[ISN] Is the RIAA "hacking you back"?

From: InfoSec News (isnat_private)
Date: Mon Jan 13 2003 - 23:02:41 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Mike Meyers' Certification Passport CISSP", Shon Harris"

    By Andrew Orlowski in San Francisco
    Posted: 14/01/2003 
    The RIAA is preparing to infect MP3 files in order to audit and
    eventually disable file swapping, according to a startling claim by
    hacker group Gobbles. In a posting to the Bugtraq mailing list,
    Gobbles himself claims to have offered his code to the RIAA, creating
    a monitoring "hydra".
    "Several months ago, GOBBLES Security was recruited by the RIAA
    (riaa.org) to invent, create, and finally deploy the future of
    antipiracy tools. We focused on creating virii/worm hybrids to infect
    and spread over p2p nets," writes Gobbles.
    "Until we became RIAA contracters [sic], the best they could do was to
    passively monitor traffic. Our contributions to the RIAA have given
    them the power to actively control the majority of hosts using these
    Gobbles claims that when a peer to peer host is infected, it catalogs
    media and sends the information "back to the RIAA headquarters
    (through specifically crafter requests over the p2p networks) where it
    is added to their records", and also propagates the exploit to other
    "Our software worked better than even we hoped, and current reports
    indicate that nearly 95% of all p2p-participating hosts are now
    infected with the software that we developed for the RIAA."
    The "hydra" is uncorroborated.
    Gobbles attached two pieces of code, one of which jinglebellz.c
    details a frame header exploit for the Linux player mpg123. The code
    chastises OpenBSD lead Theo de Raadt for failing to checksum the
    public MP3s (written to celebrate each OpenBSD release). The group has
    singled out OpenBSD in its previous exploits
    In their presentation to last year's DefCon, the group described
    itself as "the largest active nonprofit security group in existence
    (that favors full disclosure)," consisting of 17+ members.
    "They're real, and they're damn good. They have made what appeared to
    be extremely exaggerated claims in the past, and when mocked, they
    have demonstrated that they are serious," one security expert familiar
    with their work, who declined to be named, told The Register.
    "He's a funny guy," De Raadt told us. "This is a buffer overflow
    exploit," he confirmed. De Raadt said he was more concerned by social
    engineering than by external exploits. "We had Fluffy Bunny, now we
    have Gobbles. They come in waves. "
    An exploit of this nature is of dubious legality, right now, but
    language in Howard Berman's "P2P Piracy Prevention" bill last year
    legitimizing such exploits was backed by RIAA chief Hilary Rosen:-
    The Berman bill, ensured a copyright owner would not be liable for
    "disabling, interfering with, blocking, diverting, or otherwise
    impairing the unauthorized distribution, display, performance, or
    reproduction of his or her copyrighted work on a publicly accessible
    peer-to-peer file trading network, if such impairment does not,
    without authorization, alter, delete, or otherwise impair the
    integrity of any computer file or data residing on the computer of a
    file trader." Berman is expected to re-introduce the bill in this
    Congressional session.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 01:16:30 PST