Security by Obscurity is Insecurity
MediaDefender, an anti-piracy enforcement firm, just got owned via an unintended release of 700MB of internal e-mail. MediaDefender collects IP information from people who participate in peer-to-peer file sharing — entrapment in the digital age.
I haven’t looked at the original e-mails, but from the shortened version I read, their success was based on damage control and obscurity. Of course, like most PR disasters, this never works and may hold off the short term disclosures but will usually blow up later.
I talked with a few folks and the alleged way to minimize your risk (when downloading Torrents) is to enable protocol encryption and use PeerGuardian. They claim it will conceal the data being transmitted and prevent your connection from being visible to anti-piracy firms like MediaDefender.
I’m not a PR guy, but seriously, this is just common sense. Stop trying to control the Web. Obviously NetNanny works 100%, so will anti-P2P firms. ::sigh::
[tags] mediadefender, security, email, web, p2p, torrent, pr, disaster, anti-piracy[/tags]
I think some of the tactics outlined in those emails are pretty clever (even if I disagree with them); such as the conversations with the Attorney General about trying to link P2P piracy with kiddie porn- your average Joe Sixpack or Sally Housewife might not care about downloading, but if it can be associated with something like that, they’ll probably gain a lot more support from the general public- or more likely, you’ll see “Internet Safety” legislation that hypes that angle while including plenty of language or riders that enhance or broaden the authority used to monitor web traffic specifically in search of infringing material.
From TorrentFreak.com:
“The subject of the call is rather serious. MediaDefender is apparently involved in an ongoing Child Porn investigation. Their job is to identify child-porn images and report the IPs of the offending computers back to the government. A tricky project since it would mean that they actually have to download and rate the illegal content.
This wont be the end of the leaks according to the “MediaDefender-Defenders”, they claim that more will follow when time is ready.
In addition the the phone call, a huge MySQL database dump from a MediaDefender server was leaked on BitTorrent as well. The database shows tracking and decoy file information for the Gnutella network which is used by P2P clients such as LimeWire.
All this leaked information is a huge blow for MediaDefender, and it will undoubtedly cost them a lot of time and money to clean this up. Interestingly, no evidence can be found that MediaDefender is actually involved in prosecuting or gathering evidence against filesharers (as we reported earlier). Their core business is releasing fake files and polluting the filesharing networks.”
Also of note is the apparent disdain they seem to hold for their own clients, there are multiple references to them laughing at the ideas or requests of their clients- it’s as if even MediaDefender knows how futile their efforts are.
Perhaps worst of all- at least for MediaDefender employees- is that their management handled sensitive company information in such a half-assed way. Management had their work emails forwarded to Gmail and used that same email account to create accounts on torrent sites- and used the same password for both the sites and their Gmail account… work emails that included employee data such as addresses, payroll information and even Social Security numbers. This is unacceptable, and I’d like to see MediaDefender employees sue the company for such a privacy breach.