Application security, Breach, Data Security, Incident Response, TDR

MediaDefender hacked, internal emails published

MediaDefender, an anti-piracy vendor often commissioned by movie studios and record companies, suffered a breach over the weekend when thieves stole thousands of internal emails.

The stolen emails, published through file-sharing protocol BitTorrent by a group called MediaDefender-Defenders, revealed that MediaDefender had created a website to entrap illegal uploaders.

According to the emails, MediaDefender placed a honeypot,, that allowed people to upload and download copyrighted movies, television shows and music. But when visitors installed software associated with the site, the software could also surreptitiously track their activity and report to MediaDefender.

Media reports said that MediaDefender - owned by ARTISTdirect - intended to co-opt MiiVii users' computers and turn them into anti-piracy machines in an effort to cut off downloads of copyrighted content. These would distribute files that appeared to contain copyrighted material but in fact were empty.

MediaDefender-Defenders claimed responsibility for the breach.

"This is a highly charged political situation," Paul Ferguson, a network architect with anti-virus software developer Trend Micro, told "[MediaDefender] has put itself in the position as a target – it has been accused of trying to poison BitTorrent traffic."

The break-in might well have been in retaliation for the Motion Picture Association of America's(MPAA) attempts to curb piracy, one of MediaDefender's clients, suggested Craig Schmugar, a threat research manager at McAfee's AVERT Labs.

"In court, the MPAA admitted to paying a hacker $15,000 to get emails belonging to an executive at [BitTorrent search engine] Torrentspy," Schmugar said. "There's speculation on who may have gone after the confidential emails...Clearly, a lot of people are unhappy with the actions of the MPAA, mostly around the practices and methods the MPAA has used to try and prevent pirating of materials."

Although MediaDefender hasn't explained how the breach occurred, Ferguson said "there are rumors suggesting they were hacked."

"[The leak] underscores the ongoing trend that people who deploy internet-facing systems, whether websites, email servers or databases, must make an ongoing, intelligent effort to ensure their systems remain patched, their software is up to date, and securely configured," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.