Anti-P2P Company Gets Bit by the Torrent

MediaDefender, an anti-piracy and anti-P2P company that works with the entertainment industry to thwart the trading of copyrighted content on P2P networks, is experiencing Diebold flashbacks this week. The company was bit by BitTorrent on Saturday when hackers obtained more than 6,000 of the company's internal e-mails and made them available for download through the P2P network.

The damning e-mails include discussions about MediaDefender's attempt earlier this year to distance itself from a site it launched called MiiVi, which, some critics claim, was a honeypot to entrap downloaders. The e-mails also include a discussion about a possible plan the company had to use software to turn P2P users' machines into zombies designed to spit out torrents of fake content files to tie up downloaders' machines.

The e-mails, which date from September and go back six months, also contain evidence that seems to contradict a statement that MediaDefender made in July that MiiVi was meant to be an internal research project that the company hadn't intended for the public to find and use.

MediaDefender is a Southern California company that polices P2P networks and notifies content owners when their material appears on download sites. The company also seeds download channels with lots of bogus movie and music files to make it harder for users to find the real files. But according to some people, this isn't all MediaDefender has been up to.

In July members of a site called TorrentFreak accused MediaDefender of setting up MiiVi as a honeypot to entrap users who downloaded fake files masquerading as copyrighted material (the site was taken down shortly thereafter). TorrentFreak also said that client software that MiiVi offered users to speed up their downloads was spy software that rooted through a user's computer for illegal content and reported back its findings to MediaDefender.

MediaDefender President Randy Saaf denied that MiiVi was a sting site, saying it was an internal research project. He told Ars Technica that the company hadn't password protected the site because it never expected users would find it. "This was not an entrapment site, and we were not working with the MPAA on it," he said.

When Ars Technica pointedly asked Saaf why, if the company had nothing to hide, it had changed the contact info on the site's domain registration record to a proxy registration after TorrentFreak exposed it, Saaf said his staff was simply afraid a hacker would attack them or someone would send them spam.

Apparently, the move to keep hackers at bay was unsuccessful.

As P2P users furiously sifted through the leaked content over the weekend, a handful of e-mails were published online. They show various attempts by MediaDefender earlier this year to hide from "smart people" who might have connected the company to the MiiVi site:

From: Randy Saaf

Sent: Wed 6/13/2007 12:54 AM

To: Colin Keller

Cc: Ben Grodsky; Steve Lyons; Jay Mairs

Subject: miivi emails

Colin:

Set up your email so that you always reply with a [email protected], [email protected], or an [email protected] address respectively. I don’t want MediaDefender anywhere in your email replies to people contacting Miivi. Steve and Ben can help you set up your email for this. Make sure MediaDefender can not be seen in any of the hidden email data crap that smart people can look in.

I am setting up [email protected] to forward to [email protected].

R

Another e-mail contradicts Saaf's statement that the company hadn't intended for MiiVi to draw traffic from outside users:

Dylan,

Another thing we can do to increase Google and other search engine traffic is to get more link-ins. At the next MiiVi meeting, I’m going to ask Randy for permission to incentivize people to link-in a MiiVi video on their MySpace. Colin is already doing this and it helps the word-of-mouth spread, even if the link-ins are nominal. I’m not sure what we could do in the link-in regard early on, but getting the cumulative ~1000+ MySpace friends of MediaDefender employees to see MiiVi link-ins can’t hurt….

Colin — start coming up with a list the list of keywords and descriptors for hidden metadata entries, per Dylan’s e-mail below.

Thanks,

Ben

There's also an e-mail depicting the point at which MediaDefender realized the jig was up.

From: Ben Grodsky

Sent: Tue 03-Jul-07 20:19

To: MIIVI; Randy Saaf; Octavio Herrera; Steve Lyons

Subject: MiiVi got Dugg

Looks like the domain transfer has screwed us over: http://torrentfreak.com/anti-piracy-gang-launches-their-own-video-download-site-to-trap-people/http://digg.com/users/AcePup/news/dugg

-Ben

Randy Saaf responded, "This is really fucked. Let's pull miivi offline."

Grodsky followed up with a memo to staff instructing them to stick to the company line about the site being a research project if anyone asked, and to be wary of spies trying to apply for a job to infiltrate the company:

From Ben Grodsky, Media Defender

Subject: care in interviewing

Given all the recent Digg, SlashDot and derivative online articles about MD, be careful what you say in job interviews. Specifically, I’m concerned about giving any information BEYOND what’s already on the mediadefender.com website. I’m worried about someone interviewing for a position just for the purpose of getting more info to post online. For example, if anyone asks anything about MiiVi, just reiterate what Randy has said online (it was an internal video project that we probably should have password protected; we were in no way directed to, or working with, the MPAA on that project; NO part of the project was a honeypot designed to trap downloaders).

The e-mails, some of which include the Social Security numbers of MediaDefender employees, were reportedly obtained by a group calling itself MediaDefender-Defenders. It's unclear if the group consists of the same people at TorrentFreak who exposed the MiiVi site in July. Attempts to reach TorrentFreak for an interview were unsuccessful.

MediaDefender-Defenders included a note with the e-mail dump explaining their reason for exposing MediaDefender's correspondence:

“By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,” and “A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account”

In addition to the purloined e-mails, the group also posted follow up data that includes a MySQL database dump from a MediaDefender server and an audio file of a VoIP conversation between a MediaDefender employee and investigators for the New York attorney general's office discussing MediaDefender's work with law enforcement to find child porn on P2P networks and track the IP address of those who post or download it. In a message accompanying that file, the hackers promise more to come:

MediaDefender-Defenders proudly presents some more internal MediaDefender stuff… more will follow when time is ready. MediaDefender thinks they’ve shut out their internals from us. Thats what they think.

Stay tuned.

Photo: Manuel González Noriega.

See Also:

• Are Comcast's Alleged Anti-BitTorrent Tactics Illegal?
• Piracy Milestones Converge, Illegal Downloading Goes Unabated
• MPAA Paying Hacker for Purloined TorrentSpy Emails Not Illegal ...
• TorrentSpy Closes to US Users
• TorrentSpy Founders Create Copyright Filtering Company
• Prosecutor Vows To Charge The Pirate Bay With Piracy