MediaDefender hacked, internal emails published

Share this article:
MediaDefender, an anti-piracy vendor often commissioned by movie studios and record companies, suffered a breach over the weekend when thieves stole thousands of internal emails.

The stolen emails, published through file-sharing protocol BitTorrent by a group called MediaDefender-Defenders, revealed that MediaDefender had created a website to entrap illegal uploaders.

According to the emails, MediaDefender placed a honeypot,, that allowed people to upload and download copyrighted movies, television shows and music. But when visitors installed software associated with the site, the software could also surreptitiously track their activity and report to MediaDefender.

Media reports said that MediaDefender - owned by ARTISTdirect - intended to co-opt MiiVii users' computers and turn them into anti-piracy machines in an effort to cut off downloads of copyrighted content. These would distribute files that appeared to contain copyrighted material but in fact were empty.

MediaDefender-Defenders claimed responsibility for the breach.

"This is a highly charged political situation," Paul Ferguson, a network architect with anti-virus software developer Trend Micro, told "[MediaDefender] has put itself in the position as a target – it has been accused of trying to poison BitTorrent traffic."

The break-in might well have been in retaliation for the Motion Picture Association of America's(MPAA) attempts to curb piracy, one of MediaDefender's clients, suggested Craig Schmugar, a threat research manager at McAfee's AVERT Labs.

"In court, the MPAA admitted to paying a hacker $15,000 to get emails belonging to an executive at [BitTorrent search engine] Torrentspy," Schmugar said. "There's speculation on who may have gone after the confidential emails...Clearly, a lot of people are unhappy with the actions of the MPAA, mostly around the practices and methods the MPAA has used to try and prevent pirating of materials."

Although MediaDefender hasn't explained how the breach occurred, Ferguson said "there are rumors suggesting they were hacked."

"[The leak] underscores the ongoing trend that people who deploy internet-facing systems, whether websites, email servers or databases, must make an ongoing, intelligent effort to ensure their systems remain patched, their software is up to date, and securely configured," he said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.