TorrentFreak

The place where breaking news, BitTorrent and copyright collide

ISP Attempt To Block File-Sharing Ends in Epic Failure

In response to the country’s “3 strikes” Hadopi legislation, last week a French ISP began offering a service to block file-sharing on customer connections for ‘just’ 2 euros per month. It didn’t take long for awful vulnerabilities in the system to be found which breached not only the privacy of subscribers, but exposed them to new security threats.

France’s big, bad, scary Hadopi legislation and the systematic tracing, monitoring, reporting and disconnecting of file-sharers is all but here, so it seems there’s no better time for other companies to start making money from it.

Last week saw French ISP Orange take the opportunity to start providing a service which, at least on the surface, is designed to put the minds of subscribers at rest. For a 2 euro per month payment, Orange is offering a service which “allows you to control the activity of computers connected to your internet line, from downloading ‘illegally’ using peer-to-peer networks. You can protect up to three computers connected to the same internet line.”

The software, which is Windows-only, runs in the background and utilizes a blacklist maintained and updated by Orange. Precisely what is on that blacklist remains a secret.

“Our solution is intended primarily for parents who want to make sure their children do nothing illegal on P2P networks,” the company said in a statement to French media last week while adding that just because the software is running, it doesn’t mean that users are fully protected against legal action under Hadopi.

History tells us that whenever a company gets involved in anti-piracy action, they leave themselves open to being probed. Several anti-piracy companies and groups have seen their systems examined and even hacked over the years, and Orange is no different.

Bluetouff has documented his findings on the Orange system and they are pretty surprising.

Using WireShark to sniff the output of the software on his location network, Bluetouff was able to identify an IP address used by the software to obtain its updates.

“The software communicates with a remote server, a Java servlet actually located on the ip 195.146.235.67,” he explains.

Nothing too out of the ordinary there – except that all information is not only being transmitted in the clear but all information on that server is public (via
http://195.146.235.67/status), meaning that every user had their IP addresses exposed to the public. But it doesn’t stop there.

OrangeHadopiServer

Whoever set up the security on the server admin panel didn’t do a very good job. The username was set to ‘admin’ and the password set to ‘admin’ too. This morning that gaping hole was still open.

OrangeHadopi

TorrentFreak is informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”

“People don’t know whether to laugh or cry,” Astrid Girardeau from TheInternets.fr told TorrentFreak. “Because it is a new Hadopi fail. And because, Christine Albanel, the ex-Minister of Culture, is now the executive of communication, for… Orange.”

Related Posts

Previous Post | Next Post

  • Zomg

    Now, I wonder if Orange is liable for damages caused by the malware such as identity theft, etc.

  • adyshor

    Isn’t this an attack of private life?

  • DemFan

    Epic Fail, no?:)

  • Ravenheart

    Of course not, they have lawyers and money!

  • Eike

    Great. This post definitely made my day :D

  • haha

    Mirror? Oh wait… :D

  • SomeGuy

    This is fixed now… or perhaps it was never broken?

  • NoOneInSpecial

    Wow.

    Don’t know what to say.

    Really epic fail…

  • roxxor

    Wow my father works in this company !!
    Muahahah biggest fail ever !

  • Pingback: ISP Attempt To Block File-Sharing Ends in Epic Failure « SYSTEMA

  • Anonymous

    This makes me glad I run Linux, and I’m not on Orange.

    Most Epic Fail Ever.

  • Phoenix

    fck that orange is screwing up in my country as well

  • lol

    What a load of BS. CHARGING for something that doesn’t even protect you physically or legally? F*CKING BS SCAM.

    How can you make laws with no way to be protected from them even for the innocent who dont want to be mistaken for guilty?

    This new system needs to be exploited to the max, and sadly, innocent people will need to be wrongly accused before people will see this is all BS scam.

  • Ninja

    lol, epic fail indeed…

    Hadopi itself is an epic failure just like the government that generated and approved it.

    Reminds me of that font copyright blunder.

    Copyright is so right that it can’t sustain itself without failing hard. lol

  • Dominic

    link dead lykkk

  • Christoph T.

    Bravo ! Ca c est vraiment drole !

  • T

    Le fail, c’est epic!

  • Anonymous

    I lol’d haha!

  • Wanged

    just laugh and walk away

    seriously ‘admin’ and ‘admin’? just about to hit rock bottom(they always surprise us)

  • anonymous

    wonder what sort of back hander Christine Albanel got out of this and for ‘encouraging’ the Hadopi into law? rather fishy, i think, yet again!!

  • Black Swan Social Media, Inc.

    LOL.

  • Anonymous

    LOL. I hope this will prevent other ISPs from playing the same game !

  • BS

    Understand this: this filter sold for 2 euros by orange is not an official filter for Hadopi.
    This is just a marketing scam to extort 2 extra euros from subscribers.
    It is not Hadopi certified and will not protect anyone from the 3 strikes.

  • Anonymous

    stupid hadopy you lose again…

  • Cordelia

    Yeah and how hard is it going to be for the kid to work out that this thing is running, and get rid of it…

    Windows, yeah right.

  • jack

    Do you folks have class action law suits in France?

    J.

  • hollywood is too dumb

    boot up with my linux live disk and delete the file… simple to disable

    hell i could probably even do ctrl-alt-delete

  • Anonymous

    Bearing in mind that most parents will need to get there kids to install the bloody thing…really don’t think this will ever work.

  • gorehound

    to bad you can not sue them for a scam.which is jst what this bs is about.

  • mzbk

    admin + admin (huhuhu !)
    this is incredible and surrealistic ! it goes far beyond the madness and stupididy i expected from those guys.
    they suck, really.

  • Me

    Wait there are more, for 2 more dollars you can get our top of the line anti-virus run by your trust worthy ORANGE. Anti-malware comes extra cost.

  • Andy Mabbett

    Sion Simon (then an MP and a junior minister in the UK government) assured me that it’s “still possible to have open networks whose settings protect the host from unlawful activity on the network” (Twitter status 5951557332) while acknowledging that some torrent activities are legal (Twitter status 5951733756). He eventually responded (Twitter status 14958695761) to my request that he justify this claim, referring me to the House of Commons debate:

    http://www.theyworkforyou.com/debates/?id=2010-04-06b.836.0&s=speaker%3A11225#g913.1

    in which he said “Obviously, I do not claim to know what the technical measures are, but when I am told that they exist, I take it in good faith that they do exist, and unless my hon. Friend can prove to me that they do not exist”.

    I’m still awaiting from him a proper explanation.

  • me

    If admin + admin doesn’t work anymore, maybe that’s just because they were instructed by Christine Albanel to “frenchize” it to lechef + lechef (or lepatron + lepatron)? ;-)

    /me *ducks-for-cover*

  • me

    Or, if that doesn’t work, maybe 1-2-3-4-5 will?

    http://www.youtube.com/watch?v=K95SXe3pZoY

  • Acce

    C’est quoi la prochaine connerie, payer pour se faire censurer??? Ils nous prennent pour des cons. De toute façon Hadopi c’est une vraie farce, le piratage n’a absolument pas cessé en France, les gens se protègent, c’est tout!!!

  • LOLz

    Bunch of idiots, they can´t tell the difference between their ass and their stupid face. LOL. And they had to be french. LOL.

  • Pirate Ninja

    “We appear to be making progress… in stopping progress. Wait?! WTF?”

  • Taylor

    I bet my six year old cousin could come up with a better password than that garbage. Wow, what a bunch of facking idiots, and they charge for it! “Please pay us so our insufficiently secured server can send malware to your PC and stop you from pirating at the same time!It’s an incredible deal and will remain open until our server crashes because of “hackers”.” Plus if they are that dumb to put a password and username as admin they deserve to get “hacked”

  • Cujo

    file sharing can’t be stopped ,, I don’t give a shit what anyone dose lol

    wake up big industry!!

  • elduka

    i want to laugh. HA HA

  • Brandon

    Usually the parents are dumb morons about computer and would need their kids to install the antipirate software. Good luck with that one…

  • Anonymous

    For 2$ we will put a spy-ware on your system!

    Only 2$?

    Oh Great! I am subscribing right now!

    And How much for a root-kit?

  • Tiggy Tow

    LOL, you have to admit that is just too funny dude. Stupid ISPs

  • Anonymous

    “C’est quoi la prochaine connerie, payer pour se faire censurer??? Ils nous prennent pour des cons. De toute façon Hadopi c’est une vraie farce, le piratage n’a absolument pas cessé en France, les gens se protègent, c’est tout!!!”

    Ok! i have to translate this:

    What is the next silly thing?
    Paying to be censored? They think we are stupid. Anyway Hadopi is a real joke, Piracy did not stop at all in France, people are protecting themselves, that’s all!!!!

  • Pingback: More Terms Relating To Web Hosting | Internet Marketing is Nuts!

  • Techy

    They should rename from orange to lemon. lol

  • DanielRemains

    Le partage de fichiers, c’est de la publicité gratuite!

    File-sharing is free advertising!

  • Doink

    Orange = Lemon

  • james

    lol #43!

  • exit

    lol
    and that’s why I run Linux

  • AlphaDawg

    yea Mom, like I don’t know how to use add/remove programs from the control panel…. lmao

  • ImFrench

    Our government is full of idiots.

  • Whatever

    In order to solve the admin password issue they probably will remove the password.

    @21 “Hadopi certified”
    They already have certifications ?

  • Mélusine

    Is there a legal way to sue Orange for any of the following:
    - misleading advertising
    - conflict of interest (Albanel now being a spokeswoman for Orange ?)
    - unfair use (their software not being available for other systems than MS)
    - or downright racketing
    ?

    A pity you can’t sue them for stupidity. Don’t forget to vote them out in 2012 (I wonder what they can come up with in these 2 long years ahead…) !

  • chris

    they are hungry…but they will never stop piracy

  • sad

    Law is a good DOG that walks by you —-If you have lots of cash to Burn.

  • Reno

    adyshor

    Isn’t this an attack of private life?

    Yes it is. But they accept the term of use.

    jack

    Do you folks have class action law suits in France?

    No, we don’t. Association can represent people against company but you have to be member for pretending to a compensation.

    LOLz

    Bunch of idiots, they can´t tell the difference between their ass and their stupid face. LOL. And they had to be french. LOL.

    Was that just free ?

    exit

    lol
    and that’s why I run Linux

    They made one for linux to he is GPL : http://paste.pocoo.org/raw/224861/

    Whatever

    They already have certifications ?

    No they are making one, but they are not hurry. It’s a cash-machine for major after all.

    Mélusine
    A pity you can’t sue them for stupidity. Don’t forget to vote them out in 2012 (I wonder what they can come up with in these 2 long years ahead…) !

    Yes, thats a shame, by the past french was really inventive :

  • Reno
  • AnarchyNow

    Is anybody stupid enough to pay 2€ to prevent using an Internet connection for downloading? which is now the #1 use of all the “wonderful” bandwidth of broadband…

    I mean, let’s face it, most people get an Internet connection to download music, movies and the rest. Emails, web browsing, generally don’t use much bandwidth.

    This all bullshit is definitively bringing the chinese dictatorship to France, a country that has never enjoyed true free-speech (you can’t criticize the army and police – that means you can’t insult the president-king – you can’t say good things about drugs like cannabis, you can’t smoke in public places, etc…).
    In 2012, just don’t vote (the “socialists” are no socialists at all), we need to get rid of the monarchic 5th republic!

  • Dia

    To quote GTA4; this allows you to feel like you’re parenting even when you’re not!

  • T.H.E. S.W.A.R.M.

    YOUR DATA WILL BE ASSIMILATED

    RESISTANCE IF FUTILE

    I know I said that before, but they’re not getting the message!

  • iraklis

    OMG 512MBs! 250 Concurrent Threads! They sure thought about scaling this app.

  • Pingback: === popurls.com === popular today

  • i3o6

    @48, Why? So your mum can’t install crappy software on your PC?

  • french engineer

    And to top it off, the malware works by autokilling the processes of “bittorrent”, “microtorrent”, etc… It’s a simple blacklist.

    How long before someone releases an opensource bittorrent client that randomizes the name of its processes at every launch?

  • sunshine

    Excellent,that was the best result

  • Pingback: Iphone ? the Next Wonder of the World or Just a Flop? | Sekawan - Information Technology And The Latest News

  • me

    french engineer: “How long before someone releases an opensource bittorrent client that randomizes the name of its processes at every launch?”

    C’mon, this is a trivial change. Just update argv[0] with a random name, and you’re done. Something like this in pseudo code:

    int
    main(int argc, char *argv[])
    {
    char *name = create_random_name();
    strcpy(argv[0], name);
    /* remaining code of application */
    }

  • me

    Real code to modify argv[0]:

    http://www.uofr.net/~greg/processname.html

  • Pingback: ISP Attempt To Block File-Sharing Ends in Epic Failure

  • ahaha

    i too also use a blacklist, to stop all you nosey anti-pirates :)

  • Pingback: French piracy protection fails Irony at its best

  • Lord Nikon

    HACK THE PLANET!!!!!!!!!!!!

  • dwpbike

    after years of trying, i finally score a spot on dime. and isp att puts the sandvine on my seed. should i thank them?

  • Laurel L. Russwurm

    It’s a lot of fun to see yet another example of people who don’t even understand the technology holding the keys to it. Except…

    Where is the French Government? They’ve made this bad law and now allow opportunistic ISPs to fleece unsuspecting citizens? Why is the French Government not protecting it’s citizens from this chicanery?

    The essential point is again missed:

    *****************************
    ALL P2P is not Copyright Infringement.
    *****************************

    LOTS of filesharing is legal:
    http://stopusagebasedbilling.wordpress.com/2009/11/24/d-bittorrent/

    Blacklist filters are imperfect at best. Even if the people running Orange weren’t such idiots, and what they were doing actually worked, how much legitimate p2p traffic would they then be stopping?

    Does France really want to allow their own entrepeneurs who use p2p to legally distribute their own software or music to be prevented from running their businesses?

    I don’t know what the statistics for France are, but in Canada 30% of the music recording Industry is INDEPENDENT because of modern technology — including Filesharing.

    If p2p can be killed, made illegal or blocked like this, independent creators are the ones who will be hurt. Of course that is the REAL reason for silly 3 Strikes law in the first place.

    If they succeed it will indeed be a sad day indeed when all the culture of the world will be decided by Disney.

    (Does this misguided French Government realize that the mouse who has dictated their copyright law is actually an English mouse?)

  • Pingback: Najciekawsze Wiadomo?ci z Sieci » Archiwum bloga » Francuzi zarabiaj? na prawie odcinaj?cym piratów od Internetu

  • me

    Nice, you have to pay extra if you want reduced functionality from your connection?

    Maybe they could offer a 100% guarantee that noting illegal can happen on your connection, it would only cost an extra 10 euro per month on top of your current subscription and would involve the simple process of disconnecting your line from the network completely…

  • Will

    An Epic FAIL so big it has looped back around into an Epic WIN.

  • dlj

    This is such an epic fail that I am speechless with a huge smile in my face right now.

  • Jarno

    And this was only their first failure, the second failure has already happened : http://www.numerama.com/magazine/15977-nouvelle-faille-de-securite-sur-le-logiciel-hadopi-d-orange.html [FR]. And it seems to exist other ones!

  • Pingback: ISP Attempt To Block File-Sharing Ends in Epic Failure | ????????

  • Pingback: Orange Frankrijk vraagt 2 euro voor blokkeren p2p | ISPam.nl

  • Crash

    It’s just pathetic what people do these days. They should rather improve their quality of service or extend instead of doing dipshits like this.

  • Whatever

    @69 “Does this misguided French Government”

    They are NOT misguided, it is close to Italian/Swedish situation just with another MAFIAA. Thats why one of them got a job at Orange.

    And ofcourse Sarkozys wife (forgot the name) is now famous for her music and makes huge amounts of money after HADOPI.

  • Pingback: Co zrobi? z g?upim prawem? Pobiera? op?aty „za ochron?” przed nim – vBeta.pl – blog o internecie, baza wiedzy o nowych programach, Web 2.0

  • Pingback: ‘Bescherming’ tegen p2p-gebruik Orange Frankrijk blijkt lek » Clippy.be

  • Pingback: Quick & Dirty (F) « Journal du Hack

  • Pingback: Paola en la red

  • Pingback: 2007 Concerts In Review: Money, Music, Madness | All Shows In Vegas

  • iKo

    The soft is now MIA. Was fun any way. We still lack big media coverage with the fail atm though.

  • Pingback: LOT-849 certification | movieis.org

  • Pingback: Weird News: iPad madness and real-life lightsabers | One Million Critics

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

    Twitter and Facebook, not to mention the TorrentFreak inbox, are currently alive with complaints that The...

  • Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

    Freedom of speech is a highly valued commodity, but should people be allowed to say whatever...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.