Majere
2002-08-13, 04:14 AM
A month after the record industry proposed a bill that would give it the power to use hacker tactics to take down file-sharing networks, the hackers have given the suits a taste of their own medicine. A denial of service (DoS) attack knocked the Recording Industry Association of America's (Riaa) website off the net over the weekend.
Coming soon to a computer near you -- Hollywood Hackers.
Watch as they rifle through your files, dismantle your network, and delete all those songs and movies you can't prove have a legal right to exist on your hard drive. Hope the special effects don't include the accidental destruction of your data when your computer becomes a stunt double in Hollywood's latest blockbuster attempt to protect its copyrighted material.
California Congressman Howard Berman introduced his "Peer-to-Peer Piracy Prevention" Act in the House of Representatives Thursday. If the bill (PDF) passes, copyright owners could -- at least conceptually -- employ a variety of technological tools to prevent the illegal distribution of their copyrighted works over a P2P network such as Kazaa or LimeWire. "Basically, Berman is going to legalize all of the antisocial Internet activities that we have been trying to stamp out for the last decade," said Paul McNabb, chief technical officer of security firm Argus Systems Group. The tools Berman specifically suggested that companies might use include "interdiction" -- flooding a P2P file server with fake requests in order to slow or stop the system; "spoofing" -- providing slews of corrupt, damaged or incomplete files to P2P servers; and "redirection" -- faking the location of files to force traders to perform many futile system-resource-wasting searches.
But media companies wouldn't be limited to just those options.
Smith guessed that, at minimum, media companies could overwhelm P2P servers with "ghost files," tying up the servers' resources as people try to download files that don't really exist.
"Another possibility would be to overload someone's computer by repeatedly requesting the same illegal file to be downloaded," Smith added. Denial-of-service attacks, flooding servers with many requests for nonexistent files in order to crash or dramatically slow network performance, is specifically permitted under the bill. But P2P networks are created on the fly from whatever computers are logged on at any given time, so experts fear that innocent bystanders could also be smacked in a service attack. "Berman is opening the door to massive denial-of-service attacks against perceived pirates, without the attacker having to get prior authorization to launch the attack," Argus' McNabb said. "This could have devastating effects on computers on the same network or in the line of fire. "For instance, if everyone on your block has a cable modem, and someone is thought to be a pirate, a denial-of-service attack against that perceived pirate could take the entire neighborhood cable network down."
Security experts also wondered how Hollywood would come up with a battalion of skilled hack attackers. Would the pirate-battling forces be unassuming programmers, now ordered to come up with malicious programs to foil file traders? Or would Hollywood soon be hiring real hackers?
Coming soon to a computer near you -- Hollywood Hackers.
Watch as they rifle through your files, dismantle your network, and delete all those songs and movies you can't prove have a legal right to exist on your hard drive. Hope the special effects don't include the accidental destruction of your data when your computer becomes a stunt double in Hollywood's latest blockbuster attempt to protect its copyrighted material.
California Congressman Howard Berman introduced his "Peer-to-Peer Piracy Prevention" Act in the House of Representatives Thursday. If the bill (PDF) passes, copyright owners could -- at least conceptually -- employ a variety of technological tools to prevent the illegal distribution of their copyrighted works over a P2P network such as Kazaa or LimeWire. "Basically, Berman is going to legalize all of the antisocial Internet activities that we have been trying to stamp out for the last decade," said Paul McNabb, chief technical officer of security firm Argus Systems Group. The tools Berman specifically suggested that companies might use include "interdiction" -- flooding a P2P file server with fake requests in order to slow or stop the system; "spoofing" -- providing slews of corrupt, damaged or incomplete files to P2P servers; and "redirection" -- faking the location of files to force traders to perform many futile system-resource-wasting searches.
But media companies wouldn't be limited to just those options.
Smith guessed that, at minimum, media companies could overwhelm P2P servers with "ghost files," tying up the servers' resources as people try to download files that don't really exist.
"Another possibility would be to overload someone's computer by repeatedly requesting the same illegal file to be downloaded," Smith added. Denial-of-service attacks, flooding servers with many requests for nonexistent files in order to crash or dramatically slow network performance, is specifically permitted under the bill. But P2P networks are created on the fly from whatever computers are logged on at any given time, so experts fear that innocent bystanders could also be smacked in a service attack. "Berman is opening the door to massive denial-of-service attacks against perceived pirates, without the attacker having to get prior authorization to launch the attack," Argus' McNabb said. "This could have devastating effects on computers on the same network or in the line of fire. "For instance, if everyone on your block has a cable modem, and someone is thought to be a pirate, a denial-of-service attack against that perceived pirate could take the entire neighborhood cable network down."
Security experts also wondered how Hollywood would come up with a battalion of skilled hack attackers. Would the pirate-battling forces be unassuming programmers, now ordered to come up with malicious programs to foil file traders? Or would Hollywood soon be hiring real hackers?