« Previous post
Next post »

February 10, 2008

The Futility of Fighting Media “Pirates”—How MediaDefender Got Hacked

Erick Schonfeld

23 comments »

pirate.pngAs if we needed yet more evidence that trying to fight piracy is a futile exercise, just look at the case of a company called MediaDefender. The company acts on behalf of media companies to monitor and sabotage the sharing of movies, music, and video games on peer-to-peer networks. It seeds BitTorrent, for instance, with fake files to try to make P2P file-sharing a hassle and annoyance. Last September, a hacker fought back by uploading to BitTorrent internal e-mails and documents outlining MediaDefender’s tactics, rendering them much less effective.

For a blow-by-blow, on how the teenage hacker compromised MediaDefender’s own defenses and why he felt compelled to disseminate its secrets on the Web, read Dan Roth’s story “The Pirates Can’t Be Stopped” in Portfolio. (In case you have not seen it, the story has been out for a few weeks). The hack ended up increasing MediaDefender’s costs by 28 percent, including nearly $1 million in legal fees and “service credits” it had to offer to unhappy media customers. Here’s an excerpt from the story, which shows how exposed the company became to the righteous teenager (who refers to the company as Monkey Defenders):

One file contained the source code for MediaDefender’s antipiracy system. Another demonstrated just how deep inside the company they had gone. This file featured a tense 30-minute phone call between employees of MediaDefender and the New York State attorney general’s office discussing an investigation into child porn that the firm was assisting with. (MediaDefender refused to comment for this story.) The phone call makes clear that the hackers had left a few footprints while prowling MediaDefender’s computers. The government officials had detected someone trying to access one of its servers, and the hacker seemed to know all the right log-in information. “How comfortable are you guys that your email server is free of, uh, other eyes?” an investigator with the attorney general asked during the call.

“Oh, yeah, yeah, we’ve checked out our email server, and our email server itself has not been compromised,” the MediaDefender executive said.

But, of course, it had.

“In the beginning, I had no motivation against Monkey Defenders,” Ethan tells me. “It wasn’t like, ‘I want to hack those bastards.’ But then I found something, and the good nature in me said, These guys are not right. I’m going to destroy them.”

And so he set out to do just that: a teenager, operating on a dated computer, taking on—when his schedule allowed—one of the entertainment world’s best technological defenses against downloading.

The story also has some good details on how MediaDefender went after the Pirate Bay.

It’s a cautionary tale for media companies everywhere. Treat file-sharers like pirates, try to clamp down on them, and they’ll always find new ways to fight back. There are too many of them. They are smarter than the media companies and the industry’s digital lapdogs. Treat them like consumers, and they’ll respond better.

(Photo via Casey West).

  • Sphere It

This entry was posted on Sunday, February 10th, 2008 at 9:46 am and is filed under Web 2.0 News & Ideas. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

Comments

RSS feed for comments on this post.

  1. Ben

    February 10th, 2008 at 10:15 am

    I think the story is interesting, but the implications drawn are not necessarily valid. Firstly, while it is true that real damage was created by this hacker, it is not clear that he actually had any real skills other than misguided, malicious intent. The story that emerged from this incident was that there was a human error due to email forwarding, and this hacker simply got the password to the third-party public email address. This was an error obviously and a silly security hole, but they rapidly shut that off and the story is that Media Defender’s internal email servers and their internal security had never been violated. So while it was dumb to have that email forwarded outside the firewall, it was quickly fixed, and this teenage anarchist is not as smart as it is made out. Secondly, as you mention, Media Defender actively works with DA’s offices to prevent crimes against children, as well as serving a useful role in preventing copyrighted materials from being illegally distributed. If one believes that child pornography should be allowed to be created and consumed without intervention, or if one believes that artists and creators of media have no right to be paid for their work, then indeed this hacker’s efforts should be celebrated or deemed inevitable. If, however, despite the many challenges that you correctly point out, one believes that there is merit in defending property against piracy and working against child pornographers and the like, then it is the efforts of Media Defender that should be applauded instead.

  2. DeMoNeye

    February 10th, 2008 at 10:21 am

    “Treat them like consumers, and they’ll respond better”

    Says it all really…

  3. Burt

    February 10th, 2008 at 10:32 am

    See that’s the problem Ben, it’s one thing if MD is going after Child Porn Swappers and their likes. But it’s another thing to throw “pirates” in with that bunch. I’m sorry, call me a pirate, but I’ll be damned if I’ll be associated with Kiddie Porn Enthusiasts.

    They should just stick to fighting child pornographers. Those are my feelings. Sorry.

  4. EH

    February 10th, 2008 at 10:37 am

    epic lulz, thanks for the pointer to the full story!

  5. EH

    February 10th, 2008 at 10:40 am

    Ben at #1 is a master of false dichotomies and strawmen, maybe with a few red herrings to boot! Won’t somebody think of the children? Please, just think of the children!

  6. Mike

    February 10th, 2008 at 12:09 pm

    In response to Ben’s comments: For decades, the issue of copying music, software, videos and the like has been around. People have recorded albums (yes, vinyl) or music from the radio to audio tape, people have “copied that floppy”, and people have ran cables between VCRs. As technology has gotten better, the copying methods have gotten better. And that’s just the casual, amateur stuff.

    The entertainment and software industries have fought back with various copy protection schemes, litigation, lobbying legislators for tougher laws, etc. It didn’t work then, and it doesn’t work now. As a general rule, what happens is that the copiers get smarter and learn how to bypass the protection schemes, while those who do buy the product are inconvenienced and treated like criminals. Litigation doesn’t work–filesharing is bigger now than ever. Would copying be worse if those things HADN’T been done? That’s arguable; my guess is “if so, not by much”.

    Illegal copying has been with us for a long time and will continue to be with us. Some will copy no matter what is done; some will buy no matter what is done. “The stick” has been proven not to be a deterrent; only a minority in the business use “the carrot”. As long as that continues, people on the edge will say “I can get this for free from (whatever site)” instead of “I wanna go buy this thing.”

    What has worked and what will continue to work is simply this; provide a quality product in a package and at a price that’s attractive to the market. Making purchasing and owning a “value-add” instead of an “I better buy this” is more likely to attract people to buy. Ripping, downloading and burning CDs is a hassle; being able to buy what one wants for a price acceptable to the consumer in a package that’s convenient to the consumer has the potential of enticing one to say, “to heck with this hassle; I can just get it at Wal-Mart.”

    It’s been shown in other areas and can be shown here that good marketing and innovation THAT BENEFITS THE CONSUMER will get better results than litigation and inconveniencing the consumer. The sooner the **AA’s, BSA’s and others get this, the happier everybody (including the vendors) will be.

    Unfortunately, I see no incentive to hold my breath on this point.

  7. JF

    February 10th, 2008 at 12:53 pm

    “Treat them like consumers, and they’ll respond better”

    They’re thieves, not consumers. Should we get rid of security guards in shopping centers as well because people don’t think they’re getting the right bargains and don’t feel like they should pay?

  8. Martin

    February 10th, 2008 at 1:22 pm

    I agree with #2 “treat them like consumers and they”ll respond better”

    I would take it a step further “embrace these pirates”! The site pirates bay has a huge community for example. These communities have massive distribution power, why not work with them and take advantage of their distribution potential.
    Instead of throwing millions of $$$ on weak marketing schemes and useless banners, find common ground in which both the music/movie companies and p2p users (consumers) can both benefit.

    Can’t wait to read a article on techcrunch in which a internet power house buys a p2p website/community and turns it into a uber movie/music distribution hot spot…….I told you so :)

  9. plop

    February 10th, 2008 at 1:50 pm

    @1

    “If one believes that child pornography should be allowed to be created and consumed without intervention, or if one believes that artists and creators of media have no right to be paid for their work,”

    So you imply that ‘pirates’ = “peados”

    @1 = C. U. N. T,

  10. todd

    February 10th, 2008 at 2:47 pm

    It’s clear to me now that #7, ‘JF’ is a pedophile. He would like to get rid of security guards in malls so that he won’t have to pay to molest children like he does in Thailand. OH - and he mis pelled ‘theifs’.

  11. Poetic Justice

    February 10th, 2008 at 2:51 pm

    This kid deserves a JOB!

    You genius goes on a holy crusade to hack the media’s hackers.
    Creates $1 million + losses for said media hackers.

    Kid: 1
    Multi-million dollar company: 0

    LOL !!!

  12. Paul

    February 10th, 2008 at 3:24 pm

    Treat them like customers? Capitulate to crooks? How about supporting the efforts of copyright holders to maintain their legal rights?

    Not everyone can survive by giving away free content from an ad-supported site (even if I’m glad you can).

  13. Chris Banach

    February 10th, 2008 at 4:31 pm

    Guys, you got it totally wrong. the ones to blame are the ISPs. You can’t expect 100% of the citizens of any given country to follow all rules and laws. There will ALWAYS be what you call “criminals”. That’s part of human nature.

    Now to treat this subject seriously, you got to consider this : it all started when ISPs decided to offer unlimited download packages. Because let’s face it, if someone downloads more than 3 gigs a months, you can be 100% sure that it’s to download movies or other “illegal” materials. It’s impossible, even for a webmaster like me to reach this level of downloads with, say, a few websites contents or even exchanging tons of PDFs and professional docs through email or http://FTP.

    That being said, you’ll understand now why countries like France are considering a pretty good solution to fix this mess : taxing the ISPs that offer full bandwidth for unlimited downloads. And in France they ALL do. And I think that’s pretty smart, because these taxes collections will go directly towards the record and movie industry in such a manner that it’ll be evenly distributed among all parties involved, from the largest studios to the smallest indie producer.

    The point is that ISPs are making (and have made so far) huge profits, precisely because they advertise their so called “unlimited download” offers, and everyone with an IQ above 80 understands what it means : free music and movies.

    So i think it’s just the whole business model that’s changing, whether you like it or not, but if you think about it, in a pretty logical way : ISPs are just like tv networks today. Most movies from the studios are actually produced by tv networks these days. And ISPs act exactly as a new media container, just like TV yesterday.

    The only (big) difference being the economics behind them : TV makes money from advertisers, and ISPs from monthly fees. And trust me, ISPs make more net profit than TV networks, because while both are challenged by huge technical expenditures, ISPs don’t have on top to spend billions in producing media content.

    Thus taxing the ISPs is not a good solution, it’s the ONLY solution. Or, an alternative would be to go backwards and have a new law enforcing ISPs to limit bandwidth like 10 years ago, say to 2 or 3GBs per month, and then ask 5 bucks for each extra Gig. But i don’t believe in this solution as it doesn’t put all countries on the same level : americans earn on average 10 times more than developing countries, so you can’t ask the same participation from consumers worldwide, and it would be way too complicated.

    In any case, my conclusion is that it would be really hard to enforce retributions by ISPs to media producers, unless it comes in form of a tax handled by at least western countries governments.

    And #7, when it comes to downloading and morals, who are you to judge people ? Another preacher ? Ok, then why don’t you go spend your energy rather in stopping tobacco companies, alcohol industries and car manufacturers instead ? They ALL offer products that rely on the way customers will DECIDE to use them. Cigarettes will get you cancer if abused. Alcohol will get you loosing it and beat your wife, at best. And if you decide to drive over 70mph and kill a few people, nothing precludes you to do it.

    See ? It’s after all a matter of human nature. Some people won’t do all that, but many will and they still will go to church next sunday morning, and there’s nothing you can do about it, because they don’t share your “morals”.

    By the way, a recent report published this friday on yahoo established that 25% of american women suffer from domestic violence. Dude, you didn’t choose the right windmill to fight, “pirates” ain’t the enemy.

  14. other

    February 10th, 2008 at 5:14 pm

    ““Treat them like consumers, and they’ll respond better”

    They’re thieves, not consumers. Should we get rid of security guards in shopping centers as well because people don’t think they’re getting the right bargains and don’t feel like they should pay?”

    completely agree - erick, please take your hippie pro-pirate attitude and gtfo.

  15. other

    February 10th, 2008 at 5:16 pm

    “And #7, when it comes to downloading and morals, who are you to judge people ? Another preacher ? Ok, then why don’t you go spend your energy rather in stopping tobacco companies, alcohol industries and car manufacturers instead ? They ALL offer products that rely on the way customers will DECIDE to use them. Cigarettes will get you cancer if abused. Alcohol will get you loosing it and beat your wife, at best. And if you decide to drive over 70mph and kill a few people, nothing precludes you to do it.”

    what on EARTH are you talking about?!?!? how can you compare someone downloading illegally obtained material to car manufacturers? please learn to think.

  16. RM

    February 10th, 2008 at 5:34 pm

    AAAAARRRRRRRRRRRhhhhhhhhhhhhhhhh!!!!!!!!!!!!!! Love them pirates! Get with the times!

    Bad artists copy. Great artists steal. - Pablo Picasso

  17. Who downloads these days?

    February 10th, 2008 at 5:38 pm

    When you can just stream the stuff off of sites like youtube (use it on my iphone 2 listen to music playlists), tv-links
    , joost, hulu and others with Divx quality!

    Streaming is not illegal! I just want to watch or listen… dont need to own.

  18. browse

    February 10th, 2008 at 7:20 pm

    Will people please stop equating pirating and stealing? The linking of the two has got to be the best propaganda mindfuck of the last 50 years.

    Stealing means I take something from you, and you don’t have it anymore. If I steal a CD from Tower Records, they can’t sell that CD to someone else.

    Pirating creates a copy, and what happens to the copy is undetermined. Some people use that copy in lieu of buying one. Some use copies to sample new works before committing money to them. Some never listen/watch them after they are copied. Some remix copies together to create new art.

    I’m an artist. I understand the frustration of seeing other benefit from your work without directly benefitting yourself, but can we please stop calling pirates thieves? I’m not defending piracy, I’m just pointing out that it is very different from stealing.

  19. JF

    February 10th, 2008 at 7:26 pm

    Amusing how when people knowingly do wrong, they insult others, point to higher offenses, justify it because it’s ‘unenforcable’, claim it’s technically legal, or any other bull shit. Bottom line, it’s wrong and it does hurt others financially.

    You’re not just screwing rich producers and high paid actors (it would still be wrong). You’re also screwing over the grips, gaffers, caterers, props/wardrobe people, writers, assistants, editors, agents, extras, cameramen, etc.

    You’d be pissed if your paycheck went down because a bunch of NON-judgemental pricks distributed your livelihood.

    Should they change the current distribution process? Sure. But until then, grow up and think about someone other than yourself for a change. I’m done with this.

  20. robin

    February 10th, 2008 at 8:38 pm

    to get back on-topic, this story is MONTHS old. it was exciting when it happened…months ago…and still fun to read about though.

    the passion, and sometimes virulence, of the above typical arguments, to me fully reflect the Schumpeterian “creative destruction” we are living through. livelihoods (but not! lives) are at stake and passion is to be respected, both in defense of the old and hope in the new.

    for myself, i prefer to be looking ahead, not behind :).

  21. Jack

    February 10th, 2008 at 11:28 pm

    @#13: “…let’s face it, if someone downloads more than 3 gigs a months, you can be 100% sure that it’s to download movies or other “illegal” materials.”

    I downloaded (rented) a 1.24GB movie from iTunes tonight. It’s the 3rd movie I’ve rented this month. What decade are you living in? In the 90’s it might have been difficult to download 3 gigs a month, but now it’s hard not to download that much a month. And I download everything legally.

    Why should my ISP give money to the record industry if I don’t download music? How do we decide which random industries get money from the ISPs? The ones with the wealthiest lobbyists? I couldn’t read your full comment because the scenario made me feel ill, but hopefully you admitted you were joking near the end.

  22. Realist

    February 11th, 2008 at 3:03 am

    @JF #19,

    Lets be real here if you want to account for all those in the media food chain.

    Like the vast majority of for profit businesses those in middle to bottom positions will always take it harder then the top. Even the end consumer is treated to taxes on storage media to compensate for “pirated” material.

    Is it not odd that I pay a compensation tax even though I have not one single copywrite infringement on any of this media? Is it not odd that the middle/lower people in the production food chain take a harder hit so those at the top can keep their paychecks in status quo?

    Bottom line is life is not fair. New technologies have now given the masses a way distribute information that is forcing long held conventions to be challenged.

    Life changes, the strong ones adapt while the weaker ones fade away. What we are witnessing now is many business models across many products failing as what once flourished in the dark is now brought into the light.

    For the record my sole source of income is derived from others buying my product and it can easily be “pirated”. I innovate ways to prove the value of my product through “legitimate” avenues to stay alive. My energy is better spent on innovation rather than futile draconian methods of protecting my distributions.

  23. Grasping Hands

    February 11th, 2008 at 6:03 am

    JF:

    (A) Legal music is too expensive. For $20 my son can either buy 1-2 hours of recent music — for which, up until recently, it would be a safe bet that only 5-10 minutes of which was actually good, due to the way albums bundled things together — or can buy another month’s subscription to World of Warcraft and a nice cup of coffee. My house has some rules, but in theory the World of Warcraft monthly subscription is providing approximately an entire month’s worth of entertainment — some people apparently are on that game 4-8 hours a night, every night.

    The price-to-length ratio is similar with just about every other media project — music is, hands down, the worst value-per-dollar at its current price points, and getting worse all the time.

    (B) Legal music is too expensive, part 2: have you looked at the financial health of young people these days? Most are graduating college with negative net worth due to student loans, and that doesn’t take into consideration consumer debt and so on.

    In a state of general indebtedness even the young and naive aren’t typically dumb enough to buy even more stuff they don’t really need without having a very good story to sell themselves on the purchase; given how bad of a buy recorded music is, it’s not surprising they buy it less and less often.

    (C) Legally purchasing music doesn’t convincingly “support the artists”, and young people know this. In theory, many people might purchase music to “support the artists” even if the recorded music is overpriced compared to other forms of entertainment, in the same way that even poor students have been known, say, to “overpay” at free-admission museums by putting some money in the donation box.

    However, it’s common knowledge that of a typical $20 album only $1-2 ever makes it to the artist, and that knowledge undermines the “buying this album supports this artist” narrative that might overcome (A) and (B). The remaining arguments that buying albums “supports artists” are fairly abstract — purchases today contribute to perceptions of potential profitability, leading to incentives to future producers, etc. — and are therefore unconvincing even if true.

    (D) Copyright is currently well-nigh-unenforceable for digital media; consequently, if it didn’t already exist, it’s not something people would be easily sold on (it’d be in the same category as a proposal to levy a consumption tax on breathing, or a per-step tax credit for walking); young people in general tend to ignore unenforceable laws that don’t seem like they’d be enacted now if they weren’t already on the books.

    (E) And, finally, about the gaffers and stagehands and recording engineers and so on: we live in a market economy, and so people “losing their jobs” because they are in outmoded industries or inefficient companies is a normal part of life, and not an incentive to change one’s course of action.

    Young people in low-skill, entry-level positions are well aware that, in the event their employer has a poor product and risks going out of business, there’s no pool of people who will keep buying their employer’s product just to keep them in jobs; that luxury is reserved for only a very few.

« Previous post
Next post »