Embedded BitTorrent: 2 of 5

Embedded BitTorrent: 2 of 5

Anti-P2P Group Takes Down Revision3 Site

29 May 2008 by Mark Hachman, PC Magazine
formatting link

The chief executive of online video network Revision3 on Thursday accused MediaDefender, an anti-P2P contractor, of taking down the company's video-distribution operations over the Memorial Day weekend.

According to Jim Louderback , the chief executive of the site, at least three of the company's top shows were affected: Diggnation, Tekzilla, and the Totally Rad Show. In total, the site's operations were affected from Saturday night until about midday Tuesday, Louderback said in an interview. Revision3 contacted the Federal Bureau of Investigation, which is currently investigating.

How much revenue did Revision3 lose from the attack? "I dunno," Louderback said via instant message. "A lot."

Louderback was formerly editor-in-chief of PC Magazine and a former editorial director for the Consumer / Small Business Group at Ziff-Davis Media, but has no ties to the company.

In a blog post published Thursday, Louderback described the outage as a denial-of-service attack, similar to those MediaDefender has launched on peer-to-peer networks in a bid to halt the spread of copyrighted media files. According to Louderback, the attack was apparently automated to block the spread of the video shows Revision3 distributes via BitTorrent, a neutral protocol that has also been adopted by the file-sharing underground to distribute pirated works.

Revision3, however, was using the protocol to conduct a legitimate business enterprise, and that's what prompted Louderback and Revision3 to bring the FBI into the picture.

"Now why would MediaDefender be trying to put Revision3 out of business? Heck, we're one of the biggest defenders of media around," Louderback wrote. "So I stopped by their website and found that MediaDefender provides "anti-piracy solutions in the emerging Internet-Piracy-Prevention industry." The company aims to "stop the spread of illegally traded copyrighted material over the Internet and peer-to-peer networks." Hmm. We use the Internet and peer-to-peer networks to accelerate the spread of legally traded materials that we own. That's sort of directly opposite to what Media Defender is supposed to be doing."

According to MediaDefender, the company "uses a range of non-invasive technological countermeasures employed on P2P networks to frustrate users' attempts to steal / trade copyrighted content."

Louderback said that both Revision3 and ArtistDirect, the parent company of MediaDefender, held a conversation to try and get to the bottom of the matter. What MediaDefender did, according to Louderback, was to inject false "torrents" into the mix of files that Revision3 sent out. The false torrents prevented the real files from being disseminated, crippling Revision3's ability to seed its own files into the community.

MediaDefender acknowledged its practices on its Web site.

"Decoying and Spoofing are the most commonly known techniques that we employ," the company said. "We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title. Pirated files will no doubt be on the networks, but with our protection applied it would be easier to find a needle in a hay stack than a real file amongst our countermeasures."

"I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, vice president of operations at Media Defender," Louderback wrote.

"First, they willingly admitted to abusing Revision3's network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only - to improve performance and stability," Louderback added. "That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit."

The problem, however, is when Revision3 took action to block the unauthorized files, the blocking apparently triggered a "scorched earth" policy that sent a vast wave of packets at the Revision3 servers. Unable to process all of them, the Revision3 servers were overwhelmed and effectively forced off line.

"Second, and here's where the chain of events come into focus, although not the motive," Louderback concluded. "We'd noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender's servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of "Hi"s brought down our network."

Calls to MediaDefender were not immediately returned.

"In the end, I don't think Media Defender deliberately targeted Revision3 specifically," Louderback wrote. "However, the company has a history of using their servers to, as Ars Technica said, 'launch denial of service attacks against distributors.' They saw us as a 'distributor' - even though we were using BitTorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn. The long Memorial Day weekend holiday made it impossible for us to contact either Media Defender or their ISP, which only exacerbated the problem."

------------------------------------------------------------------------- Guy Macon Guy Macon Guy Macon Guy Macon Guy Macon Guy Macon Guy Macon Guy Macon

Reply to
Guy Macon
Loading thread data ...

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.