Technology
Launch Slideshow
E-mail #4.
Christian Louden/the Gauntlet

MediaDefender walks the plank. Yarrrrr

Hackers post anti-piracy agency's internal e-mail on ThePirateBay.org

Publication YearIssue Date 

Editor's Note: In this article, several e-mails were copied directly without major editing. This was done to ensure that the original content remains without bias. This includes misspellings, poor use of grammar, et cetera. For purposes of maintaining the privacy of those mentioned in the e-mails, personal information has been removed. Beyond that, all relevant information has remained as it was in its original writing.

In recent months, Internet piracy prevention company MediaDefender has been accused by BitTorrent weblog TorrentFreak of launching websites to entrap Internet users into uploading and downloading copyrighted material illegally. MediaDefender denied any such conspiracy, claiming that the MiiVi.com domain was intended for an internal project that they had forgotten to password-protect.

Red flags were initially raised in Jul. when a blogger reported that the whois records for MiiVi had MediaDefender contact information on them. Upon further investigation, TorrentFreak announced with confidence what the perceived purpose of the MiiVi website had been: a trap laid to catch people in the midst of piracy.

MediaDefender continued to deny all accusations despite the foul taste left in the mouths of tech websites and the blogosphere.

Without solid proof, there was nothing more that could be reported, and the issue calmed down a bit over the following couple of months. That is, until last week when a group calling itself MediaDefender-Defenders hacked and leaked several months of MediaDefender internal e-mail onto the Internet through MediaDefender's most hated foe: BitTorrent.

In the description of the torrent on ThePirateBay.org, MediaDefender-Defenders had this to say,

MediaDefender-Defenders proudly presents 9 months worth of internal MediaDefender emails[sic]

By releasing these emails[sic] we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails[sic] contains[sic] information about the various tactics and technical solutions for tracking p2p[sic] users, and disrupt p2p[sic] services

A special thanks to Jay [Mairs], for circumventing there entire email-security by forwarding all your emails to your gmail account, and using the really highly secure password: blahbob

So here it is, we hope this is enough to create a viable defense to the tactics used by these companies, also there should be enough fuel to keep the p2p[sic] bloggers busy for quite some time.

The contents of the e-mail proved to be indeed very interesting. After MiiVi had been exposed, damage control had been enacted as MediaDefender scrambled to get into contact with tech news agency Ars Technica to publish their side of the story.

"MediaDefender was working on an internal project that involved video and didn't realize that people would be trying to go to it and so we didn't password-protect the site," MediaDefender's Randy Saaf said. "It was just an oversight from that perspective. This was not an entrapment site, and we were not working with the MPAA on it."

Despite MediaDefender's claim that MiiVi.com was intended for internal use, according to the leaked e-mail, great effort was put into disassociating MiiVi with MediaDefender (see e-mail #1).

Another e-mail further cast aside any doubts one may have as to the nature of MiiVi (see e-mail #2).

Again contrary to the statement made to Ars Technica, in another e-mail internal MediaDefender folks even seemed to be overjoyed that people had begun signing up with MiiVi (see e-mail #3).

When the news finally broke, MediaDefender promptly killed the MiiVi site, likely to prevent the onslaught of spam and server abuse that would likely soon follow (see e-mail #4).

Internal MediaDefender e-mail shot quickly back and forth as the employees of the company watched the story begin to unfold on the blogosphere and nice tech websites (see e-mail #5).

Despite this massive embarrassment of being caught red handed, MediaDefender wasn't ready to give up on their MiiVi project just yet. Plans were put into place to begin rebuilding MiiVi as viide.com. The e-mails also revealed several spoof BitTorrent and P2P websites that had the potential to be developed and used for the purpose of distributing the wide array of decoys the anti-piracy company used to misdirect Internet users trying to download pirated music, movies and software.

Although the MiiVi incident has largely been seen as entrapment by many in the P2P community, according to excerpts from MiiVi's End User's License Agreement as reported by TorrentFreak, there are a few troublesome clauses users agreed to prior to the use of the web application.

These clauses essentially absolved MiiVi of any entrapment charges by forcing the user to agree that it was perfectly all right at MiiVi's discretion to report any relevant data or information to the proper authorities should it appear as though you were involved in piracy of copyrighted materials.

While this massive breach of security comes as a great blow to MediaDefender, the outcome will likely be a growth in the anti-piracy business. Now more than ever, anti-piracy agencies, the MPAA and RIAA, will begin to realize the P2P and piracy communities are not to be underestimated in their resourcefulness and desire to continue the free flow of these materials on the Internet.

To those in the know, news of the underhanded attempts by agencies to disrupt piracy comes as no surprise. To the rest, let this serve as a cautionary tale. MediaDefender may have lost this round, but they will most certainly be back.

Though the Gauntlet does not endorse the practice of piracy (apart from rum-drinking, cursing, general belligerence and parrots), the e-mails might be found by the resourceful few who searched for "Media-Defender E-mail" in the right places.

Tags: 

Section: 

Issue: