MediaDefender is a company that was hired by the RIAA and MPAA to perform DoS and DDoS attacks on BitTorrent tracker servers suspected of hosting illegal files. Over the Memorial Day weekend this year, they attacked Revision3 (Louderback, 2008), a Web2.0 and Internet media company that hosts multiple audio and video podcasts. Because they were being flooded with over 8,000 SYN requests per second, they could not keep their site up. What added insult to injury was the fact that Revision3 found out who was performing the attack, but could not reach anyone at MediaDefender as it was a holiday weekend, and apparently they left the attack running and headed out to the picnics. When Revision3 finally did contact MediaDefender on Tuesday morning, it took an additional one and a half hours to stop the attack on the Revision3 servers.
The attack was directed at port 20000 of the Revision3 BitTorrent tracking server (Louderback, 2008). BitTorrent is a form of peer-to-peer (P2P) file sharing that uses a tracking server, or trackers, and distributed files to provide quick and efficient file transfer, particularly for large files over the Internet or other networks. Rather than hosting the files themselves as in other P2P networks, a BitTorrent tracker simply keeps track of the files that users are sharing and which users have which bits. By doing so, it can enable other users to connect to the network and download all of the bits into one cohesive usable file on their computer, all the while sharing out the relevant bits that they have already received.
While this is an efficient model, its behavior and handling of files initially made it difficult for the RIAA and MPAA amongst others to track piracy of their content. Add to that the fact that companies quickly began using BitTorrent technology for legitimate file transfers, and the situation has become even more complex. The creation of private trackers and encrypted transfers has effectively blocked out regulatory agencies from snooping and determining who originally shared the file. And since no one server hosts the files, who is to blame for the piracy? Who can the RIAA and MPAA fine if savvy users can protect themselves from being detected?
Revision3 uses a BitTorrent tracker for business purposes. Louderback says, “Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows” (2008). Since the shows that they produce are in high definition which create enormous files. Bandwidth can be prohibitively expensive with thousands of users downloading large content, so Revision3 used BitTorrent to mitigate the bandwidth expenses and speed up distribution. In any case, they are not the only company to do this (large mainstream media companies do this as well).
After tracing the attacks back to ArtistDirect (of which MediaDefender is a subsidiary), Louderback spoke with the CEO (2008). He explains what ultimately caused the attack.
> “First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only – to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.
> Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of ‘Hi’s brought down our network.
> Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.” (Louderback, 2008)
In an interview with Wired Magazine, Randy Saaf, the CEO of MediaDefender defended the actions by stating, “We saw an open BitTorrent tracker with a lot of pirated content on it. We had been posting fake files to their tracker. Over Memorial Day weekend, Revision3 changed some configurations” (Kravets, 2008). The attack was set off because it was assumed that the sudden closing of the open tracker was an attempt to thwart snooping by content providers and agencies such as MediaDefender. While the attacks seem to fall into a grey area in terms of legality, this isn’t the first time that MediaDefender has attacked a legitimate site (Paul, 2008).
Is it right for companies like ArtistDirect and MediaDefender to run rampant and attack any servers that they deem to be a threat to copyright infringement? Is this effective use of anti-piracy technology or simply scare tactics? Also, since ArtistDirect itself is a media company, is there a conflict of interest between what it does and what its subsidiary is doing? Even though there may be no precedent for this case, Louderback has his own thoughts on the matter.
> “Although I can only guess, here’s what I think really happened. Media Defender was abusing one of Revision3’s servers for their own purposes—quite without our approval. When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode—much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo” (2008).
Since Revision3 is a larger company than most and has thousands of daily viewers, the entire incident bubbled to the surface of the news immediately. While they may not have deep pockets compared to media conglomerates, Revision3 is not taking this lightly and is pushing for the protection of freedom of information. “MediaDefender attempted to assure Louderback that steps would be taken to prevent a repeat of the incident, but he isn’t impressed. He says that the FBI is investigating the matter and points out that denial of service attacks fall afoul of the Economic Espionage Act and the Computer Fraud and Abuse Act. MediaDefender could be in serious trouble for its latest antics” (Paul, 2008).
Having used BitTorrent for large file transfer and collaboration in the visual arts industry, it is easy to see why the technology is gaining a foothold. It would be a shame to see a good use of technology go to waste or become diminished in quality (as encryption of the data slows transfers) because of the abuse of a select few. Unfortunately, for the time, it appears as though the ‘pirates’ are in the majority of BitTorrent users. Only time and some precedent cases will tell what the ultimate fate of BitTorrent is. Of course, as with all technologies, it is likely to be surpassed by a new protocol well before the case even sees a court room.
- Kravets, D. (2008). MediaDefender Defends Revision3 SYN Attack. Wired Magazine. Retrieved June 7, 2008, from http://blog.wired.com/27bstroke6/2008/05/mediadefender-d.html?cid=117123750.
- Louderback, J. (2008). Inside the Attack that Crippled Revision3. Revision3. Retrieved June 7, 2008, from http://revision3.com/blog/2008/05/29/inside-the-attack-that-crippled-revision3/.
- Paul, R. (2008). Revision3 CEO: Blackout caused by MediaDefender attack. Ars Technica. Retrieved June 7, 2008, from http://arstechnica.com/news.ars/post/20080529-revision3-ceo-blackout-caused-by-mediadefender-attack.html.