Under France’s so-called Hadopi law, alleged copyright infringers will be reported to a judge once they have received three official warnings for illicit file-sharing. Those judges are empowered to hand down any one of a range of penalties, from fines through to disconnecting the infringer from the Internet.
However, to get caught sharing copyright material, Internet users have to be monitored on file-sharing networks by the rights holders. The entertainment companies entrusted that spying job to Trident Media Guard (TMG) but during the last few hours, much to the amusement of opponents of France’s approach to enforcement, TMG has been hacked.
Actually, hacked is probably too strong a word, since it appears TMG left the front door open.
“A virtual machine leaked a lot of information like scripts, p2p clients to generate fake peers, local physical addresses in the datacenter and even a password that could lead to a major global TMG security breach,” French security researcher Olivier Laurelli, aka Bluetouff, just informed TorrentFreak.
TorrentFreak obtained copies of the files leaked from the TMG server (image above, cropped) and we’re in the process of trying work out exactly what they do which may take some time.
One of the files is an executable called ‘server_interface’ while there are also batch files which appear to start two file-sharing clients, eMule and Shareaza. These are likely to be special versions, probably modified for conducting both monitoring and spoofing on eD2K and BitTorrent networks respectively. The screenshot below (of code labelled ‘Poster’ in action) also appears to be connected to the publishing of fakes on file-sharing networks.
Another file – cmd_auto_update_cmd_file.txt – is the one carrying the worrying password referred to by Bluetouff earlier.
TMG’s security appears to be so low that Bluetouff suggests that either Christmas has come early for people wanting a poke around around an anti-piracy system or it’s some kind of weird honeypot.
TorrentFreak was also supplied with a list of IP addresses which pulled up some interesting web interfaces but we won’t publish those nor the leaked files for now.
“It’s a huge fail that could impact the graduated response (repression), during the next days,” Bluetouff concludes.