Lets step up and tell MediaDefender that their tactics are not legal, and it needs to stop
- van: everyone who has had enough abuse from MediaDefender
- ontvanger: MediaDefender
As many of you know, Revision3%u2019s servers were brought down over the Memorial Day weekend by a denial of service attack. It%u2019s an all too common occurrence these days. But this one wasn%u2019t your normal cybercrime %u2013 there%u2019s a chilling twist at the end. Here%u2019s what happened, and why we%u2019re even more concerned today, after it%u2019s over, than we were on Saturday when it started.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a %u201Ctorrent%u201D, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or %u201Ctracker%u201D. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It%u2019s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it%u2019s bound, every internet packet has a return address. Often, particularly in cases like this, it%u2019s forged %u2013 or spoofed. But interestingly enough, whoever was sending these SYN packets wasn%u2019t shy. Far from it: it%u2019s as if they wanted us to know who they were.
A bit of address translation, and we%u2019d discovered our nemesis. But instead of some shadowy underground criminal syndicate, the packets were coming from right in our home state of California. In fact, we traced the vast majority of those packets to a public company called Artistdirect (ARTD.OB). Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to a subsidiary of Artist Direct, called MediaDefender.
Now why would MediaDefender be trying to put Revision3 out of business? Heck, we%u2019re one of the biggest defenders of media around. So I stopped by their website and found that MediaDefender provides %u201Canti-piracy solutions in the emerging Internet-Piracy-Prevention industry.%u201D The company aims to %u201Cstop the spread of illegally traded copyrighted material over the internet and peer-to-peer networks.%u201D Hmm. We use the internet and peer-to-peer networks to accelerate the spread of legally traded materials that we own. That%u2019s sort of directly opposite to what Media Defender is supposed to be doing.
Who pays MediaDefender to disrupt peer to peer networks? I don%u2019t know who%u2019s ponying up today, but in the past their clients have included Sony, Universal Music, and the central industry groups for both music and movies %u2013 the RIAA and MPAA. According to an article by Ars Technica, the company uses %u201Cits array of 2,000 servers and a 9GBps dedicated connection to propagate fake files and launch denial of service attacks against distributors.%u201D Another Ars Technica story claims that MediaDefender used a similar denial of service attack to bring down a group critical of its actions.
Hmm. Now this could have been just a huge misunderstanding. Someone could have incorrectly configured a server on Friday, and left it to flood us mercilessly with SYN packets over the long Memorial Day weekend. If so, luckily it was pointed at us, and not, say, at the intensive care unit at Northwest Hospital and Medical Center But Occam%u2019s razor leads to an entirely different conclusion.
So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at Media Defender.
First, they willingly admitted to abusing Revision3%u2019s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only %u2013 to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.
Second, and here%u2019s where the chain of events come into focus, although not the motive. We%u2019d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender%u2019s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of %u201CHi%u201Ds brought down our network.
Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.
%u201CMedia Defender did not do anything specific, targeted at Revision3%u2033, claims Grodsky. %u201CWe didn%u2019t do anything to increase the traffic%u201D %u2013 beyond what they%u2019d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender%u2019s back-door access to the server, %u201Ctraffic piled up (to Revision3 from MediaDefender servers because) it didn%u2019t get any acknowledgment back.%u201D
Putting aside the company%u2019s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I%u2019m still left to wonder why they didn%u2019t just tell us our basement window was unlocked. A quick call or email and we%u2019d have locked it up tighter than a drum.
It%u2019s as if McGruff the Crime Dog snuck into our basement, enlisted an army of cellar rats to eat up all of our cheese, and then burned the house down when we finally locked him out %u2013 instead of just knocking on the front door to tell us the window was open.
In the end, here%u2019s what I know:
* A torrential flood of SYN packets rained down on Revision3%u2019s network over Memorial Day weekend.
* Those packets %u2013 up to 8,000 a second %u2013 came primarily from computers controlled by MediaDefender, who is in the business of shutting down illegal torrent sites.
* Revision3 suffered measurable harm to its business due to that flood of packets, as the attacks on our legitimate and legal Torrent Tracking server spilled over into our entire internet infrastructure. Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday %u2013 and even our internal email servers were brought down.
* Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act.
Although I can only guess, here%u2019s what I think really happened. Media Defender was abusing one of Revision3%u2019s servers for their own purposes %u2013 quite without our approval. When we closed off their backdoor access, MediaDefender%u2019s servers freaked out, and went into attack mode %u2013 much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.
That tantrum threw upwards of 8,000 SYN packets a second at our servers. And that was enough to bring down both our public facing site, our RSS server, and even our internal corporate email %u2013 basically the entire Revision3 business. Smashing the cookie jar, as it were, so that no one else could have any Oreos either.
Was it malicious? Intentional? Negligent? Spoofed? I can%u2019t say. But what I do know is that the FBI is looking into the matter %u2013 and it%u2019s far more serious than toddlers squabbling over broken toys and lost cookies.
MediaDefender claims that they have taken steps to ensure this won%u2019t happen again. %u201CWe%u2019ve added a policy that will investigate open public trackers to see if they are associated with other companies%u201D, promised Grodsky, %u201Cand first will make a communication that says, hey are you aware of this.%u201D
In the end, I don%u2019t think Media Defender deliberately targeted Revision3 specifically. However, the company has a history of using their servers to, as Ars Technica said, %u201Claunch denial of service attacks against distributors.%u201D They saw us as a %u201Cdistributor%u201D %u2013 even though we were using Bittorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn. The long Memorial Day weekend holiday made it impossible for us to contact either Media Defender or their ISP, which only exacerbated the problem.
All I want, for Revision3, is to get our weekend back %u2013 both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn%u2019t deliver.
If it can happen to Revision3, it could happen to your business too. We%u2019re simply in the business of delivering entertainment and information %u2013 that%u2019s not life or death stuff. But what if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too. In my opinion, Media Defender practices risky business, and needs to overhaul how it operates. Because in this country, as far as I know, we%u2019re still innocent until proven guilty %u2013 not drawn, quartered and executed simply because someone thinks you%u2019re an outlaw.
- Jim Louderback
CEO - Revision3
So lets step up and tell them that tactics like this is not legal and will not be toll orated anymore
petitie tekenenpetitie tekenenLet me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a %u201Ctorrent%u201D, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or %u201Ctracker%u201D. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It%u2019s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it%u2019s bound, every internet packet has a return address. Often, particularly in cases like this, it%u2019s forged %u2013 or spoofed. But interestingly enough, whoever was sending these SYN packets wasn%u2019t shy. Far from it: it%u2019s as if they wanted us to know who they were.
A bit of address translation, and we%u2019d discovered our nemesis. But instead of some shadowy underground criminal syndicate, the packets were coming from right in our home state of California. In fact, we traced the vast majority of those packets to a public company called Artistdirect (ARTD.OB). Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to a subsidiary of Artist Direct, called MediaDefender.
Now why would MediaDefender be trying to put Revision3 out of business? Heck, we%u2019re one of the biggest defenders of media around. So I stopped by their website and found that MediaDefender provides %u201Canti-piracy solutions in the emerging Internet-Piracy-Prevention industry.%u201D The company aims to %u201Cstop the spread of illegally traded copyrighted material over the internet and peer-to-peer networks.%u201D Hmm. We use the internet and peer-to-peer networks to accelerate the spread of legally traded materials that we own. That%u2019s sort of directly opposite to what Media Defender is supposed to be doing.
Who pays MediaDefender to disrupt peer to peer networks? I don%u2019t know who%u2019s ponying up today, but in the past their clients have included Sony, Universal Music, and the central industry groups for both music and movies %u2013 the RIAA and MPAA. According to an article by Ars Technica, the company uses %u201Cits array of 2,000 servers and a 9GBps dedicated connection to propagate fake files and launch denial of service attacks against distributors.%u201D Another Ars Technica story claims that MediaDefender used a similar denial of service attack to bring down a group critical of its actions.
Hmm. Now this could have been just a huge misunderstanding. Someone could have incorrectly configured a server on Friday, and left it to flood us mercilessly with SYN packets over the long Memorial Day weekend. If so, luckily it was pointed at us, and not, say, at the intensive care unit at Northwest Hospital and Medical Center But Occam%u2019s razor leads to an entirely different conclusion.
So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at Media Defender.
First, they willingly admitted to abusing Revision3%u2019s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only %u2013 to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.
Second, and here%u2019s where the chain of events come into focus, although not the motive. We%u2019d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender%u2019s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of %u201CHi%u201Ds brought down our network.
Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.
%u201CMedia Defender did not do anything specific, targeted at Revision3%u2033, claims Grodsky. %u201CWe didn%u2019t do anything to increase the traffic%u201D %u2013 beyond what they%u2019d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender%u2019s back-door access to the server, %u201Ctraffic piled up (to Revision3 from MediaDefender servers because) it didn%u2019t get any acknowledgment back.%u201D
Putting aside the company%u2019s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I%u2019m still left to wonder why they didn%u2019t just tell us our basement window was unlocked. A quick call or email and we%u2019d have locked it up tighter than a drum.
It%u2019s as if McGruff the Crime Dog snuck into our basement, enlisted an army of cellar rats to eat up all of our cheese, and then burned the house down when we finally locked him out %u2013 instead of just knocking on the front door to tell us the window was open.
In the end, here%u2019s what I know:
* A torrential flood of SYN packets rained down on Revision3%u2019s network over Memorial Day weekend.
* Those packets %u2013 up to 8,000 a second %u2013 came primarily from computers controlled by MediaDefender, who is in the business of shutting down illegal torrent sites.
* Revision3 suffered measurable harm to its business due to that flood of packets, as the attacks on our legitimate and legal Torrent Tracking server spilled over into our entire internet infrastructure. Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday %u2013 and even our internal email servers were brought down.
* Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act.
Although I can only guess, here%u2019s what I think really happened. Media Defender was abusing one of Revision3%u2019s servers for their own purposes %u2013 quite without our approval. When we closed off their backdoor access, MediaDefender%u2019s servers freaked out, and went into attack mode %u2013 much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.
That tantrum threw upwards of 8,000 SYN packets a second at our servers. And that was enough to bring down both our public facing site, our RSS server, and even our internal corporate email %u2013 basically the entire Revision3 business. Smashing the cookie jar, as it were, so that no one else could have any Oreos either.
Was it malicious? Intentional? Negligent? Spoofed? I can%u2019t say. But what I do know is that the FBI is looking into the matter %u2013 and it%u2019s far more serious than toddlers squabbling over broken toys and lost cookies.
MediaDefender claims that they have taken steps to ensure this won%u2019t happen again. %u201CWe%u2019ve added a policy that will investigate open public trackers to see if they are associated with other companies%u201D, promised Grodsky, %u201Cand first will make a communication that says, hey are you aware of this.%u201D
In the end, I don%u2019t think Media Defender deliberately targeted Revision3 specifically. However, the company has a history of using their servers to, as Ars Technica said, %u201Claunch denial of service attacks against distributors.%u201D They saw us as a %u201Cdistributor%u201D %u2013 even though we were using Bittorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn. The long Memorial Day weekend holiday made it impossible for us to contact either Media Defender or their ISP, which only exacerbated the problem.
All I want, for Revision3, is to get our weekend back %u2013 both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn%u2019t deliver.
If it can happen to Revision3, it could happen to your business too. We%u2019re simply in the business of delivering entertainment and information %u2013 that%u2019s not life or death stuff. But what if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too. In my opinion, Media Defender practices risky business, and needs to overhaul how it operates. Because in this country, as far as I know, we%u2019re still innocent until proven guilty %u2013 not drawn, quartered and executed simply because someone thinks you%u2019re an outlaw.
- Jim Louderback
CEO - Revision3
So lets step up and tell them that tactics like this is not legal and will not be toll orated anymore
Meer petities bekijken:
Je hebt JavaScript uitgeschakeld. Hierdoor werkt onze website misschien niet goed.
Door te tekenen accepteer je de servicevoorwaarden van Care2 U kunt uw e-mail abonnementen op elk gewenst moment beheren.
Lukt het niet om dit te tekenen? Laat het ons weten..