Feeds

RIAA messaging gambit faces countermeasures

'Education tool'

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

To the Recording Industry Association of America, sending threatening messages to online music swappers is a potentially effective way to educate the public that trading copyrighted material is wrong. But to security geeks in the file trading community, the technique is just another volley in the electronic war with peer-to-peer opponents... and a rather trivial one at that.

On Tuesday, the RIAA began using the messaging capabilities built into Kazaa and Grokster to send thousands of identical instant messages to music swappers, warning that trading copyrighted songs is against the law.

"It appears that you are offering copyrighted music to others from your computer. Distributing or downloading copyrighted music on the Internet without permission from the copyright owner is ILLEGAL," reads the canned message. "When you offer music on these systems, you are not anonymous and you can easily be identified."

It's not an entirely empty threat. A recent court decision upheld the recording industry's right to compel an ISP to identify a file-swapper. And companies catering to the music and motion picture industries have streamlined the process of scanning p2p networks for copyrighted works and noting each user's Internet IP address, by which they might later be identified.

But the copyright cops aren't the only ones watching the p2p networks. Sophisticated users are looking for the tell-tales signs of spies, and noting their IP addresses as well. "There are people monitoring the networks for political reasons, like the RIAA, and there are also people monitoring the networks that are defending the networks," says Jorge Gonzalez, the founder of the p2p news site Zeropaid.com.

Those efforts have produced sizable lists of Internet IP address ranges purportedly used in anti-p2p operations by RIAA, the MPAA, and their equivalents in other countries, as well as firms like MediaDefender, MediaForce, and NetPD that specialize in catching pirates or disrupting file sharing through technical means.

'Education Tool'

Users add those IP ranges to their software firewalls, making their machine unreachable from the listed networks; the copyright police can see that the user is offering a song or movie with a particular name, but can't download it to verify that it's the real thing. The most popular list, the ZeroData Bad IP Block List (ZBL), comes in a format readable by the professional version of Sygate Personal Firewall, making installation easy.

A coder known online as "Method" has gone even further, creating a custom freeware application called PeerGuardian just for p2p users. PeerGuardian began life as an anti-spyware utility, but now also protects users from the prying eyes of anti-p2p police, using an IP blacklist that's updated periodically like a virus signature file.

"Right now only the top level p2p users are using that application," says Gonzalez. But he expects that to change as an unintended consequence of the RIAA's messaging campaign. Users may be frightened by the association's threats, but they'll respond by cloaking, instead of unplugging. "I would expect that next generation applications will start having these capabilities built in."

By Wednesday morning, p2p message boards were already alive with plans to trace the source of the RIAA's moralizing messages, and add them to the blacklists.

"I'm wondering whether we can trap their search-and-message bot IPs to further identify bad IPs," wrote Method. "A packet-sniffer triggered by KaZaA's protocol for messaging and making logs would be a major help."

As association spokesperson was unconcerned about the p2p community's electronic countermeasures, arguing that the instant messaging gambit is only aimed at song swappers who don't know any better. "It's an education tool, to let people know that the activity that they are participating in is illegal. Whether that scares them or not, that's the reality."

The RIAA has declined to identify the company that they're using in the campaign, but Gonzalez doesn't expect it to remain a secret long. "They say they're going to do two million messages a week, and there are a lot of smart hackers out there in the world."

© SecurityFocus logo

Related stories

Judge backs P2P file traders
'We know who you are' - RIAA spams IM users
Verizon loses RIAA piracy case
RIAA's Rosen 'writing Iraq copyright laws'

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.