Feeds

RIAA messaging gambit faces countermeasures

'Education tool'

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

To the Recording Industry Association of America, sending threatening messages to online music swappers is a potentially effective way to educate the public that trading copyrighted material is wrong. But to security geeks in the file trading community, the technique is just another volley in the electronic war with peer-to-peer opponents... and a rather trivial one at that.

On Tuesday, the RIAA began using the messaging capabilities built into Kazaa and Grokster to send thousands of identical instant messages to music swappers, warning that trading copyrighted songs is against the law.

"It appears that you are offering copyrighted music to others from your computer. Distributing or downloading copyrighted music on the Internet without permission from the copyright owner is ILLEGAL," reads the canned message. "When you offer music on these systems, you are not anonymous and you can easily be identified."

It's not an entirely empty threat. A recent court decision upheld the recording industry's right to compel an ISP to identify a file-swapper. And companies catering to the music and motion picture industries have streamlined the process of scanning p2p networks for copyrighted works and noting each user's Internet IP address, by which they might later be identified.

But the copyright cops aren't the only ones watching the p2p networks. Sophisticated users are looking for the tell-tales signs of spies, and noting their IP addresses as well. "There are people monitoring the networks for political reasons, like the RIAA, and there are also people monitoring the networks that are defending the networks," says Jorge Gonzalez, the founder of the p2p news site Zeropaid.com.

Those efforts have produced sizable lists of Internet IP address ranges purportedly used in anti-p2p operations by RIAA, the MPAA, and their equivalents in other countries, as well as firms like MediaDefender, MediaForce, and NetPD that specialize in catching pirates or disrupting file sharing through technical means.

'Education Tool'

Users add those IP ranges to their software firewalls, making their machine unreachable from the listed networks; the copyright police can see that the user is offering a song or movie with a particular name, but can't download it to verify that it's the real thing. The most popular list, the ZeroData Bad IP Block List (ZBL), comes in a format readable by the professional version of Sygate Personal Firewall, making installation easy.

A coder known online as "Method" has gone even further, creating a custom freeware application called PeerGuardian just for p2p users. PeerGuardian began life as an anti-spyware utility, but now also protects users from the prying eyes of anti-p2p police, using an IP blacklist that's updated periodically like a virus signature file.

"Right now only the top level p2p users are using that application," says Gonzalez. But he expects that to change as an unintended consequence of the RIAA's messaging campaign. Users may be frightened by the association's threats, but they'll respond by cloaking, instead of unplugging. "I would expect that next generation applications will start having these capabilities built in."

By Wednesday morning, p2p message boards were already alive with plans to trace the source of the RIAA's moralizing messages, and add them to the blacklists.

"I'm wondering whether we can trap their search-and-message bot IPs to further identify bad IPs," wrote Method. "A packet-sniffer triggered by KaZaA's protocol for messaging and making logs would be a major help."

As association spokesperson was unconcerned about the p2p community's electronic countermeasures, arguing that the instant messaging gambit is only aimed at song swappers who don't know any better. "It's an education tool, to let people know that the activity that they are participating in is illegal. Whether that scares them or not, that's the reality."

The RIAA has declined to identify the company that they're using in the campaign, but Gonzalez doesn't expect it to remain a secret long. "They say they're going to do two million messages a week, and there are a lot of smart hackers out there in the world."

© SecurityFocus logo

Related stories

Judge backs P2P file traders
'We know who you are' - RIAA spams IM users
Verizon loses RIAA piracy case
RIAA's Rosen 'writing Iraq copyright laws'

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.