In Revision3 DOS outage, has Hollywood gone too far?

A company that legitimately distributes its video programming via peer-to-peer is shut down for three days last weekend after being pummeled with traffic. The likely culprit: a company paid by the major movie studios and record labels to fight piracy. What's wrong with this picture?

It was Memorial Day weekend and Revision3 was scrambling to get its Web TV network back up. Its servers were being bombarded with so much traffic, they were shut down in what is known as a denial-of-service outage. That meant no Diggnation or Tekzilla--popular Web shows for a generation of tech-savvy consumers who get their news and entertainment from the Internet instead of TV.

(Credit: Revision3)

The attacks led to hundreds of thousands of disgruntled fans and tens of thousands of dollars in lost ad revenue for Revision3, estimates Revision3 Chief Executive Jim Louderback.

In the following days, Revision3 was able to trace the majority of the packets overwhelming its torrent index server to a company called ArtistDirect, which acknowledged to Louderback that the IP address generating the packets belonged to a Los Angeles-based subsidiary called MediaDefender.

MediaDefender offers Internet piracy fighting services to clients including "every major record label and every major movie studio, video game publishers, software publishers, and anime publishers," according to its Web site. The company markets "non-invasive technological countermeasures" it uses on peer-to-peer networks that are designed to "frustrate users' attempts to steal/trade copyrighted content."

Among those methods are decoying and spoofing, in which they send blank files and "data noise" that make finding pirated content on the Internet as hard as finding a needle in a haystack.

MediaDefender Chief Executive Randy Saaf says he has found evidence that Revision3's tracker has been used to index pirated content for at least four years.

"They are running an open tracker that had (links to) a lot of pirated content on it," Saaf said. "We didn't know they were running it. We were targeting the pirated content."

But Louderback says that since April 2007, Revision3's tracker has only linked to its own content, except for during the five weeks leading up to Memorial Day. Last month, the company switched tracker software as part of a move to stabilize the server because it was crashing, and that left the server open to the public to post links to outside content, he says.

"We didn't advertise it was open. It's like leaving your garage door open," and people can't legally just walk in, he said.

Things came to a head after Revision3 closed what Louderback described as a "back door" to its tracker server. The MediaDefender packets--arriving as fast as 7,000 packets a second--backed up and Revision3's operations were offline for about three days, according to Louderback.

"They were either grossly negligent in how they program, or programmed (the traffic) to be obnoxious," he said. "I can't impugn their motives. All I can say is the behavior we saw."

"They said they are changing their process and procedures," he added. "That still doesn't give me my weekend back."

MediaDefender's Saaf sees it differently. "In our mind we were not targeting a legitimate company. All we saw was a public tracker with (links to) pirated content, he said.

Going forward, MediaDefender will look to see if any public trackers it finds are associated with a company, and if so will contact them before acting, Saaf says.

"Hollywood goes too far and loses all credibility when their investigators, in the name of antipiracy, act like lawless pirates and hack servers and force law abiding services off the Internet."

--Ira Rothken, intellectual property attorney

The legal issues are unclear. Putting aside any discrepancies over whether there were links to pirated content on Revision3's tracker and for how long, there are questions about whether by transmitting so many packets at once, MediaDefender knowingly caused a denial-of-service outage. In addition, anti-competition questions could be raised since ArtistDirect promotes videos and music and could be seen as a rival to Revision3.

Using a back door to a server without permission of the owner could make MediaDefender liable under the Computer Fraud and Abuse Act and could violate Revision3's terms of use, which typically prohibit creating unreasonable loads on the servers or accessing servers without authorization, said Ira Rothken, an attorney who recently defended TorrentSpy against copyright claims.

Louderback, who wrote about the situation on his company blog early on Thursday, said he probably won't sue because of financial constraints.

MediaDefender's behavior has crossed a line, Rothken says.

"Hollywood goes too far and loses all credibility when their investigators, in the name of antipiracy, act like lawless pirates and hack servers and force law abiding services off the Internet," he said.

"It's ironic for a company that is supposed to be helping major Hollywood organizations in getting legal compliance, that they would use techniques that at least optically appear to be in violation of the law," Rothken added.

To others, including my CNET News.com colleague Charles Cooper, Revision3 is more like a civilian casualty in an escalating cold war over how to protect and distribute copyrighted content in a digital age.

"You'll find over time more and more examples of Hollywood, big music and their agents being overzealous, overreaching, and overprotecting," said Eric Garland, chief executive of peer-to-peer file-sharing tracking firm Big Champagne. "If they are going to compete and defend their content aggressively enough to put a meaningful dent in piracy, they are going to be overinclusive and make mistakes."

[ara_p]

Shhhh! Don't go writing incendiary posts with titles like that! They might target CNET next! :-P

[Maccess]

In the future, content will be community created, and no one will be interested in viewing or possessing commercial material because of all the hassles involved (whether it is legitimate or not).

Rootkits, IP attacks, harrassment, all these will make most people actively avoid most commercial material.

Is it acceptable to you that kids are harrassed in school in the pre-text of anti-piracy efforts?

[badasscat]

The problem is most "community created" content is dreck. A quick visit to YouTube will confirm this for you.

There will always be both a desire and a need for commercial content. Content creation is a skill like any other that depends on both training and experience. It is a highly specialized industry with many different facets. The best people in the industry are not going to work for free.

[Penguinisto]

Heh - a sibling post mentions that most community created content is dreck. For the most part, this is correct... but then, the vast majority of Hollywood-created content is crap as well (contrived, intellectually shallow, and carved into 6-minute slices for ease of commercial insertion, etc...)

[NoNoBadDog!]

Hollywood should be ashamed of itself! Rev3 is a website that promotes the hardware, software, DVD releases, etc. (Hint: it's all legitimate, too!). Instead of going after the thousands of about-to-be felons sharing movies illegally on the dozens of P2P networks, they attack a website that actually supports and gives business to Hollywood! What a bunch of losers!
If MediaDefender, and in particular Randy Saff, had any dignity at all they would be apologizing right now! I for one hope that Revision3 takes legal action against MediaDefender...

[trekologer]

So MediaDefender plants aledgidly pirated content on R3's tracker, then attack R3 for having the aledgidly pirated content that MediaDefender planted there. Brilliant! Why didn't I think of this get rich scheme first?

[t8]

If you can't embrace the future, then you are history in the making.

[gerrrg]

If Revision3 is correct, why not sue? It's just speculation, but I'd bet there are more than a few lawyers drooling at the thought of being able to find a written document to tie studios (or the MPAA/RIAA) directly to MediaDefender and the DDOS tactic being either overtly or indirectly sanctioned. Heck, with Revision3 unavailable for the weekend, doesn't that give consumers standing in court? I sense class-action lawsuit!

[Papa Chango]

If this was some young kid who had committed two serious crimes, he'd be in jail and all his computers would be seized.
In an ideal world, justice would be equal for young hacker and for sleazebags like Saff.

Going forward, I hope his future involves the feds busting his door down and throwing out buzz words like cyber terrorism.

Whether they get sued out of existence or given accomodations with a lonely roommate named Bubba is fine with me.

Both would be ideal.


And thanks to Coop for minimizing the importance with his idiotic analogy and reminding me why I flee his ramblings as much as Enderle's.

[drummerhul]

That's messed up. Hollywood's attitude toward digital media is old school.
I suggest we all help Revision3 get back at Hollywood. Tell all your friends about the site and get them going to it. This is an advertising opportunity for Revision3. Hopefully the make up for the lost revenue over the weekend.

[inachu]

This is why I have added a fire wall rule to block any and all communication with RIAA and their entire subdomain. Do the same thing with most other companies that like to ping my network. I deny their ping 100%

[thedreaming]

I'm patiently waiting for the day when MediaDefender attacks a big company, like Microsoft or Apple. I can see the sky darkening and an army or lawyers descend on that little pathetic company. Microsoft would buy them out, level the building and make a parking lot. Apple would level the place and make an even larger Apple store!

[zeroplane]

That is a nice con they have there.. Let the media conglomerates spend money on this con. It sure is a good thing my torrent clients allow black listed IPs and when other peers are sending false packets or garbage data that doesn't pass an MD5 check the IP is black listed.

Ah.. does that mess up your con (I mean business model)?

[wjcunning]

Class Action. Use companies exposed to DoS attacks by MediaDefender. They are creating loss of revenue, and a restraint of trade by their practices which is punishible under Federal Law. The only way they will stop is under legal pressure, which assumes their victims use of group legal tactics.

Prepare to mount.

John Q Public

[savagesteve13]

Isn't it a federal crime to commit a denial of service attack? So why do hackers go to jail and MediaDefender isn't shut down, its servers confiscated and its CEO arrested?

[benjaminstraight]

Maybe too far.