The Futility of Fighting Media "Pirates"—How MediaDefender Got Hacked

pirate.pngAs if we needed yet more evidence that trying to fight piracy is a futile exercise, just look at the case of a company called MediaDefender. The company acts on behalf of media companies to monitor and sabotage the sharing of movies, music, and video games on peer-to-peer networks. It seeds BitTorrent, for instance, with fake files to try to make P2P file-sharing a hassle and annoyance. Last September, a hacker fought back by uploading to BitTorrent internal e-mails and documents outlining MediaDefender’s tactics, rendering them much less effective.

For a blow-by-blow, on how the teenage hacker compromised MediaDefender’s own defenses and why he felt compelled to disseminate its secrets on the Web, read Dan Roth’s story “The Pirates Can’t Be Stopped” in Portfolio. (In case you have not seen it, the story has been out for a few weeks). The hack ended up increasing MediaDefender’s costs by 28 percent, including nearly $1 million in legal fees and “service credits” it had to offer to unhappy media customers. Here’s an excerpt from the story, which shows how exposed the company became to the righteous teenager (who refers to the company as Monkey Defenders):

One file contained the source code for MediaDefender’s antipiracy system. Another demonstrated just how deep inside the company they had gone. This file featured a tense 30-minute phone call between employees of MediaDefender and the New York State attorney general’s office discussing an investigation into child porn that the firm was assisting with. (MediaDefender refused to comment for this story.) The phone call makes clear that the hackers had left a few footprints while prowling MediaDefender’s computers. The government officials had detected someone trying to access one of its servers, and the hacker seemed to know all the right log-in information. “How comfortable are you guys that your email server is free of, uh, other eyes?” an investigator with the attorney general asked during the call.

“Oh, yeah, yeah, we’ve checked out our email server, and our email server itself has not been compromised,” the MediaDefender executive said.

But, of course, it had.

“In the beginning, I had no motivation against Monkey Defenders,” Ethan tells me. “It wasn’t like, ‘I want to hack those bastards.’ But then I found something, and the good nature in me said, These guys are not right. I’m going to destroy them.”

And so he set out to do just that: a teenager, operating on a dated computer, taking on—when his schedule allowed—one of the entertainment world’s best technological defenses against downloading.

The story also has some good details on how MediaDefender went after the Pirate Bay.

It’s a cautionary tale for media companies everywhere. Treat file-sharers like pirates, try to clamp down on them, and they’ll always find new ways to fight back. There are too many of them. They are smarter than the media companies and the industry’s digital lapdogs. Treat them like consumers, and they’ll respond better.

(Photo via Casey West).