I'm no lawyer, but this just doesn't sound legal to me. It sounds like it would fall into the realm of Illegal Search and Seizure. Any legal professionals (Larry, hint, hint) out there wanna clarify?

http://online.securityfocus.com/archive/1/306476/2003-01-10/2003-01-16/2

-----BEGIN PGP SIGNED MESSAGE-----

___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ _______
/ __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / /
| (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| | /| | | | \ V /
\___|\___/|___/___/____|___|___/ |___/___\___|\___/|_|_\___| |_| |_|
"Putting the honey in honeynet since '98."

Introduction:

Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org) to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over p2p nets. Until we became RIAA contracters, the best they could do was to passively monitor traffic. Our contributions to the RIAA have given them the power to actively control the majority of hosts using these networks.

We focused our research on vulnerabilities in audio and video players. The idea was to come up with holes in various programs, so that we could spread malicious media through the p2p networks, and gain access to the host when the media was viewed.

During our research, we auditted and developed our hydra for the following media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)

After developing robust exploits for each, we presented this first part of our research to the RIAA. They were pleased, and approved us to continue to phase two of the project - development of the mechanism by which the infection will spread.

It took us about a month to develop the complex hydra, and another month to bring it up to the standards of excellence that the RIAA demanded of us. In the end, we submitted them what is perhaps the most sophisticated tool for compromising millions of computers in moments.

Our system works by first infecting a single host. It then fingerprints a connecting host on the p2p network via passive traffic analysis, and determines what the best possible method of infection for that host would be. Then, the proper search results are sent back to the "victim" (not the hard-working artists who p2p technology rapes, and the RIAA protects). The user will then (hopefully) download the infected media file off the RIAA server, and later play it on their own machine.

When the player is exploited, a few things happen. First, all p2p-serving software on the machine is infected, which will allow it to infect other hosts on the p2p network. Next, all media on the machine is cataloged, and the full list is sent back to the RIAA headquarters (through specially crafted requests over the p2p networks), where it is added to their records and stored until a later time, when it can be used as evidence in criminal proceedings against those criminals who think it's OK to break the law.

Our software worked better than even we hoped, and current reports indicate that nearly 95% of all p2p-participating hosts are now infected with the software that we developed for the RIAA.

Things to keep in mind:

1) If you participate in illegal file-sharing networks, your computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively infecting p2p users, and building one giant ddosnet.

Due to our NDA with the RIAA, we are unable to give out any other details concerning the technology that we developed for them, or the details on any of the bugs that are exploited in our hydra.

However, as a demonstration of how this system works, we're providing the academic security community with a single example exploit, for a mpg123 bug that was found independantly of our work for the RIAA, and is not covered under our agreement with the establishment.


Affected Software:

mpg123 (pre0.59s)
http://www.mpg123.de

Problem Type:

Local && Remote

Vendor Notification Status:

The professional staff of GOBBLES Security believe that by releasing our advisories without vendor notification of any sort is cute and humorous, so this is also the first time the vendor has been made aware of this problem. We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP

Exploit Available:

Yes, attached below.

Technical Description of Problem:

Read the source.

Credits:

Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlwEARECABwFAj4jBA0VHGdvYmJsZXNAaHVzaG1haWwuY29t AoJEBzRp5chmbAP4gwA
oKmMyRIxA74KZfAVv3MsEBKCZxRMAJsFFhywKWzMoiT/Qiy4 V+r1inukA===OjMp
-----END PGP SIGNATURE-----

1) "2) Your BlackIce Defender(tm) firewall will not help you."

I use zonealarm and kerio side by side. I block the riaa ips. They can't even fucking see me. Beat that.

2) "Our system works by first infecting a single host. It then fingerprints a connecting host on the p2p network via passive traffic analysis, and determines what the best possible method of infection for that host would be. Then, the proper search results are sent back to the "victim" (not the hard-working artists who p2p technology rapes, and the RIAA protects). The user will then (hopefully) download the infected media file off the RIAA server, and later play it on their own machine."

WTF can they do?! I have 2 firewalls, and they are blocking most of their machines. I have a virus scanner. The extension of the file and the size of it tells me if it's a fake. Yet ANOTHER reason to use eMule, not a P2P client search, but a search of posts P2P users made of their files.

"
Our software worked better than even we hoped, and current reports indicate that nearly 95% of all p2p-participating hosts are now infected with the software that we developed for the RIAA."

%95= The amount of idiotic P2P users. The ones who can't use a firewall, virus scanner, etc.

The IP addresses from peerguardian were put into my firewall, and they've been blcoked more times than I can remember. Try again motherfuckers, access denied.

Funny how no Mac software is mentioned. Does that mean that only servers running other operating systems will survive.

"5) We have our own private version of this hydra actively infecting p2p users, and building one giant ddosnet"

Well, this sort of ruins the otherwise professional tone of the email. This doesn't exist. And if it DID exist, no one responsible for it would EVER be so insipid enough to actually speak it aloud. The entire theory of plausible denialability is based on never making overt statements like this.

You think the government doesn't keep its ears open on its own arpanet for chat like this? Please.

Although it makes for a nice "1984" scary ghost story. Stuff like this COULD come to fruition.

that's all a load of bullshit.

the only problem with mplayer were the embedded hyperlinks.
zonealarm solves this problem by blocking mplayer's access to the Win IP modules.
them cocksucking RIAA employees are the real "scriptkids", no real education, just an illusion of authority and tech expertise. They, and especially the King of Gerbils who allegedly wrote this letter, they can all go back up their momma's ass.

oh yeah, it also helps to :
1) declare IE as your default browser
2) use ZoneAlarm to block IE's internet access
3) then use Mozilla or Netscape 6 for surfing the web.

Here's what I wanna know. Why hasn't the RIAA hired these same uber-geek hacker types to protect their website from defacement? Hehe. It's been defaced what? 5? 6 times in the past couple of months?

hmm. your right. plus they can't controll a computer once it's off line... and they can't legaly do what they are stating they are doing so... it really can't happen.

, IE isn't allowed online. I hate it. kerio blocks all the shit spica, and mozilla 1.0.2 is perfect

Also, let's see them hack me when I use SuSE Linux 8.1 Professional to share my files. They'll have no ******* clue what to do!

Suppose I offer $100.00 to disable the Gobbles web site. Any takers?

I think Gobbles did it for you

http://www.bugtraq.org/

That's their URL

First of all, this IS legal, theoretically. Microsoft built this into their software years ago for the purpose of leasing you software instead of selling it. Check at www.eff.org and you'll find an explanation about laws allowing people to reach into your computer to disable pirated software and other reasons.

The reason Mac programs are not mentioned is because if you don't use Microsoft's operating system or software, you've eliminated the largest security threat to your computer.

Been using Macs for 19 years. Stopped using Microsoft products completely after Melissa unless absolutely forced to for business purposes. NEVER have had a virus.

They ARE trying to get the right to do this with their "legal hacking" law, but if they're doing it now as theyt say they are, then this is illegal and they can all go to jail. And if this is some sort of lame joke, I'm not laughing.

fuck them...they have no right.

simple fact of the matter is, they up'd CD and tape prices..so now thye're payin' the price. They're wanting to justify their cause for ripping off the cunsomers, even if it requires hacking of their own. They have no right. Fuck 'em.

i could care less what they no about me, i rip and burn what i want, hell go ahead and sue me, my creditz in so many shamblez they can get in line with all tha other ppl i owe money to...i hope their enjoying tha porn filez they took from me then...i know i did

These idiots don't have no right. Do these idiots know what they're getting themselves into? If they think people hacking into their website is bad I wonder how they're gonna react if someone hacks their servers and just do some crazy mad damage. Fact is, you're now daring alot of people who can hack (wish I was one of em ) and there's no telling what a bunch of guys with idle time on their hands & a motive will do. Viruses, scripts, etc. There are cats that will figure out this whole thing and probably have it all backfire in their faces so hard they'll think that an elephant just did a wet fart on em. I just might get Linux installed on the next HD that I purchase (and learn my way around it) to get rid of this crap that Microsoft has installed in their code if the RIAA is as serious as they sound. -_-

can o' worms I tell ya'
Yer pal Ethan says:
Don't throw down the gauntlet at an unknown enemy.......,.

If it is true, firewalls would be ineffective. It says the trojan communicates via "specially crafted requests over the p2p networks". This would bypass your firewall, because if you're using P2P programs, you have created rules to allow them access to the internet anyway. It would take the surreptitious catalog information, wrap it in legitimate P2P client request, and send it off to the RIAA's servers.

Anti-virus software is only effective if your definitions are up to date and your anti-virus software is aware of the exploit. This thing has to be discovered, analyzed and reacted to before anything like that can be done.

If it is true, and it's out there in the open, it's only a matter of time before this happens. I wish I had more analyst skills.

Legally, of course, this whole thing is on avery shaky ground, and the RIAA was stupid to do it. Of course, that's probably why they are so anxious for that bill to be pushed through which would legalize RIAA hacking.

Just one more thing.. I don't know if this HAS happened, but it certainly CAN happen. Some people seem to think it's impossible on here. I have read reports about how various media players (winamp, WMP, etc..) have had buffer overflow bugs brought up over the last several months. This opens up the possibility of executing arbitrary code and THAT opens the possibility to pretty much anything, if the exploit is clever enough.

This is a serious enough thing that it shouldn't be dismissed out of hand.

The RIAA can suck it. The second they actually make this shit legal is the second I switch to a Linux client. If the RIAA isn't even smart enough to protect their own website from being hacked, how in the hell do they hope to hack us? Simple: pay someone else to do it. That's bullshit. They can't even protect the suppossedly-poor-as-hell-music-industry-that-lives-the-life-of-kings-for-"unknown"-reasons themselves. If they're going to hire someone, they had better hire someone good, not some damn script kiddies either.

I guess what I'm trying to say is if they hack me, I hack them. You catch my drift? .....

well how inpolite!!! they are way off..... way off....

i seriously doubt thatz true...if that kinda thing did exist (with tha government...it prolly does) i seriously doubt they'd come out and talk about it...if this iz true, im sure this guy iz getting hiz ass kicked by all hiz colleguez for opening hiz mouth...

my winamp's been crashing heaps lately... and I went on kazaa recently prior to that ... errm to check out if any of my songs are there... yeah, that's it...
Then again... maybe my system just needs cleaning up

I suggest ultimate paranoia amongst all of us until this all gets worked out. If you're really going to get paranoid, encrypt all outgoing e-mail messages. Trust no one on the internet. It's so incredibly easy to mask your identity. Remember that next time you meet a guy in a chat room named "Al" who wants to help you "speed up" that gnutella, pog.

i think someone should set up a small secluded gnutella network that is only connected to say 3 computers. run kazaa or what ever programs this m/fer says is infected and monitor the ip addresses being sent out by kazaa and the media programs. Hey sciptkiddies out there you need to start fighting back. Write some antivirus programs specifically for p2p programs. Even if this dunt is lying it could happen. Remember everyone likes to gloat...for example that kid in highschool who pulled the ultimate prank..like playing porno on all the tv's in school.. well he had to tell someone to fell good about himself..there is always a little truth in everything said. Peace

shoo..that was somethin new

from the expert posters here it does sound like
a bunch a bullcrap

my hunch tells me they're certainly funding
research such as this, if not the very thing
here

are they implementing this kind of system right now? prolly on a certain confidential level
yes are they taking action with it hell no cuz
the laws don't support it yet but publicly
the riaa will claim they don't know shit about
either the research or any kind of current implementation of it

but they're testin it you can bet..fiddlin with it i bet..seein what they can do with it..is it actually with this Gobbles Security..maybe and maybe not

i like what the experts have to say on this thread..sounds like you can still protect your computer, even if this 'virus' system is in effect .. a wonderful kick in the ass the them

but as for the threatening tone of the letter..
i think its laughable go right ahead and implement you system .. like i give a fuck

you think i'm goin out of my way to virus protect my computer on that scale..firewall the shit out of it..encrypt my mail my files? FUCK NO! and if you get or have records of my file exchanges GO RIGHT AHEAD AND DO YOUR THING laws or no laws in the end all you will do is stir all us users into super protecting our computers
IMPROVING PEER TO PEER METHODS IMPROVING NETWORK METHODS

and lastly IMPROVING THE LAW TO FAVOR US AND STRIKE YOU FUCKHEADS DOWN ONCE AND FOR ALL..we control OUR computers NOT YOU..THEY WILL GET SUED LIKE A MOTHERFUCKER TOO I WILL BE HAPPY TO SUE THE HELL OUT OF THEM MYSELF i'm smart as hell i'll find more loopholes than THEY FUCKING KNOW WHAT TO DO WITH..I WILL FIND A WAY FOR THE LAW TO SUPPORT PERSONAL COMPUTERS TO THE HILT

so put that in your hip pocket

GOBBLE security GOBBLE MY COCK

umm..yeah, what he said

BERMAN P2P BILL - PLEASE READ THIS.

I'm an intellectual property attorney. TODAY, the Gobbles worm would be illegal, but that may change soon.

Please go here:

http://www.eff.org/IP/P2P/overview.html

Read, about the Berman bill (H.R. 5211), and ask your congressman to vote against it.

Gnutella CAN be knocked off the net very easily, and your computers ARE vulnerable to attack. If you think the same precautions that protect you from 13 year old script kiddies will protect you from a swarm of professional programmers, you’re in for a rude awakening. If this bill passes, file sharing will become very hazardous.

WRITE YOUR REPRESENTATIVE AND EXPRESS YOUR ANGER, don’t let this bill pass.

This is the biggest load of bulltookie since Clonaid.

Would it actually be possible for them to hack into your machine and then check or whatever if u have illegal files??? i doubt its legal. I run ZoneAlarm Pro and blocked internet explorer's access and now use netscape. + why would they bother to like give people fines or arrest people if you like just donwload a few movies or music as long as you dont do mass productin and sell it i think you should be fine.

I don't think people get it.

1. Your firewall will not protect you from this kind of compromise. Your antivirus software will not protect. (Not yet, anyway) Read my message above for explanation.
2. Switching from Explorer to Netscape will not help you.
3. The compromise is certainly feasible.
4. No, it's not legal now, but like dionin pointed out above, the RIAA is lobbying intensely to make it legal. In fact, have you read about the RIAA's compromise with the technology industry? "A Landmark Accord" they call it. One of the agreements is that the technology industry lobby to support the RIAA's ability to hack computers suspected of piracy.

You can poo poo it all you like, but if the above bill passes, file sharing WILL become hazardous, no matter how "small" you are.

Looks like this one may have been a hoax. I found the following link:

http://minutillo.com/steve/weblog/?p=66

Simple, hack me, I'll sue and hack you fukin riaa.

supposedly this has been a confirmed hackers prank .. it seriously sounded like one.. though it was slightly well-written

hey somebody has to release all these premature pent-up anxieties of ours

that makes two releases today for me .. i was able to experience the riaa caving in .. and the total fear of being hacked and sued by the riaa

what a rush! whoah

turns out that my poodah needed updating
my winamp don't crash now

Wow, one huge post with a big climax....now I need a cigarette.

Whew! What a ride!

Be nice and don't call them "script kiddies." Call them "Children of the Script." As for the RIAA.... I know a bit of programming that will 'set them back' a bit. I'm working on an IP bomber that bombs a certain IP with junk information on ALL ports. Suck that, RIAA. If anyone wants to help me bomb them, e-mail me at j-mov@independenceware.cjb.net and we can set up a time to bomb the shit out of them once I'm done with the program. I need help! I'M GOIN' TO HELL! NOW WHO'S COMIN' WITH ME?!?!?!?!?

j-mov@independenceware.cjb.net

Contact me if you like your music.

When i first saw this forum, it just made me laugh. Those RIAA phucks couldn't hack their way out of a porn-server! And i also doubt the integrity of Gobbles as well.

Oh, and J-mov, i like your plan, it sounds phun. But you really shouldn't post this sort of "info" on a public forum

You're probably right about that, programming buddy. Nort here helpz me out on my programming. We make encryption and gamez. our sebwite is www.independenceware.cjb.net should you want to see. His nickname on the sebwite is Gman, but that name was taken in the forums. Chunk you!! Well, anyway, we both stand in the same place as far as gnutella is concerned. The RIAA must die, even if it involves taking us down with it....

shit, my face is bleeding. Does anyone else in here program in Visual Basic? Can you give me a way to actually use the winsock in a way that FUCKING WORKS?!?!?!?!? I will kill before the end of this day, Central Standard Time. Someone has three hours, five minutes, and 23 seconds. CEO's, anyone?