"Record-label hackers should wipe out the computers of people who swap MP3s. That's the nuclear option Utah senator Orrin Hatch recommends."

Yep. And,

"Meanwhile, peer-to-peer special ops have already begun. The courts have been busy - and are likely to get busier - with Recording Industry Association of America lawsuits. The labels have also quietly contracted elite gray-hat hackers and small computer security companies to thwart music file-sharing. According to one self-described anti-pirate, 'It's eye-for-an-eye time.' Here are some of the anti-P2P programs and their industry codenames."

These are the two lead paragraphs in a Wired article entitled Minsters of Rock with, Meet the music industry agents that could ruin your downloading career as the sub-head.

And the 'agents' are: Antinode, Fester, Freeze, Shame, Silence, Suck and Tattle.

Reads a bit like partners in a law firm, No? (Sorry Larry : )

Underneath, you'll see what each name means and under that are italicized comments from Steve Hinkle.

Antinode Creates fake "supernodes," signposts used by some file-sharing technologies (Kazaa, for example) to guide users' computers to files. The pseudo-supernodes distribute misleading file information.

People will BLOCK THIS WITH PEERGUARDIAN AND OTHER BLOCKING SYSTEMS!

Fester Puts the word out on file-sharing networks that RIAA servers have music files for download. The servers redirect users to black hole sites, tying them up indefinitely. Newer P2P clients drop useless connections more quickly, so this approach may already be obsolete.

Users will find these IPs and not download them! They may be blocked as well by consumers.

Freeze Uses an existing bug in P2P clients to remotely "hang" computers hunting for MP3s. The result could be more than mere frustration - unsaved data can be lost during a long hang. It's in development now.

Someone will write an anti-virus signature, or use P2P apps that do not have this, or write a patch file!

Shame If implemented, would distribute a benign P2P virus in an illegal media file that adds the words "I steal music on the Internet" to a user's email signature. Expect to see that appear as a slogan on T-shirts a few minutes later.

This would likely be circumvented with an anti-virus signature, or a manual edit of the signature file, and it be set read-only.

Silence Scans computers on P2P networks for illegal material, hacks into the pirate machine, and deletes the data. One problem: Early versions delete legal MP3s, too.

Users backup their files before this hits, then delete this "deletion virus", and restore their backups.

Suck Scours the Net for large libraries of MP3s, and then starts asking for files. And asking. And asking. Eventually, the requests clog library owners' connections like hair in a pipe - and if the RIAA is using that bandwidth, then nobody else is. As a bonus, this approach generates huge volumes of data traffic, driving up pirates' usage and incurring the wrath of ISPs.

This could be equated to a denial-of-service attack, and a virus and would likely violate computer crime laws. If the RIAA is behind this, who would want to contribute files?

Tattle Recruits other industries. If you have lots of liberated music, chances are you also have a few pieces of software that fell off the back of a truck. Recording industry bots already track online piracy - insiders have suggested the RIAA share that information with the software and movie industries.

This is doable, however you still have the concept of "innocent till proven guilty". This could result in class actions back. See www.directvdefense.org for a similar concept with smart card products, of people who did not intend to use them for signal theft. This is a similar concept.

(Thanks Steve. You're hired! : )

Very excellent article. Look folks, there is a federal law that is a felony that is found under USC criminal code, title 18, the so-called "anti-hacking" statutes. If the RIAA starts using script kiddies and what I call "brownhats" (the reader can figure out what brown substance this might be without me engaging in scatology) and the P2P's find out their IP and who they are, they should be turned into the FBI and everyone should push for federal prosecution of these sorry excuses for code manipulators. These guys are not hackers, they are proggie endusers for hire.
~code

Sorry to double post, but I feel strongly on this. I feel that we have too many laws, and the useful ones don't get used enough, BUT, and this is a big one, bots are computer programs. To the extent they interfere with networks, they fall into the same class as viruses and worms. I am sick to DEATH of getting SoBig or other viruses and having relatives and friends who are not as adept with computers as I am, worried about the next worm or virus. I for one am going to contact congress and ask that they start looking into these programs, into the folks doing the programming, into the people using them, and demand that something be done. I just wish the P2Pers would get more proactive in protecting themselves and their users.

ANYONE WHO WOULD WRITE A PROGRAM FOR THE MEDIA OR OTHER COMPANIES THAT DOES WHAT THESE PROGZ PURPORT TO DO, IS LOWER THAN THE CORE OF THE EARTH!
And, anyone who writes and uses these little progz, had better watch out, because breaking federal law like this can get you put away.
~code

Back up and on the net

http://www.dontbuymusic.com/

Luce, Forward, Hamilton & Scripps LLP
hmmm...that's a familiar sounding bunch...I think they are the ones sending out subpoena requests for the RIAA arent they?

i hate hacker n crap, they ruini the fun of life

CodeWarrior
Here is the address for the NPD

http://www.npd.com/

Boy, every time I come here, the news gets worse and worse.

This goes far, far beyond music and illegal file sharing. Not only is this going to tie up enormous amounts of bandwidth, it's going to result in out-and-out hacking.

Never mind that it's blatantly illegal, I have the suspicion that all of this software has the potential to be a test bed for government snooper and DOS progs.

Who are we kidding? The damn RIAA acts like they own the whole country, and so far, not a single government entity has told them they don't.

All this week, I've seen activity at gnutella and imesh ports in my router logs. I don't have these progs running, nor do I have them even installed on my machines. I shudder to think what I'd see if my machines were wide open to the net.

If this doesn't piss you off and make you want to sting the RIAA even more, I don't know what will.

I defy these crooks to even try and break into my systems. There is no measure to the amount of damage I will unleash on them if they do. They will have their bank accounts wiped. Don't fuck with me RIAA. SoBig and Blaster and NOTHING compared to what I can do.

How about we send Mr. Hatch a bunch of letters and make sure you list them as public on congress.org!

If the RIAA hacks into anyone's computer, then they have bypassed an access control. This is a clear violation of section 1201 of the DMCA. I am absolutely positive about this because we spent a couple of hours arguing this point at DMCA rulemaking hearings at UCLA in April or May.

If you have even a poorly set up firewall or other access control and they bypass it, either through hacking, a virus, worms or phony nodes, they are guilty as hell.

The RIAA is breaking the very same laws it is using to prosecute consumers with. Time to turn the tables.

SING IT MAN "AIN"T NO MOUNTAIN HIGH ENOUGH"
YEA YEA!

Microsoft is after the music read this:

Marching to a Different DRM

http://www.ecommercetimes.com/perl/story/31387.html

Codewarrior, could you please take some time to look at this site to see if it is a worthwhile program to halt the riaa into looking at peoples files. The site is at

http://www.lavasoftusa.com/software/adaware

and some of the blurb is as such

Ad-aware Standard Edition is THE award winning, free*, multicomponent detection and removal utility that consistently leads the industry in safety, user satisfaction, support and reliability.
With its ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components, Ad-aware will provide the user with the confidence to surf the Internet knowing that their privacy will remain intact. Let Ad-aware protect your privacy.
Discover why our award-winning products are leading the industry

* We provide you with the most thorough and efficient product to detect and remove the worst that the Internet and shareware/freeware have to offer.
* Our reference database is updated and tested regularly. Added staffing and better editing tools have allowed us to substantially increase our research and developmental productivity. This means that users will enjoy an increase in the number of updates and can be assured that any new discoveries will be added quickly.
* Our dedicated Staff has been drawn from the privacy and security communities where they have gained years of valuable experience which has been incorporated into our software.
* The all new and vastly improved User Interface allows the flexibility and control that were only dreamed of in previous versions. This includes user defined file sizes (essential for those who store large files such as MP3's or digital photo and video) allowing for faster scanning through the exclusion of files that are known to be clean.
* The user now has complete control over WHAT is scanned on their computer; from a total system scan down to a single folder.
* Improved safety, included automatic quarantine and recycle bin storage of removed components allows for simple restoration procedures. An all new backup archive viewer that allows the user to quickly and easily review components that have been removed and stored for future restoration.
* All new and integrated reference file updating capability that will include the ability to search for new reference files automatically when Ad-aware is started.

Ad-aware is compatible with Microsoft® Windows® 98/Me/NT/2000 and XP Home and Professional.
Getting started
If you are new to Ad-Aware, we strongly recommend that you read the Help file before attempting to use the software for the first time. After you have read the manual please be sure to update your reference file to the latest release and be sure to configure the RefUpdate feature (recommended) to automatically search for new updates on a weekly basis.

And again, the link don't fly..just type it in I give up! Pepe

pepe51200, adaware is a good program for dealing with spyware,adware,malware and such, and I run it. Adware doesn't catch it all, so I run other progz too such as Spybot and some others. They generally have free versions that work well, so I suggest that people use them on a regular basis to rid yourself of software parasites that not only allow datamining, but use up your bandwidth, slow your system, and interfere with privacy generally.
~code

Download from legal sites like http://www.weblisten.com to avoid problems

Thanks Code. Pepe

isp-privacy:

Here's a better idea ! Let's send Sen. " Cornin Patch " a bunch of letters titled " we support you " and fill the content with " SCREW YOU , YOU NAZI BASTARD! "

...I dealt with Hatch about 17 years ago when I was spearheading a move against some proposed legislation. Of all the senators I dealt with, I found him to have the least fixed principles in my opinions. He did whatever would help Mr. Hatch, and would make whatever "one hand washes the other" deals he thought would give him the best position of leverage. That's the kind of crap in politics I find particularly disturbing. It's like "constituents be damned, what is good for MY agenda"...so Rightoshare,
ya made me laugh bro, and I needed a laugh...thanks
~code

Well, that's all the more reason to throw the whole damn lot of them out on the street.

Man, I hate politicians.

It's probably a bad idea, and a wasted vote, but next election, I'm not voting for a single incumbent. My votes will go to anyone who is a challenger. It's my protest vote.

I don't think we should bother about Hatch. He's dead set against file sharing. Let's move on. There are a lot of other people we should be trying to express our views to.

I've been away for 1 day and I come back to 12 news posts and a days worth of comments to catch up on. The letter sent to Coleman by "Susie boy" was very sickening. Typical "Fill up the paper" jargon to make it look big and impressive. Yet evading the very issues it was intended to report about. Typical political response.

Hot air, Deaf ears, Glazed eyes and no answer!

The comments that have been posted on this sight have been more informative ( and entertaing ) than any thing I've seen come from anyone with any clout.

Entertaing --oops!

Entertaining ---DAmn! I think I got right that time! LOL

In other words, what you don't understand should be feared and controlled.

Typical motherf*ckers arent they?

Listen up people...this isnt just about shouting out our message about the hypocracy and the criminal, controlling behavior of the RIAA, etc...its VERY VERY important we tell the world and those fat cat f*ckers that the internet is NOT going to turn into another pathetic/racist/commercial/politically controlled medium like television and radio. What I feel is tragic is that we as people allowed this happen in some degree. From the stuff I've been reading...theyre itching more and more to try to gain some sort of precedent that the internet SHOULD be regulated.
I know most of you guys know this but we mustnt lose sight of other things we can lose as AMERICANS.
Being an American is the right for ANYONE (even if we hate em) to have their voice and these people want to take away the one of the last communication medium as OUR forum. Don't lose your rights as Americans to these fascist dictactors!!

Ok..Im done venting and regressing for now. Carry on

Not to stand judgement of anyone really but if youre using AOL...shame on you Heh

AOL scares the hell out of me.

Just saw on TechTV that RIAA shut down X Mule
~code

HI RIGHTOSHARE! HOW is it down there in blue hair country?

You know...I was thinking...college kids ARE the future generation.

I wish more of them would pursue their dreams independently and not always relent to finding that dream job in the corp.

I did that and they tossed my ass out and now I work my own business. Ill never go baq.

What does this got to do with anything? Well...knowing what BS the media is..why are college kids studying visual/audio/art etc etc still trying to pursue being part of the corporate world that treats people badly? If all these kids colloborated..formed their own company with the business for the real people in mind...imagine the power. I know that goes on..but I dont think its going enough. We need more indie filmmakers/actors/musicians/etc.

F*ck commercialism.

ok, how come they just keap beating us down, and for what? our score is like 1 to their 500,000,000!!!! and they are making sure ours says at 0.... thats the way i look at it...so when we get a point on the board, its like, lets drop a nuke on these bitches... cuz we cant have our way 24/7...

Regarding internet regulation: I just read an article the other day (sorry, no link) that said the govt is whining about how hard it is to track terrorists now, unless they are allowed to monitor the internet more closely.

They said that most terrorists are using the net for communication, and new legislation should be passed to allow them to 'tap' internet communications much the same way phone taps have been used in the past.

isp-privacy :

Hey! It's just great . If they drive any slower I'm gonna make speed bumps out of them.

Simple, they want war - give it to them.

Retaliate, flood the ports they're using, DDoS the IPs they're coming at you on, hell war-dial their customer service numbers and tie up their phone system, Phreak it or haxor it even.

No matter how big or secure the servers they intend to do this crap from are, they're not big enough, nor secure enough.

We flat out-number them, and I honestly think we have the edge in skill over the clueless gits they'd have anyhow, since no one with a brain would work for them in this capacity.

Every other forum and media accessible to the american public has been taken away, consolided as part of The Combine and pumps out whatever uncle fed wants it to, except the internet, and that ONLY because we outgun them here - as we once outgunned them in other media, but lacked the cojones to take risks, stand up, and make sure it STAYED free.

It's not just about the music, it's about free expression, and the last bastion of it in this country, and be DAMNED if I fork it over without a fight.

All tyrants outlaw self-defense against them, if you're unwilling to be an outlaw, you're unwilling to be free.

All I got to say about it.

-user

AverageConsumer :
It sounds like another excuse to pass some 'hurry-up' legislation to allow for peeping in to our privacy.

pepe512000 (and anyone else : ) under the 'better-late-than-never' heading, also check out SpywareBlaster here: http://www.wilderssecurity.com

Cheers! Jon

thanks jon, I use that one and couldn't remember the name of it.
It overall lacks the general functionality of the others I think.
I used it once, but didn't have a use for it after the first use. I use the others on a regular basis. Glad you remembered that one.
~code

Once again, Code is right. Unfortunately, it's been a way of life for the government and big money for years. There ARE laws, but the more money you have, the less they apply to you. In another high profile case involving music, Tipper Gore and her cronies managed to impose censorship on the art world. Small group, not alot of backing, but ALOT of cash flow. Soccer Moms win again. It's a disturbing trend on alot of other news fronts as well, where the officials the public elected blatantly ignore the public opinions and polls, and vote where the money is.

For myself, I use a good hardware firewall, a good software firewall, and a daily scan using AdAware and few others. If I find an attack by a known RIAA ip, or any unknown IP that tracks back to them somehow, you can bet I'll be filing lawsuits and informing the government. Not that I can do that much good, but if we ALL do it, maybe we can get somewhere. It's already been proven that the government won't listen to your letters, and painfully obvious that the news media never covers our end of it, or interviews the consumer.....are we surprised though? Of course, media defends media. And the polls of file sharing? Also run by media companies. Hung jury, folks.

I mainly rely on PG and the fact I'm on a router. I have SpyBlaster and as I understand it, it's not something you 'use' after you've set it up, apart from applying updates, that is. It's good for nailing stuff that's already on your system and after that, lurks in the background to keep unwanted incoming junk off. But I freely admit I lack the depth of knowledge most people here seem to have, which means I go largely on faith and other peoples' recommendations. heh.

But the best thing would be to have no need for these apps at all.

Cheers! Jon

I have a question for you techies:

We talk about attacks and hacking, but what exactly constitutes an actual attack? I see port scans a lot, but I probably wouldn't recognize a full blown attack.

Now, I did see a single IP banging on one of my ports a couple of hours at a time for 3 days in a row, but it was stopped at the WAN side, no damage done.

I thought it could be a bot (maybe) sitting on a gnutella port (6346)waiting for me to fire up a p2p prog. I don't have any p2p progs, so they were gonna wait a long time, for sure.

So, I guess what I want to know is, what are we looking for, and when is it something we should contact their ISP for (assuming they'll do anything about it)?

You can do a simple Whois to find out who the IP in question belongs to. I use McAfee's VisualTrace. I just like the nifty map it give you. Many times, it's just a bot scanning ports on random IP's looking for an open version of the program. You can go to PeerGuardian's website for a current list of blocked IP's, and check it against that.

Oh, I already use IP tracking progs, I know who it belongs to. Yeah, PG has a good database, growing all the time.

I'm just wondering what to look for to recognize a full blown attack instead of casual port scans.

At what point does it become more than just a casual scan?

"Scans computers on P2P networks for illegal material, hacks into the pirate machine, and deletes the data. One problem: Early versions delete legal MP3s, too."

~Peer-to-Peer Users hack back with a vengance and delete illegal software. One problem: Users accidentily destroy thousands of corporate computers~


From the people who said "breaking the law is breaking the law," we have another intellectual gem.

I am hopeing they they keep hacking people because one of those times they are going to piss off the wrong person. And then the RIAA will be hacked, hacked, and hacked again.

Oh BY-the-way i am looking for a new name for the RIAA
Really
Ignorant
A???????
A???????

Speaking of Orrin Hatch,

http://congress.org/congressorg/bio/userletter/?id=586&letter_id=41730581

Here's another
http://congress.org/congressorg/bio/userletter/?id=586&letter_id=41728176

Meant to put this in the last post.

While I doupt the RIAA will unleash the hackers yet, I wouldn't be surprised if they try it once ths sue 'em all campaign is established, espicially if it doesn't work.

Someone thinks they can hire script kiddies to fight the most skilled group of geeks on the internet? Thats going to start an arms race. Its also likely a fairly large chunk of the internet will get caught in the crossfire. Every ISP and company that gets in the way will join the fight, using technical means to block p2p and lawyers to harass the bot operators. (Note the bot operators will not be the RIAA, they would never do something like that directly. They might however hire a contractor to do it for them).

I think p2p should be made tougher to hack of course, to stop the various viruses and script kiddies we already suffer as well as any potential attack by a well funded bot with distant ties to the RIAA.

Heres what I suggest:

1. WMA, WMV, ASF formats. Remove. They have virus carrying potential. They are too propritary anyway, and support DRM.

2. Some kind of trust system for central points such as supernodes. Something like the ed2k or DC++ system, where stable servers are run by individuals. Not the kazaa system where supernodes just appear in convenient places.

3. Give the users more information about what the clients doing. An ed2k-style chart of file part availability makes it a lot easier to spot files that are half missing. Allowing the user to see which server returned a search result makes it a lot easier to see any that are returning rubbish.

4. File inspection in the clients. Just basic verification. For example, does an MP3 file contain a valid MP3 header? If not, highlight the file in the download list and let the user choose to continue downloading or not. Does an AVI file have the AVI trailer information? If not its been damaged, tell the user. If shareing a WMA file, does it have a DRM header? If so, dont share it and inform the user. And so on.

5. Increase community on the networks. Systems like DC++, where users know and talk to each other, will be very hard to infiltrate with bots.

Big12 , How about Arrogant A@#holes.

goldenpi, as usual, great, well thought out post. You have thought about the mechanics of this far more than I, but reading your suggestions , I had certain questions. If you eliminate variable supernodes, and have individual servers, this is going to make individual servers with fixed IP addresses, much more a target of suits, and vicarious infringement charges. The more a network is centralized , as opposed to a very loose distributed network, the more it runs the risk of a Napster fate. Also, the more file checking for integrity is incorporated in the software, the more reponsiblity a court is going to hold the network owners and administrator to making sure that a mechanism is in place to check for copyrighted files and to stop transfer of said files on the system. P2P network file networks like Sharman, have been able to avoid being shut down because of several things. One is that they have a multinational and confusing separation of companies, owners,registration,etc. Also, the network is able to rightfully claim that there is a substantial non-infringing use, and that the very loose, decentralized nature, means they are not able to check every file moving on the network for its copyrighted status or not.
Now, with the new pay for use version of KaZaa, which I have not found out much about, there probably are more safeguards in place.
But, any new procedures in file checking and transfer, for legal sake, must be for security reasons, meaning to rule out viruses, worms,etc. And, I would definitely make ANY network bot free. Since the P2P mechanics are not my forte, please excuse any dumb comments I made.
I do know a bit more about legal matters, and I can promise you if the RIAA sues a P2P and in court, it appears as if the network is built from the ground up to enable copyright infringement, the P2P will lose, plain and simple. You have to have plausible deniability and "wiggle room".
That being said though, all in all, you had some GREAT ideas and certainly, these will need to be addressed in future iterations of P2P networks, as more and more efforts are generated by the Powers of Evil, to interfere with the P2P network operations, and file sharing by individuals. File sharing has gotten a crappy name, and that's a shame, because there are many files out there that are free of restriction that are great to be able to access.
~code

RIAA -- shooting themselves in their foot?
Hello all y'all!!
First, we should check if RIAA is really behind this lawlessness; if they are, then we already *HAVE* a (last?) nail to their coffin ... And how ironic it is -- to destroy them with the same DMCA they've helped to bring about! Well, hacking (or rather, cracking into someone's machine), destroying of files, making and distribution of computer viruses, DoS attacks ... Well, it falls into the scope of criminal law in most of the countries (for example, such acts are criminal in Poland, too) ... The RIAA may feel safe when using the P2P software (even against the TOS) to get some user information without any disruptive and clearly criminal act; now, they may NO MORE; if they're really behind this, then they are the CRIMINALS, in the very sense of criminal law (and not only our feelings), hiring, aiding and abetting those who break DMCA and other laws. Sue them? YES ! But also CHARGE THEM (with crime) !!! Who will file a formal complaint at the public prosecutor ???

I think it's hilarious that they think they could win any techno war against the current generation. There are 12 year olds who can write code rings around any cat in his 30s with a computer science degree. The RIAA idiots go hire Mark at LamePPP or MediaFarce, and tell them, "Go hack these downloaders". What a joke. People talk about script kiddies, but there are kids in their teens that seriously could kick any mercenary blackhat wannabes! I guarantee, if the RIAA ever wants to have a website, or if they have any hopes of using an online service to distribute tunes, if they start this, it will be "Cry havoc and let slip the dogs of war"...when they go to war with the techno kids, it's like carrying a wooden ice cream spoon up against a nuclear weapon, they are already outgunned.
=>>>>>>=========================>
~code

How about everybody gets together, donates ten dollars a peice and starts a high powered class action law suit against the RIAA? if someone hacks into my 3 thousand dollar computer and fucks it up as in the RIAA i'm not going to be a happy camper.... Welcome to Communism in America folks.. Fuck America.. it sucks!

When the RIAA sues a P2P is court, its as good as dead. So far only ONE has survived court, and the RIAAs appealing that. They easily took out napster, audiogalaxy, aimster (is that down yet? The RIAA braged about it on their home page months ago), songspy. Even chewplastic, and that was just a search engine. So far the only networks with a good survival rate are the ones the RIAAA cant sue, either because they are set up in the middle of nowhere (fasttrack) or because there is noone to sue (gnutella).

Using more centralised topologys would make them vulnerable to legal problems. There can be a lot of hubs - there are at least 1000 in DC++ - but if the RIAA is willing to attempt the sue 'em all campaign I dont think that will stop them. Could be a fairly difficult problem.

A network which wont allow bots is not easy. The bot companies could hire experts to take the client apart and find the protocol. The only way it could be done would be to encrypt all communication, encrypt the program itsself (with a small decrypter loader on the front) and fill it with every anti-debugger and anti-tamper technique you could find. Ive looked at programs like that, they are tough but not impossible to understand.

damn i missed this one...but with this shit starting to happen then it is time to start fire with fire.

i have a supernode,a donkey server and a few other things on a box now (not mine hehe)loging all connections.

and before you say anything im not a grey-hat
just someone who has nothing better to docause he can't download anything at the moment.....see this is what is comeing out of all of this "freedom fighters"

let them bring it,i got a lot of tricks up my sleves......

Im out of downloadable material too. Ive got the new matrix film, Ive nearly got that fishy Disney film for my sister. Ive put a few series of sliders on, and I even discovered a few partially complete collections of obscure and unwanted childrens anime in my archives that really should be completed just for completeness (I have no intention of watching it). But really, these are all make-work tasks.

Ive considered running a server or hub for ebooks. I have a few thousand now, and I think it would be good if there was somewhere the various scanners, proofers, releasers and so on could go to organise, decide which books to do, ensure no work is duplicated and so on. Currently im learning more about DC++, I think I can help in an existing hub there.