[PLUG] Is this for real?!

Mike Neal miken at europa.com
Wed Jan 15 09:58:01 UTC 2003


At 09:46 AM 1/15/2003 -0800, you wrote:
>Anything's possible, but this has a very bogus ring to it.
>-chaz

 From the ISN listserv, an article in The Register:

http://www.theregister.co.uk/content/6/28842.html

By Andrew Orlowski in San Francisco
Posted: 14/01/2003
The RIAA is preparing to infect MP3 files in order to audit and
eventually disable file swapping, according to a startling claim by
hacker group Gobbles. In a posting to the Bugtraq mailing list,
Gobbles himself claims to have offered his code to the RIAA, creating
a monitoring "hydra".
"Several months ago, GOBBLES Security was recruited by the RIAA
(riaa.org) to invent, create, and finally deploy the future of
antipiracy tools. We focused on creating virii/worm hybrids to infect
and spread over p2p nets," writes Gobbles.
"Until we became RIAA contracters [sic], the best they could do was to
passively monitor traffic. Our contributions to the RIAA have given
them the power to actively control the majority of hosts using these
networks."
Gobbles claims that when a peer to peer host is infected, it catalogs
media and sends the information "back to the RIAA headquarters
(through specifically crafter requests over the p2p networks) where it
is added to their records", and also propagates the exploit to other
nodes.
"Our software worked better than even we hoped, and current reports
indicate that nearly 95% of all p2p-participating hosts are now
infected with the software that we developed for the RIAA."
The "hydra" is uncorroborated.
Gobbles attached two pieces of code, one of which jinglebellz.c
details a frame header exploit for the Linux player mpg123. The code
chastises OpenBSD lead Theo de Raadt for failing to checksum the
public MP3s (written to celebrate each OpenBSD release). The group has
singled out OpenBSD in its previous exploits
In their presentation to last year's DefCon, the group described
itself as "the largest active nonprofit security group in existence
(that favors full disclosure)," consisting of 17+ members.
"They're real, and they're damn good. They have made what appeared to
be extremely exaggerated claims in the past, and when mocked, they
have demonstrated that they are serious," one security expert familiar
with their work, who declined to be named, told The Register.
"He's a funny guy," De Raadt told us. "This is a buffer overflow
exploit," he confirmed. De Raadt said he was more concerned by social
engineering than by external exploits. "We had Fluffy Bunny, now we
have Gobbles. They come in waves. "
An exploit of this nature is of dubious legality, right now, but
language in Howard Berman's "P2P Piracy Prevention" bill last year
legitimizing such exploits was backed by RIAA chief Hilary Rosen:-
The Berman bill, ensured a copyright owner would not be liable for
"disabling, interfering with, blocking, diverting, or otherwise
impairing the unauthorized distribution, display, performance, or
reproduction of his or her copyrighted work on a publicly accessible
peer-to-peer file trading network, if such impairment does not,
without authorization, alter, delete, or otherwise impair the
integrity of any computer file or data residing on the computer of a
file trader." Berman is expected to re-introduce the bill in this
Congressional session.


-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo at attrition.org with 'unsubscribe isn'
in the BODY of the mail.

Mike Neal
CIS Instructor
Portland Community College - Sylvania

(503) 977-4825 voice
(503) 977-4959 fax

Mailing address:
P.O. Box 19000
Portland OR 97280-0990

Parcel delivery address:
12000 SW 49th Avenue
Portland OR 97219-7132





More information about the PLUG mailing list