As I spent my weekend playing games and going on walks in the beautiful weather, the seedy underbelly of the Internet was crawling with those who would otherwise be making a point about activity they deem inappropriate. Two interesting things happened, which will result in two even more interesting outcomes. Well, it wasn’t exactly over the weekend, slightly before, but the news didn’t come out until after my last blog post….
On Wednesday night, a group that shall remain nameless (because why bother naming those who possibly just want to be famous?), Comcast was hit by a tiny band of malcontents and taken down. What did they do that has put them on the FBI’s most wanted list? Well, they made a change to Comcast’s DNS records through a Network Solutions vulnerability. So, Comcast people couldn’t get to comcast.net for a while. No portal, no webmail. Pretty much everything else was fine. At that point, they set up random sites for several hours that the portal then redirected to, which were overworked by the amount of traffic that Comcast’s portal gets. But all in all, just goes to show you that no matter how much effort you put in to securing your site, better hope that the rest of your hosting (in this case DNS provider) has done the same. What surprises me the most is that Network Solutions reacted so quickly to getting the DNS back in order. Normally when we make a change to anything there, the site goes down for at least 12 hours, even though all it’s doing is making an update to their internal DNS system.
So on the other end of the spectrum, there was an attack on a legitimate bittorrent company, by a company hired by media companies. I thought this was far more egregious than the Comcast take-down. Why? Simply because this was a company taking its job to the extreme that ‘hackers’ do, with the mindset that vigilante justice is deserved. In this case, it was not. So what happened? Well, this company MediaDefender is paid by ‘the man’ at the media centers (film and music industries) to hunt down torrent trackers that are hosting illegal copies of their copyrighted works. This so far, is fair enough. It appears that MediaDefender was honing in on a particular open tracker which was run by Revision3, a company that provides bittorrent files of the legal variety. Apparently the open tracker was also being used to hold illegal material (open trackers really don’t have control over what they’re tracking) and MediaDefender had been using it to put up fake seeds (to find out who’s doing what illegally). At some time over Memorial Weekend, the open tracker closed, causing MediaDefender to attack the tracker. Attack!?!? Yes, a SYN flood attack. An attack used by ‘hackers’ to take down legitimate sites by causing their servers to become overwhelmed at the amount of traffic. So this corporation used the same techniques that people are being sent to jail for.
So the contrast of these two ‘hacks’ is very different. Both should spend felony jail time according to what we’ve been told over the years about laws and regulations across the Internet. The problem is, that in scenario 1, this is a couple of kids, and in scenario 2, it’s a corporation paid by the media companies. Scenario 1, the kids are being hunted by the FBI and will be found soon and no doubt prosecuted to the fullest extent. Scenario 2, the FBI already knows the culprit, knows where they exist, and are calling it a matter of ‘gray area’ in the laws. Scenario 1, personally I find a bit funny, and I find it to show the fact that Network Solutions needs to tighten its security up quite a bit, so in the end, it’s quite helpful. I am not condoning the behavior, but more good will come from it. In scenario 2, what good will come from it? I find it to be completely offensive and just as bad as the illegal activity it’s supposed to be fighting against.