Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Torrent-spiking Company Loses Email via Torrent

Via news at TorrentFreak, it seems that MediaDefender has become the subject of what could be the biggest BitTorrent leak to date. Apparently, more than 700 MB of internal email (almost 9 months worth, with the most recent from September 2007) from the company was leaked to the Internet after an employee's GMail account was hacked.

MediaDefender markets itself as 'the leading provider of anti-piracy solution in the emerging Internet-Piracy-Prevention (IPP) industry', specialising in services and technology designed to mitigate and prevent the spread of illegally copied / distributed copyrighted material. In simple terms, they are one of the companies believed to be responsible for the poisoning of material on various P2P networks and BitTorrent trackers.

The release of MediaDefender's email history appears to be the responsibility of a group calling themselves 'MediaDefender-Defenders', an advocacy group that claims to be working for securing the privacy and integrity of all peer-to-peer users. According to the information still publicly available from a number of Torrent tracker sites, the data was captured from a MediaDefender employee's GMail account, where the employee had been forwarding all internal email (hint, don't ever do that). Even worse, he had been using a weak access password on the account which eventually gave the MediaDefender-Defenders group access.

Material that might get some to pause and think about the source of that next download includes information on the New York State Attorney General's Office apparently looking to set up fake sources to build cases against file sharers in New York State. Even more relevant for Torrent users is indication that MediaDefender had accounts with several private torrent sites.

Current court cases where members of the RIAA are suing file sharers might be looked at in a slightly different light (or at least confirmed that certain activities are for the suspected reasons) after it appears that Universal are looking for correlation between their lawsuit activity and P2P usage from within Universities (looking for a reduction following lawsuit activity). There is also information suggesting that MediaDefender were using a Universal Music Group site to store material that they had downloaded for later analysis (complete with authentication details).

Because this information came out over the weekend, it is probable that it will remain live for at least a few days into next week, and it is guaranteed that the compromised email file will have reached the critical number of users required for it to always have a presence online.

While the file might be readily available and very enticing to look at, readers should be reminded that if they are caught with it in their possession or found to have accessed it, that it may be illegal (civil or criminal) in their jurisdiction. Included amongst the unedited file (which is still readily available) is information on server authentication details, pay negotiations, IP lists, trackers used as decoys, strategies, effectiveness of existing systems, and more.

16 September 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.