Feeds

RIAA messaging gambit faces countermeasures

'Education tool'

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

To the Recording Industry Association of America, sending threatening messages to online music swappers is a potentially effective way to educate the public that trading copyrighted material is wrong. But to security geeks in the file trading community, the technique is just another volley in the electronic war with peer-to-peer opponents... and a rather trivial one at that.

On Tuesday, the RIAA began using the messaging capabilities built into Kazaa and Grokster to send thousands of identical instant messages to music swappers, warning that trading copyrighted songs is against the law.

"It appears that you are offering copyrighted music to others from your computer. Distributing or downloading copyrighted music on the Internet without permission from the copyright owner is ILLEGAL," reads the canned message. "When you offer music on these systems, you are not anonymous and you can easily be identified."

It's not an entirely empty threat. A recent court decision upheld the recording industry's right to compel an ISP to identify a file-swapper. And companies catering to the music and motion picture industries have streamlined the process of scanning p2p networks for copyrighted works and noting each user's Internet IP address, by which they might later be identified.

But the copyright cops aren't the only ones watching the p2p networks. Sophisticated users are looking for the tell-tales signs of spies, and noting their IP addresses as well. "There are people monitoring the networks for political reasons, like the RIAA, and there are also people monitoring the networks that are defending the networks," says Jorge Gonzalez, the founder of the p2p news site Zeropaid.com.

Those efforts have produced sizable lists of Internet IP address ranges purportedly used in anti-p2p operations by RIAA, the MPAA, and their equivalents in other countries, as well as firms like MediaDefender, MediaForce, and NetPD that specialize in catching pirates or disrupting file sharing through technical means.

'Education Tool'

Users add those IP ranges to their software firewalls, making their machine unreachable from the listed networks; the copyright police can see that the user is offering a song or movie with a particular name, but can't download it to verify that it's the real thing. The most popular list, the ZeroData Bad IP Block List (ZBL), comes in a format readable by the professional version of Sygate Personal Firewall, making installation easy.

A coder known online as "Method" has gone even further, creating a custom freeware application called PeerGuardian just for p2p users. PeerGuardian began life as an anti-spyware utility, but now also protects users from the prying eyes of anti-p2p police, using an IP blacklist that's updated periodically like a virus signature file.

"Right now only the top level p2p users are using that application," says Gonzalez. But he expects that to change as an unintended consequence of the RIAA's messaging campaign. Users may be frightened by the association's threats, but they'll respond by cloaking, instead of unplugging. "I would expect that next generation applications will start having these capabilities built in."

By Wednesday morning, p2p message boards were already alive with plans to trace the source of the RIAA's moralizing messages, and add them to the blacklists.

"I'm wondering whether we can trap their search-and-message bot IPs to further identify bad IPs," wrote Method. "A packet-sniffer triggered by KaZaA's protocol for messaging and making logs would be a major help."

As association spokesperson was unconcerned about the p2p community's electronic countermeasures, arguing that the instant messaging gambit is only aimed at song swappers who don't know any better. "It's an education tool, to let people know that the activity that they are participating in is illegal. Whether that scares them or not, that's the reality."

The RIAA has declined to identify the company that they're using in the campaign, but Gonzalez doesn't expect it to remain a secret long. "They say they're going to do two million messages a week, and there are a lot of smart hackers out there in the world."

© SecurityFocus logo

Related stories

Judge backs P2P file traders
'We know who you are' - RIAA spams IM users
Verizon loses RIAA piracy case
RIAA's Rosen 'writing Iraq copyright laws'

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.