IFPI Employee Describes P2P Sabotage Activities

Maxwell'sSilverLART writes "From The Reg: Matt Warne, an employee of the international version of the RIAA, admitted that he helped the organization spread garbage and random noise on the P2P networks. Apparently, they used multiple DSL connections to present the appearance of separate users, disguising the origins of the files. His group has stopped, but he claims several of the big record companies are still doing it themselves. And here I thought all of their garbage came on CD."

Whats wrong with garbage??

[Bowie J. Poag]

Garbage isn't so bad...their lead singer is hawt... Mee-yow!

Cheers,

Shirley Manson is all that

[burgburgburg]

And a bag of potato chips.

Make that two bags of potato chips.

Re:Shirley Manson is all that

[GigsVT]

Shirley Manson is all that

Her sister Marilyn is really hot too.

Just block 'em at the firewall.

[Anonymous Coward]

Here is a list of P2P Unfriendly IP's you can block.

OverPeer:65.174.255.255
OverPeer:65.160.0.0-65. 160.127.255
Ranger:216.122.0.0-216.122.255.255
R anger:204.92.244.0-204.92.244.255
MediaForce:65.1 92.0.0-65.192.0.255
MediaForce:65.223.0.0-65.223. 255.255
MediaForce:4.43.96.0-4.43.96.255
MediaDe fender:66.79.0.0-66.79.255.255
RIAA:208.225.90.0- 208.225.90.255
RIAA:12.150.191.0-12.150.191.255
MPAA:63.199.57.96-63.199.57.128
MPAA:64.166.187.1 28-64.166.187.192
MPAA:198.70.114.0-198.70.114.25 5
MPAA:209.67.0.0-209.67.255.255
NetPD:207.155.1 28.0-207.155.255.255
NetPD:128.241.0.0-128.241.25 5.255
UnknownC&DCop:64.106.170.128-64.106.170.192
BayTSP:209.204.128.0-209.204.191.255
Vidius:207 .155.128.0-207.155.255.255
GAIN(spyware):64.94.89 .0-64.94.89.255
GAINCME(spyware):66.35.247.0-66.3 5.247.255
GAINCME(spyware):66.35.229.0-66.35.229. 255
MediaDefender:64.225.292.0-64.225.292.127
RI AA:208.192.0.0-208.192.255.255
Xupiter.com:63.236 .32.50
Xupiter.com(mirror):63.208.235.30

I get dozens of hits to each IPchains rule everyday when I am using P2P.

Re:Just block 'em at the firewall.

[Uninvited Guest]

Where did this list come from? How can I verify its legitimacy? Even more important: how can I discover new addresses which should be blocked?

Re:Just block 'em at the firewall.

[don_carnage]

How can I verify its legitimacy?

nslookup

Re:Just block 'em at the firewall.

[Anonymous Coward]

I got the list from http://www.shareaza.com 's security forums. Shareaza is a modern Gnutella client with integrated security features. I do not personally use the built in firewalling stuff though. I wrote Iptables rules to block them all. If you would like to verify the authenticity you can just use a tool like Sam Spade for your windows box. Although you will have to be warned that several of the above listed IP's are listed as belonging to some holding compay or another. I would not know where to begin in writing a tool to automate this, but if you have the skills than by all means please do so:) In the mean time you can just read shareaza's forum.

PeerGuardian has this list too.

[antdude]

Here [methlabs.org]. Good program to block these IP addresses and will work for any Windows P2P clients. :)

Re:Just block 'em at the firewall.

[Junior J. Junior III]

Sure, you can block those, but you can bet that 99.99% of the people using P2P apps won't, because they won't know how or won't care. Soon enough, they'll have all the bogus content, and then you'll have to start blocking idiot p2p users IPs as well. Then the RIAA wins.

Re:Just block 'em at the firewall.

[Junior J. Junior III]

Lots of people seemingly download stuff but never audit what they download for quality or validity of files.

Re:Just block 'em at the firewall.

[glesga_kiss]

Why would anyone keep a crappy mp3 on their computer for other people to download?

I've figured out a way this can happen and is happening on p2p just now. Here's the sequence:

1. Troll user or industry contractor downloads a common file that is genuine. LOTR on DivX for example.
2. File gets renamed to something else.
3. New user comes along, sees the fake and starts to download it. important note: the file on your machine is always named the same as the original you first selected to download
4. Each copy of the file (including the properly named ones) becomes a valid hash-compatible alternate source. So even if the fake-providing user goes off-line, there will still be sources.
5. Here's the key part: Your partial downloads are shared. Other users see you with the fake file, even though you don't even know it's fake yet. They start to download it from you, with the same fake name. If it's a popular fake name, the effect snowballs from there.

Unless everyone deletes the fake file at the same time, it's going to be there forever. This works best for large files, so you'll see a lot of mp3 singles that need overburning to fit on one disk. A lot of users don't know what to expect as a filesize, so they can and are caught out by this.

I've been aware of this for sometime now. I didn't want to post it anywhere, in case it gives someone any ideas. This thread has kinda mucked that up though, so it doesn't matter anymore.

Now, the question is, what to do to avoid this issue:

1. Use WinMX [winmx.com] and it's "Search alternates" feature, which will look for files with the same hash. You should remove the first line of the search (the filename) and re-click on "find", so you are getting back all files of the same checksum. If most of the names don't match what you have, it's usually a fake. Kazaa doesn't allow anything like this unfortunatly.
2. Install a tool like sig2dat which gives your system a new net service available through web pages. You get a link like "sig2dat://......" which, when clicked on it will create an empty partial download for Kazaa. Restart Kazaa and it will begin looking for that particular file. If you trust the web page, then you are happy. FastTrackMovies [fasttrackmovies.com] springs to mind.
3. Pay attention to file sizes.
4. Block IPs that are "nasty"

What really floats my boat is the evential outcome of this. The industry is shooting itself in the foot in this arms race between them and the world, that they cannot possibly hope to win.

Think of it this way. Soon, no one will trust filenames in p2p and the searches will become redunant. One of two things will happen: People will start remortgaging their homes again to buy CDs. Or, people will create better systems that allow ratings of files, like the sig2dat system.

This is fantastic for the p2p user. Not only do you know that you are getting the right file; you'll also have reviews and comments on it's quality and listings of other files you wouldn't have normally thought of searching for. Entire albums can be queued in one click (the question is, will Amazon sue?!? ;-)

What I envisage happening long term is p2p being more of a service on the PC, with little user interaction. To send someone a file, you send them a "link" to that file on the network, and your client seeks it out itself. Just like the birth of Napster, the record/movies industries choice of action (or inaction) will ultimately bite them. Evolution doesn't work well unless someone is hacking away at the weak links.

Re:Just block 'em at the firewall.

[DrPsycho]

MediaDefender:64.225.292.0-64.225.292.127

Um. 292?

I presume that's a typographical error, but you might want to double check those numbers... especially with the hordes of people incorporating them into their IPChains/IPTables rulesets right now. :^)

Re:Just block 'em at the firewall.

[Grit]

Umm... isn't one of the "strengths" of P2P that this would only be effective if everybody refused to peer with these addresses? Even if it were effective, wouldn't the parties involved just call up the phone company and order a DSL line--- with an address from the phone company's IP address block?

The same anonymity which P2P promises cuts both ways. Installing filters like this is a big waste of time. Now, accepting the connections but keeping them occupied via a fake "honeypot" network might at least be interesting...

Yeah

[GigsVT]

I've come across some of this stuff, mostly I got mp3s that were the right length, but just silence rather than what the file was named.

They find their way into my playlist if I am not careful, and when I am using it for background music while intensively coding I usually don't notice when one comes up, but it scares the shit out of me if a really loud song comes on after it. :)

Re:Yeah

[Anonymous Coward]

That's what you get for pirating John Cage!

slowdowncowboyslowdowncowboyslowdowncowboyslowdo wncowboyslowdowncowboyslowdowncowboyslowdowncowboy slowdowncowboyslowdowncowboyslowdowncowboyslowdown cowboy

Re:Yeah

[MullerMn]

Erm, wouldn't an MP3 of silence (of any length) compress down to almost nothing? If not then it'd be a pretty shit compression algorythm....

Re:Yeah

[jc42]

mostly I got mp3s that were the right length, but just silence

They'd better be careful with this. Remember that last year John Batt got into trouble for including a silent track on his CD. John Cage's estate charged him with copyright infringement.

If a recording company is responding to copyright violations by sending around unauthorized copies (or derived works) of John Cage's copyright on his famous 4'33" composition, they deserve to be punished to the maximum extent of the law.

--

Re:Yeah

[Phil Wilkins]

It was Mike Batt, of Wombles fame, and he was stupid enough to give Cage a co-writer credit. The Cage estate sharks duely extracted their pound of flesh.

Moral: Don't dick with the credits.

Re:Yeah

[buswolley]

What we need is an intelligent agent that scans our mp3's etc and gets rid of the junk.

Re:Yeah

[NineNine]

That's what the integrity ratings are an attempt at on the FastTrack network. The only problem with that is that the "intelligent" agents are the users.

Re:Yeah

[Old Uncle Bill]

Without a doubt, that is the biggest truth about this article. FastTrack has built in a moderation system of sorts, but do people use it? Hell no. Try this for starters, go search on FastTrack for the movie XXX. I bet one entry comes up saying it is a perfect copy with about 40 people who have it. That equates to 40 dumbasses, because that file is really Half Baked. What is the point of sharing when you are sharing shit? I think the general user on the system is more to blame than the incompetent folks over at the RIAA/MPAA.

Re:Yeah

[MikeFM]

I think they'll find this gag runs out of steam as soon as P2P clients start using checksum techniques. Use trust boundries and individual checksum lists and you can keep the system from being poisoned. It just a little client support and requires that users take the 5 seconds to notice if a file is shit or dangerous and mark it as so in their client. Best of all you don't even have to keep a copy of the actual file to provide the checksum info so you can act as a P2P cop without being set up for feds raiding your basement. The trust boundries is as simple an idea as saying Jack is my friend and I trust his checklist and I trust Jack's friends friends 80% as much as I trust Jack and I trust a friend of Jack's friends 80% as much as I trust Jack's friends.. so that you form a large verification network that eventually peters out unless you raise one of those individuals to your own friend status. This would make it difficult for the RIAA to get into the average users 'friend' list to poison them from there.. and as soon as they did they would be removed from the list and have to start the whole tedious process over again.

The basterds!

[Chocolate Teapot]

Matt Warne, an employee of the international version of the RIAA, admitted that he helped the organization spread garbage and random noise on the P2P networks

He shared his Brittney Spears mp3s.

Nothing wrong with it

[aridhol]

Why should the music industry be prohibited from putting junk on the network? If the user gets frustrated enough when trying to download music illegally (and yes, copyright infringement is illegal), maybe they'll actually spend money to buy music.

Why is there no great uproar when a private user puts misnamed files on the network? Or when software goes online? Why do we save our complaints for when the legal owners do something against the spirit of the system, rather than when someone else does something against the law?

copyright infringement is illegal

[oliverthered]

Maybe in your world, but in my world it isn't.
This is called civil disobedience.

Though I'd rather take from people willing to give.

Re:copyright infringement is illegal

[aridhol]

Hmm...I just looked at the definition of civil disobedience [63.240.197.92]:

[R]efusal to obey governmental demands or commands

OK, so you're refusing to obey the law (meaning that yes, you admit that it's illegal but you don't think it should be).

[...]

means of forcing concessions from the government

Here's where I don't beleive that you're practicing civil disobedience. See, you're breaking the law from the privacy of your own home. This means that the government doesn't see that you're doing it, so you're not making much of a statement. You're not going to acheive anything doing it this way, and you know it. This makes it not civil disobedience, but regular lawbreaking.

If you really feel that it's civil disobedience, get a bunch of people together, set up a network in a public place (rented hall, maybe), and download there. Make sure the media is there, and hand out pamphlets telling what you're doing. Get your message out there. Face the risks of being arrested.

Until you do something like this, I say you are not practicing civil disobedience, but plain old lawbreaking.

Re:copyright infringement is illegal

[Ann Coulter]

Prohibition ended because of plain old lawbreaking (resulting in some corpses and blind people to boot). Sometimes civil disobedience does not send the message clearly. The most effective message is direct action and if it takes money from RIAA members and indirectly their political pawns then it is more just than parades.

It's not that simple, buddy

[Cokelee]

If you really feel that it's civil disobedience, get a bunch of people together, set up a network in a public place (rented hall, maybe), and download there. Make sure the media is there, and hand out pamphlets telling what you're doing. Get your message out there. Face the risks of being arrested.

Hmmm, not quite. When it comes to those who care more people use P2P than don't.

See this is the internet and everything is distributed (not the hippie generation where your approach might actually work). Millions upon millions of people disobeying the law is infinitely more formidable than getting a couple hundred to take a fall for millions.

You see, if the civil disobedience came only from a few people in this situation they would be squashed and become an example, not a martyr for the cause.

By effectively eluding the government and **AA people are out rightly defying the law in masses. Meaning, if the government does not change its policies it will be forced to imprison its population. Because this cannot occur and have the government still exist, the masses will win over the few.

It's only a matter of time and determination.

Re:Nothing wrong with it

[thelexx]

"Why do we save our complaints for when the legal owners do something against the spirit of the system, rather than when someone else does something against the law?"

Simple. In all cases of them being deceptive, it's just that, pure deception. With the assumption of guilt on the part of everyone who might download. Not all cases of downloads are illegal however.

Re:Nothing wrong with it

[aridhol]

Not all cases of downloads are illegal however.

Explain this to me. If I recorded music and sold it, without any provision for download, when would it be legal for you to download it? Why should I not be allowed to make fakes of my own music and put them online?

Re:Nothing wrong with it

[grolim13]

'twould be legal if the person downloading it already owned a copy on CD.

Re:Nothing wrong with it

[thelexx]

I'm not claiming it is illegal. Simply trying to get at 'two wrongs don't make a right'. Or is it only wrong if it's illegal?

Re:Nothing wrong with it

[Mournblade]

What if I own the CD and am too lazy/unable to rip it myself, but want to listen to it on my PC? If I *only* download mp3s of songs from CDs that I actually own, is that illegal?

Re:Nothing wrong with it

[JordanH]

• Simple. In all cases of them being deceptive, it's just that, pure deception. With the assumption of guilt on the part of everyone who might download. Not all cases of downloads are illegal however.

Not all deceptions are illegal or actionable. Using a P2P network for receipt of material lacks several necessary conditions to establish a contract.

Even if it was deemed actionable, what would one do? They are using P2P networks exactly the way they were intended, they are hiding the identity of the source of the transmissions.

When you are using black market channels for distribution, it's difficult to make accountable those who might make misrepresentations.

Who's complaining?

[Sloppy]

Why should the music industry be prohibited from putting junk on the network?

No reason they should be prohibited, and I haven't seen a single poster suggest that they should be. This is news (sort of) because it's moderately interesting, not because it's some horrible atrocity.

Re:Nothing wrong with it

[echucker]

If they're going to mess with files, at least be clever about it. Take a lesson from the Barenaked Ladies' book - Take a legit file, and implant funny ads for upcoming releases in them. "Pinch Me" off of their Maroon album is a perfect example of this. Do a search for the track on your favorite P2P network, and you're sure to notice that some people note "no ads" in the title.

I actually prefer listening to those versions now over the stock ones.

Enigma

[moc.tfosorcimgllib]

If the user gets frustrated enough when trying to download music illegally maybe they'll actually spend money to buy music.

And the money spent on this music funds the company putting random noise on this medium instead of producing more, better music.
What happends when more money is spent on protecting the music than actually producing music?

Just random thought noise.

Re:Enigma

[aridhol]

While I can't get through to the RIAA website right now, I beleive that it probably is the RIAA's job to protect the music. The individual companies are in the business of making music, while the Association is there to protect its members, and that includes protecting the music they produce.

Re:Nothing wrong with it

[aridhol]

Where is the vandalism in this case? Are you saying that it is vandalism for a copyright owner to make a fake copy of his own work and put it on the P2P networks?

Easy to Believe

[floppy ears]

The alternative explanation for the persistence of this noise material is that users are extremely inattentive, and that's difficult to believe.

It's pretty easy for me to believe.

I use P2P primarily to check out new bands. Often I will just download the song that most people have available, hoping it will be a representative tune.

As often as not, however, the most widely available tune has some problem, like being misnamed for example.

This can't be caused by intentional poisoning. Rather, people are lazy and just leave the crappy files sitting in their download folders.

I don't see anything wrong with this.

[thinkliberty]

I don't see anything wrong with this. If it makes it harder to pirate the music and it isn't a DOS against the network or another person. So what? If the copyright owners want distribute blank songs or garbage songs on p2p networks. Let them do it. It would also be interesting to find out if they paid the artist for using their name on a product they are distributing.

They have a right, in a way

[image]

Look, as much as I resent the RIAA, I have to say that they have a total right to fill up P2P networks with bogus files that look like copyrighted material.

What, you are not able to pirate a copy of some new album? Poor baby. Pay for it. You _really_ are ripping off the artist if you steal it. Yes, you are also ripping of the RIAA (which I don't care about). But don't complain that your organized theft ring is being hampered by the rightful owners of that property.

I despise the RIAA and how it treats their artists. But for the love of all that is right, don't *steal* in reaction. That is certainly not going to make the artists lives better.

Buy from alternative record labels. Go see your friends bands live. Write your own music. Read a book. Play with your computer. Make out with your girlfriend. Or, if you really want that album, pay for it. Or don't and boycott the bad labels. *That* choice is yours.

Re:They have a right, in a way

[thelexx]

"What, you are not able to pirate a copy of some new album? Poor baby. Pay for it."

Suppose for a moment that I already have. What is the justification now?

Re:They have a right, in a way

[The Evil Couch]

if you already bought the album, why do you need to download another copy of it?

just do what I do and rip the audio data to mp3. depending on your computer, it'll take 3-10 minutes, whereas tracking down all the tracks for your cd and finding someone that's not being a file whore to get them from will take 1 minute- weeks. that way you don't even have to worry about mislabeling or low bitrate, because with a decent CD ripper, it'll connect to a CD database and put in the correct label for you and let you choose what bitrate you want.

everything you want, none of the hassles of trying to pull it off a peer to peer network.

back to your question, if you have a copy of the CD on hand, then you probably do have the right to seek out a backup copy for personal use. after all, the end state is the same as if you had ripped it yourself. but my way's a lot better :p

Re:They have a right, in a way

[brain159]

Have we FORGOTTEN all the perceived angst and trauma about usage-prevented audio CDs (sharpie marker deprotection, all that)??

If I buy a CD and find I'm totally unable to rip it, I can and will go searching for the tracks on p2p. If/when every "CD" that comes out (including from the smaller dance music labels I like) is similarly mangled, a few people will manage to rip it (carefully via analogue, or whatever) and the music will still proliferate over p2p.

If, in order to get the music I've paid for into a format I regard as usable (mp3s or oggs) I have to go get them off p2p networks then I've gained no *actual* value from the purchase of the "CD".

Re:They have a right, in a way

[RackinFrackin]

You make good points, but also one error. Breaking copyright law is not stealing - it is copyright infringement. There's a huge difference.

Re:They have a right, in a way

[Ryan Amos]

So the RIAA is stupid. All that happens now is people just borrown their friends copy and burn a bit copy (and yes, this usually will work even with those stupid copy-protected CDs) and listen to them. That was always the main source of piracy anyway. Besides, IRC always has been a better means of getting whole albums anyway. Chan ops will nix bots serving bad files.

Re:They have a right, in a way

[Junior J. Junior III]

Look, as much as I resent the RIAA, I have to say that they have a total right to fill up P2P networks with bogus files that look like copyrighted material.

And we have every right to take note of their actions and implement countermeasures. And so it goes.

Re:They have a right, in a way

[Anonymous Coward]

Make out with your girlfriend.

Your new here aren't you?

Re:They have a right, in a way

[avgjoe62]

That is all very good advice for those that want to get the music without paying for it.

Now what about those of us that do actually own a valid copy of a song?

I have a large collection of LPs (remeber those? the large, circular vinyl disks with the small hole in the middle?). I take loving care of my albums, buy the best stylus I can and clean them when needed. I used to record onto cassette so I could listen to my albums in my car (perfectly leagal time shifting-- if I am driving in my car, no one is back at home listening to my albums).

Now, I have a car with a CD player, but no cassette. I want to listen to my albums, but I don't want to pay for them all over again when I already own a legal copy. So, I can try and get the output from my turntable to my computer (not easy!) or I can check out a P2P network and download copies of those songs I already leagally own.

Why should the RIAA have any problem with that?

Reality check

[GuyMannDude]

For a minute there it looked like you were making some serious points. Then I got to this line:

Make out with your girlfriend.

That kind of delusional thinking just wiped out any semblance of reality that your post might have had. :)

GMD

Re:They have a right, in a way

[aridhol]

If I boycott nothing records and go ahead and download the new Nine Inch Nails album, they are not out a sale. I got free music, they lost nothing

I see this "logic" all the time on Slashdot, and it still annoys me.

Yes, it is true that they did not lose a sale. However, how can you say that it is not theft?

• Something costs money to get.
• You get it without paying any money
• Therefore, you have committed theft.

It doesn't matter that they didn't lose money on it. It does matter that they didn't get the money that should have come to them for the transfer of property.

Let me put this a different way.

• You buy the rights to download something digitally
• You download said item
• You steal the money you used to buy the rights

Is this theft? The owner can still sell more copies of the digital item. However, they are now out the money you originally paid them. Where is the difference between these two scenarios?

Metallica is in on this too...

[Tofino]

Everything Metallica has released since Master of Puppets has been garbage :).

Isnt this what we were expecting all along?

[josh crawley]

As an ethical issue, downloading songs we havent paid for is just plain stealing. And they tried to shut down the source (the transfer tool and servers), byt the judge bitchslapped them down.

What choice are we leaving them? They're spreading corrupted files. It's not like they're ping flooding every user. They're just sending what the USER REQUESTS.

I'm relieved that's all the Riaa are doing. After all, protecting the groups' rights are what they're about.

EULA?

[Tar-Palantir]

I haven't read any P2P app EULAs, but I wonder if some of them might try including a clause that "You agree by using this Software that You will not attempt to degrade the effectiveness of the Network in any manner, including intentional distribution of flawed or nonsense files."

Now, IANAL, but it seems like the outcome of such an action would be positive for the geek community:

• The RIAA might simply stop.
• They might sue, and have EULAs ruled not binding (this would be negative in the sense that they could continue the monkey business, but good overall).
• The P2P companies might take them to court and win. Wouldn't that be nice?
• 
  
  Anybody see why this wouldn't work (unless some clients failed to put the clause in)?

Re:EULA?

[zipoff]

I really don't understand how the parent is modded up to +5.

The RIAA/MPAA/xxAA could just write their own client that connects to the network. They are not bound under any EULA, as it is their software.

As the companies releasing P2P lean towards, there is no owner of the network, and as such, there is no EULA to enforce for the network.

Funny and true story

[Amsterdam Vallon]

I actually e-mailed Richard Stallman a couple years ago when I realized a great way to spread the GNU message.

My question was whether disguising pro-GNU songs (such as these [gnu.org]) as Billboard Top 40 hits and sharing them on Peer 2 Peer networks was a "right" thing to do.

He suggested that I not do it, but did thank me for a good laugh.

This reminds me..

[Maeryk]

I have been running Limewire, and has anyone else noticed that no matter WHAT you put in the search box, you nearly immediately get three hits back with exactly that title and an appropriate extension? One is a broken move file that just locks your player, and two others are pr0n teasers.. but that must be a large server with a fast pipe... because it consistant, and it is FAST.

Has anyone run into this with any of the other P2P clients, or is it just limewire specific?

(I would think that would be a better way to tie up the services anyway.. just have a remote server that responds to incoming searches with a couple of crap files. Get enough of them doing it, and the S/N ratio will get so screwed people will stop using it.)

Maeryk

YES!!. Virus also, i think.

[Unknown Poltroon]

No matter what you put in, you get a file back instantly, some of which are some kind of pornbots or something, and i have had a few where they are a virus, i believe. It seems to change the names of its files on the fly. Its kinda neat, in a way, i wonder who it is.

Re:YES!!. Virus also, i think.

[meringuoid]

No matter what you put in, you get a file back instantly, some of which are some kind of pornbots or something, and i have had a few where they are a virus, i believe. It seems to change the names of its files on the fly. Its kinda neat, in a way, i wonder who it is.

The dummy results always come from the same few machins; they say they're running Gnucleus, and I believe it - access to the source code helps if you mean to screw with Gnutella in this way.

The .exe files in the !!_YEEHAA_!! zip files probably hijack Internet Explorer - going by what comes out of running 'strings' on them, they also add a whole lot of porno bookmarks - venusseek.com in particular. This is just a guess as I'm not planning to actually run this thing on Windows :-) The images and mpgs just show an ad for some porno site.

The .vbs viruses... they seem to have come from Columbia. A look at the source of one of them reveals

rem "Plan Colombia" virus v1.0
rem by Sand Ja9e Gr0w (www.colombia.com)

rem Dedicated to all the people that want to be hackers or crackers, in Colombia
rem This program is also a protest act against the violence and corruption that Colombia lives...
rem I always wanting that all this finishes, I have said...

rem Santa fe de Bogotá 2000/09
rem I dedicate to all you the song "GoodBye" of Andreas Bochelli

It relies on user stupidity and Windows' habit of hiding file extensions. Instead of 'virus.mp3.vbs' the user sees 'virus.mp3' and thinking all is well doubleclicks to play it. VB script promptly scans the whole hard disk and creates a copy of itself under the name of every MP3 it finds. That's why you tend to get double results - maybe Quadrophenia.mp3 and Quadrophenia.mp3.vbs from the same user. It also seems to redirect IE's start page to a FortuneCity site, and has a bunch of other stuff going on related to script kiddie life and Colombian politics.

Compared to this sort of malevolence, a Coral song that craps out after five seconds and continues in silence is positively benign.

What I want to know, though, is why I keep getting back 'Free Bird' by Lynyrd Skynyrd no matter what I search for?

Re:This reminds me..

[theLOUDroom]

I use limewire and I've noticed the same thing. Here's what I do about it:

1. Start Limewire and let it get connected.
2. Search one something weird like "frobittzly."
3. Open up the settings and add any computer that replies to my list of blocked ips.
4. Repeat the two steps above until I get no search results for things which shouldn't exist.
5. Use Limewire as usual.

Right on

[octalgirl]

This guys quotes are right on, and I hope we see more and more people say this publicly:

Back in 1997 and 1998, the industry had the chance to develop online music services, he says. It saw what was coming. Which is true: at that time, the major labels were paralyzed by fear of online music and were downsizing accordingly, but refused to alter their business models, or extend into new areas.

"Once Napster came along," says Warne, "people got used to getting stuff for free. They've introduced Emusic but people just ask 'why isn't it free?' If they'd introduced it in 1998, they wouldn't have this problem,' he thinks.

Well at least they hired some real engineers

[jj_johny]

So somebody who does not like unauthenticated P2P networks is trying to jab them. Who would have thought that kind of activity could be going on the internet?!?!

I certainly didn't see it coming.

Next thing you are going to tell me is that those free weekly newspapers have lots of ads. Or that admins will put patches on their servers to protect them. Or that there are lots of naked pictures on the internet. Or that I am not the 14 girl I play in some chat rooms. (maybe I should use a different name?)

Another obviously stupid story about how anyone who can guess the end of most movies can guess about 75% of the stories that are going to be written on any subject or 75% of the stupid things that big organizations are going to do. Please something fresh. Please something that is news or that matters.

Avoid it with MD4 hashes to identify files

[Guiri]

This can be avoided using MD4 hashes and file sizes to uniquely identify files. Then on webpages people post links to well tested files which aren't garbage. All this is implemented in the edonkey network, and it's client emule [emule-project.net], and "elinks" with valid files are posted in sites like Sharereactor [sharereactor.com]

I think all P2P apps should at least use MD4 hashes.

technology can beat this....

[smd4985]

once again, the IFPI and RIAA don't understand technology. given the infrastructure, p2p users could 'moderate' content up and down, and 'metamoderate' the moderations of other users (wonder where i've heard of those terms ;) ). but seriously, this technological solution would destroy poisoning efforts - as content and users were moderating, crappy content would be marked as 'to be ignored', and valid content would sift to the top of the heap.

It's so much easier ...

[burgburgburg]

playing little guerilla internet tricks rather than trying to understand/reform your industry. It's so much simpler to poison a well rather than figure out how to use it to make money and satisfy your "customers". It's so much more restful to sit around and blame "pirates" rather than addressing new technology and a changed customer base. It so much less tiring to pay off legislators to outlaw things that are inconvenient rather than putting together a business model that isn't 30 years out of date. Thanks IFPI.

Re:It's so much easier ...

[pgrote]

Agreed.

Each time I see a commerical on TV for a collection of songs I think to myself, "The labels are losing money all the time."

If they sold them online, made them portable for me and priced them reasonably I'd buy them.

For instance, when I buy an online book for my palm it encrypts my credit card information. That is a great idea as I don't share it with anyone. It keeps my portability as I can read it on my PC or palm. It is priced right as they make a little money, but pass on the savings to me.

This is the model the music and movie industry needs to adopt. Allow me to move my downloads to other mediums and make it cheap. I'd buy more.

How and why do they do it?

[On Lawn]

When I do a search on gnutella, I used to get nothing but good information. Then about three months ago I started seeing files like (say I was searching for Avalanches)

Avalanches.jpg
Avalanches.mpg
Avalanches.mov ...and so forth. Its pretty easy to avoid them, I don't think they are fooling anyone. I've never even clicked on them to see what they actually contained.

Wait, I did get snookered once. I was searching for "Camaflouge" the old Depech-mode sounding 80's band, which I haven't found a way to purchase the CD anyway. One of the files I pulled down turned out to be a really sweet rendition of "I Know that My Redeemer Lives". I suspect it was a fellow mormon reminding me of my values. But I liked the rendition so much that I kept it and play it.

(By the way, I own the Avalanches CD)

________________________
OnRoad: [onlawn.net] Hacking that which costs more money and is more deadly. (Its just a car-enthusiast site really)

OT: Camouflage

[slothdog]

Not sure which Camouflage album you're looking for (they're releasing a new one this year), but most of their stuff can be found at A Different Drum [adifferentdrum.com] (which has lots of other similarly-styled stuff you might like) or even Amazon.

And here I thought ....

[Savage-Rabbit]

".... all of their garbage came on CD"

For the N'th time NO Record Company Garbage does not just come on CD, it comes on Video Tape, on DVD, Over cable, Over satelite and TV channles, Radio, The Internet ........

It's a waste of time in the end

[stratjakt]

P2P networks are already chock full of bad 'rips' full of pops and skips, or poorly/wrongly encoded (like 56k mono), misnamed songs, and so on.

Eventually the people who get 'into' it figure out who enjoys the same sort of music they do, and who tends to have quality mp3s on their sites. So the metalheads migrate together, and the hip hop fans, etc.

If they stray outside their 'clique' and get a garbage tune or two, they delete them and move on.

They also 'poison' newer, profitable releases, and I've found that a huge chunk of the P2P'ers are there for older or more obscure music. The fact that there's a garbage version of Britney Spears' latest floating around doesn't bother a Deadhead or someone looking for underground punk tunes in the least.

So, I suppose it could discourage a handful of 13 year old newbies if by luck they manage to get the garbage files the first time they try it. But it won't 'kill' the networks.

be careful what you say about the riaa here

[circletimessquare]

be careful what you say about the riaa in your posts, or they'll use the same tactic here, on slashdot, and post random garbage comments to drown out the anti-riaa noise...

wait... garbage posts on slashdot!? it's already begun! how much are those trolls getting paid?!

Not enough.

[twitter]

it's already begun! how much are those trolls getting paid?!

Ever met a rich whore? Neither have I. People who sell out like that are always pawns and never have anything.

The wistle blower should not be trusted. If he had left while the effort was ongoing instead of after it was shut down, his credibility would be much greater. I don't believe him when he says that he did not engage in cracking and other illegal activity. We have several posts here that attest to the fact that people are using the P2P networks to spread viruses. All we can be sure of is that the RIAA and friends are doing everything in their power to eliminate fair use music sharing.

They hate music sharing because they don't control it. If people are free to share what they realy enjoy instead of being forced to listen to programs designed to sell 40 albums a year, the recorded music world will once again regain the diversity the real music world still has and we will start to see more recording lables than you can shake a stick at. The RIAA will be ruined, of course. Oh well.

A quote from a Honest Artist

[esorense]

This might be a little offtopic but I thought it was interesting. I attended a Spoken Word Event by Henry Rollins. He discussed his views on P2P and downloading music off the net. His basic view was go ahead download my stuff. "I would rather have your time than your money," he said. Amen. I liked it so much I added it as my sig, sorry about the repetition.

Nice try.. but

[tezzery]

Filling up p2p networks with silent/garbage mp3's might disappoint a number of users enough into not using/trusting the service, but at least a handful of them will try to find alternatives such as IRC networks and private FTP's (which is the only thing some people use).. Not everyone is using kazaa et all. Also, what about good-old trading with their friends? This is something the RIAA/IFPI will never be able to stop. Why? because people have been trading cassette tapes/records/mix tapes/cd's forever. It might slow it down, but the RIAA is still a few dozen people trying to stop a way bigger amount of users. They should really focus on one, single solution, rather than little problems. Until they do, expect music downloading/trading to keep spreading.

Garbage on CD?

[allanj]

And here I thought all of their garbage came on CD

No, most of their *REAL* garbage comes out of the politicians they've bought over the years. That would probably be on Legal Paper I guess, but (hopefully!) not on CD.

Advertising.

[Moderation abuser]

They should use p2p like a radio broadcast, put low bitrate encoded versions up for free, advertise sites where the high quality encodings can be purchased for $0.50.

sabatoge away RIAA!

[Lumpy]

They cannot do anything to the p2p netowrk I use.. it's invite only to get access to it.. (Open Nap server system) we have approximately 200 people on it now, and have had to kick only 1 person.. they were acting like the typical leech.. so they are blackballed... simple really. we allow someone to join and become a part of the network for 10 days with no files to share. (mp3 and ogg only) and anyone that doesnt add new material usually get's a warning, but no warning have needed to be issued.. we have a HUGE amount of IUMA artist music on it.... the legal stuff :-)

nothing below 128kbps and users regularry weed out the crap so that you are used to getting a good copy the first time.

I know I'm not the first to organize a private P2P but I do know that's where the RIAA can do a damned thing... and unless you are on the invited list you cant get in it to spoil it.

"I thought all of their garbage came on CD."

[Junks Jerzey]

Troll.

You're essentially saying that every single band from the last 40 years that has any kind of name recognition is garbage. That's a lot of bands to be smacking down with one offhand comment. Sure, there's a lot of crap out there like Creed and Mariah Carey, but if you put together a list of all good bands that have had major label deals *ever*, then that's a mighty long list.

The Cost of "Disinformation"

[davejenkins]

Disinformation, the act of spreading rumors, false orders, and couterfeit money is as old as warfare itself. Usually, the production cost' of disinformation is much less than the 'production cost' of truth. It's easy to spread a rumor about ambushed soldiers, whereas actually ambushing someone is pricey. Fake Confederate dollars were much easier to print than real ones, etc. Al Qaeda knows this, and it's rumor mill is going full steam.

Now to the immediate fight: the RIAA and record labels have decided to invest time and money into producing counterfeits and disinformation. The problem is that the very structure of P2P networks makes this overtly pricey:
1. The RIAA must proactively produce 'bad' Britney Spears
2. Some dope must download this 'bad' track-- but once they find it's bad, they delete it. The track never gets past that first copy.

Whereas 'legitimate' tracks get copied and passed around by everyone, because the legitimate tracks are keepers, and they expand virally.

Eventually, the RIAA will come under such heavy costs to maintain their disinformation campaign, that it would be cheaper to start using the P2P system to their advantage (theoretically)

I disagree -- on both counts

[GuyMannDude]

2. Some dope must download this 'bad' track-- but once they find it's bad, they delete it. The track never gets past that first copy.

Ah, if only p2p networks were so efficient. Most people just aren't as deligent as you about cleaning up corrupted stuff they download as you are. With harddrives in the tens of gigabytes these days, there's no pressing need for the average user to get rid of every single junk file. Most people are lazy, lazy, lazy. They download a whole chunk of mp3s at once and figure they'll sort through them later. Maybe that won't happen for a few days. In the meantime, others do the same thing and download it off him before he gets a chance to delete it.

I don't quite understand your arguement about why creating bad mp3s is so pricey for them. I'm sure they can whip up a short program that will automate the process. Then they just pay some intern minimum wage to run batch jobs and create a huge amount of corrupted files. They can repeat this process over and over.

I'm not saying that the RIAAs tactic is sound. But I also think that your conclusion that "Eventually, the RIAA will come under such heavy costs to maintain their disinformation campaign, that it would be cheaper to start using the P2P system to their advantage" is flawed. I think this is a dirt cheap and easy way for them to feel like they are doing something about the p2p problem.

GMD

Packrat P2P users do save garbage.

[ChaosDiscord]

However, more recent evidence suggests that the technique is being used by major labels in-house, instead, and the sheer quantity of junk files found on the peer to peer networks today - purportedly residing on individual's PCs - points to continuing "poisoning". Why? Because users abort a junk download, or quickly delete a file. The alternative explanation for the persistence of this noise material is that users are extremely inattentive, and that's difficult to believe.

The Register dropped the ball on this. There is a non-trivial number of peer-to-peer users who just download things because they can. Much like the core of packrat warez traders they're not so much interested in the specifics as trying to have the largest collection. (And when you get warez from one of these packrats, you'll often get software that's seriously broken.) They're not really going to listen to the two months of continious music they have, just a small subset. Clearly they're rather have real songs, but they never bother to check. It only takes a few of these people to create the impression that the network is full of garbage.

Trust

[lightspawn]

Don't like what they're doing? Design a better P2P solution! You're the best and the brightest (or so some of you keep claiming). P2P networks with no trust metrics are subject to corrupt data abuse. Why don't the (anonymous) IDs or IP ranges end up with negative trust metrics, so that other users download their files from slightly-more-trusted hosts? And why isn't there some kind of legal EULA to "sign" before files are browsed or downloaded? "Legitimate" users (that's us!) have the software sign it automatically, while "they" have to modify their software to send the OK without meaning it, so their access to our systems is illegal.

Interesting infringement arguments from this

[Arethan]

I was just thinking. What happens if you downloaded a bunch of songs that they distribute on physical media and get taken to court by them. You could easily argue that you had heard that they were willingly distributing garbage files on the P2P networks, and were merely trying to aquire some examples of them to see what all the fuss is about.

Since they are placing the garbage up there themselves, wouldn't that imply that they were approving download and listening of the garbage files? The real files got in the way, and you were busted before you had a chance to delete them.

Seems to me that they were better off before, simply sueing the file distributors as they find them. *shrug* Just thought I'd share that little thought. :)

Not much of news, is it?

[Badgerman]

We've got confirmation of what we've pretty much assumed is going on, and someone else saying the RIAA and co are scum who exploit and destroy artists.

What I find amusing in these articles is they often ignore what goes on beyond P2P - people trading WITHOUT the networks, or using them together to find non-garbage songs, or ripping CDs, then sending songs to each other via non P2P methods.

The only way the RIAA can mess everything up is if they force ISPs to monitor every transaction and get access to every computer . . .

. . . which sort of seems to be their goal. THAT'S the important news. We already know they're scum.

Good idea of the day...

[Fnkmaster]

What P2P networks need is a built in web-of-trust model that allows users to vote on content. The more good content you are currently sharing (based on file hashes or whatever), the higher your trust level. The more flawed content you share (whether it's virus infested programs, or fake songs) the lower your rating gets. Rating takes place on individual pieces of content, not on users, since anonymity is fairly important. Though it would be nice and would make this model work better if some sort of persistent identity existed on the network that allowed hardcore users to develop higher trust ratings over time and therefore be more trusted to do content rating.

The alternative is the eDonkey 2000 model, which is have trusted sites that publish the hashes of known good content, and then just search the network for that content. Of course, eDonkey2k is so atrociously hard to use and cranky that it will never gain too much popularity (this is based on using it some 6 months to a year ago, maybe it's changed since then - of course, I think that is part of the point - make it only for |33+ folks, keep out the llamas so it doesn't get shut down).

Yawn... MD5 Checksums

[Rayonic]

I guess that the RIAA's anti-piracy measures are getting so bad that they're circumvented well before they're implemented.

There are already networks out there that incorporate MD5 checksums in order to avoid bad files (example [sourceforge.net], example [overnet.com]). Couple that with a simple checksum repository (example [filenexus.net], example [sharereactor.com]). Or maybe even a search engine (example [jigle.com]), and you never have to download another bad file again.

Re:Yawn... MD5 Checksums

[anewsome]

Anyone who thinks checksums for encoded music files would work has no idea what they are talking about. A checksum for two music files, ripped and encoded by different people would only work if both files were ripped, without error and encoded with the same identical encoder with the same exact options, id3 tags and all. Anything less would produce two files with different checksums. You could encode the same file at the same rate with the same encoder, options and everything else. 1 character different in an id3 tag and you have a different checksum.

Fuzzy checksums would detect this but now we are getting off track. This supposed checksum database would have literally hundreds or thousands of valid checksums for each ripped file.

So,.. yawn. Learn what you are talking about before posting.

--Aaron

I've done this for the Labels too...

[BenSnyder]

Labels spoof files on p2p networks. Duh. Short of suing the entire world, that's currently their best weapon against piracy. Sure it doesn't stop it, but it does make it more of a pain in the ass.

At the same time, I wrote an influential paper for the NY chapter of NARAS disputing all of the RIAA's claims (much of the support used in the paper came from articles posted on /.). Long story short, this paper went to the voting delegates at the national NARAS meeting. They voted NOT to support the RIAA's stance on mp3s and NOT to support the RIAA's current marketing scheme where Britney Spears says downloading = stealing.

A part of that paper said this:

Record labels are confused and contradictory. They use mp3s in private while they deride it in public. If they're promoting a new band, they'll post the band's songs on p2p networks (often in a covert manner) with the hopes that they'll be traded and talked about in chat rooms. If it's an established act with a history of sales, they'll "spoof" the p2p networks with fake files. It's just another way of using mp3s, albeit in a subversive and anti-customer way, which is par for the course.

Kazaa Lite 2.0+ anyone?

[Kaz Riprock]

Ever since Kazaa has put out their 2.0 and onward line of clients (and Kazaa Lite as well by extension of it) there is a Quality Vote feature for all of your files. If a file is shared by 58 users and they all gave the file Excellent rating, you can feel self-assured that the file is what it says it is. I doubt 58 people would go out of the way to vote a garbled/garbage file as Excellent to propogate an RIAA/IFIA spoof file (note that the rating does not follow the copy of the file to your computer).

As long as people are honest about the file's integrity in their voting (what motive would 3/4 of those serving the file have to lie?), then this sort of RIAA/IFIA subterfuge will be sunk.

That was almost witty...

[Mulletproof]

"...And here I thought all of their garbage came on CD"
If it did, their wouldn't be a P2P network to worry about, now would there?

Idiots...

[j_kenpo]

These people just dont get it. With the hopes of poisoning P2P file populations with garbage, do they actually hope to discourage users? I remember when I still used P2P for fileshareing, if I got a bad file, that just made me more determined to find a good one. These people dont give enough credit to the persistence and patience of people looking for music. Just because they put out bad files doesnt mean it will discourage users anymore, theyll just keep on looking until they find a good one...

I love(d) Norah Jones' Music...

[Newer Guy]

So I went out and bought her CD, but found out that I can't play in to my computer (which IS my CD player by the way). "No problem": I thought to myself. Since I already own the CD (that I can't play), I'll go onto Kazaa and download the tracks. BIG PROBLEM, as every one of them has been altered with a 'swishing' tone every 30 seconds or so. In disgust, I returned the CD. If Norah doesn't want me as a fan, she can go fuck herself. Actually, I wonder if Norah (even) knows and appreciates how hard her label works at derailing her career?

misnamed files - dangerous material

[phorm]

What disturbs me is the great amount of misnamed files that contain somewhat objectionable content. Some are named as such things as disney movies, or pokemon, etc... but contain adult content. I'm sure at least a few kids have come across this crap on kazaa.

Some of said clips (or those somewhat ambiguously named), contain content of somewhat dubious legality as well (not copyright legality, I'm referring to the content itself being very very wrong). It's bad enough that I see such things when browsing my kazaa cache... but it's worse when I think that somebody may have sniffed my (static) IP and associated me with it - or others have downloaded it off my PC.

The messaging feature is nice... I can let people know when I find bad, or immoral, downloads - and hopefully help filter the crap-files.

Minimal Techno

[oliverthered]

for real taste of random noise check this [besonic.com] out

Re:Why haven't I noticed?

[uncoveror]

They want everyone to stop trading files, so they fill the networks with garbage. They want us to pay $20 for a CD that cost less than 1 to manufacture, and most of those are filled with garbage. Increasingly, they won't play in a computer because of "copy protection," when computers are they only player many of us have. How do we tell them we don't approve? By boycotting their products. [dontbuycds.org] Let CDs gather dust on store shelves.

Huh...

[Peterus7]

I always thought those really weird repeditive songs were just remixes.

Re:Fighting Fire With Fire

[PinkFloyd]

"File sharing is illegal - you are paying nothing for something."

No, file sharing is _NOT_ illegal. Copying and distributed copyrighted works is illegal. There's a world of difference between the two.

Re:Fighting Fire With Fire

[Tenebrious1]

"File sharing is illegal - you are paying nothing for something." No, file sharing is _NOT_ illegal. Copying and distributed copyrighted works is illegal. There's a world of difference between the two.

Not quite- copying and distributing copyrighted works... without consent of the copyright holder... is illegal.

Re:Fighting Fire With Fire

[carpe_noctem]

I wonder if Pink Floyd gave you permission to use his name on slashdot... :P