[
link to www.dailytech.com]
Attacks mistakenly targetted legitimate BitTorrent tracker
Jim Louderback, CEO of internet TV network Revision3, is considering legal action against anti-piracy firm MediaDefender after an internal investigation revealed it to be the source of a Memorial Day weekend Denial of Service attack against Revision3’s computer network.
“Interestingly enough, whoever was sending these SYN packets wasn’t shy. Far from it: it’s as if they wanted us to know who they were,” wrote Louderback in a blog post dated Thursday. “Instead of some shadowy underground criminal syndicate, the packets [came from] our home state of California. In fact, we traced the [attack] to a public company called ARTISTDirect. Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to [MediaDefender].”
Revision3 runs a private BitTorrent tracker that it uses to distribute shows produced in-house. MediaDefender may have been trying to exploit a security hole in its server, said Louderback, and when Revision3 administrators locked MediaDefender out, the company might have automatically launched a DoS attack in retaliation.
After speaking with MediaDefender Vice President of Operations Ben Grodsky, Louderback says that MediaDefender admitted to “abusing” Revision3’s servers, by “injecting a broad array of torrents” into the company’s BitTorrent tracker.
“We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of ‘Hi’s brought down our network,” said Louderback.
MediaDefender did not respond to requests for comment from DailyTech.
Grodsky said that his company didn’t do “anything specific” to target Revision3, and the attack – which Grodsky characterized as an attempt by MediaDefender bots to contact Revision 3 “every three hours” – was unintentional. “We didn’t do anything to increase traffic,” he claimed.
“Our own logs show upwards of 8,000 packets a second,” said Louderback.
“Revision3 suffered measurable harm to its business due to that flood of packets, as the attacks on our legitimate and legal Torrent Tracking server spilled over into our entire internet infrastructure. Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday – and even our internal email servers were brought down.”
Revision3’s legal department is examining its options, and the FBI is “looking into the matter.”
MediaDefender gained a reputation in 2007 after eagle-eyed observers spotted inconsistencies in a dragnet site the company set up, located at Miivi.com. This discovery attracted the attention (and wrath) of a group calling itself the “MediaDefender-Defenders,” who leaked over a gigabyte of the company’s e-mail and fileserver contents onto the internet. The resulting black eye sent MediaDefender’s business into a dive, with reports indicating that damage control cost ARTISTDirect more than $800,000 as of last March forcing the company to seek restructuring with management firm Salem Partners LLC.
“They saw us as a “distributor” – even though we were using BitTorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn,” wrote Louderback.
“All I want, for Revision3, is to get our weekend back – both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn’t deliver.”
United States
