MPAA Trying To Rootkit Universities?

from the how-nice-of-them dept

Just as the MPAA is strongly pushing for a new law that would require universities to take proactive measures to prevent unauthorized file sharing from happening on university networks, the group is also apparently pushing certain universities to install some MPAA-sponsored software to monitor network usage. However, after examining this "toolkit" some are noticing that it appears a lot more like a "rootkit" than a "toolkit." Depending on how a university's network is configured, it could actually reveal a lot of private info to the outside world. The software also phones home to the MPAA, despite promising not to report back any information. There are a few other oddities as well. While it could password protect some of the exposed content, it never prompts the user to do so -- and, at the same time, it disables logging who accesses the pages revealing all the info. While it could all be a coincidence, effectively the MPAA has made it so that it (and others) can spy on university network usage without being tracked in many cases. People in the article note the similarity to the Sony rootkit situation, where software designed to "protect" actually opened up huge security vulnerabilities.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: mpaa, privacy, toolkit, universities
Companies: mpaa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dazcon5, 26 Nov 2007 @ 10:27am

    Stupid

    This is getting ridiculous... ISPs, schools, are not enforcers for these a$$hats. Wake up and smell the new markets available IDIOTS!

    link to this | view in chronology ]

  • identicon
    SM, 26 Nov 2007 @ 10:43am

    Unbelievable that the MPAA has the audacity to send a letter asking all of these Universities to police their networks. I hope all of those schools make it clear that they do not work for the MPAA, and that the MPAA doesn't get the free use of University resources for its own agenda.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Nov 2007 @ 10:44am

    The lesson learned from the Sony rootkit episode was that the record companies are above the law (no one from Sony ever went to prison or was even charged over their rootkit). So now why shouldn't the movie companies think they can do the same? And you know what? They're probably right. The FBI is in love with these guys.

    link to this | view in chronology ]

  • identicon
    Joe Smith, 26 Nov 2007 @ 10:57am

    Paying the cost

    And is the MPAA agreeing to indemnify the Universities and all of the University users when their software crashes the system or results in a leak of private information?

    link to this | view in chronology ]

    • identicon
      John Duncan Yoyo, 27 Nov 2007 @ 5:32am

      Re: Paying the cost

      >And is the MPAA agreeing to indemnify the Universities
      >and all of the University users when their software
      >crashes the system or results in a leak of private >information?

      The upside on a MPAA rootkit causing the release of private information is that there would finally be grounds to sue them into oblivion.

      link to this | view in chronology ]

      • identicon
        Ken R., 27 Nov 2007 @ 1:01pm

        Re: Re: Paying the cost

        Haha, I was just thinking of that possibility. Hopefully by the time I go to school, a number of information leaks will put them in check.

        link to this | view in chronology ]

  • identicon
    Dave, 26 Nov 2007 @ 11:10am

    When it's time to cut and run...

    Anyone who has had on older car can tell you that there comes a time to cut your losses and buy a new car. The repair and maintenance costs far outweigh the costs and benefits of purchasing something newer. I think that time has come and gone for the RIAA and MPAA. The current business model is outdated and in grave danger of loosing the connection to it's buyers altogether. It's a different world than the one that record and movie dynasties are used to. They either need to adapt or they will run head long into the tar-pits of extinction themselves.

    If the new world of eBusiness is embraced by the entertainment industry, I think that there could be an exponential growth in revenue.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2007 @ 12:55pm

      Re: When it's time to cut and run...

      I don't know...

      Maybe this is their new business model. They can't seem to make any decent films, maybe they've caught on to how entertaining it is to watch them bumble around like a bunch of clueless morons?

      link to this | view in chronology ]

  • icon
    bmac (profile), 26 Nov 2007 @ 11:32am

    universitytoolkit.com

    Anybody check to see if the GNU or GPL is being broken by their distribution of Xubuntu, Snort, etc.? They're distributing this toolkit as a bundled ISO install, but I don't see any evidence that they are also releasing the complete source code for this distro and the included tools.

    www.xenu.net

    link to this | view in chronology ]

  • identicon
    nedu, 26 Nov 2007 @ 11:33am

    rootkit==teh 3/i1

    Via Kreb's blog, a quote from Steve Worona, director of policy and networking programs at EDUCAUSE:

    "The important thing about the Sony rootkit wasn't the details about what a rootkit was or why it ended up being put into those CDs, but rather what the intention was versus what the CDs really did," Worona said.

    IOW, it doesn't matter what a hacker might think is the definition of a “rootkit”. All you need to know is . . .

    r0ot|

    Run away!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2007 @ 12:16pm

      Re: rootkit==teh 3/i1

      There have plenty of individuals (i.e. not corporate executives) convicted of computer crimes on the basis of what they actually "did" despite not really "intending" any harm. Intent (supposed) only seems to be a defense for corporate executives.

      link to this | view in chronology ]

  • identicon
    matt, 26 Nov 2007 @ 11:40am

    sadly, its breaking the law in a bad way

    they're basically asking you to give up your own rights by installing their software...so it might be a legal grey area.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2007 @ 12:28pm

      Re: sadly, its breaking the law in a bad way

      they're basically asking you to give up your own rights by installing their software...so it might be a legal grey area.
      If they don't reveal what all it is going to do (and I don't think they have) then it's what's called a "trojan". The record and movie industries have been lobbying congress for laws to specifically make it legal for them to plant trojans for some time now. While they haven't gotten that yet I guess a promise of immunity from the Justice Department is almost as good.

      link to this | view in chronology ]

  • identicon
    Eric the Grey, 26 Nov 2007 @ 11:43am

    On top of that...

    You know, they could save themselves a lot of bandwidth cost by using bittorrent to distribute that ISO image...

    EtG

    link to this | view in chronology ]

  • identicon
    nedu, 26 Nov 2007 @ 11:43am

    Techdirt comment handling

    P.S. Techdirt has a comment handling problem in html post mode with both backslashes (unescaped) and with: & (ampersand)l (ell) t (tee) ; (semicolon).

    Backslashes showed up fine in preview. Backslashes disappeared on post.

    & (ampersand)l (ell) t (tee) ; (semicolon) also showed up fine in preview. Everything in rest of paragraph disappeared on post.

    Anyhow, "rootkit == teh 3vi1".

    link to this | view in chronology ]

  • identicon
    Erv Server, 26 Nov 2007 @ 12:54pm

    RIAA

    Leo LaPorte isn't gonna like this

    link to this | view in chronology ]

    • icon
      Steve R. (profile), 26 Nov 2007 @ 1:07pm

      Re: RIAA

      What is Leo LaPorte's postion? Also Kim Komando? I only have listened to them incidentally so I don't know how "activist" they are (if at all).

      link to this | view in chronology ]

  • identicon
    teilo, 26 Nov 2007 @ 12:58pm

    They think you are stupid

    Yes, that's right, MPAA. Nobody ever looks to see what the software they install is actually doing. Everybody just installs whatever you give them and takes your word for it that it's all safe and honest.

    After all, you are the trustworthy ones, and anybody who would question your right to distribute your "toolkit" is obviously a criminal.

    Once again, this proves that the MPAA and their ilk really do think the rest of the world is stupid.

    link to this | view in chronology ]

  • icon
    Steve R. (profile), 26 Nov 2007 @ 1:03pm

    Corporations Defining What is Legal

    To reiterate the prior posts, we seem to be descending into a society where corporations (in the name of protecting their profits) will deprive the consumer of any rights, will judge the consumer's guilt, will establish the penalty, and will invoke the penalty all without due process. We are becoming a Nation of, by, and for the corporations.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Nov 2007 @ 1:50pm

    It's made from a linux variant, yet they don't make their code available. So, in fact, they are violating copyright law with this. Right?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.