MediaDefender Hacker Speaks Out

[zeroday]

In September 2007, anti-piracy company MediaDefender?s emails went public after a hacker gained access to their systems. The attacks cost the company a huge amount of money, not to mention acute embarrassment. Now the person behind the attacks speaks.

The whole Media Defender scandal needs little introduction. The anti-piracy company is incredibly unpopular with most of the file-sharing community, so when they fell victim to a hacker and their company secrets spread all over the Internet, few held much sympathy for them.

Soon it became known that a shadowy group known as MediaDefender-Defenders appeared to be behind the attack - they host the Media Defender emails on their website to this day, but little was known about the chain events, or who was behind them - until now.

In an interview with portfolio, the hacker (using the pseudonym ?Ethan?) explains how things led up to the leak. Ethan, a polite high-school student who lives with his family, was on his Christmas break when he first gained access to the anti-piracy companies servers by exploiting a weakness in their firewall. This was the end of 2006, at a time when business was still good for Media Defender, with revenue standing at nearly $16m.

The interviewer, Daniel Roth, says he communicated with Ethan on pre-pay phone to ensure security. Meeting after school in a local bookstore, Ethan handed over a flash drive holding confidential Media Defender information, explaining that the initial security breach hadn?t amounted to much and that he had difficulty in gaining the interest of fellow hackers. However, a few months later Ethan decided to go back and take a second look - which bore more fruit - giving him access to the company?s email, it?s networked resources and even its telephone system. He then explains how he passed on some of the information to a fellow hacker who gained access to Media Defender servers and used them for denial-of-service attacks.

Logging in a handful of times each month through the summer of 2007, Ethan started to get bored with ?Monkey Defenders? - his pet name for the anti-piracy outfit. Deciding to go out with a bang, he and the Media Defender-Defenders gathered thousands of the company?s internal emails and published them on web.

A text file included with the emails stated: ?By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,? and ?A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account?

Just days later, slamming the anti-piracy company again and again seemed to be the aim of Ethan and friends, as they released a private telephone conversation with the New York attorney general?s office, a P2P tracking database, followed a few days later by all of Media Defender?s anti-piracy tools.

Ethan said that he didn?t set out to ruin Media Defender: ?In the beginning, I had no motivation against Monkey Defenders? he said. ?It wasn?t like, ?I want to hack those bastards?. But then I found something, and the good nature in me said, These guys are not right. I?m going to destroy them.?

Ethan, who is now sought after by the FBI because of the leaked emails, is getting close to this goal. It all went downhill for MediaDefender after the leaks got out. In November it turned out turned out that MediaDefender?s parent company ArtistDirect lost almost $1,000,000 because of the hack, and their stock price plunged soon after that.

To make it even worse, a week after the sensitive information was made public, the Pirate Bay launched a counterattack against their arch rival. They decided to use the information from the emails to file charges against some of MediaDefenders customers including Paramount Home Entertainment, Twentieth Century Fox and Universal Music Group for corrupting and sabotaging their BitTorrent tracker.

There is no doubt that the pirates have won this battle, and it will be very hard for MediaDefender to regain their credibility. To quote MediaDefender CEO Randy Saaf: ?This is really ****ed??. Yes, I?m afraid it is Randy.

Source

Long but interesting read of the original source

[Tokar]

hmm now we just need someone to hack the telcos and get the emails about how they broke the laws by spying on americans.

[MasterC]

A high school kid did that? Wow... :|

[jokeripa]

I found the site where he posted the emails, there is one displaying a rake of torrent sites that are being monitored!

Hmm, this is also there, regarding audio files :|

Here is the list we came up with:

Apply Lowpass/Highpass Filters

Add Static

Changing Bitrate

Modulated Bitrate

Re-encoding to a low bitrate then back to a high one

Adding random noise (FileF)

Lowering or raising the volume over the course of a song

Applying a periodic volume wave

Switching from Stereo to Mono

Changing between Left and right channels

Looping chorus of song

Rearranging Verses

Cutting out Chorus

Adding Channels

Adding Audience Noise

Adding a laugh track

Adding Reverb/Echoing

Adding Voiceovers / advertisements

Blanking out random words

Censoring/beeping random words

B*stards!

Edited January 18, 2008 by disturb3d