Following a weekend security breach at Trident Media Guard, the outfit spearheading data collection for France’s 3 strikes anti-piracy drive, the country’s HADOPI agency has severed interconnection with the company. This means that, pending an enquiry, French file-sharers are no longer being tracked, a major embarrassment for the government.
On Saturday evening, with the invaluable assistance of blogger and security researcher Olivier Laurelli, aka Bluetouff, TorrentFreak first reported that Trident Media Guard (TMG), the private company entrusted to carry out file-sharing network monitoring for the French government, had been hacked.
As became evident, the term ‘hacked’ was probably overly generous to TMG, since according to Bluetouff the company had left the equivalent of its front door open.
“A virtual machine leaked a lot of information like scripts, p2p clients to generate fake peers, local physical addresses in the datacenter and even a password that could lead to a major global TMG security breach,” he explained.
TorrentFreak obtained and listed some of the files in question in our earlier report, but as the contents of the leak were examined in more detail, it became evident that TMG had not only leaked out its own data, but that belonging to the subjects of their monitoring.
The day after our report, Guillaume Champeau of Numerama, a publication which follows French file-sharing issues in-depth, contacted TorrentFreak to say he had been able to show that IP addresses linked to the 3-strikes process may also have been leaked. He informed the HADOPI agency of his find which led to them to report that they were taking the matter “very seriously”.
Indeed, that concern has been followed by an announcement from Eric Walter, the secretary-general of HADOPI. Walter, a friend of French President Nicolas Sarkozy, who now confirms that “as a precaution Hadopi has decided to temporarily suspend its interconnection with TMG.”
What this effectively means is that since TMG is the only company licensed to do this work for the government, from now on and pending a review, the French 3 strikes regime for dealing with illicit file-sharing is suspended. Data gathered before Saturday evening, however, can still be used.
This suspension will be seen by some as a major embarrassment for President Sarkozy. France has taken a particularly hard-line approach to unlawful file-sharing and the government has continually brushed aside calls from the public and various watchdogs to consider more carefully the privacy and related rights issues connected with such a regime.
Update: According to French news sources the three strikes regime is set to continue, but data will not be transferred to Hadopi via the usual electronic transfers, but on physical media.