MediaDefender CEO Randy Saaf, speaking in an interview with Wired’s Threat Level, explained his side of the story behind a Memorial Day weekend Denial-of-Service attack against legitimate TV site Revision3.
According to Saaf, MediaDefender wasn’t even aware that Revision3’s tracker saw legitimate use. BitTorrent site Fenopy.com used Revision3’s internal tracker – unintentionally left open to the world due to a security oversight – to distribute some 296,000 downloads consisting “most of unauthorized copyrighted movies.”
“Our systems were targeting a tracker not even knowing it was Revision3's tracker,” said Saaf. “They were using the tracker as the tracker for their legitimate content. It had been open for years.”
MediaDefender attributed the DoS attack to an automatic response to Revision3’s closing the hole that allowed outside use of its tracker.
“We saw an open BitTorrent tracker with a lot of pirated content on it. We had been posting fake files to their tracker. Over Memorial Day weekend, Revision3 changed some configurations,” said Saaf.
Louderback recalls similar circumstances; once the tracker’s configuration was fixed, “MediaDefender went into overdrive and started pummeling us.”
MediaDefender commands over 2,000 servers, backed up by 9 GB/sec of dedicated bandwidth.
“If a tracker was previously open and suddenly shut, their systems are automatically configured to put them out of business,” said Louderback.
The 296,000 downloads that MediaDefender observed is a number that appears far larger than figured implied by Revision3; Louderback, writing in a company blog post that announced the attack, acknowledged “some unauthorized use,” but said that it regularly took steps to “de-authorize” uploaded torrents that pointed to non-Revision3 content.
Regardless of the actual numbers, Louderback announced on the June 2 episode of the podcast TWiT that Revision3 would not be pursuing MediaDefender in court after all, cancelling previous threats of legal action. It appears that investigators for the FBI are still looking into the attack, despite bureau acknowledgements that DoS attacks existed in a “gray” area of U.S. computer security law.
MediaDefender promised to adjust its policies for the future, “We’ve added a policy that will investigate open public trackers to see if they are associated with other companies,” said MediaDefender executive Ben Grodsky. “[We will] first will make a communication that says, ‘hey are you aware of this?’”