Everything Computers!

July 25, 2011

In their ongoing battle with file-hosting service Hotfile, five MPAA studios have asked the court to disallow Hotfile access to information on their anti-piracy strategies. While drawing an analogy between copyright infringement and drug trafficking, the MPAA studios ask the court to handle their anti-piracy documents as trade secrets to prevent ‘pirates’ from getting even more sophisticated than they already are.

Earlier this year, five member companies of the MPAA filed a lawsuit against the Hotfile file-hosting service and ever since the parties have been battling in court.

Last month we reported that the movie studios had requested a substantial amount of information from the file-hosting service, including IP addresses of uploaders and downloaders, and the company’s source code.

Hotfile on their turn, has recently requested information on the anti-piracy strategies of the Hollywood movie studios and the third-party companies they work with. The Florida based file-hosting service says it needs this information in order to mount a proper defense and has subpoenaed Disney, Twentieth Century Fox, Universal, Columbia and Warner, as well as five anti-piracy vendors.

Among other things, Hotfile wants to know how the movie studios find copyrighted material online, what films they give priority and when and where they look for infringing copies.

The MPAA studios, however, do not want to give up this information and have asked the court for a protective order. They argue that disclosing their anti-piracy strategies and protocols could have disastrous consequences, as it would make ‘pirates’ even smarter than they already are.

“Defendants have demanded all documents showing how Plaintiffs and their vendors locate infringing material online. In essence, Defendants are like the fox asking for the combination to the lock on the hen-house door,” the studios explain to the U.S. District Court of Southern Florida.

The request for a protective order is explained in a lengthy document which is accompanied by supporting letters from the anti-piracy chiefs of the five Hollywood studios. The general message is that their anti-piracy strategies should remain secret to prevent an avalanche of piracy.

“Plaintiffs are engaged in a continuous cat-and-mouse game with persons engaged in the unauthorized exploitation of Plaintiffs’ works online. These infringers are often highly sophisticated, and routinely restructure their services or make changes to their modus operandi to evade or decrease the effectiveness of the studios’ anti piracy methods,” the MPAA members write.

To dramatize their point the studios draw an analogy between copyright infringement and drug trafficking.

“In many ways, this is no different than the prejudice to law enforcement if they were compelled to disclose to drug traffickers where law enforcement agents were conducting their stakeouts, or their points of interdiction, or the confidential informants they were using, or the details of the technology they used to detect smugglers’ routes into the United States.”

The same drug analogy is brought up again later to emphasize how severe the consequences could be should Hotfile be given access to information on the studio’s anti-piracy strategies.

“Continuing the drug trafficking analogy, clearly law enforcement efforts would be severely compromised if criminals knew the time windows in which law enforcement intended to step up investigative activities, what particular drugs they would be prioritizing for enforcement, which suspected dealers police were declining to arrest in order to avoid compromising ongoing investigations, and what levels of possession would trigger enforcement.”

The MPAA members want the U.S. District Court to issue a protective order and prevent Hotfile from obtaining any anti-piracy information from the studios directly, or from any of the five anti-piracy outfits (DtecNet, BayTSP, Peer Media, OpSec Security and MiMTiD) they work with.

The movie studios are only willing to send Hotfile copies of the DMCA notices they previously sent to the file-hosting service.

The U.S. District Court will review the request of the MPAA studios and a decision is expected to follow in the near future. Meanwhile, everyone interested in both piracy and anti-piracy strategies across the world will be rubbing their hands in anticipation of the forthcoming revelations, should there be any.

Source

July 26, 2011

Delivering his keynote address at this week’s annual CA Expo in Sydney, former Google CIO Douglas C Merrill added to the growing belief that punishing and demonizing file-sharers is a bad idea. Merrill, who after his Google stint joined EMI records, revealed that his profiling research at the label found that LimeWire pirates were iTunes’ biggest customers.

Yesterday, during his keynote speech at the CA Expo in Sydney, former Google boss Douglas C Merrill said that companies stuck in the past risk becoming irrelevant. He also had some very interesting things to say about pirates.

Merrill, who was Chief Information Officer and Vice President of Engineering at Google, left the search giant in 2008 after being poached by EMI, a key member label of the RIAA.

At EMI he took up the impressive position of Chief Operating Officer of New Music and President of Digital Business, despite admitting this week that he knew the music industry was “collapsing”.

“The RIAA said it isn’t that we are making bad music, but the ‘dirty file sharing guys’ are the problem,” he said during his speech as quoted by ComputerWorld.

“Going to sue customers for file sharing is like trying to sell soap by throwing dirt on your customers.”

But those “dirty file-sharing guys” had an even dirtier secret. During his stint at EMI, Merrill profiled the behavior of LimeWire users and discovered something rather interesting. Those same file-sharing “thieves” were also iTunes’ biggest spenders.

“That’s not theft, that’s try-before-you-buy marketing and we weren’t even paying for it… so it makes sense to sue them,” Merrill said, while undoubtedly rolling his eyes.

That same “try-before-you-buy” discovery was echoed in another study we reported on last week which found that users of pirate sites, including the recently-busted Kino.to, buy more DVDs, visit the cinema more often and on average spend more at the box office than their ‘honest’ counterparts.

Merrill’s words yesterday are not the only pragmatic file-sharing related comments he’s made in recent years. Almost immediately after his 2008 EMI appointment, he made comments which didn’t necessarily tow the company line.

“For example, there’s a set of data that shows that file sharing is actually good for artists. Not bad for artists. So maybe we shouldn’t be stopping it all the time. I don’t know,” Merrill said.

“Obviously, there is piracy that is quite destructive but again I think the data shows that in some cases file sharing might be okay. What we need to do is understand when is it good, when it is not good…Suing fans doesn’t feel like a winning strategy,” he concluded.

Less than a year later, Merrill was forced out by EMI.

Source

By John Leyden
July 27, 2011

Free the DDoS fourteen! Hm. Bored now, need more lulz

Hactivist collective Anonymous has called for a boycott of PayPal.

The group wants supporters to empty their accounts and avoid using the payment service in protest against the prosecution of a university student who allegedly participated in denial of service attacks against PayPal last year. Mercedes Haefer, a 20-year-old journalism student at the university of Nevada, is among around 14 people facing hacking charges punishable by a sentence of up to 15 years imprisonment and a large fine. It has been alleged that Haefer had used her home PC to attack PayPal's systems.

In response, Anonymous and LulzSec put out a statement calling for a boycott of PayPal, as the first phase of #OpPayPal.

This lawful direct action represents a change of tactics for Anonymous, which has become much more closely associated with illegal DDoS attacks against targets (Sony, FBI-affiliated security organisations, the entertainment industry, payment firms who blocked WikiLeaks accounts, Scientologists etc). Anonymous, which claims at least 450 PayPal accounts have already been deleted, threatens further unspecified actions in future.

In recent weeks Anonymous and LulzSec have rarely stayed with the same target for more than a day at a time, so it will be interesting to see how long #OpPayPal lasts or how it evolves. Security firm Panda has already spotted chatter suggesting a move towards illegal tactics is already being discussed, at least.

Source

Paul Sawers
July 27, 2011

Reports are emerging that Topiary, a key member and spokesman of LulzSec, has been arrested.

Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested a 19-year-old man in an intelligence-led operation today.

The announcement was made on the Metropolitan Police Website, and the arrest has been made as part of an “ongoing international investigation into the criminal activity of the so-called “hacktivist” groups Anonymous and LulzSec”. The statement also confirms that they believe the man they have is “Topiary”.

The suspect was arrested at a residential address in the Shetland Islands, off the north east coast of Scotland, and he is being transported to a police station in central London. His address is currently being searched.

Police are also searching another address in Lincolnshire, and a 17-year-old male is being interviewed under caution in connection with the inquiry, though he has not been arrested.

It’s thought that ‘Topiary’ is second-in-command at LulzSec, and the ‘public’ face of the hacktivist group. Topiary was  notable for his eloquent writing, and it may surprise some to learn that the man suspected of being Topiary is still a teenager.

Topiary is thought to manage the main LulzSec Twitter account, which was last updated 5 hours ago, though he likely had a hand in most of the group’s announcements. He’s also thought to be well-known among hackers with links to more senior Anonymous members.

Up until now, very little has been known about his identity, though he has been referred to as ‘Daniel’ in some leaked transcripts in the past. And it seems that Topiary had wiped his Twitter feed too, leaving a single, solitary message, perhaps in anticipation of the net closing in on him:

"You cannot arrest an idea"

We’ve written extensively about both LulzSec and Anonymous in recent months. LulzSec announced in June that it was to cease activities after 50 days, but the group was soon back in the fold. And just last week, we reported on LulzSec and Anonymous’ joint statement, which was directed at the FBI.

And today’s arrest has happened on the same day LulzSec and Anonymous issued another joint statement calling on people to boycott PayPal. “PayPal’s willingness to fold to legislation should be proof enough that they don’t deserve the customers they get. They do not deserve your business, and they do not deserve your respect.”

Its statement continued:

“In recent weeks, we’ve found ourselves outraged at the FBI’s willingness to arrest and threaten those who are involved in ethical, modern cyber operations. Law enforcement continues to push its ridiculous rules upon us – Anonymous “suspects” may face a fine of up to 500,000 USD with the addition of 15 years’ jail time, all for taking part in a historical activist movement. Many of the already-apprehended Anons are being charged with taking part in DDoS attacks against corrupt and greedy organizations, such as PayPal.”

The LulzSec and Anonymous hacktivist groups seem to be spread far and wide. Last week we reported that the FBI had raided three people’s homes in New York, thought to be members of Anonymous. Shortly after, it was revealed that a 16-year old leading member of LulzSec, known as TFlow, had been taken into custody in London.

And at the time of writing, the Lulzsecurity website has been taken offline too: http://lulzsecurity.com/.

We’re sure there will be further statements from both LulzSec and Anonymous in due course, but it seems that the net is certainly closing in, and it will be interesting to see where the hacktivists go from here.

Source

By Richard Chirgwin
July 21, 2011

Spyware okay on rental computers, for now

A lawsuit aiming to stop rental company Aaron’s in the US from installing spyware on its machines – whose capability includes taking images of users with a PC’s webcam – has hit a setback, with a judge refusing to grant a preliminary injunction against the practise.

The original complaint against Aarron’s was that its customers – whether they were on short-term rental or, disturbingly, “renting to buy” – were monitored by the company’s “PC Rental Agent” software. The case alleges that this violates America’s Wiretap Act and its Computer Fraud and Abuse Act, since the software was used without the customers’ knowledge.

Plaintiffs Crystal and Brian Byrd of Casper, Wyoming, filed the action as a putative class action on behalf of “all customers of Aaron’s” whose images or communications were monitored and transmitted back to the company by the PC Rental Agent. As part of the action, they had sought an injunction which, among other things, would prevent Aaron’s from activating the software; contacting any members of the proposed class action; or deleting the PC Rental Agent from its computers.

The judgment reveals that the existence and use of PC Rental Agent only came to light because a local Aaron’s franchise mistakenly tried to repossess a Dell laptop after Ms Bird had made the final payment, and during the discussion that followed, showed a photograph of her husband that had been taken using the spyware.

Ms Byrd took he matter to the Casper police, who learned that installing the software was routine – at least in the Wyoming franchise. The Casper police decided to hold her laptop for further investigations, and here’s where the judgment becomes difficult to comprehend.

Magistrate Judge Susan Baxter decided that an injunction can only be granted if the applicant is at risk of ongoing harm from the defendant’s actions. Since the laptop is no longer in their possession, but that of the police, the Byrds can’t be at risk of harm; ergo, no injunction.

Even though a former employee of the Aaron’s franchise testified that the software routinely had, in the past, captured highly sensitive information such as bank account details (since it can be configured to capture keystrokes as well as webcam pictures), the judge decided that since the evidence was given by someone no longer in Aaron’s employ, what had happened in the past didn’t count as evidence of likely future harm.

The Byrds will have to await the outcome of their case to find out if they’re right or wrong.

PC Rental Agent, by-the-by, is made by a company called Designer Ware.

Source

By Ryan Singel
July 21, 2011

Just two days after activist hacker Aaron Swartz was charged with hacking for downloading too many academic articles, a giant collection of articles from the same service has been posted to the notorious file sharing search engine, The Pirate Bay.

The documents are allegedly 18,952 scientific articles from the Philosophical Transactions of the Royal Society that were downloaded at some point from the scholarly archive service JSTOR. JSTOR is the same service that Swartz is accused of stealing from for downloading 4 million articles via a guest account at MIT.

But according to the note accompanying the huge download, these are not the files that Swartz is accused of downloading (and returning). Instead, the manifesto says the documents came from another source, and the manifesto is signed by a person identifying himself as Greg Maxwell. The manifesto says the documents date back before 1923, making them public domain — though that contention might not be the case, given the difference between U.S. and U.K. copyright laws.

According to the manifesto, Maxwell says he had wanted to make them available earlier but was worried about the legal implications. In light of Swartz’s arrest, Maxwell decided his caution was misplaced.

[The documents] should be available to everyone at no cost, but most have previously only been made available at high prices through paywall gatekeepers like JSTOR.

Limited access to the documents here is typically sold for $19 USD per article, though some of the older ones are available as cheaply as $8. Purchasing access to this collection one article at a time would cost hundreds of thousands of dollars.[...]

I’ve had these files for a long time, but I’ve been afraid that if I published them I would be subject to unjust legal harassment by those who profit from controlling access to these works.

I now feel that I’ve been making the wrong decision.

Maxwell says he got the documents “through rather boring and lawful means,” but has been sitting on them for several years.

JSTOR says it’s in the process of verifying that the documents came from their service, but says the manifesto’s quotes of prices are incorrect, since JSTOR doesn’t sell these articles a la carte. And even if the documents were out-of-copyright, JSTOR says users are not free to post them online, because JSTOR’s terms of service prohibit that — though the company doesn’t claim copyright on them.

JSTOR says that’s their policy because they spend a lot of money to scan, markup and index material, and that their service is available to many people — though not all — through university and public libraries.

“In reaction to this individual’s message accompanying the files it is important to understand that there
are costs associated with digitizing, preserving, and providing access to content,” a statement from the company said. “We have worked, and continue to work, extremely hard to provide access to scholarship to more and more people around the world every day in ways that are sustainable and that assure the public that the content will also be preserved and available into the future.”

JSTOR says there are more than 7,000 participating libraries in 153 countries – all of which can provide walk-in access to JSTOR to anyone – and some provide online access to users (such as the Boston public library which provides access to anyone living in Massachusetts.

But that’s still a far cry from those documents living on the web and being licensed under a “Creative Commons By,” as activists such as Larry Lessig have been pushing for, with notable successes.

Now as Swartz has brought more attention to the open access movement, pushing for academic studies to be published under licenses that allow for free access and re-use, Maxwell decided to act.

The documents are part of the shared heritage of all mankind, and are rightfully in the public domain, but they are not available freely. Instead the articles are available at $19 each–for one month’s viewing, by one person, on one computer. It’s a steal. From you.[..]

I had considered releasing this collection anonymously, but others pointed out that the obviously overzealous prosecutors of Aaron Swartz would probably accuse him of it and add it to their growing list of ridiculous charges. This didn’t sit well with my conscience, and I generally believe that anything worth doing is worth attaching your name to.

Wired has not been able to finish the download to verify the contents of the archive, nor have we verified the author’s statement.

Source

July 15, 2011

As the mass-BitTorrent lawsuits continue to pile up in U.S. courts, more stories of what appear to be wrongfully accused persons hit mainstream media. A 70 year-old retired widow from San Francisco falls into this category. The grandma was recently ‘caught’ sharing porn on BitTorrent and was offered a $3,400 settlement, or the option to risk a $150,000 fine in a full court case.

Since 2010 tens of thousands of regular people have been sued in the U.S. for sharing films on P2P networks without the consent of copyright holders. Unlike other lawsuits, the aim of the copyright holders is not to take any of the defendants to court, but to get alleged infringers to pay a substantial cash settlement to make legal action go away.

As has been reported in the past, many of the people suspected of sharing copyrighted material are wrongfully accused. The problem for them, however, is that fighting the case is more expensive than paying a ~$3000 settlement fee. Justice aside, settling seems to be the best option for many innocents.

But not for a 70 year-old grandma from San Francisco. This retired widow has been accused of sharing porn (Amateur Allure: Kim) using BitTorrent, but says she doesn’t even know what BitTorrent is.

The Jane Doe in this case is being pursued by lawyer John Steele, whose law firm is currently involved in dozens of file-sharing related lawsuits, ostensibly to protect the rights of adult media companies. It is the same law firm that sued people for downloading mislabeled files.

Like many other defendants the 70 year-old doesn’t have the money to defend herself, but unlike others she’s not planning to settle the case either.

“It smacks of extortion,” she told SFGate in a comment, a conclusion that was reached by many others in the past.

Determined to put up a fight the grandma said she may have to go to court to defend herself. And she already has a plan of attack.

“I’d say to the judge, ‘I have no idea how this happened. If Sony can get hacked, if the Pentagon can get hacked, my goodness, what chance does an individual have?” she said.

As we’ve seen in the past, the lawyers don’t see Jane Doe’s age as an excuse, nor do they buy the claim that someone else may have used her unsecured wireless network to download files. Jane Doe has to pay up or convince the court she’s not guilty, they insist.

A full trial is also an option, as is usually noted in the settlement letters, but the lawyers are quick to add that it would put Jane Doe at risk of having to cough up $150,000 instead of a few thousand dollar to settle.

A settlement is the wise choice according to the law firm.

“We believe that providing you with an opportunity to avoid litigation by working out a settlement with us, versus the costs of attorneys’ fees and the uncertainty with jury verdicts, is very reasonable and in good faith,” the settlement letter reads.

A tough choice, and that’s the beauty of these pay-up-or-else schemes.

News of their potential profitability quickly spread and as a result copyright holders of more obscure and adult content have embraced them. Often described as copyright trolls, these companies can make more money from speculative lawsuits than actually selling the films they produced.

Source

July 22, 2011

Since 2010 close to 200,000 people in the U.S. have been sued for sharing movies via BitTorrent. For the copyright holders and lawyers these cases are already highly profitable. However, some are testing a new and potentially more effective tactic to pursue alleged copyright infringers which could signal the beginning of a new avalanche of settlements.

Every first year law student knows that copyright related court cases are exclusively a matter of federal law. You can’t bring a copyright suit in state court, period.

However, during the past months more and more BitTorrent-related cases were filed at state courts. And as a complete surprise to us, the judges in question granted the copyright holders the right to subpoena the Internet providers of subscribers they accuse of copyright infringement.

Once the copyright holders obtain the personal details they use this to send out their infamous pay-up-or-else letters, asking the alleged file-sharers to send them a few thousands dollars. On the surface this seems to be identical to what the copyright holders are doing in the federal court cases, aside from the fact that it’s easier and less expensive.

But how can this be? Are these cases being handled properly, have judges forgotten that copyright cases don’t belong in a state court?

In order to find out more about this shortcut we contacted anti-piracy lawyer Marc Randazza whose law firm has filed federal lawsuits against hundreds of BitTorrent users. Randazza told us that the cases filed at state courts are not lawsuits against the alleged sharers, but merely a request to allow the copyright holders to demand that ISPs hand over customer information.

“What is going on here is a complaint for pure discovery — in other words, all the lawyer is asking the court for is for the court to give him the right to figure out who the defendants are. This seems to me to be a proper way to do things,” Randazza told TorrentFreak, admitting that he also has also filed a few cases in state court.

“In effect, it seems like a good thing for the defendants, the plaintiffs, and the courts. Look at it this way: If you do it the federal way, you need to file a case with the proper parties joined. So, separate cases for each hash file and possibly separate cases in separate states — depending on how the local court looks at jurisdiction.”

Although we’re not sure whether simplifying and cheapening the discovery process is a good thing, as it may lead to even more alleged sharers being targeted, Randazza argues that it will lead to cheaper settlement offers.

“If you do it this way, you can at least engage the potential defendants early on. If you do that, your costs are lower and thus your settlement figures can be lower.”

“In my torrent cases, my defendants have to pay pretty high figures to get out of the case — because we put a lot of money and effort into the case. If there were an easier way to get in contact with the torrenters, then they would likely all get off much lighter. Food for thought for potential defendants,” Randazza told us.

But are people really looking for lower settlement offers?

As pointed out earlier, the major problem with the settlement scheme is that people get wrongfully accused, and lower payoffs don’t change that. On the contrary, handling these cases the state court way will only increase the number of potential settlements without a proper review of the ‘evidence’.

In addition, hiring legal representation will make even less sense with lower settlements fees, as that will be more expensive than settling the case outright. It will leave most alleged illicit BitTorrent users with no other option than to settle, even if they are wrongfully accused.

Despite Randazza’s comments, we have the feeling that lawyers who take their cases to state court are not doing this with the interests of their targets in mind. But that shouldn’t surprise anyone of course.

Source

July 19, 2011

In June, police across several countries raided the operators of streaming video links portal Kino.to. This massive operation was one of the largest of its type and site admins and users alike were branded as enemies of the TV and movie business. However, it now appears that in respect of the latter group, the opposite was found to be true.

The June raids against Kino.to, which involved as many as 250 police and other authorities, dwarfed even the 2006 raids against The Pirate Bay.

Following the event the Kino.to site displayed notices which stated that the site had been “closed on suspicion of forming a criminal organization to commit professional copyright infringement.” While noting that several operators of the site had been arrested, it also criticized the site’s users.

“Internet users who illegally pirated or distributed copies of films may be subjected to a criminal prosecution,” read the warning.

But were the site’s users all criminals hell-bent on destroying the movie industry? According to a report from Telepolis, a recent study found the reverse was true.

The study, which was carried out by Society for Consumer Research (GfK), found that users of pirate sites including Kino.to did not fit the copyright lobby-painted stereotype of parasites who take and never give back.

In fact, the study also found that Internet users treat these services as a preview, a kind of “try before you buy.”

This, the survey claims, leads pirate site users to buy more DVDs, visit the cinema more often and on average spend more than their ‘honest’ counterparts at the box office.

“The users often buy a ticket to the expensive weekend-days,” the report notes.

In the past similar studies have revealed that the same is true for music. People who pirate a lot of music buy significantly more music than those who don’t.

Obviously it would be of great interest to see the report in full, but it appears that is not going to be possible. According to an anonymous GfK source quoted by Telepolis, the findings of the study proved so unpleasant to the company that commissioned the survey that it has now been locked away “in the poison cupboard.”

GfK says it has a policy of not revealing who they conduct research for if their clients don’t want to be exposed. However, they do carry out research for the movie industry. Telepolis go a stage further and call that work “lobbying”.

The GfK source says that the study shows “If you download films, you have an increased interest in the cinema”, which only highlights how stupid it would be for the authorities to carry out their implied threat of prosecuting Kino.to users.

Source

By Dan Goodin
July 19, 2011

Computers seized in early morning raids

More than a dozen people were arrested in early morning raids Tuesday in what was described as a major legal offensive against the Anonymous hacker collective, it was widely reported.

The arrests of at least 14 individuals coincided with raids in New York, California, New Jersey, and Florida, the reports said, citing unnamed people in law enforcement. A senior official told CNN that a total of 15 arrests are expected following the execution of the same number of search warrants.

FBI agents seized computers and other records from at least four locations in New York, including Long Island, Brooklyn, and the Bronx. More than 10 agents converged on the Long Island home of Giordani Jordan, Fox News said. Other arrests were made by agents located in the FBI's field office in San Francisco, which executed multiple warrants.

The arrests follow the June arrest of Ryan Cleary, the 19-year-old Wickford, Essex–based man who was eventually charged with participating in attacks that shut down the the websites of the British Serious Organised Crime Agency and two music-industry groups. Cleary's attorney has said his client was “keen” on cooperating with authorities.

LulzSec, considered by many to be a splinter group of Anonymous, took credit for DDoS, or distributed denial-of-service, attacks on the SOCA and Central Intelligence Agency websites, as well as assaults that breached the security of websites operated by the Arizona Department of Public Safety, and the US Senate.

Anonymous has claimed responsibility for DDoS attacks on PayPal, MasterCard, and Visa in retaliation for those services' suspension of accounts belonging to WikiLeaks.

Source

July 19, 2011

The law enforcement crackdown on the hacker group Anonymous may have reached its most active sub-group: LulzSec.

According to a report from Fox News, the hacker who goes by the name “Tflow,” a core member of LulzSec, was arrested in South London Tuesday. The report, based on a source within Britain’s Metropolitan Police, said that the 16-year old male was arrested for alleged breach of the U.K.’s Computer Misuse Act. The police action in London comes on the same day as 14 hacking suspects across the U.S. were arrested and dozens more searched in relation to Anonymous’ December attacks on Paypal in retaliation for the company’s cutting off service to WikiLeaks. Four more arrests took place in the Netherlands, where police have yet to identify the suspects.

Tflow can be tied to LulzSec’s activities by a leaked log of the group’s instant messaging discussions that emerged last month. In the midst of a hacking spree that targeted the CIA, Sony, PBS, the FBI affiliate Infragard and the security firm Unveillance, the U.K.-based hacker can allegedly be seen in the logs discussing the hosting of the group’s website LulzSecurity.org, raising money for the group in the form of the digital currency Bitcoins, and also coordinating the release of bittorrent files containing 180 passwords of Infragard users as well as close to a thousand emails from the chief executive of Unveillance.

“Did I miss anything,” asks one of the group’s hackers at one point in the discussion.

“No,” responds Tflow. “You’re in time for fuckFBI. Going to release in a few mins.”

Tflow’s reported arrest follows an earlier LulzSec-related arrest in the U.K. of Ryan Cleary, who the group says has hosted its instant messaging servers.

After a hacking spree that lasted fifty days and hit a wide range of corporate and government targets, LulzSec claimed to disband three weeks ago. But the group became active again Monday, claiming responsibility for hacking the British newspaper The Sun in retaliation for the unexplained death of a whistleblower who first revealed the phone hacking practices of News Corp. sister paper News Of The World.

LulzSec hacker “Sabu” has also claimed to possess emails stolen from the newspaper. In a twitter message earlier Tuesday, Sabu claimed to have been unaffected by the day’s arrests. In other messages Tuesday, his Twitter feed stated that LulzSec hadn’t confirmed Tflow’s arrest, and added the usual defiant Anonymous slogans. “We are Anonymous. We are Legion. We don’t forget. We don’t forgive. Expect us…We continue moving forward!”

Source

By Dan Goodin
July 18, 2011

$250,000 for arrest of notorious Rustock operators

Microsoft is offering a $250,000 reward for information leading to the arrest of those who controlled Rustock, a recently dismantled botnet that in its heyday was one of the biggest sources of illegal spam.

Monday's announcement of the bounty comes four months after Microsoft waged a novel campaign to take down Rustock, which enslaved an estimated 1 million PCs. The number of infected machines has been cut in half since that time, and Microsoft has already taken out ads in Russian newspapers in an attempt to track down the operators of the notorious botnet.

Now Microsoft is redoubling those efforts with the promise of the hefty quarter-million dollar bounty to anyone who can help Microsoft and law enforcement officials identify and catch the perps.

“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” Richard Boscovich, a senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post. “While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.”

According to Microsoft, Rustock was at times capable of sending 30 billion spam messages per day. Among other things, it pitched discounted pharmaceutical drugs that were fakes or unlicensed, posing a hazard to those who used them.

The March takedown of the botnet wielded court orders that allowed authorities to seize servers at five hosting providers that were used to administer the sophisticated botnet. Although the IP addresses hardwired into the underlying malware have been severed, hundreds of thousands of infected PCs have yet to be cleaned, Boscovich said.

The Rustock takedown came a little more than a year after Microsoft used similar tactics to dismantle another notorious botnet known as Waledac. In April, federal authorities borrowed many of the same techniques to shut down the Coreflood botnet. The Coreflood takedown went even further by giving the feds legal permission to establish a substitute control channel that temporarily disabled the underlying malware running on hundreds of thousands of infected end-user computers.

A PDF of Microsoft's official notice is here.

Source

By Timothy B Lee
July 15, 2011

Hadopi, the French agency charged with implementing France's stringent "three strikes" copyright enforcement program, has released new statistics that shed light on the logistical challenges of getting a nation of 65 million people to stop sharing infringing content online.

The volume of alleged infringement is even higher than earlier reports suggested. More than 18 million complaints have been submitted so far, and Hadopi hasn't been able to keep up. So far, only 470,000 initial warning e-mails have been sent to French Internet users. Only a small fraction of those—about 20,000—have received second notices, and around 10 French Internet users have received their third "strike" and are now facing possible penalties.

"We don't want to prosecute people"

In an interview with Ars, a Hadopi spokesperson said there were two reasons it hasn't sent out more notices. One was technical. "The system we're using is a prototype," he said, with limited capacity. Work has begun on a more robust system, and "we think it'll be ready at the end of the year."

But Hadopi also said that it has held off on sending out second and third notices because it wants to give Internet users time to change their ways. "We don't want to prosecute people," said the spokesperson. "We just want to push people to change when, knowing it or not, they are committing piracy. So we're trying to give people the time to understand what they are doing and to change before prosecuting them."

Another reason for the apparent backlog is that, in some case, Hadopi has received numerous notices for the same user. "If we get the same notice, from the same people, the same week, with the same software, it's counted as just one notice, not 10, or 15, or 20," said the spokesperson.

This means that (contrary to some reports), it's probably not true that nearly a third of all French Internet users have been caught sharing files. Hadopi couldn't tell us the exact number of subscribers responsible for the 18 million complaints, because it needs ISP help to identify who had a given IP address at a given point in time, and it's way behind in seeking that information. So far, it has only sent ISPs about a million requests, leaving more than 17 million to go.

Hadopi also released statistics on how users respond to notices. Only seven percent of users have responded to the first notice (which comes by e-mail), while 15 percent responded to the second (which is sent both as email and snailmail). The agency tells Ars that angry responses are in the minority. Many people call simply for technical information. "Some people didn't know that they were using the P2P software," said the spokesperson. "When they're launching the computer, the software can launch at the same time."

Hadopi declined to say exactly how many users have reached the third and final stage of the three-strikes process, saying only that it's around 10 people. And it could be a while before any of them face disconnection of their network access. First, a user is entitled to a hearing with the agency, which reviews the case and decides whether to refer it to a judge. Then the judge reviews the case, and if the judge decides a punishment is merited, there are two options. The judge can assess a fine of up to 1,500 euros or else can kick the user off the Internet for up to a month.

Beyond disconnection?

Hadopi faulted media outlets like Ars for focusing too much on the ultimate disconnection penalty. The agency insists that this is just one part of a broader copyright enforcement program, which in turn is just one of the agency's functions—others include promoting the availability of legal content and promoting Internet literacy.

We can appreciate that Hadopi has a broad mission, but the three strikes program, with its threat to actually disconnect people from the Internet over online infringement, is what has drawn worldwide attention to France's antipiracy program. For example, we've been covering American ISPs' recent tentative steps toward a "graduated response" strategy of their own. Those ISPs took great pains to distinguish their own policies from a French-style 3-strikes plan, promising that they would not spy on their users or disconnect them from the Internet. Disconnection as a sanction has almost come under attack from the United Nations and from the Organization for Security and Cooperation in Europe, both of which say the penalty is disproportionate to the offense.

Many countries have tried user education and promoting legal content, but France's sanctions are almost unique. We're curious to see how the system works out. So far, it looks like Hadopi is struggling to keep up with the massive volume of complaints—but perhaps more horsepower and better automation can actually keep up. Here in the US, ISPs have balked at doing even a few hundred IP address lookups a month in file-sharing lawsuits, saying they don't have the staff. French ISPs may need more automated systems of their own to respond to Hadopi's demands.

Source

July 14, 2011

Lawyers defending a file-sharing site say a new legal victory provides final confirmation that sites providing links to copyright works act lawfully in Spain. In a complaint filed during 2009, SGAE claimed that Index-web.com violated its rights but in yet another blow to the music rights group and Spain’s Ley Sinde anti-filesharing law, this week a court disagreed.

Several rulings over the past couple of years have indicated that sites providing mere links to copyright works act legally under Spanish law. One key case, however, threw uncertainty into the mix earlier this year.

The case dates back to May 2009, when music rights group SGAE (Sociedad General de Autores y Editores) filed a complaint against Jesus Guerra, the operator of file-sharing link site Elrincondejesus.com. SGAE claimed the site abused the copyrights of its members.

At full trial Judge Raul N. García Orejudo ruled that offering an index of links and/or linking to copyright material is not the same as distribution, noting that under current Spanish law there is nothing which prohibits such sites from operating.

In March this year, however, an SGAE appeal resulted in Elrincondejesus.com being subjected to a fine of 3,587 euros by the Provincial Court of Barcelona.

In addition to P2P links, Elrincondejesus had offered links to files held on sites such as MegaUpload and RapidShare. The Court said that by offering these direct links Elrincondejesus had made copyright works “publicly available”, even though the site had not uploaded them to the Internet. This, the Court concluded, was a breach of SGAE’s rights.

All this must’ve seemed like very bad news for index-web.com, a site with the same structure as Elrincondejesus that had been fighting an almost identical case against SGAE dating back to 2009. After initially being cleared of wrong-doing at a May 2010 hearing, following an SGAE appeal Index-web.com would now have to face the Provincial Court in Barcelona, the same court that had found Elrincondejesus liable in March.

This month that case went ahead, but rather than SGAE coming out on top again as it had done against Elrincondejesus, the pendulum swung the other way. The Provincial Court, with the same judges presiding as in the previous case, decided that links – whether to material on P2P networks or cyberlocker-type services – do not infringe intellectual property rights.

Lawyers for Index-web.com, Javier de la Cueva and David Bravo, say the ruling is significant and represents the “..first final decision in civil proceedings issued in our country stating that pages of links to P2P sites or direct downloads do not infringe any intellectual property rights.”

Cueva and Bravo say the ruling from the influential Barcelona court will become the legal standard for interpreting Spain’s intellectual property laws in future, and will have implications for Ley Sinde, the Spanish government’s troubled anti-filesharing legislation.

Following the ruling in favor of Index-web.com, Cueva and Bravo – who also represent Elrincondejesus – have filed an appeal on the site’s behalf, hoping to overturn the 3,587 euro fine handed down in March.

What remains to be seen now is how the US government will react. As part of Operation in Our Sites, US authorities previously seized the domain name of sports links site RojaDirecta on the basis that it operates illegally. The Provincial Court ruling appears to put the legal status of RojaDirecta beyond doubt.

Nevertheless, just this week federal prosecutors urged a judge not to return the site’s domain following a request by Puerto 80, the company behind Rojadirecta.

“Returning the Rojadirecta domain names at this time would provide Puerto 80 with the very tools it used to commit the crimes the government has alleged it engaged in prior to the seizure,” the government said in its filing.

Since it is committing the same ‘crimes’ as RojaDirecta, will Index-web.com have its domain seized by the US too?

Source

By Kevin Murphy
July 15, 2011

'.com' and '.co.uk' could go the way of 'www.'

Domain name registry operators have predicted that "hundreds" of well-known companies will apply to ICANN to create new "dot-brand" top-level internet domains.

But it is still far from clear how many of these potential new domains will turn into thriving, active spaces and how many will be expensive digital wastelands with little to no content.

At a meeting in Singapore last month, ICANN approved its new gTLD program, which will enable essentially any company to apply to operate essentially any string as a top-level domain.

As many as 500 applications could be processed in the first round, which kicks off on 12 January, 2012, and a substantial portion of these are expected to be dot-brands – extensions such as .coke, .apple or .twitter, for example.

In a February 2010 report, ICANN predicted 100 to 200 dot-brand applications, but registry operators think this will turn out to be a low-ball estimate, due in part to the rush by companies to defensively claim their dot-brand domains.

"Many of them are not sure how they will use the gTLD, what will work and what won't work, but they're very wary of what their competition might do," said Ken Hansen, senior director of business development at .biz registry Neustar.

Because there's a limited three-month window to apply for a new extension in the first round, and no firm date for subsequent rounds, some large companies don't want to risk seeing their rivals secure their dot-brands, potentially putting them at a competitive disadvantage.

There's also the risk that some brands may barred from later rounds under ICANN rules if a too-similar gTLD is allocated in the first round, or if their brand is so generic it could be used for other purposes, said Ben Crawford, CEO of CentralNIC.

For example, if the BBC secures .bbc, a company called BBE could find it impossible to acquire .bbe.

"If somebody else gets something confusingly similar, they'll get locked out," Crawford said. "Also, if somebody has a brand that is a dictionary word, there's a risk."

For these reasons, most companies are playing their dot-brand cards close to their chests. The only outfits to formally press-release their intentions to date are Hitachi and Canon. Others, including Microsoft and IBM, are also broadly expected to apply.

According to the domain registries that will act as infrastructure providers for most of these bids, the potential benefits of dot-brands include the ability to more easily name new products, new ways to use domains in advertising ("enjoy.coke") and joint-marketing opportunities.

"They no longer have to look to see what's available in .com," said Hansen. "Everything's available."

Some companies may even allow their customers to register domains in their dot-brands – imagine yourname.twitter or yourname.facebook, for example.

Some potential dot-brand applicants already have concrete plans covering how they will use their domains, registries working with these companies say.

But at the moment many potential dot-brand bidders are focused primarily on getting their domains – their hands forced by ICANN's deadline, they'll figure out how to use them later.

It's not particularly expensive – for some – to secure a dot-brand. ICANN's application fee of $185,000 is affordable for companies with large marketing budgets, and some registry services providers charge as little as $10,000 a year for a basic, place-holder gTLD package.

"It's not that much," said Crawford. "If you have a globally registered trademark you're already paying hundreds of thousands just maintaining your trademark registrations every year."

What this may mean, however, is that the internet sees a wave of defensive dot-brand applications that ultimately turn out to be useless, "orphaned" extensions that may just redirect to .com domains.

Today, when companies defensively register their brands in non-.com extensions, they rarely use them.

Could we also see a gTLD junkyard?

Registries are more optimistic, believing that dot-brands will leverage their marketing budgets to gradually train web users away from assuming ".com" in much the same way as they learned that "www." was not usually necessary.

"Once mass-marketing starts with dot-brand names, over time – not month one, maybe over a matter of years – that presumption that a domain name ends in .com will go away," Hansen said. "Consumers will start looking to the right of the dot."

Source

July 2011

Rebecca MacKinnon looks at issues of privacy, free expression and governance (or lack of) in the digital networks, platforms and services on which we are all increasingly dependent.

In this powerful talk from TEDGlobal, Rebecca MacKinnon describes the expanding struggle for freedom and control in cyberspace, and asks: How do we design the next phase of the Internet with accountability and freedom at its core, rather than control? She believes the internet is headed for a "Magna Carta" moment when citizens around the world demand that their governments protect free speech and their right to connection.

Let's take back the Internet!

By Timothy B. Lee
July 7, 2011

An ideologically diverse group of 90 law professors has signed a letter opposing the PROTECT IP Act, the Hollywood-backed copyright enforcement/Internet blacklist legislation now working its way through Congress. The letter argues that its domain-blocking provisions amount to Internet censorship that is barred by the First Amendment.

Jointly authored by Mark Lemley, David Levine, and David Post, the letter is signed not only by prominent liberals like Larry Lessig and Yochai Benkler, but also by libertarians like Post and Glenn "Instapundit" Reynolds.

"The Act would allow courts to order any Internet service to stop recognizing [a] site even on a temporary restraining order... issued the same day the complaint is filed," they write. Such a restraining order, which they describe as "the equivalent of an Internet death penalty," raises serious constitutional questions.

The Supreme Court has held that it's unconstitutional to suppress speech without an "adversary proceeding." That is, a speaker must, at a minimum, be given the opportunity to tell his side of the story to a judge before his speech can be suppressed.

Yet under PIPA, a judge decides whether to block a domain after hearing only from the government. Overseas domain owners (and the speakers who might make use of their websites) aren't offered the opportunity to either participate in the legal process or appeal the decision after the fact. (Affected domain owners may file a separate lawsuit after the fact.) This, the professors say, "falls far short of what the Constitution requires before speech can be eliminated from public circulation."

The law professors also point out that blocking entire domains could "suppress vast amounts of protected speech containing no infringing content whatsoever" if an entire domain is blocked based on finding infringing material on a single subdomain. The Supreme Court has compared such over-broad censorship to "burning the house to roast the pig."

The letter also warns that passing legislation that violates America's free-speech principles will undermine the government's credibility when it tries to promote free speech principles around the world. America's strong support for Internet freedom has "made the United States the world leader in a wide range of Internet-related industries," the professors write. "Passage of the Act will compromise our ability to defend the principle of a single global Internet. As such, it represents the biggest threat to the Internet in its history."

Source

By John Oates
July 11, 2011

Yahoo! is being criticised for the new Ts & Cs for its webmail service, which give it the right to scan your emails as well as making you responsible for telling anyone who might be emailing you, but the ICO has no problem with the changes.

Such scanning has been common for some time; Google was the first to scan all messages. But this led some to choose Yahoo! on the basis that it did not carry out such snooping.

Even more controversially, Yahoo! suggests it is the users' job to warn anyone who emails them that their messages will also be scanned.

Consumer lobby group Which?'s in-house lawyer Georgina Nelson said: "The obligation to notify those who email you that their message will be scanned is nonsensical and unrealistic. When exactly are you supposed to do this?"

The changes come as part of Yahoo!'s email upgrade. The company said all users will see a pop-up when they make the change.

Yahoo told PC Advisor that anyone who didn't like the changes should simply keep using their old account. But Yahoo! did say it would continue to scan old-school accounts for spam.

An ICO spokeswoman said: “We’ve spoken to Yahoo about their email scanning feature. As with any business or organisation that changes the way its customer data is used, Yahoo has an obligation to be upfront with their users to make sure their information is being processed fairly. This includes making sure they have clear and accessible privacy notices which will allow users to make informed decisions in relation to privacy and other aspects of the service.”

Source

By Gregg Keizer
July 12, 2011

Reminds users that the most popular OS on the planet has about 1,000 days to live

Computerworld - Microsoft on Monday made its most aggressive move yet to convince customers to drop Windows XP and adopt Windows 7, telling them that there were only 1,000 days of support life left in the older operating system.

Stephen Rose, IT community manager for the Windows commercial team, noted the 1,000 days remaining for Windows XP support in a post to a Microsoft blog.

"Windows XP had an amazing run and millions of PC users are grateful for it. But it's time to move on," Rose said, adding that the operating system exits security support in "less than 1,000 days."

The 10-year-old XP actually has a little longer to live than that: Microsoft has promised to patch XP through April 8, 2014, 1,002 days from Monday.

"Bottom line, PCs running Windows XP will be vulnerable to security threats" after that date, said Rose. "Furthermore, many third-party software providers are not planning to extend support for their applications running on Windows XP, which translates to even more complexity, security risks, and ultimately, added management costs for your IT department."

According to usage statistics and research firm surveys, Microsoft has its work cut out for it in moving users off XP.

Web metrics firm Net Applications now has Windows 7's usage share at 27%, for example, but XP still powers 51% of the world's personal computers. If the trends of each over the past three months continue, Windows 7 usage won't surpass that of XP until the second quarter of 2012.

Businesses are even more reliant on Windows XP, said Forrester Research, when it recently estimated the aging operating system's share at 60% of enterprise PCs.

Monday's blog post wasn't the first time Microsoft has portrayed XP as yesterday's OS. Earlier this year, executives on the Internet Explorer team called XP the "lowest common denominator" as they explained why the OS wouldn't run IE9 or any future browsers.

And the company has taken firm steps to kill off other products it considers obsolete. Since mid-2009, Microsoft has urged users to give up IE6, the browser that shipped shortly before XP. Four months ago, it upped the ante by launching a deathwatch website that highlights IE6's dwindling usage share.

The push to abandon XP coincided with the opening of Microsoft's Worldwide Partner Conference, the company's annual reseller meeting. CEO Steve Ballmer kicked off WPC by celebrating another Windows 7 milestone: selling 400 million licenses for the OS.

Tami Reller, head of product marketing for the Windows group, cited that number to compare Windows 7's uptake with XP's in the same span of time.

"That is three times the pace of Windows XP," Reller said.

Unmentioned Monday -- for some time, actually -- was Windows Vista, the hapless 2007 version that has been called Microsoft's first OS failure since 2000's Windows Millennium. Customers agree: Vista peaked at just under 19% in October 2009 but has lost about half its share since.

Instead, Reller talked up not just Windows 7 as the replacement for XP, but its successor, Windows 8, as well, which is widely expected to ship next year.

While Reller encouraged corporate customers to continue deploying Windows 7, she promised that Windows 8 would run on the same hardware.

"For our business customers, your customers," she said, speaking to the partners at WPC, "this is an important element, because the ability of Windows 8 to run on Windows 7 devices ensures that the hardware investments that these customers are making today will be able to take advantage of Windows 8 in the future."

While neither Reller nor Ballmer mentioned Windows 7's life cycle, the company will push consumers now running Windows 7 to upgrade to Windows 8 too. According to Microsoft's longstanding practice, it will support Windows 7 Home Premium, the most popular edition for consumers, for five years, half the time slated for enterprise support.

Windows 7 Home Premium will be retired from security support in January 2015.

Source

by Mike Masnick
July 8, 2011

from the sneaky,-sneaky dept

Never underestimate just how sneaky entertainment industry lobbyists can be. They're able to push through all sorts of things that appear innocuous at first, but down the road turn out to be anything but. The ProIP Act (not to be confused with the PROTECT IP Act) is a perfect example of this. It had all sorts of awful provisions, originally, which lots of people protested about. But that allowed the industry to slip in a single "innocuous" provision almost entirely unnoticed. The provision that allowed feds to seize and forfeit "property" used for infringement. This provision got very little scrutiny, and the short discussions that were had about it concerned the ability of the feds to seize things like CD and DVD burners in commercial counterfeiting operations. Not something many people would have an issue with. But, instead, that provision has been used to justify Homeland Security's outright seizure of domain names under very questionable legal theories.

So forgive us for not taking some of the comments from the entertainment industry at face value. We've been burned many times before. As we noted in our post about the new "voluntary" agreement between the entertainment industry and top US ISPs, while the report tries to bend over backwards to insist that the "graduated response" plans don't include disconnecting from the internet, this really isn't true. First, it does push ISPs to cut people off from the web, which for most people is their internet access.

But, it gets even more pernicious than that. The EFF is pointing out a questionable bit of the agreement, which suggests the entertainment industry may be knowingly backdooring disconnections into the agreement by misinterpreting a section of the DMCA (which they also helped write):

The materials emphatically state that ISPs are not required to terminate subscriber accounts as a condition of the agreement with the content industry and that the collaboration does not amount to a “three strikes” regime. But the materials also take pains to assert that the DMCA “requires that the ISPs have in place a termination policy for repeat copyright infringers as a condition of availing themselves of the Act’s ‘safe harbor’ provision.” Translation: The content industry is staking its position that ISPs that don’t terminate subscribers after 5 or 6 alerts will lose their DMCA protection. There are plenty of arguments for why that position is wrong; given that an alert represents nothing more than an allegation untried by a court, we think loss of Internet access would be a draconian measure that Congress did not intend. Nonetheless, it may take an ISP willing to litigate the issue to make the argument.

In case it's not clear, the EFF is showing language that clearly suggests the entertainment industry believes that if ISPs don't kick off those accused (not convicted) of repeat infringing, they lose their own safe harbor protections under the DMCA. And, as we've seen with the way DMCA takedowns work, to nearly everyone, the threat of losing safe harbor protections is the equivalent of a requirement. No company wants to increase their liability, and thus, to avoid a potential claim that failing to kick a user off violates the DMCA, there seems like a good chance most of these ISPs will including kicking people offline entirely as an option here.

The obvious retort from the industry will be that this part is no different than what's been said in the past, because the DMCA has been in place for over a decade. However, while it may be true that the DMCA has been in place that long, no copyright holder has tested this theory that not kicking people off violates the DMCA. By putting it in this document, the entertainment industry is effectively putting ISPs on notice: saying that they may now start focusing in on this.

Pretty neat trick, huh? Claim upfront that the plan has no disconnections, while on the backend include language and a statement that clearly alerts ISPs that if they don't disconnect, they can face much greater liability.

Source

July 7, 2011

For years BitTorrent sites have remained untouched by the RIAA’s legal battles, but recent court filings indicate that this may change. After settling their dispute with LimeWire earlier this year the RIAA is now targeting several BitTorrent indexers. The record industry group has filed a complaint at the U.S. District Court of Columbia and has obtained subpoenas to reveal the identities of individuals behind three large torrent sites.

Historically the RIAA’s litigation campaigns have focused mainly on individual file-sharers and P2P-software and services such as LimeWire.

Unlike their counterparts at the MPAA, BitTorrent sites have not been prime targets for the recording industry association’s lawyers. However, recent court filings obtained by TorrentFreak show that the RIAA might have just changed course.

The U.S. District Court for the District of Columbia has granted a request from the RIAA to subpoena the privacy protection services utilized by three large torrent sites. The site owners use these services to hide their personal details from otherwise publicly available WHOIS domain records, but the RIAA wants to know who they are dealing with.

The targeted sites are Monova.org, Bitsnoop.com and Limetorrents.com, which all have hundreds of thousands of daily visitors. According to the RIAA, these sites are infringing on the copyrights of many artists.

“We believe your service is hosting the above-referenced website on its network. This website offers direct links to files containing sound recordings for other users to download by such artists as Lady Gaga, Micheal Jackson, Coldplay, Madonna and Kanye West,” the RIAA writes in a letter to Whoisguard.com.

“As stated in the attached subpoena, you are required to disclose to the RIAA information sufficient to identify the infringer. This would include the individual’s IP-address and e-mail address,” the RIAA adds.

One of the torrent site operators targeted by the RIAA told TorrentFreak that the subpoena comes as a surprise. He always responded swiftly to RIAA’s DMCA requests while the court documents suggest that he hasn’t been cooperative at all.

“The RIAA has sent us several DMCA requests in the past and we always honored these,” Bitsnoop’s owner informed us. “Apparently that wasn’t enough, so now they pull this stunt.”

At this point it is unknown what the RIAA is planning to do once they obtain the personal information of the site’s owners. Although it could theoretically be the beginning of a full-fledged litigation campaign against the torrent sites, it seems more likely that the subpoenas will be used to pressure and threaten operators.

During the past year several music industry associations in Europe and Asia have sent requests to domain registrars with a similar objective. The ultimate goal is to make it harder for BitTorrent site operators to continue their business by putting pressure on them, and the companies that provide services to these sites.

A good example is the following sentence in the letter to Whoisguard.com, which goes far beyond the attached subpoena for information.

“We are asking for your immediate assistance in stopping this [linking to torrent files] unauthorized activity. Specifically, we request that you remove the infringing files from the system, or that you disable access to the infringing files, and that you inform the site operator of the illegality or his or her conduct.”

Whatever the true motivation of the RIAA is, with the recent news about domain seizures, extradition requests and these recent subpoenas, operating a BitTorrent site has become a stressful job. Whether this will have the desired outcome for the music industry group in the long run remains to be seen.

TorrentFreak asked the RIAA to comment on our finding but we have not received a response.

Source

July 3, 2011

Britons could face charges for breaking US copyrights even if they have no link to America and servers are based elsewhere

British website owners could face extradition to the US on piracy charges even if their operation has no connection to America and does something which is most probably legal in the UK, the official leading US web anti-piracy efforts has told the Guardian.

The US's Immigration and Customs Enforcement agency (ICE) is targeting overseas websites it believes are breaking US copyrights whether or not their servers are based in America or there is another direct US link, said Erik Barnett, the agency's assistant deputy director.

As long as a website's address ends in .com or .net, if it is implicated in the spread of pirated US-made films, TV or other media it is a legitimate target to be closed down or targeted for prosecution, Barnett said. While these web addresses are traditionally seen as global, all their connections are routed through Verisign, an internet infrastructure company based in Virginia, which the agency believes is sufficient to seek a US prosecution.

As well as sites that directly host or stream pirated material, ICE is also focusing on those that simply provide links to it elsewhere. There remains considerable doubt as to whether this is even illegal in Britain – the only such case to be heard before a British court, involving a site called TV-Links, was dismissed by a judge in February last year.

Barnett's comments follow the case of Richard O'Dwyer, a 23-year-old British student who faces extradition to America for running another popular site, TVShack.net, which provided links to non-licensed streams of films and TV shows. O'Dwyer's family say they are baffled as to why American authorities want to try a British national with no US connection and whose site used servers based elsewhere.

Barnett, who heads ICE's efforts on intellectual property enforcement, said he could not comment on the O'Dwyer case. But in an interview with the Guardian he explained the broader thinking behind it.

"By definition, almost all copyright infringement and trademark violation is transnational. There's very little purely domestic intellectual property theft," he said.

The agency has been running a year-long campaign, Operation In Our Sites, which has thus far "seized" 125 of the most popular unlicensed film, TV and sport websites, including TVShack, as well as ones selling counterfeit physical goods.

Aside from the contravention of US trademarks, website names are central to deciding which are chosen, Barnett said: "The jurisdiction we have over these sites right now really is the use of the domain name registry system in the United States. That's the key."

The only necessary "nexus to the US" is a .com or .net web address for which Verisign acts as the official registry operator, he said.

Decisions on seeking extradition are down to the US department of justice. But Barnett said his agency – which has more than 7,000 criminal investigators – is actively pursuing those within its perceived jurisdiction: "Without wishing to get into the particulars of any case, the general goal of law enforcement is to arrest and prosecute individuals who are committing crimes. That is our goal, our mission. The idea is to try to prosecute."

In Our Sites has already prompted controversy elsewhere, with a Spanish company launching a lawsuit after two of its sports streaming sites were seized, even though they had been found not to contravene copyright law in Spain.

Barnett defended the decision to also go after linking sites: "I'll give you an analogy. A lot of drug dealing is done by proxy – you rarely give the money to the same person that you get the dope from. I think the question is, are any of these people less culpable?"

Civil rights and internet freedom organisations said they were alarmed at the apparent intention to enforce US copyright laws around the globe.

Isabella Sankey, director of policy for Liberty, said: "Many countries, including the US, are increasingly asserting jurisdiction over alleged actions that take place in other parts of the world. The internet increases our risk of falling foul of the law, making it possible to commit an offence on the other side of the world without even leaving your bedroom."

She called on the government to amend the UK's extradition agreement with the US so a British judge could decide where an alleged crime should be best tried. "It would allow UK courts to bar extradition in the interests of justice where conduct leading to an alleged offence has quite clearly taken place on British soil," she said.

Jim Killock, executive director of the Open Rights Group, which campaigns on web-based freedoms, said that domain names such as .com were usually regarded as generic.

"This seems absurd," he added. "If you don't have some idea that there's a single jurisdiction in which you can be prosecuted for copyright infringement that means you're potentially opening an individual to dozens of prosecutions."

Online piracy is, undoubtedly, a huge business. The 125 sites initially targeted for seizure by ICE – the majority of them selling counterfeited physical goods, almost all made in China – recorded between them around 60m visits even after they were replaced with a government warning notice. As well as TV shows and films, there is a huge trade in unlicensed video streams of sports events: just 10 of these sites received almost half the 60m hits.

While physical counterfeiting tends to be dominated by criminal gangs, Barnett said, entertainment sites are often run by the proverbial teenager in a bedroom – who can make a lot of money.

He said: "We seized one bank account for one individual running one sports streaming site. He lives with his parents and has no other source of income. He had $500,000 (£311,013) in his bank account. Most of the individuals that we've targeted were earning estimated amounts of between $10,000 and $20,000 a month. You've got to remember that the overheads are fairly low – your product isn't being paid for."

Source

July 5, 2011

Under Italian government legislation, telecommunications agency AGCOM will have to take responsibility for dealing with Internet content deemed illicit by entertainment companies. To that end, AGCOM is about to give itself the power to remove content and block websites without the need for any legal process. According to free software guru Richard Stallman, Italians should use “what’s left of their democracy” to oppose such measures.

Italy is no stranger to censoring sites deemed offensive by the entertainment industries. In the summer of 2008 The Pirate Bay was blocked nationwide following a court order, a decision the site successfully appealed at the The Court of Bergamo.

That victory was short-lived. The Supreme Court subsequently decided that sites such as The Pirate Bay can indeed be blocked on the basis they are engaging in illegal behavior. This decision opened up fresh action against another torrent site, BTjunkie. The public prosecutor described BTJunkie as one of the most prominent havens for pirated media and in April a court ordered all Italian ISPs to block the site.

But of course, legal action takes time and as was shown in the first ruling against The Pirate Bay, sometimes a positive outcome for copyright holders can transform into periods of concern. To avoid such distractions in the future, the Italian government and its telecoms agency have a cunning plan.

Under recent government legislation telecommunications agency AGCOM is now required to adopt measures to deal with sites and content deemed illicit by the entertainment industries. AGCOM want to make that particular job as simple as possible by awarding themselves the most powerful tool available – the ability to remove content and block websites without a single court, judge or legal process getting in the way.

AGCOM will be able to take offending sites and content offline within 48 hours. Sites affected by the measures will have 5 days to lodge an appeal.

Tomorrow, July 6th, AGCOM will vote on the resolution which will grant the agency the controversial powers detailed above. It will do so in the face of intense opposition from many in the Internet community, who see the lack of judicial oversight as a sign that abuses of power and unwarranted censorship will follow. Among the dissenters is free software guru Richard Stallman.

“I believe that this an attempt by copyright owners to skip the legal system to attack sites and services that they consider a threat to their interests,” says Stallman in an interview with Italy’s Espresso.

“The new system, directed by AGCOM rather than by a court with due process, will accelerate decisions against alleged illegal internet content: this is why the copyright industry wants it. But, being a short and quick way, it will probably trample the rights of users.”

Stallman goes on to state that dissenting voices have been wrongfully silenced in the past following spurious claims of copyright infringement, and that under AGCOM’s proposals collateral damage is inevitable.

“I do not think it is possible to avoid censorship against innocent sites. But even if it were possible, it would be wrong. Why would we hinder users who want to share content?”

But does Stallman believe the right to share trumps the rights of the entertainment industries?

“I reject the term ‘copyright protection’ associated with what the industry is doing now,” Stallman explains.

“Copyright should serve to protect the art and artists. The current system, however, is only in the interests of publishers and delivers only crumbs to almost all of the artists. I propose a system to fund artists directly, based on their popularity, with taxes to give fair compensation [such as from a blank media levy].”

Various campaigns are underway to protest AGCOM’s proposals. The activists of Anonymous are taking the usual direct action by way of ‘Operation Italian Internet Freedom’ and a DDoS on the currently unavailable AGCOM website.

Source

By John Leyden
June 30, 2011

Spam levels have dropped massively in recent months, though researchers fear this is simply because botnet operators have switched their attention to more lucrative activities.

Junk mail volumes - which reached 90 per cent last summer - are down to 75 per cent this summer, net security firm Symantec reports.

The 15 percentage points drop in spam has led to a 60 per cent decrease in total email volumes, helping reduce network congestion and server load in the process.

Symantec reports that junk mail volumes that reached a high of 230 billion spam messages per day in July 2010, 90 per cent of all email traffic, are down to 39.2 billion messages per day, 72.9 per cent of all email.

The net security firm credits the dismantling of the infamous Rustock botnet, as well as the closure in September 2010 decision of equally infamous unlicensed pharmacy affiliate operation Spamit, for the overall decline in useless time-wasting messages littering our inboxes.

The operators behind Rustock - blamed for 47.5 per cent of all spam, or around 44.1 billion junk mail messages per day - took a break in December 2010. Junk mail operations resumed at a slightly lower level in January, but these activities were brought to a halt by a successful takedown operation in March 2011.

Security watchers feared at the time that other spam-sending botnets would step in to fill the junk mail void, but this prediction has failed to pan out. For example, the amount of spam sent by one of the remaining spam-sending botnets, Bagle, has actually dropped from 8.31 billion spam messages per day in March 2011 to 1.60 billion per day in June 2011.

The volume of compromised machines that make up botnet networks hasn't decreased anything like as much, if at all. Instead fashions in the digital underground have changed so that these machines are now being abused to run denial of service attacks instead of for junk mail distribution, Symantec reports.

"This decrease in spamming activity may be evidence that increased investigation of the spam underworld has both disrupted the affiliate networks, such as Spamit, that pay for spam campaigns, and led to botnet controllers looking to keep their heads down so as not attract the attention of a legal investigation by sending large volumes of spam," Symantec analyst Martin Lee explains.

"Interestingly, during the same period there has been a reported rise in distributed denial of service attacks, which can also be undertaken by botnets. It may be that the botnet owners are looking to other modes of operation to maintain their revenue, while moving away from the now less profitable and more risky business of spamming."

A blog post by Symantec charting the decline of junk mail volumes can be found here.

Source

June 30, 2011

Ah, the RIAA will apparently stoop to pretty much any old ridiculous argument to get PROTECT IP passed, I guess. The RIAA's Mitch Glazier has written a typically ridiculous blog post defending PROTECT IP. Most of it tries (and fails) to counter the very credible claims of folks like Paul Vixie (who knows this stuff) that PROTECT IP (1) won't work and (2) will break the internet and cause tremendous collateral damage. The arguments against Vixie pretty much amount to quoting people, who have known associations with those backing PROTECT IP, saying that "eh, things won't be that bad, and we can minimize unintended consequences."

But where it gets totally ridiculous, as noted by ZeroPaid, is at the end, where Glazier honestly tries to claim that PROTECT IP is needed... because of LulzSec. I'm not kidding:

"And in a world where hackers set their sights on new targets every day – most recently the official United States Senate website, allegedly the CIA’s public website and Arizona’s law enforcement database – do we think a lawless Internet defended to the extreme is a good thing?"

If I understand the argument Glazier is making here correctly, it's that "some people totally unrelated to any of this do bad stuff on the internet, thus it's fine to break the internet to protect the obsolete business model of the people who pay me." Is that convincing? The fact that there has been some hactivism going on of late has absolutely nothing to do with PROTECT IP.

And, in the meantime, if Glazier's point is that we need to "protect" musicians, perhaps he should focus on doing something about the guy who works for the RIAA who once (as a Congressional staffer) tried (and temporarily succeeded) to take away the right of musicians to reclaim their copyrights by secretly changing the definition of "work for hire," by making an overnight change in an unrelated bill that no one noticed until the bill was already passed. This is the same guy who went to work for the RIAA a few months later, on a half-a-million dollars a year salary. Oh wait... that guy was also named Mitch Glazier.

Source

See also: Protect IP Act