, SecurityFocus 2008-05-30
In the universe of denial-of-service attacks, 8,000 packets a second is not a lot.
For video-content creation firm Revision3, however, that moderate flood of data was enough to overwhelm its network last weekend, preventing the firm from sending e-mail, displaying advertisements on its Web site, or serving up its shows to visitors, according to CEO and former journalist Jim Louderback. The denial-of-service attack -- of a variety known as a SYN flood -- targeted the company on Saturday and impacted the small startup's infrastructure to such a degree that it took until Tuesday for the firm to reliably connect to the Internet.
"All I want, for Revision3, is to get our weekend back," Louderback said in a postmortem blog post published this week describing the attack. "Both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn't deliver."
Louderback may be able to do just that.
While denial-of-service attacks are common occurrences on the Internet, Revision3's investigation found that it was targeted not by hard-to-prosecute political hacktivists or criminal groups, but by a company known for its aggressive tactics against file sharers, anti-piracy firm MediaDefender.
The company, a subsidiary of music firm ArtistDirect that counts a number of record labels and movie studios as its clients, apparently discovered that digital pirates had listed illegally-copied content on Revision3's BitTorrent directory, Louderback learned during a conference call with the firm this week. Rather than contacting Revision3 to divulge the security weakness, however, MediaDefender placed fake listings, or torrents, on the online video firm's servers in an attempt to identify people who were downloading illegal content.
When Revision3 beefed up security last week to prevent others from listing content on its tracker server, MediaDefender's computers responded by repeatedly trying to access the files, overwhelming Revision3's network, Louderback told SecurityFocus in an interview.
"So instead of them stopping their servers from accessing our tracker, they started flooding us with SYN packets, and that is what brought us down," he said. "We are not used to handling that much information. Our infrastructure is not that big."
The attack, while modest in size, could have massive repercussions for how the music and movie industries pursue file sharers.
The anti-piracy tactics of music companies and movie studios have irked many consumers and digital-rights activists over the past decade. The Recording Industry Association of America (RIAA) has sued more than 20,000 consumers, accusing them of sharing copyrighted music. Much of the evidence in those cases has been collected by companies such as MediaDefender. Last year, the RIAA won its first damages in a lawsuit against a consumer accused of sharing files -- the jury awarded the industry group $222,000.
While music and movie companies have claimed that their tactics have seen moderate success, some have called the hired guns' actions questionable. In 2006, a civil lawsuit against TorrentSpy revealed that the Motion Picture Association of America (MPAA) had hired a hacker to get information from the file-sharing service. (Earlier this month, a federal judge ruled against the now-defunct TorrentSpy, levying a fine of $110 million.) In several lawsuits brought by the RIAA, the role of MediaSentry, a company that attempts to identify file sharers, in collecting evidence of illegal activity has been questioned.
Both the RIAA and the MPAA have stated through spokespeople that they do not do business with MediaDefender, although individual music labels and movie studios have reportedly contracted with the company. MediaDefender and its parent company, ArtistDirect, did not return a request for comment on the issue.