Researcher accused of violating malware copyright
An IT professional whose cloud storage account was shut down Thursday and part of Friday due to alleged copyright infractions said the situation may have a chilling effect on security research.
Mila Parkour of DeepEnd Research, who runs the highly respected Contagio malware collection website, had her MediaFire account suspended for roughly 36 hours, beginning Thursday morning, after three files were deemed in violation of the Digital Millennium Copyright Act (DMCA).
The account was restored Friday afternoon EST, but the three files in question remain inaccessible as MediaFire investigates. The disabled files are a 2010 Microsoft Office patch and two malicious PDFs that date back two years as well. In whole, Parkour's MediaFire account contains about 35 gigabytes of research files, and she uses the site mostly for file-exchange with other research and backups.
In an instant messenger conversation with SCMagazine.com on Friday, Parkour didn't pin the blame solely on Texas-based MediaFire for the incident, but also LeakID, a Paris-based company which apparently crawled the service for copyright infractions.
Parkour said she isn't sure why the files were deemed copyright violations, but speculated that the Microsoft patch file may have been mistaken for the full Office 2010 product. The other files may have been triggered as infractions due to number sequencing.
"Their [LeakID] system did not investigate the internal structure or content, just [the] file name," Parkour said, adding that MediaFire seems to be less concerned about false positives and more about avoiding the fate of a company like Megaupload.
"They pay them money for collecting violators," she said. "It doesn't matter how many babies [go] down the wash water . . . Security or technical research, especially open-source intelligence [and] open-source development will suffer if they are haunted like this. I think anyone who posts original content online...can be blindly targeted by copyright bots."
Parkour later said she wasn't sure if MediaFire was the one recruiting vendors like LeakID.
Thomas Langridge, co-founder of MediaFire and the current VP of products and communications, said MediaFire is not to blame.
"To be clear, we don't work with this company, we didn't hire them, we have no business relationship with them, other than the fact that they submitted these DMCA claims," he said in an email Friday evening to SCMagazine.com. "As I mentioned, we are bound by the law of the DMCA which requires us to comply with valid DMCA complaints."
This incident is making Parkour second-guess her decision to conduct research in the cloud, which she said is superior to on-premises hosting from a security, convenience and productivity perspective.
"For many people, it's essential, and it has been for me," she said. "I have offers for off-the-cloud hosting and I will take them, but I think for many companies it will be hard. [It] will be hard for me too."
Parkour added that she has received ample support from fellow researchers, and she knows she isn't the first person to deal with a situation like this.
Langridge told SCMagazine.com that cases like Parkour's are "often complicated and our team is investigating the issue at the moment."
A representative at LeakID could not be reached for comment.