Autistic Geek

The Memorial Day weekend brings an extra day off to most Americans so they can enjoy time with their families, maybe have a barbecue and celebrate the start of summer. This recent Memorial day weekend did just the opposite to employees of Revision3. They were hard at work combating an attack on their servers.

It seams that sometime just before the weekend it was discovered that someone was using Revision3′s bittorrent server to distribute content that did not belong to Revision3. In order to speed up the server Revision3 had the server checking hashes only, not checking weather or not the torrents it was tracking were in fact authorized to be on the server. They of course, upon discovering this, closed the backdoor security hole and purged the illeagly placed torrent tracking files from the server.

This is the solution any normal situation would prescribe, because Revision3 would be sued by copyright holders if they did not take action to prevent the known use of Revision3′s servers to distribute copyrighted content not owned by Revision3. This is where it gets interesting. The individuals who were using Revision3′s servers to track the unauthorized torrents had programed their servers to retaliate should they be cut off from the tracker files on a server they had previously compromised. The attack took the form of what is known as a DDOS Attack. The attack works by requesting services such as a TCP handshake several times a second from the machine being attacked. The attacked machine can’t tell the difference between legitimate request and the request that are part of the attack, so it tries to grant all of the request and becomes overwhelmed. Its like running too many programs on a personal computer at once, something (usually the OS) crashes.

This sounds like the behavior of an angry hacker, most DDOS hackers will take over a computer not for the purpose of compromising that machine, but to have that machine carry out an attack on the hackers behalf against an intended target. They do this so the attack cannot be traced back to to original source. A bot-net consist of several thousand compromised machines waiting for their commander-in-chief to give the strike order on a specific target. When a bot-net attacks, the routers close to the target can also be overwhelmed, thus stopping all traffic to, from and around the target. Without a router directing traffic, nothing gets through. No email, no web pages, no IP phone system, NO-THING! Resulting in lost revenue to Revision3

But it wasn’t some unscrupulous teenage hacker who initiated the attack, it was a company that protects copyrighted content by placing corrupt or false data in the place of copyrighted material, thus thwarting the copyright infringer’s attempt to infringe. The company, called MediaDefender, is a subsidiary of Artistdirect. The attack was unpropagated, they simply attacked a torrent tracking provider that had blocked them. Artistdirect and MediaDefender reside in California and therefore fall under the jurisdiction of US law. Initiating a DDOS attack is against the law (see Economic Espionage Act of 1996 the and Computer Fraud and Abuse Act), so now the FBI is involved. If no one goes to jail for this one, it is a sign of our government truly owned by corporate interest.

Charter communications has partnered with NebuAd, which pays ISPs to let it install a monitoring box on their networks to sniff customer traffic http://blog.wired.com/27bstroke6/2008/05/theres-no-optin.htm

What you need to know is that there is a cookie based opt-out, but the only way to access the cookie is from a NebuAd server. Which translates to injecting ads into existing pages (replacing the sites ads with their own) or the opt-out is never confirmed and they can resell the profile information to anyone they want to even if you did opt-out. Both options are bad for consumers.

Think of it this way, if they resell the info, any entity can purchase it. Now I do not download movies or music, but my son is really into watching episodes of various shows via Youtube. I admit, in the past I’ve looked up The Daily Show’s clips regarding Alaskan Senator Ted “Tubes” Stevens on Youtube, but since TDS added a search feature I haven’t needed to. But imagine if NetbuAD resold the info to the RIAA/MPAA. This purchased information becomes a means to force ISP’s to reveal the account information through legal meandering.

If they use the information to inject advertisements in place of existing ads, they are stealing revenues from the site owners. Say I surf to Runescape and click one of the advertisements there. I support those sites that actually offer me something at their expense. So I click an advertisement about once a week just to provide Janex with some funds. Who gets credit for the click if ads are injected…not Janex.

Charter has been cautious in what they are relieving about this deal, making it sound like it will provide better service to their customers, when in reality its about generating more revenues while not improving speeds or expanding their network. Unfortunately their competition is just as guilty of generating more revenues while not improving speeds or expanding their network, so I stuck with Charter or AT&T here in Asheville. Great Brittan’s “100 Mbps sewer internet” smells better every day.