11 Comments

Summary:

The denial-of-service attack against online video distributor Revision3 continues to make waves. Revision3 CEO Jim Louderback revealed yesterday that his company had identified the anti-piracy outlet Mediadefender as the source of a massive flood of messages that brought Revision3′s infrastructure to its knees.The incident is one […]

The denial-of-service attack against online video distributor Revision3 continues to make waves. Revision3 CEO Jim Louderback revealed yesterday that his company had identified the anti-piracy outlet Mediadefender as the source of a massive flood of messages that brought Revision3′s infrastructure to its knees.

The incident is one more blow for Mediadefender, which has been in the headlines for the better part of the last year for its attempt to start a P2P distribution platform that critics viewed as entrapment, as well as for a hacker attack against its own servers that culminated in the leak of over 600 corporate emails. It also seems to be a clear-cut case for Revision3. The company uses BitTorrent to serve its own legal content and shouldn’t have been targeted by Mediadefender in the first place. It’s good vs. evil, startup versus corporate muscle, right? Well, it’s a little more complex than that — it even involves an aging action hero on a mission.

It all started with Rambo. A blogger that calls himself “The Lazy Canadian” was looking for some entertainment last weekend. He decided to give the latest Rambo flick a try, and scoured the net to find a torrent somewhere. This didn’t take too long, but he was surprised when he noticed that the tracker associated with the torrent in question belonged to Revision3. He published a quick post about it on the Revision3 forums, which prompted the company to take a second look at its torrent tracker.

Revision3 is running a torrent tracker to facilitate the BitTorrent downloads of its own shows, but it turned out that the company perhaps accidentally had been running this tracker server in a way that allowed anyone to use it for its own torrents as well. This is known in P2P circles as an “open tracker,” and BitTorrent uploaders have been making use of Revision3′s open tracker for years. The BitTorrent web site BTMon.com lists more than 22,000 torrents (not safe for work) associated with Revision3′s tracker, with the downloads in question ranging from current Hollywood blockbusters to pop and pornography. Some of these torrents were published as early as four years ago.

Mediadefender used this open tracker in the same manner as other BitTorrent users — to publish its own content — which mainly consists of corrupted and decoy content aimed to frustrate downloaders. It’s unclear how many of those 22,000 torrents were actually from Mediadefender, but the list of files makes it clear that there was a good amount from other sources as well. It’s just very unlikely Mediadefender was hired to spread decoys of biology term papers.

Revision3 took a step against those 22,000 torrents a few days ago by installing a white list that barred the server from tracking any torrent not officially sanctioned by the company. Mediadefender’s servers reacted by flooding Revision3 with thousands and thousands of messages. Louderback published a very detailed account of the incident on Revision3′s blog, and speculated that “MediaDefender’s servers freaked out, and went into attack mode.”

While it would be easy to point fingers at Mediadefender and claim they tried to sink a tracker server that wasn’t cooperating with them, it’s far more likely that they were just running a shoddy script that went out of control. That’s still negligent, but it happens — and it wouldn’t really have made any headlines if Mediadefender wasn’t in the anti-piracy business. In fact, the whole story seems to be a little overblown. It boils down to two admins not doing their job, with one working at Revision3 and allowing its servers to track 22,000 warez, movie and porn torrents, and one working at Mediadefender and running scripts that don’t know when to stop.

Of course, there is another issue at hand here. The incident is further proof that technical anti-piracy measures don’t work. Trying to protect content by impairing a technology is a strategy that’s poised to backfire because you’re targeting the technology and not the bad guys, and technology gets used by honest people, too. That’s been true for DRM, and it’s been true for online-based anti-piracy efforts for some time as well. Just mark this one as another defeat for the idea of technical control.

Disclosure: Revision3 produces The GigaOM Show (which is currently on hiatus).

  1. Don’t Mess with the Louderback!

    Share
  2. Nice summary of the events. I submitted the story to Digg, hopefully it’ll get some attention there.

    Share
  3. a script that sends a 8GB SYN DOS went awry? come on newteevee. DOS attacks are a federal offense. end of story.

    Share
  4. [...] Desesperadas por intermédio do tracker da Revision3. De acordo com o que Janko Roettgers refere no NewTeeVee, só o site indexador de torrents BTMon.com indica mais de 22 mil torrents associados ao servidor [...]

    Share
  5. Besides the fact that you spelled my name wrong, there’s another problem with your story. Revision3 started in 2005, and distributed our programs only on Bittorrent for at least a while – and we’ve been doing Torrent distribution since. However, since at least April of last year, according to our IT folks (who started then), our tracker has been locked down to all but our own shows.

    <

    p>
    This changed in April of this year, when we switched tracking server software to try to keep the tracker stable (the native Python-based bittorrent tracking server software had trouble with white lists composed of thousands of shows – which we have).

    <

    p>
    At that point our tracker was open for five weeks, until a forum member alerted us to the fact that it was, in fact, providing index entries (or tracking – much like a search engine) lots of illegally shared files. So we shut it down and the rest of the mess ensued.

    <

    p>
    Since we were up on Torrent since 2005, and since we were probably (I say probably because back when we were three guys in an apartment in LA, no one can really remember the details clearly) running an open tracker up until April of last year, our tracking server address became widely known… When you create a torrent, you can specify any tracking server address you like – up to 40. And a list of known open trackers comes along with most torrent creation software. I could, theoretically, create a torrent of The Office and use tracker.newteevee.com as one of those 40. That doesn’t mean you have a tracking server running.. just that someone thinks you do.

    <

    p>
    We were probably widely known for running an open tracker server, among the torrent-trading underworld, back in 1995/6. And when we came back up in April of 2008, those torrents immediately glommed back onto our tracking server. But remember – just because you are listed as a tracking server address in a torrent is no guarantee that there’s a real server behind it.

    Also remember that running a tracking server is not illegal. It’s like a search engine, it just provides pointers. Still, we’re much happier that we have a stable tracking server that’s locked to just our shows (it’s not even running at all now, due to the problems, but should be back soon).

    Share
  6. I wonder if they had similar problems during the California Gold Rush?

    Share
  7. Even if Mr. Louderback hadn’t just blown your premise completely out of the water, you would still look amateurish equating the error of one admin which incidentally allows OTHER PEOPLE to violate the law with the actions of a second admin that DIRECTLY (and knowingly and intentionally) violates the law!

    Not to mention the questionable cognitive leap associated with determining that the actions of the second admin (the one intentionally violating federal law) are even an error in the first place. MediaTerrorist has never said the way their system functioned was an error, have they?

    Share
  8. [...] NewTeeVee: What the DOS attack against Revision2 was really about. [...]

    Share
  9. bradgoetsch Sunday, June 1, 2008

    Breaking the law in order to protect intellectual property seems to be a road the world doesn’t want to travel down. If corporations start making this a regular practice, I can only imagine the backlash and chaos that would ensue from the real hacker community. Preemptive justice could be a bitch.

    Share
  10. Janko Roettgers Sunday, June 1, 2008

    Jim, sorry about the spelling error, I’ve corrected it in the original article, and thanks for stopping by to share your perspective. However, I don’t really understand what your point is when you say:

    “I could, theoretically, create a torrent of The Office and use tracker.newteevee.com as one of those 40. That doesn’t mean you have a tracking server running.. just that someone thinks you do.

    We were probably widely known for running an open tracker server, among the torrent-trading underworld, back in 1995/6. And when we came back up in April of 2008, those torrents immediately glommed back onto our tracking server. But remember – just because you are listed as a tracking server address in a torrent is no guarantee that there’s a real server behind it.”

    Are you disputing that you tracked those 22,000 torrents? The data from sites like BTMon is pretty clear in this case. Here’s a quick snapshot from one of the torrents in question:

    “The.Chronicles.of.Narnia.Prince.Caspian.2008.Eng.TS.DivX-LTT.torrent – http://tracker.revision3.com:20000/announce
    dls 1688, seeders 197, leechers 531, updated 1w ago.”

    Now I’m not saying that you broke the law by helping to distribute those files – heck, for all I know this very file could be a Mediadefender decoy.

    But the fact that you had a widely used open tracker with tens of thousands of torrents running undermines the argument that Mediadefender sneaked through a back door to wreak havoc. The door was wide open, and there already was a party going on inside.

    Share

Comments have been disabled for this post