate email communications such a tone has about as much justification as surfing porn at work.

Re:Totally Unprofessional (2, Informative)

eskimoboy (690127) | more than 6 years ago | (#20635031)

funny you should mention that, as it is, in fact, the other thing they do at "work"

Re:Totally Unprofessional (0, Offtopic)

packetmon (977047) | more than 6 years ago | (#20635239)

Apparently you have some fucking sort of perception problem. Just the other day I was telling my boss to kiss my fucking ass after he'd left the meeting. In fact while walking to my car I was telling the marketing people how I thought they were so full of shit!

Re:Totally Unprofessional (3, Informative)

artg (24127) | more than 6 years ago | (#20635359)

This sort of thing echoes the Watergate tapes : there is a certain class of person that feels bigger by acting aggressively, and swearing is a socially-acceptable form of aggression.

Violence is the last refuge of the incompetent.

Re:Totally Unprofessional (5, Interesting)

JRHelgeson (576325) | more than 6 years ago | (#20635465)

But in professional, corporate email communications such a tone has about as much justification as surfing porn at work.

And to that point - it is their JOB to surf porn at work, to seek out child porn and notify the DoJ and the New York Attorney General's office of the material so that the AG could pursue the offender as part of their own investigation.

Yet, I do agree that the use of profanity does show a lack of professionalism. Much like the theory that you can tell a lot about a man by the way he treats his waitress. These emails reveal that they have an air of arrogant superiority about themselves, that they operate above the law, and that they are immune from "teh bad d00dz". They are convinced of their moral authority and moral superiority.

To wit:
I have a fair level of certainty that they got themselves infected with spyware, adware, trojans. They surf sites in the dark corners of the 'intertoob' seeking out nefarious content, evil trackers and child predators. In going there, they are in the stomping grounds of the best of the worst when it comes to infecting computers using the most current 0day exploits.

(Side note -- Stick with me here)
I personally do not run anti-virus. I deal with malicious content all the time. I know what is running on my machine at all times. If I were to run an AntiVirus, it would delete half the files on my hard drive that was gathered as evidence in investigations, or malicious tool kits used to exploit systems that I use in teaching classes.

Whenever I venture to evil sites, I start up a virtual machine, I have two - they are called "Hindenburg" and "Titanic" that are not current on their patches and run no anti-virus. I purposely seek out infections and malware on these machines so I can analyze the machines postmortem. I have a tremendous amount of respect and even admiration for my opponents. They are VERY good at their game. As such, I am careful not to let my guard down.

(My point)
I'll bet that what they've done is get a real machine infected, one that was not sandboxed, connected to the internal domain, and the user was running with not just local admin privileges, but with full domain admin privileges. OOPS! This infected machine reported back to the hackers, who then connected back in to their hacked box and set up user accounts on the network and also rooted the boxes.

At this point, no amount of changing passwords or firewalls or IDS will get the intruders out. They need to rebuild every box on their network, from scratch. They need to stop thinking of themselves as an "academic institution" that needs full access to the internet (no outbound restrictions on the firewall) and where proper security practices "don't apply to them".

Proper security and safety protocols were not followed. The arrogant attitude of "we're security folks, policies don't apply to us" is what let this happen.

Further your affiant sayeth not, :)
Joel Helgeson

Re:Totally Unprofessional (2, Funny)

Anonymous Coward | more than 6 years ago | (#20635927)

And to that point - it is their JOB to surf porn at work, to seek out child porn and notify the DoJ and the New York Attorney General's office of the material so that the AG could pursue the offender as part of their own investigation.
In other words, a pedo's dream job.

Actually (1)

Xest (935314) | more than 6 years ago | (#20636039)

...the word on the street is simply that one of their staff signed up to a torrent site from one of MediaDefender's IPs with the same gmail address as username and password as he used for his gmail account where all these e-mails had been archived.

It's true that simple mistakes lead to major errors, you only have to look at the Half-Life 2 source code leak where a member of staff was e-mailed a key logger trojan giving the attacker all the info they needed to get the code out of there.

No facts. (0)

Anonymous Coward | more than 6 years ago | (#20636695)

I doubt we will learn how the hack was done. But the fact that more data leaked afterwards, including a large (11GB) database, and a phonetaps tells that this was not a simple google mail password guess anymore. This is a full CSI style hack where they knoe everything about everyone in mediadefender.

If that is the case is would like to request the other database we should defend against that they have:
-list & hashes of decoys they use. (like gnutella, but then for other networks)
-Source code of proxymaster tool they use against eMule. (the installer was included in the mails, mailed form a guy named segio)

Re:Totally Unprofessional (1)

Opportunist (166417) | more than 6 years ago | (#20635477)

I'm sorry, but I simply cannot agree with you. Sorry, you are horribly wrong on this one. I, for one, spent a lot of time surfing for porn while at work (some shadier porn pages used to contain a few quite interesting malware infectors).

So yes, sometimes surfing for granny porn at work has its place. But take my advice, do it before lunch. First, you will definitly save a lot of your lunch money, and it keeps you from making your work space a messy place.

Re:Totally Unprofessional (0)

Anonymous Coward | more than 6 years ago | (#20635579)

There seems a lot of f**k and s**t flowing around from the head honchos of this dodgy outfit right to the bottom.

The technical term for these ballmerisms is "potty-mouth". And yes, there does seem to be an increase in potty-mouthed corporate officers among the bottom dwellers of the IT and music distribution industries.

Re:Totally Unprofessional (0)

Anonymous Coward | more than 6 years ago | (#20635837)

This may be nitpicking, but I was somewhat shocked about the tone of the (paraphrased) emails.

Indeed. Take a look at this one [hopto.org] , where they express their opinion of one guy who dared to complain about portscanning by MediaDefender.

Re:Totally Unprofessional (1)

OglinTatas (710589) | more than 6 years ago | (#20636201)

You've never heard the Nixon tapes.

there are more leaks! (5, Informative)

wwmedia (950346) | more than 6 years ago | (#20634975)

there are more leaks!

MediaDefender Phone Call and Gnutella Tracking Database Leaked [torrentfreak.com]

Re:there are more leaks! (1)

deftcoder (1090261) | more than 6 years ago | (#20635053)

Anyone have a link to the Gnutella database torrent? I only saw the email and phone call torrents on TPB.

Re:there are more leaks! (3, Informative)

apollosfire (954290) | more than 6 years ago | (#20635391)

Re:there are more leaks! (1)

deftcoder (1090261) | more than 6 years ago | (#20635523)

Thanks. I was searching for "mediadefender"; I guess that's why I didn't see it.

Re:there are more leaks! (0)

Anonymous Coward | more than 6 years ago | (#20635893)

So Media Defender employees are documented looking at child porn.

I learn something new every day.

Re:there are more leaks! (0)

Anonymous Coward | more than 6 years ago | (#20636295)

Can't you stick your stupid comments to the relevant points? There's enough to talk about in here that's far worse than people looking for child porn for the very sake of eliminating it and with explicit approval of the authorities. Someone inevitably has to look at that filth in order to eradicate it, damnit.

Beautiful. Just Beautiful (1)

asphaltjesus (978804) | more than 6 years ago | (#20635917)

That transcript is a black-hat's wet dream.

For those that don't want to read through it, it's classic PHB scumbag B.S. They're running exchange on one side, so there's going to be trouble finding a compromise unless the disks are taken out of production.

The buzzword B.S. level is so high I think I threw-up in my mouth a little.

Re:there are more leaks! (1, Funny)

Anonymous Coward | more than 6 years ago | (#20636615)

there are more leaks!

MediaDefender Phone Call and Gnutella Tracking Database Leaked

The real news: People use Gnutella.

The weakest link (4, Interesting)

kj_in_ottawa (838840) | more than 6 years ago | (#20634995)

Some smart yet misguided people have their plot foiled by the weakest link, the human. I'm glad this whole miivi thing has been exposed. I think how it has been brought to light serves as a good reminder to the rest of us. No matter how secure your app, or how great your plan, all it takes is one person who doesn't understand policy or the consequences of following it and all is lost. Cheers

Re:The weakest link (1)

z0idberg (888892) | more than 6 years ago | (#20635627)

Speaking of smart people.

My favorite quote from the article/emails:

(while discussing communications between the Miivi site and its "customers")

"Make sure MediaDefender can not be seen in any of the hidden email data crap that smart people can look in."

Journamalism 101 (5, Interesting)

jalefkowit (101585) | more than 6 years ago | (#20635057)

I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).

Would it have killed someone to have rewritten the submission so that it explained:

  • Who MediaDefender is
  • What the "leaked MediaDefender emails" are
  • What the "MiiVi story" is
  • Why I should care

?

I can go Google all that stuff and find out for myself, but why would I bother, if it's not clear to me why the story is important in the first place?

Re:Journamalism 101 (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20635149)

as a card carrying geek you should have used bittorent - if ur using that you should be using peerguardian if you look at peerguardian with bittorent running you will see the MediaDefender ip range poking you ever so often and flagging you as a suspect.

Re:Journamalism 101 (1)

Overzeetop (214511) | more than 6 years ago | (#20635197)

Actually, if you'd been on /. over the weekend, you would have gotten the first installment of the series. I was thinking this was a dupe, but it turns out it's just a link to a story discussing somehting which was on /. last night. A meta-dupe, if you will.

Re:Journamalism 101 (1)

Otter Escaping North (945051) | more than 6 years ago | (#20635255)

I can go Google all that stuff and find out for myself, but why would I bother, if it's not clear to me why the story is important in the first place?

(I can't help but wonder if this is satire...)

Answer: I suppose you wouldn't.

I don't imagine anyone is going to lose sleep over that. If you're interested, take an interest. If you don't care, then just move one. We're all fine with that, really.

Slashdot: News for Nerds. Stuff that Matters. Context for Jason Lefkowitz.

Re:Journamalism 101 (1, Funny)

complete loony (663508) | more than 6 years ago | (#20635507)

News flash, it's a summary. If you want journalism go read the article, unless it was posted by Roland P. of course.

Re:Journamalism 101 (5, Informative)

ZachPruckowski (918562) | more than 6 years ago | (#20635741)

MediaDefender is a company that the RIAA and MPAA hire to pollute Bittorrent trackers with fake torrents, track torrent usage, and spew false data out to torrents.

A group called "MediaDefender-Defender" got someone's password and spilled thousands of emails from within MediaDefender. Apparently some idiot forwarded all his corporate mail to Gmail, and used an easy password.

"MiiVi" was an attempt by MediaDefender to create a fake file-sharing site to entrap people. About two people fell for it, then they were exposed by Torrentfreak.

You should care because this company lied about its involvement with an attempt to "entrap" (legally, it's not entrapment, but it's still pretty morally grey). You might also care because it's another attempt by the RIAA and MPAA to screw over file-sharers. Or maybe you don't care about it. There's no assurance that you'll find everything on Slashdot interesting.

Re:Journamalism 101 (1)

mrbobjoe (830606) | more than 6 years ago | (#20636219)

Apparently some idiot forwarded all his corporate mail to Gmail, and used an easy password.
Not only that, the story that I've gathered is that he had created an account with one of the trackers MediaDefender was foiling (or was it a related forum?), using the same password, from an IP known to belong to MediaDefender.

Re:Journamalism 101 (1)

tero (39203) | more than 6 years ago | (#20636287)

I know it's poinless to try to tell things like this to /. "users", but if you would have clicked the story you would have seen a short section called "Related Stories" just before the comments.

In that little section you would have found two links to articles that are - surprise - related to this story.

Following those links would have taken you to the whole backstory story and you could have read that right here on Slashdot without having to do any Google searches.

Isn't technology fantastic

?

Related stories 101 (3, Informative)

Scrameustache (459504) | more than 6 years ago | (#20636341)

I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).

Related Stories
[+] Your Rights Online: MediaDefender Denies Entrapment Accusations 104 comments
Ortega-Starfire writes "We've previously discussed the subject of MediaDefender setting up a site to catch movie pirates. Ars Technica covers the response from MediaDefender, which basically states the entire thing was a mistake and was only an internal site they forgot to password protect, and that they were not using this with the MPAA. The article asks: 'If this is true, why did MediaDefender immediately remove all contact information from the whois registry for the domain? Saaf said that after everything hit the fan, the company decided to take everything on the site down because it was afraid of a hacker attack or "people sending us spam." Yes, spam. The MPAA's Elizabeth Kaltman also chimed in to say that they had no involvement with MiiVi: "The MediaDefender story is false. We have no relationship with that company at all," she told Ars.'"
[-] IT: Internal Emails of An RIAA Attack Dog Leaked 412 comments
qubezz writes "The company MediaDefender works with the RIAA and MPAA against piracy, setting up fake torrents and trackers and disrupting p2p traffic. Previously, the TorrentFreak site accused them of setting up a fake internet video download site designed to catch and bust users. MediaDefender denied the entrapment charges. Now 700MB of MediaDefender's internal emails from the last 6 months have been leaked onto BitTorrent trackers. The emails detail their entire plan, including how they intended to distance themselves from the fake company they set up and future strategies. Other pieces of company information were included in the emails such as logins and passwords, wage negotiations, and numerous other aspect of their internal business."

nice one. (1)

apodyopsis (1048476) | more than 6 years ago | (#20635063)

nice one, thats my evening's humorous reading sorted out then. Purest, addictive, schadenfreude - what a delight.

its always cute when you see a big firm like that caught with its breeches down, but when its the sneaky bugger who where behind MiiVii on the receiving end its extra juicy.

tell you one thing, I wish we could get a current tap on their email to see what they are saying about this one! :-)

on a more serious note, this came out because one single employee forward all his email to a gmail account which was then compromised, I would sure hate to be in his shoes right now.

Re:nice one. (1)

Opportunist (166417) | more than 6 years ago | (#20635531)

I wish we could get a current tap on their email to see what they are saying about this one!

One of the few occasions when I'd really advocate spyware on a few selected computers...

Good Time . . . (2, Insightful)

Dausha (546002) | more than 6 years ago | (#20635135)

Is this a good time to mention that access to these internal emails was gained illegally? Sure, he was stupid enough to use the same password on different systems, but that doesn't mitigate the invasion of privacy.

Re:Good Time . . . (1)

artg (24127) | more than 6 years ago | (#20635389)

Isn't whistleblowing always illegal (in the sense that it always violates contractual agreements) ?

Re:Good Time . . . (4, Informative)

Kadin2048 (468275) | more than 6 years ago | (#20635417)

Legally, the "fruit of the poisonous tree" doctrine applies only when there's some sort of causative link between the illegal discovery of something and the investigation into it. E.g., if a police officer breaks into your house without cause and finds your coke-cutting equipment, you're probably safe. But if your house gets broken into by a(nother) criminal while you're away, and in the course of the ensuing investigation the police find your stash ... tough luck. That's pretty much how I see this situation. The fact that the information came out because some guy's GMail got hacked pales in significance compared to the content that was disclosed, and I don't see any reason to cover my eyes just because of the source, when the source was just due to chance (or, perhaps, some sort of karma/fate/God).

Morally, these scumbags gave up any claim to anything a long time ago. Morally, they all deserve to be soundly beaten and left for dead on some island somewhere so they can learn to play nice with each other or starve. Because that's sadly illegal, pointing and laughing at their misfortune is a close second.

Re:Good Time . . . (1, Flamebait)

Dausha (546002) | more than 6 years ago | (#20635679)

"Legally, the 'fruit of the poisonous tree' ..."

I never said anything about that doctrine, of which I am familiar. That involves illegal government action that yields criminal evidence. This involves non-government action that is itself criminal. This is the same comparison we have with apples and oranges: none. The person reporting the information is the criminal actor, in my assertion.

"Morally..."

Morally, we all deserve to be soundly beaten. I did not raise the moral character of the email account holder, but the legal behavior of those who acquired the email. I leave morality for another thread.

When.... (2, Interesting)

Chineseyes (691744) | more than 6 years ago | (#20635435)

When celebrities have their sex tapes stolen no one goes around saying what a tragedy a crime has been committed. We say what kind of idiot would tape themselves having sex. So why on earth would you think that when MediaDefender has their internal e-mails and tracking database stolen people are going to feel pity for them especially when they do business for such an unsympathetic cause. Instead people are gawking and gloating at this the same way they gawk and gloat when some celebrity they don't like gets caught with their pants down.

Re:Good Time . . . (0)

Anonymous Brave Guy (457657) | more than 6 years ago | (#20636041)

Is this a good time to mention that access to these internal emails was gained illegally?

The sad thing is that throughout this discussion, I have yet to see a single post noting that MediaDefender are employed by Big Media in order to protect their legitimate, legal rights against a whole load of people who routinely break the law without remorse. There are reasons entrapment is frowned upon by most legal systems, but that doesn't excuse the fact that the people being entrapped were deliberately trying to break the law themselves, nor does it excuse the dubious way these e-mails were obtained and circulated in response.

As I've noted on many previous occasions, I have no love for the business practices of Big Media, but the correct answer to this is firstly to ensure they themselves work within the law (e.g., by enforcing competition rather than allowing effective monopoly abuse) and secondly to educate consumers so they can make informed decisions and vote with their wallets. The answer is not for us to support freeloaders who just can't be bothered to pay up like everyone else and who rely on a combination of wishful thinking, economic naivete and outright selfishness to "justify" their actions; nor is it to condone knowingly circulating the personal data of employees at MediaDefender in what is tantamount to inviting vigilante action against them.

I shall now sit back and await the inevitable (-1, Overrated) mods from people who don't like what I have to say, but can't actually present a genuine counter-argument.

Re:Good Time . . . (0)

Anonymous Coward | more than 6 years ago | (#20636669)

I'm not going to be flippant or dismissive, but I will say that the conclusion I have drawn about the RIAA is that they are bad for America, to such an extent that I shed no tears at the thought of their copyright being infringed by millions of freeloaders.

Copyright laws exist to promote creativity for the benefit of Americans. I do not believe that the actions of the RIAA benefit Americans on the whole. It's a judgement call, and it's going to be on incomplete data, much of which is at best biased if not entirely fraudulent, but that's my call anyway. On balance, I assess the RIAA as leveraging a monopoly to squash alternate business models in a way that smacks more of antitrust crimes than of a measured benefit to our society.

It is not that the RIAA is trying to enforce copyright. It is that the actions taken to do so lead me to conclude that the RIAA's hands are so unclean that any judgement in their favor smacks of inequity.

MiiVi? Viide? (1)

Gothmolly (148874) | more than 6 years ago | (#20635175)

Um, not all of us are bloggers, so mind sharing with the group WTF these mean?

Re:MiiVi? Viide? (2, Funny)

BadAnalogyGuy (945258) | more than 6 years ago | (#20635209)

Chinese Nintendo ripoffs.

Online mailbox access.. (4, Informative)

AftanGustur (7715) | more than 6 years ago | (#20635293)


In case someone wants to have a look, Here is a on-line mailbox with all the leaked emails [hopto.org]

Re:Online mailbox access.. (1)

Evangelion (2145) | more than 6 years ago | (#20636211)

You know what's really amusing? If you search through that thing, you can find some attachments regarding employee performance reviews.

That alone isn't funny, but the comments that the manager guy left in there are like word for word what I've had in the past on mine -- a box with like a one sentence generic complement, and a checkbox beside it where you can imagine the manager was just picking in a pseudo-random manner.

It's really frightening how similar most companies actually are.

save his bandwidth (0)

Anonymous Coward | more than 6 years ago | (#20636573)


poor fella is getting crushed by the bandwidth
here is a coral cache mirror

http://jrwr.hopto.org.nyud.net:8080/ [nyud.net]

Re:Online mailbox access.. (1)

z0idberg (888892) | more than 6 years ago | (#20636627)

Interesting email, about considering using their employees home IP addresses, most likely to try and get around IP blacklists. http://jrwr.hopto.org/msg02207.html [hopto.org] Contains a list of a bunch of employees home IP addresses. Woops. Might see a few of them changing ISPs if they have any sense.

Sanitized wikipedia entries (2, Interesting)

dj245 (732906) | more than 6 years ago | (#20635487)

Wikipedia entries tend to be sanitized for companies anyway asa a matter of company policy. Employees aren't supposed to post- its in almost every contract there is. Every contract I have ever seen for a major company has something that basically states you may not act as the PR agent for the company or speak publically for the company. This is basically what you are doing by posting on wikipedia.

So the guys in PR are the only ones in the company posting over the long term. Anyone else doesn't work for the company, or won't be working there long (yerfired!).

MiiVi would be such a cool name... (3, Funny)

Anonymous Coward | more than 6 years ago | (#20635541)

MiiVi would be such a cool name for a text editor. Especially if it ran on Nintendo consoles.

Moral of story = good to be old fogy! (1)

scottsk (781208) | more than 6 years ago | (#20635555)

Glancing through the news and some of the e-mails, the good news is the best way not to be implicated in any of this is to be an old fogy -- I don't think any media mentioned in these e-mails is from the previous century. Apparently us old geezers who like 1980s and 1970s music get a free pass.

viide.com (4, Funny)

zerocool^ (112121) | more than 6 years ago | (#20635569)

Well, they haven't learned anything, their new miivi replacement site, www.viide.com, which isn't live yet, has the following whois credentials:

Registrant:
  MediaDefender, Inc.
  11965 Venice
  Venice, CA 90066
  US
  310-306-9110
 
Domain Name: VIIDE.COM
 
Administrative Contact:
  Saaf, Randy info@mediadefender.com
  11965 Venice
  Venice, CA 90066
  US
  310-306-9110
 
Technical Contact:
  Saaf, Randy info@mediadefender.com
  11965 Venice
  Venice, CA 90066
  US
  310-306-9110
 
Record last updated 07-17-2007 03:10:09 PM
Record expires on 02-07-2008
Record created on 02-07-2007
 
Domain servers in listed order:
        NS0.DIRECTNIC.COM 69.46.233.245
        NS1.DIRECTNIC.COM 69.46.234.245

It's like with the mousetraps (2, Interesting)

Opportunist (166417) | more than 6 years ago | (#20635843)

The average mouse is not stupid enough to fall for the average mousetrap. Instead, you will get the really greedy and the really stupid ones. Which in turn means two things. First of all, you think your mousetrap is working (because you catch mice) and second, you breed more intelligent mice.

Mediadefender Slashdot trolls. (3, Insightful)

Lumpy (12016) | more than 6 years ago | (#20635587)

Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."

Duh, most of us that are here too much can pick out those shills. They are very obvious to anyone paying attention. I believe there is a website out there that tracks them and even links accounts on different sites to specific people at Idiot-defender.

What they do is ineffective except for catching the 13 year old girls that dont know anything. they dont even put a mild dent in the real sharing groups. One of the guys at work was running around with a new DL DVD he got in the mail from a group member full of zero day songs and even stuff that has not been released yet all at incredibly high bitrate. He also had a copy of the Simpsons movie in 1080i which was mind blowing, it had to be a digital conversion from a not released yet BluRay master or someone broke the digital cinema format to convert it in a theater projection booth with a laptop.

Sanitizing Wikipedia is bad? (-1, Troll)

Jack9 (11421) | more than 6 years ago | (#20635619)

sanitize their own Wikipedia entry
This is a feature or Wikipedia, not a revelation. Why would you deride (by inclusion into a list of reprehensible acts) someone for using a tool as intended? It's unfortunate that a reader might be led to believe that sanitizing is an indication of guilt or even malfeasance, when it is not.

//The unpopular viewpoint gets the mod.

Re:Sanitizing Wikipedia is bad? (3, Insightful)

z0idberg (888892) | more than 6 years ago | (#20636063)

From TFA:

"When Douglas pointed out that information about MiiVi had been added to the MediaDefender Wikipedia page, Saaf decided that he wanted it taken down. "Can you please do what you can to eliminate the entry? Let me know if you have any success," Saaf wrote. "I will attempt to get all references to miivi removed from wiki," developer Ben Ebert replied. "We'll see if I can get rid of it.""

They wanted to remove all links between themselves and Miivi. When there definately was a link. They knew it was true, they just didn't want anyone else to know about it.

That's not the intended use of the tool that is Wikipedia.

Re:Sanitizing Wikipedia is bad? (4, Informative)

gurps_npc (621217) | more than 6 years ago | (#20636457)

No it is NOT a feature.

Wikipedia is clear that it is AGAINST policy to self-edit. Read the Code of Conduct.

Just because they don't have a very effective police force preventing rude, deceptive bullcrap does mpt mean it is acceptable behavior.

And YES, changing what OTHER people wrote about you without admitting who you are IS an indication of guilt. When I defend myself from something I do NOT do it anonymously.

No attempt to get comments from the AG's office? (4, Interesting)

yuna49 (905461) | more than 6 years ago | (#20635687)

I don't see any mention in the article of even an attempt to get the NY AG's office to comment on this story. Nor do I see any mention of it on the AG's own web site. If ars were a newspaper, the editors wouldn't have let this story appear at all without at least an official "no comment" by the Attorney General's office.

A quick search this am for "new york attorney general mediadefender" turned up no mainstream press reports about this story.

According the ars piece, by the way, the AG's office appeared to be interested in porn downloads, not, as the editors here put it, "working on a big anti-piracy sting and they were working on finding viable targets." From TFA, "Although the full scope of the project cannot be extrapolated from the e-mails, the information available indicates that MediaDefender intends to provide the Attorney General's office with information about users accessing pornographic content. Other kinds of information could be involved as well." (That last sentence is so vague and general that it could refer to almost any information of any kind anywhere on the planet.)

Don't the editors at least read the stories themselves before they post them to Slashdot?

None of these comments is a defense of either MediaDefender or the NYAG. I'm more concerned about the shoddy reporting that passes for journalism on geek news sites like this one and arstechnica. Particularly the latter, since the articles I've read there in the past gave off the semblance of decent journalism.

ViiDi? (4, Insightful)

ChrisStrickler (1157941) | more than 6 years ago | (#20635709)

Following the Nintendo pronunciation of Wii (as Wee), would this not be sound like ViiDi would be pronounced "Vee Die" I'd check to see if they are scandinavian and suicidal.

Re:ViiDi? (0)

Anonymous Coward | more than 6 years ago | (#20636003)

Alternate pronounciation as Vee Dee (VD) -- also quote appropriate. ;)

Re:ViiDi? (1)

ChrisStrickler (1157941) | more than 6 years ago | (#20636347)

That explains all why after a torrent I get that burning sensation!

don't you know? (1)

biscon (942763) | more than 6 years ago | (#20636183)

All scandinavians are suicidal you insentive clod!

Just curious (0)

Anonymous Coward | more than 6 years ago | (#20635871)

Did any /. people happen to investigate what software they used to put the site up ?

Just being curious - it would please my sense of irony if they used some form of open-source software.

Re:Just curious (0)

Anonymous Coward | more than 6 years ago | (#20636023)

AFAICT, their development work was predominately done in PHP and Java. Some of their servers, at least, ran Solaris, with CentOS being mentioned a reasonable amount, too.

Mark your calendars! MediaDefender @ Career Fair! (0)

Anonymous Coward | more than 6 years ago | (#20636281)

Meet the scumbags in person on 10/18 5:30PM at Harvey Mudd College!

Original Message [hopto.org] :

FW: Career Fair Registration Approval Notice

        * To: "Iris Andrade"
        * Subject: FW: Career Fair Registration Approval Notice
        * From: "Ben Grodsky"
        * Date: Thu, 6 Sep 2007 11:45:09 -0700
        * Authentication-results: mx.google.com; spf=pass (google.com: best guess record for domain of grodsky@mediadefender.com designates 65.120.42.14 as permitted sender) smtp.mail=grodsky@mediadefender.com
        * Cc: "Rick Moreno" , "Jed Levin" , "Jay Mairs"
        * Delivered-to: mdjaym@gmail.com
        * References:
        * Thread-index: AcfwsBPBwxgG7deORRqxVv0hHhGkjQABT/FC
        * Thread-topic: Career Fair Registration Approval Notice

Iris,

Please calendar the HMC career fair for Jed and Rick for October 18 (4-9 PM).

Rick and Jed -- just keep receipts for any gas/other expenses you incur on this trip. Consider carpooling, if that makes things easier for you. That day obviously you don't need to work your normal shifts, as you'll be commuting and at the fair for the company most of the late afternoon to night.

Thanks,
Ben
From: selina_zerbel@hmc.edu [mailto:selina_zerbel@hmc.edu]
Sent: Thu 06-Sep-07 11:01
To: jobs
Subject: Career Fair Registration Approval Notice

Thank you for registering for the Harvey Mudd College Fall 2007 Career Fair. This is to confirm receipt of your form for Thursday, October 18, 2007. Please make any necessary changes to the information on this form and add the names of representative's no later than October 15th, 2007. The hours are 5:30-8:00 p.m. You do not need a parking permit. There is parking on Foothill Blvd. as well as behind the Linde Activity Center except in student parking spots. The registration table will open at 4:30 p.m. Complimentary coffee/tea/and water will be available. Sincerely, Selina Zerbel

this fP for GVNAA (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20636375)

a super-organised turned over to yet Sudden and 4ccording tothis
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>