p2pnet - rss feed: MediaDefender, Revision3, screw-up
p2pnet news | P2P:- Entertainment cartel scalp hunter MediaDefender, still trying to recover its shredded credibility after seeing its confidential material spread across the length and breadth of the Net, has blown it again.
Revision3 says it’s the first media company to get it —- born from the Internet, on-demand generation.
“Unlike aggregators, mash-ups, and user-generated video sites, Revision3 is an actual TV network for the web, creating and producing its own original, broadcast quality shows,” it says.
Content is meant to be watched by audiences, “whenever they want, wherever they are, and on whatever device they choose, including everything from a 70″ HDTV to an iPod or Cell phone,” and, “Our hosts don’t come from Hollywood. Instead, they come from the same passionate fan base as our audience.”
But thanks to a DoS attack, the Revision3 server crashed on Memorial Day and, “Here’s what happened, and why we’re even more concerned today, after it’s over, than we were on Saturday when it started,” says the company’s Jim Louderback, noting it was, “pretty easy to see exactly what our shadowy attacker was so upset about”.
One particular port was singled out, 20000, and, “Interestingly enough, that’s the port we use for our Bittorrent tracking server,” he says , going on >>>
It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a “torrent”, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or “tracker”. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It’s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Every internet packet has a return address, the story observes, continuing it was as if the attackers wanted to be identified.
Instead of, “some shadowy underground criminal syndicate, the packets were coming from right in our home state of California,” says Louderback, who traced traced the vast majority of those packets to a public company called Artistdirect.
A ‘huge misunderstanding’?
The name may be familiar to regular p2pnet readers.
ARTISTdirect was bought MediaDefender for $42.5 million cash in 2005 and MediaDefender is another of the Net scalp hunters used by the entertainment cartels in their never-ending pursuit of their own customers.
MediaDefender defender Randy Saaf and his cohorts are going blind as they try to restore their reputation which, thanks to the leaks of their confidential material, is in tatters, p2pnet reported last September, 2007, going on:
“And it couldn’t have come at a worse time for the company, a favourite with the likes of the MPAA (Motion Picture Association of America), RIAA (Recording Industry Association of America).”
Little Little wonder Revision3 found the discovery “interesting”.
“Now,” it says, “this could have been just a huge misunderstanding, and >>>
Someone could have incorrectly configured a server on Friday, and left it to flood us mercilessly with SYN packets over the long Memorial Day weekend. If so, luckily it was pointed at us, and not, say, at the intensive care unit at Northwest Hospital and Medical Center But Occam’s razor leads to an entirely different conclusion.
So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at Media Defender.
First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only - to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.
Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of “Hi”s brought down our network.
Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.
“Media Defender did not do anything specific, targeted at Revision3?, claims Grodsky. “We didn’t do anything to increase the traffic” - beyond what they’d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender’s back-door access to the server, “traffic piled up (to Revision3 from MediaDefender servers because) it didn’t get any acknowledgment back.”
Putting aside the company’s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I’m still left to wonder why they didn’t just tell us our basement window was unlocked. A quick call or email and we’d have locked it up tighter than a drum.”
So what was really happening?
“Media Defender was abusing one of Revision3’s servers for their own purposes - quite without our approval,” Louderback says, adding:
“When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode - much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.”
Says Louderback >>>
If it can happen to Revision3, it could happen to your business too. We’re simply in the business of delivering entertainment and information - that’s not life or death stuff.
But what if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too.
In my opinion, Media Defender practices risky business, and needs to overhaul how it operates.
Because in this country, as far as I know, we’re still innocent until proven guilty - not drawn, quartered and executed simply because someone thinks you’re an outlaw.”
Actually, guys, you’re thinking of the normal judicial system.
There’s a special one for the entertainment cartels. Under it, everyone is guilty until proved otherwise, and even then, they’re still guilty.
Definitely stay tuned.
.
.Stumble It!
Revision3 - Inside the Attack that Crippled Revision3, May 29, 2008
$42.5 million cash - MediaDefender parent on the ropes, February 26, 2008
leaks of their confidential material - MediaDefender fiasco: update III, September 19, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
May 29th, 2008 at 3:27 pm
MediaDefender has been in the P2P-sabotage business for many years. They know what they’re doing, so it’s hard to believe that this DoS attack against Revision3 was a complete accident. Other torrent sites have complained of similar abuse by MediaDefender. The Pirate Bay filed a report with police in Sweden last year. But since most Bittorrent trackers are small and located outside the USA, there’s very little they can do against California-based MediaDefender with its deep pockets and close media-industry ties.
But MD’s actions in this case may not have been anti-piracy in nature. According to ArtistDirect’s SEC financial reports, a growing part of MD’s business has been involved in injecting non-fake content [i.e., spam] onto the P2P networks for a fee. Spammers prefer to exploit open servers in an attempt to hide the true origin of their spam.
The source code for MD’s software was leaked last year. It’ll be interesting to see if any of those applications were purpose-built for DoS attacking websites.
May 29th, 2008 at 3:28 pm
Shocking it cant be legal to use someone else’s servers without permission?
Who wants to bet media defenders share price will fall again?
May 29th, 2008 at 6:57 pm
“everyone is guilty until proved otherwise, and even then, they’re still guilty”. Surely that stupid concept is unconstitutional?
May 29th, 2008 at 7:20 pm
Just because MD take up a stance against file sharing, cosying up with the cartels, and try to screw over file sharing concerns, it doesn’t mean they really care one way or the other. It may just be the business model they chose, in order to leech lots of cash from the game.
Like a cop who gets into it for the power trip and make cash at the same time. Does he care about law and order as they all claim? Not most of them, who are also corrupt, or become so.
These MD freaks of nature may just be a group of hackers who distribute viruses online just for fun, or who had some petty grievance with BT moderators or had chatroom arguments and made it their “mission” to “avenge” themselves.
May 30th, 2008 at 11:11 am
Ars Technica is saying that Revision3 reported MD to the FBI. We’ll see what comes of that.
June 14th, 2008 at 9:10 am
@Jon
remeber how you asked a while back why you see so many trackbacks that have nothign to do with your stories? Now see the revision3 comment section!
http://revision3.com/blog/2008/05/29/inside-the-attack-that-crippled-revision3
Obviously those revision3 guys there have not only not a best network setup (OK me cut them some slack here since MediaDefenders criminal Denial of Service infrastructure is a tough beast non the less and harder fro FBI to shut down then some 16 year old pimple face that runs such an operation out of parents basement and only controling a few thousand computers around the world instead of those easy to drag in server parks that MD uses for their ciber criminal activities) but also do they give a damn about their comment section!
It is now filled with this trackback spam hapilly showing up there to all this shit websites.
Thats what this trackbacks are for linkspamming to sites that either give them money for every stupid human that cliks them and or more evil those websites are set up to exploid vulnerabilities to infact unaware clickers with malware that brings those SPAMMERS even more money.
Jon, now you know and can see why they are doing it to your site too, with the only difference that you have not activated the visability of those trackbacks!
(Keep it that way please!)