MediaDefender's Denial Of Service Attack On Revision3
from the how-friendly-of-them dept
Lots of you are probably familiar with MediaDefender. They've been around for many years (we first mentioned them back in 2000) with the business proposition of basically helping big entertainment companies disrupt any sort of unauthorized file sharing. In the early days, that just meant putting up spoof files to annoy people. But it's become a lot more sophisticated since then -- including tricking people into downloading spoof files with malware that actually scans your computer for infringing files. Then, of course, there was the infamous attempt to create an entire fake honeypot file sharing system to try to catch people for unauthorized file sharing. The company has also been accused of a variety of different denial of service attacks against sites it believes are promoting file sharing. On the whole, pretty much everything the company seems to be associated with would be considered dirty tactics. What's amazing is that in pulling all these dirty tricks, MediaDefender never seems to get in much trouble for it. However, it may have picked the wrong target this time.Over the weekend, there was a lot of buzz about the fact that online video company Revision3 was taken totally offline thanks to a denial of service attack. As a whole bunch of you are sending in, Revision3's CEO has now put up a post explaining how it was actually MediaDefender that very obviously launched the denial of service attack on Revision3. There are some details missing, but effectively what has been pieced together is that Revision3 uses BitTorrent (properly and legally) to help offload the bandwidth costs of distributing its videos (this is exactly what BitTorrent was originally built to do). MediaDefender, however, used a backdoor into Revision3's BitTorrent tracker to inject its own nefarious torrents -- basically piggybacking off of Revision3's tracker. Revision3 noticed the backdoor and closed it -- at which point, MediaDefender's system started flooding Revision3's servers with over 8,000 pings per second (MediaDefender claims it should have been once every 3 minutes).
So, it doesn't appear to have been a malicious attack by MediaDefender on Revision3 -- just a sneaky, poorly implemented one (which, at this point, seems par for the course on just about everything MediaDefender does). And, in doing so, it took a totally legitimate business nearly completely offline for a few days, and doesn't seem particularly apologetic about it. And these are the guys that the entertainment industry trusts to save it from the "evils" of unauthorized file sharing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bittorrent, denial of service attack
Companies: mediadefender, revision3
Reader Comments
Subscribe: RSS
View by: Time | Thread
Thanks
[ link to this | view in chronology ]
What was injected and why?
response. Maybe it's too popular at the moment.
What was media defender injecting into Rev3's
torrents.
Rev3 seems to be doing nothing wrong what is
media defender's interest in their business?
[ link to this | view in chronology ]
I found this works
[ link to this | view in chronology ]
Re: What was injected and why?
[ link to this | view in chronology ]
Re: Re: What was injected and why?
Check back in a couple of hours after everything has calmed down.
EtG
[ link to this | view in chronology ]
Isn't sending malware just as illegal and infinitely more harmful than downloading a copyrighted file, especially in these days of zombie computer networks?
WTF?
[ link to this | view in chronology ]
Re:
If you and everyone you know doesn't convince their congress critter to stop the bill that will make *attempted* copyright infringement a punishable crime, yes they will be able to do that soon.
[ link to this | view in chronology ]
Re: Rose and Erich's Comments
[ link to this | view in chronology ]
route add
[ link to this | view in chronology ]
I'm pretty sure that getting someone's personal information without their knowledge and then sending it to an outside organization is either a. very illegal or b. just makes them even more of a dick.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
reversal of roles
If I was Rev3 I would sue for revenue lost during the down time caused by MediaDefender; and because we are in America where anyone can be sued for anything, I would sue everyone associated with MediaDefender as well.
[ link to this | view in chronology ]
Re: reversal of roles
[ link to this | view in chronology ]
revision3 will be down for a day I suspect
/welcome revision3 to what google size traffic can do to a server: aka nuclear warfare lol
Anyway, with that said, MD has admitted to illegal actions. On many many levels according to people on groklaw there are avenues for recourse that Revision3 may be able to pursue. This will be a hell of an interesting case explaining that "yes, I am using someone else's legitimate servers without their consent, its only a coincidence that I bombard them if they cut me off"
IANAL but that will be a fun case.
[ link to this | view in chronology ]
Re: revision3 will be down for a day I suspect
[ link to this | view in chronology ]
Re: Re: revision3 will be down for a day I suspect
[ link to this | view in chronology ]
Wow
I'm in awe of the stupidity, incompetence and short-sightedness of MediaDefender's actions, as well as the balls it must take to say "sorry we shut down your business over Memorial weekend, but tough s**t" (paraphrasing, obviously).
Surely they can be prosecuted for various hacking and computer/wire fraud crimes? They should at least be sued for the lost revenue.
The amusing part about this: they apparently feel no shame because Revision3 happen to use BitTorrent, a perfectly legitimate file distribution method. Remember, these are meant to be the "good guys". We need to feel sorry for MediaDefender because those *other* companies they work for (RIAA/MPAA members) might be losing money and those companies are richer and therefore more important than Revision3...
[ link to this | view in chronology ]
Re: Wow
[ link to this | view in chronology ]
It gets better...
"MediaDefender claims that they have taken steps to ensure this won’t happen again. “We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”, promised Grodsky, “and first will make a communication that says, hey are you aware of this.”"
Erm, shouldn't they actually be checking who the trackers belong to anyway? I'm no expert on this subject, but I know that back when I used to do support for a hosting company, most servers that were distributing P2P or torrent files illegally turned out to have been hacked or had rootkits installed. They were always fixed/pulled as soon as this became apparent, usually with the blessing of the customer. I'd guess that most people running illegitimate trackers would like to know about it themselves...
[ link to this | view in chronology ]
Gee..I'd really like..
Here we have an ISP that must have a TOS policy that permits Denial-of-Service attacks.
Or did MediaDefender --LIE-- when they signed up?
No. I simply can't believe that a company hired by the RIAA/MPAA would ever lie. That wouldn't be ethical.
[ link to this | view in chronology ]
Re: Gee..I'd really like..
[ link to this | view in chronology ]
Re: Re: Gee..I'd really like..
This is first week of Business Law 101 stuff.
[ link to this | view in chronology ]
Re: Re: Re: Gee..I'd really like..
If your business law class taught you that contracts have to list everything that is illegal in order to be valid then you need to ask for a refund.
[ link to this | view in chronology ]
Possibly MediaDestructor would be more in line with their actions.
[ link to this | view in chronology ]
Perp Walk?
[ link to this | view in chronology ]
Re: Perp Walk?
However, they WON'T be prosecuted. Money talks.
The U.S. lawmakers, politicians and the A.G. offices are hopelessly corrupt in the amount of money they receive from media companies such as the MPAA and RIAA. As such, MediaDefender is COMPLETELY free to hack with impunity.
Until laws change, until the political process changes and until these companies lose the ability to buy the law, this will continue.
Land of the free indeed.
[ link to this | view in chronology ]
Re: Re: Perp Walk?
By the way, I'm now a happy member of Revision3. Thank you Mike. Now I want to figure out where the torrent part comes in so I can share.
[ link to this | view in chronology ]
Re: Re: Re: Perp Walk?
MediaDefender will give them gobs of money to settle.
[ link to this | view in chronology ]
DDOS Mitigation
You guys should look into a provider called ypigsfly (ypigsfly.com) as they provide ddos mitigation (called securepig) of up to 2gig/sec and 2 mil packets per second. They do advance detection based on ip/protocol anomaly + behavioral detection as well as the traditional tcp-syn fin/reset attacks along with icmp/udp protection. They also do rate limiting based on a per policy so you can limit the amount of connections a service receives from a source ip or network.
cheers
[ link to this | view in chronology ]