MediaDefender DDOS of Revision3

30 November -0001

There's a very interesting write up of the recent denial of service attack against Revision3 on the company's blog. For those who aren't aware, this high profile attack hit the news with ferocity when it was discovered that the company MediaDefender, which works to stop illegal file sharing and has done work for organizations like the RIAA, was the culprit in the attack. Revision3 was using BitTorrent for perfectly legitimate reasons and MediaDefender crippled Revision3's internet connection over the Memorial Day weekend.

Of course, a lot of questions arose immediately following the attack. People wondered if it was a mistake, or perhaps a misconfiguration. Denial of service attacks are illegal, and for one US company to carry one out against another is pretty serious business. It turns out that Revision3 has contacted the FBI, who are investigating.

This sort of news if frightening and illuminating, especially in light of the recent paper by Col Charles W. Williamson III that proposes a .mil botnet. It seems like internet warfare is truly heating up. With the proliferation of botnets and zombie computer networks utilized for malicious purposes, it seems that legitimate organizations are now adopting their tactics. One suspects that companies like MediaDefender are using distributed attack techniques to "defend" their clients' interests.

The fast paced and open nature of the internet has always defied legal reaction to emerging threats. Private security workers seem to be the forefront of the defensive line, rather than law enforcement, which creates a unique atmosphere. Security professionals tend to understand the tactics of attackers and without any legal barriers it is very easy for a legitimate computer security professional to employ nefarious tactics in pursuit of their own organizations goals. Because security professionals aren't bound by any established code of ethics, such as the Hippocratic Oath, white hats can easily slip into gray areas without noticing.

Unfortunately the cost of law enforcement investigations is high in terms of money and manpower, and there isn't much incentive for law enforcement to pursue criminal investigations of cyber crime. Additionally, laws and statues don't cover much of the activity online. Of course, in the case where one US company damages the business of another it is easy to instigate a tort action, but it is entirely different to start a criminal investigation. The internet moves so fast that it is difficult to train law enforcement in meaningful skills. Training an agent to do Windows forensics is expensive, and after a few years those skills are out of sync with technology.

One might wonder how it is that private industry is able to keep up with security trends when law enforcement cannot. Well, in many cases private industry doesn't keep up. However, in the cases where it does the equation usually comes down to money. Corporate information security officers are paid much more than their law enforcement counterparts, and their budgets are usually considerably more substantial as well. It's a scary situation we're in where Pinkerton detectives are more effective than real police. This, however, turns out to be the internet world we're living in.

There are smart, highly trained people working in organizations with large budgets and little fear of reprisal who are tasked with interfering with certain internet traffic (namely file sharing). These people probably feel justified in attacking nodes in networks that participate in illegal file sharing. After all, who is going to complain that MediaDefender is crashing their connection and preventing them from downloading illegal content. However, when companies like MediaDefender engage in these sorts of business practices innocent parties (like Revision3) are bound to get caught up in the mix. Unless law enforcement or law makers act to prevent this type of behavior it is likely to become more common, and the internet is going to become an even more hostile place than it already is.