For video-content creation firm Revision3, however, that moderate flood of data was enough to overwhelm its network last weekend, preventing the firm from sending e-mail, displaying advertisements on its Web site, or serving up its shows to visitors, according to CEO and former journalist Jim Louderback. The denial-of-service attack -- of a variety known as a SYN flood -- targeted the company on Saturday and impacted the small startup's infrastructure to such a degree that it took until Tuesday for the firm to reliably connect to the Internet.

"All I want, for Revision3, is to get our weekend back," Louderback said in a postmortem blog post published this week describing the attack. "Both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn't deliver."

Louderback may be able to do just that.

While denial-of-service attacks are common occurrences on the Internet, Revision3's investigation found that it was targeted not by hard-to-prosecute political hacktivists or criminal groups, but by a company known for its aggressive tactics against file sharers, anti-piracy firm MediaDefender.

The company, a subsidiary of music firm ArtistDirect that counts a number of record labels and movie studios as its clients, apparently discovered that digital pirates had listed illegally-copied content on Revision3's BitTorrent directory, Louderback learned during a conference call with the firm this week. Rather than contacting Revision3 to divulge the security weakness, however, MediaDefender placed fake listings, or torrents, on the online video firm's servers in an attempt to identify people who were downloading illegal content.

When Revision3 beefed up security last week to prevent others from listing content on its tracker server, MediaDefender's computers responded by repeatedly trying to access the files, overwhelming Revision3's network, Louderback told SecurityFocus in an interview.

"So instead of them stopping their servers from accessing our tracker, they started flooding us with SYN packets, and that is what brought us down," he said. "We are not used to handling that much information. Our infrastructure is not that big."

The attack, while modest in size, could have massive repercussions for how the music and movie industries pursue file sharers.

The anti-piracy tactics of music companies and movie studios have irked many consumers and digital-rights activists over the past decade. The Recording Industry Association of America (RIAA) has sued more than 20,000 consumers, accusing them of sharing copyrighted music. Much of the evidence in those cases has been collected by companies such as MediaDefender. Last year, the RIAA won its first damages in a lawsuit against a consumer accused of sharing files -- the jury awarded the industry group $222,000.

While music and movie companies have claimed that their tactics have seen moderate success, some have called the hired guns' actions questionable. In 2006, a civil lawsuit against TorrentSpy revealed that the Motion Picture Association of America (MPAA) had hired a hacker to get information from the file-sharing service. (Earlier this month, a federal judge ruled against the now-defunct TorrentSpy, levying a fine of $110 million.) In several lawsuits brought by the RIAA, the role of MediaSentry, a company that attempts to identify file sharers, in collecting evidence of illegal activity has been questioned.

Both the RIAA and the MPAA have stated through spokespeople that they do not do business with MediaDefender, although individual music labels and movie studios have reportedly contracted with the company. MediaDefender and its parent company, ArtistDirect, did not return a request for comment on the issue.

In the latest case, however, MediaDefender's tactics took down a company that appears to be completely innocent.

Like many online firms, Revision3 uses the BitTorrent peer-to-peer file sharing technology to save money. Rather than serve content from a central server -- and footing the bill for the bandwidth fees -- Revision3's use of BitTorrent allows its viewers to quickly download content cached on a collection of users' systems. The video-content creator hosts the central directory, or tracker, that knows the location of the pieces of each file distributed among users' systems.

While content companies have slammed BitTorrent technology in the past because of its association with digital piracy, the companies have now come to embrace the technology.

"BitTorrent is an amazing technology," said MPAA spokeswoman Elizabeth Thompson. "We think it is a phenomenal opportunity to get content out to a lot of people ... but we want to make sure that people use it responsibly."

Because its tracker had problems in the past, Revision3 had turned off a white-list function that had limited the posting of torrents -- files that identify what content is available -- to only corporate employees. The lack of a whitelist allowed file sharers to post torrents pointing to illegal copies of digital content, MediaDefender allegedly told Revision3's executives during a conference call this week. Instead of warning the online video company of the problem, however, MediaDefender exploited the issue to attempt to identify anyone downloading the files, Louderback said.

"Basically, the answer for us from a technical perspective is that we should put a load balancer up there instead of a firewall," Louderback said. "But that is no excuse for what they did to us."

Revision3 will not likely pursue a civil lawsuit against MediaDefender, Louderback said. While the company reported the incident to the FBI and they "appear interested," pursuing legal action may be difficult.

To be a felony violation of computer crime statutes, the company would have to have knowingly accessed Revision3's server without authorization and knowingly caused damage, said Jennifer Granick, civil liberties director at the Electronic Frontier Foundation and a former cybercrime attorney.

"You have to have some knowledge that their access was unauthorized," Granick said. "Did they (MediaDefender) know they were not supposed to put their files up on their (Revision3's) servers?"

Negligently causing damage is typically a misdemeanor, she said.

According to Revision3's summary of the incident, MediaDefender told the video content creator that it had fixed the problem that inadvertently caused the attack. Louderback, however, still wants to recoup the time, effort and advertising revenue lost to the attack.

His solution? "I may send them bill," he said.

If you have tips or insights on this topic, please contact SecurityFocus.