[54809] in North American Network Operators' Group
Re: FYI: Anyone seen this?
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Fri Jan 17 09:52:40 2003
Date: Fri, 17 Jan 2003 09:40:51 -0500
Cc: blitz <blitz@macronet.net>, nanog@merit.edu
To: Valdis.Kletnieks@vt.edu
From: Marshall Eubanks <tme@multicasttech.com>
In-Reply-To: <200301150509.h0F595Ph002902@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Passed along without comment
"I poisoned P2P networks for the RIAA" - whistleblower
By Andrew Orlowski in San Francisco
Posted: 17/01/2003 at 13:00 GMT
=A0
"Gobbles", the German hacker who improbably claimed to have infected=20
peer-to-peer file sharing networks and to "0wn" your computer this week,=20=
has confirmed that his brag was a hoax. That much, you probably=20
suspected, as Goebbels (as we must now call him) failed to offer a shred=20=
of evidence in support of the notion that the RIAA was engaged in=20
widespread intrusion of personal computers.
But meet Matt Warne. He has an interesting tale to tell.
For two years Warne worked for the global version of the RIAA, the IFPI=20=
which represents 1500 labels in 76 countries, with headquarters in=20
London. The IFPI's primary mission is to "fight music piracy", and Warne=20=
worked with the RIAA and the biggest labels in implementing technologies=20=
to document and thwart file sharing. The IPFI co-ordinated efforts to=20
glean detailed information about who was sharing what, and where. The=20
organization, backed by the labels, was responsible for providing=20
detailed evidence to the legal teams fighting Napster, Aimster and mined=20=
information about the burgeoning peer to peer networks, such as=20
Gnutella. IPFI is responsible for trawling the world's web, ftp and irc=20=
channels and runs the automated system that sends warning letters to=20
ISPs and webmasters.
"We had to act quickly. EMI would ring up ask 'What's this FreeNet?' and=20=
want to know how many of their artists were on the network".
Napster provided the first taste for the music industry in measuing the=20=
level of file sharing and was a war of attrition, says Warne. IPFI=20
developed a custom version of a program called "Media Enforcer" which=20
grew in sophistication.
"The RIAA were very precise about what they wanted," says Warne. When=20
Napster said it couldn't say what was on its network, the IPFI were able=20=
to provide file names. When users scrambled the names (using the pig=20
encoder) and Napster said these were too hard to decipher, the IPFI was=20=
able to provide the real names.
Poison Pill
The technologies he worked on stayed on the right side of the law - just=20=
about - but Warne's most interesting claim to fame is that he suggested=20=
that the networks "poison" the emerging p2p networks with trash.
"I was one of the people who suggested the 'rogue file' scheme on the=20
file sharing services," he told us.
"I suggested that they should put out files with legitimate titles - and=20=
put inside them silence or random noise - and saturate the file sharing=20=
networks with those files. That did start the poisoning."
The goal was to discredit the networks so that casual users would=20
quickly give up trying to download music.
And so the plan went into action. The IPFI created a computer system=20
that appeared to be many unrelated nodes, a network with many members=20
that in fact resided in one location.
A former record label employee also confirmed this week that the=20
industries do order multiple DSL feeds to one location to simulate a P2P=20=
network.
For the IPFI however, the poisoned network grew too expensive to=20
justify. Before he left, says Warne, the IPFI's original poisoned system=20=
was closed down. The body wanted to concentrate its attentions on large=20=
scale copying outfits.
However, more recent evidence suggests that the technique is being used=20=
by major labels in-house, instead, and the sheer quantity of junk files=20=
found on the peer to peer networks today - purportedly residing on=20
individual's PCs - points to continuing "poisoning". Why? Because users=20=
abort a junk download, or quickly delete a file. The alternative=20
explanation for the persistence of this noise material is that users are=20=
extremely inattentive, and that's difficult to believe.
Missing the boat
Warne left the music industry in disgust he says, "because the record=20
industry is stuck in the past," and he vows never to return.
Back in 1997 and 1998, the industry had the chance to develop online=20
music services, he says. It saw what was coming. Which is true: at that=20=
time, the major labels were paralyzed by fear of online music and were=20=
downsizing accordingly, but refused to alter their business models, or=20=
extend into new areas.
"Once Napster came along," says Warne, "people got used to getting stuff=20=
for free. They've introduced Emusic but people just ask 'why isn't it=20
free?' If they'd introduced it in 1998, they wouldn't have this=20
problem,' he thinks.
"I've seen how they've destroyed talent. The greatest talent is from=20
independents." He cites Eva Crawford, and Mariah Carey as examples, who=20=
were forced into styles by unsympathetic executives.
So as you can see, the RIAA may not - strictly speaking - be "hacking=20
you back". But the industry is extremely active in many other ways, and=20=
unlike so much of the trade press which sees an RIAA denial as the end=20=
of the story, their activities are only just beginning to emerge.
Since Monday, we've also received a number of reports of some very=20
curious IP traffic. If you're in a position to do so, can you please=20
check your logs, so we can piece together the rest of this mystery? =C6
On Wednesday, January 15, 2003, at 12:09 AM, Valdis.Kletnieks@vt.edu=20
wrote:
> On Tue, 14 Jan 2003 20:16:31 EST, blitz <blitz@macronet.net> said:
>
>>> http://www.theregister.co.uk/content/6/28842.html
>>>
>>> By Andrew Orlowski in San Francisco
>>> Posted: 14/01/2003
>>>
>>> The RIAA is preparing to infect MP3 files in order to audit and
>>> eventually disable file swapping, according to a startling claim by
>
> The RIAA denies all knowledge...
>
> http://www.eweek.com/article2/0,3959,827970,00.asp
>
> Of course, even if it were true, they'd probably want to deny it, =
since
> they haven't gotten their "hack back" legislation passed yet.... :)
>
Regards
Marshall Eubanks
This e-mail may contain confidential and proprietary information of
Multicast Technologies, Inc, subject to Non-Disclosure Agreements
T.M. Eubanks
Multicast Technologies, Inc.
10301 Democracy Lane, Suite 410
Fairfax, Virginia 22030
Phone : 703-293-9624 Fax : 703-293-9609
e-mail : tme@multicasttech.com
http://www.multicasttech.com
Test your network for multicast :
http://www.multicasttech.com/mt/
Status of Multicast on the Web :
http://www.multicasttech.com/status/index.html
