Hackers leak antipiracy vendor's e-mails to Net

Computerworld - Thousands of e-mails detailing the operations of MediaDefender Inc., a company hired by movie studios and record labels to flood file-sharing networks with fake files of pirated films and albums, have leaked to the Internet.

A group calling itself "MediaDefender-Defenders" claimed responsibility for posting more 6,000 messages purportedly from Santa Monica, Calif.-based MediaDefender. "By releasing these e-mails we hope to secure the privacy and personal integrity of all peer-to-peer users," MediaDefender-Defenders said in a text file bundled with the compressed messages. "The e-mails contains [sic] information about the various tactics and technical solutions for tracking p2p users, and disrupt [sic] p2p services."

The group said it hacked the Gmail account of a MediaDefender employee who had forwarded his work mail to his personal Google e-mail service address.

A file containing the e-mail messages quickly spread via BitTorrent, and its contents have also been extracted and converted into HTML, then published on at least one Web site.

In the e-mails, which covered a period from mid-December 2006 to Sept. 10, company executives discussed a planned Web site, dubbed WiiVii.com, that would pose as a pirate site that offered downloads of copyrighted movies and music but would actually track users who accessed it, then report their IP addresses back to MediaDefender. At least one e-mail seemed to discuss software that, once downloaded to the PCs of WiiVii's visitors, would also transform the computers into bots capable of automatically seeding peer-to-peer networks with fake files.

MediaDefender, which offers what it calls "decoying" and "spoofing" services to clients, has drawn the ire of P2P users for its work stuffing file-sharing networks with worthless files. "We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title," the company claimed on its Web site. "Pirated files will no doubt be on the networks, but with our protection applied, it would be easier to find a needle in a haystack than a real file amongst our countermeasures."

Other details leaked in the messages include specifics of MediaDefender's contract with Universal Music Group, a message from a company employee concerned that his name would be used on the site registration for WiiVii, and changes to WiiVii after some information about the planned site leaked in July.

MediaDefender did not respond to a call for comment, but one Web site that posted the e-mail messages also added a message reportedly from MediaDefender CEO Randy Saaf, which claimed that the company has contacted law enforcement. "I am the CEO of MediaDefender," the message read. "We have begun our civil and criminal investigations into the stolen e-mails from our company. We are meeting with the FBI on Monday. Your IP address has been logged. I hope it was worth the thrill."

Related News and Discussion:

• Confidential Chicago terrorist threat assessment leaked over P2P
• Man charged with ID theft using data stolen from P2P networks
• Ken Mingis: Mac users 'unbearably smug' about security?
• C.J. Kelly: Hacking Stupidity 101: Never hack from home