MediaDefender hacked, internal emails published

Share this article:
MediaDefender, an anti-piracy vendor often commissioned by movie studios and record companies, suffered a breach over the weekend when thieves stole thousands of internal emails.

The stolen emails, published through file-sharing protocol BitTorrent by a group called MediaDefender-Defenders, revealed that MediaDefender had created a website to entrap illegal uploaders.

According to the emails, MediaDefender placed a honeypot, MiiVii.com, that allowed people to upload and download copyrighted movies, television shows and music. But when visitors installed software associated with the site, the software could also surreptitiously track their activity and report to MediaDefender.

Media reports said that MediaDefender - owned by ARTISTdirect - intended to co-opt MiiVii users' computers and turn them into anti-piracy machines in an effort to cut off downloads of copyrighted content. These would distribute files that appeared to contain copyrighted material but in fact were empty.

MediaDefender-Defenders claimed responsibility for the breach.

"This is a highly charged political situation," Paul Ferguson, a network architect with anti-virus software developer Trend Micro, told SCMagazineUS.com. "[MediaDefender] has put itself in the position as a target – it has been accused of trying to poison BitTorrent traffic."

The break-in might well have been in retaliation for the Motion Picture Association of America's(MPAA) attempts to curb piracy, one of MediaDefender's clients, suggested Craig Schmugar, a threat research manager at McAfee's AVERT Labs.

"In court, the MPAA admitted to paying a hacker $15,000 to get emails belonging to an executive at [BitTorrent search engine] Torrentspy," Schmugar said. "There's speculation on who may have gone after the confidential emails...Clearly, a lot of people are unhappy with the actions of the MPAA, mostly around the practices and methods the MPAA has used to try and prevent pirating of materials."

Although MediaDefender hasn't explained how the breach occurred, Ferguson said "there are rumors suggesting they were hacked."

"[The leak] underscores the ongoing trend that people who deploy internet-facing systems, whether websites, email servers or databases, must make an ongoing, intelligent effort to ensure their systems remain patched, their software is up to date, and securely configured," he said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.