Following the inadvertent leak of several IFPI and RIAA reports this week and our subsequent articles, today we wind up with perhaps the most ironic of the series. It covers a presentation by the IFPI’s head of anti-piracy operations to industry insiders on how to prevent leaks. It explains how individuals gain access to pre-release music, how to set up honey-traps to ensnare them, and also hints at why the UK’s Serious Organized Crime Agency targeted the RnBXclusive blog earlier this year.
This week TorrentFreak has been running articles based on the leak of several IFPI and RIAA internal documents. Today’s article covers IFPI’s attempts to educate their members on how to mitigate a relatively new technique for obtaining pre-release music.
Online release groups and other leakers have always been resourceful when it comes to getting the latest tunes, whether from light-fingered employees at CD packing plants or friendly music-reviewing sources with access to fresh promos.
“Web piracy is similar to organized crime, there is a hierarchy, our goal is to identify those at the top,” Mo Ali, Head of Internet Anti-Piracy Operations at IFPI explained during his April 2012 presentation.
IFPI’s investigative aims are to:
1. Identify the source site of the leak
2. Identify the original uploader
3. Gather intelligence and evidence about the user.
4. Work with the record label to prevent further leaks.
5. Determine if there is a criminal case.
Ali adds that through their investigations, IFPI have been able to reduce the number of leaks. One such investigation, against the music release group “DOH”, is detailed in the slide below.
Another slide details how a South American blogger called “ALEKO” had been spotted posting pre-release music online. IFPI say that through various online profiles he was identified as a music journalist. IFPI sent a local investigator to speak to ALEKO and he confessed that he had tried to get music by blackmailing producers. Initially though, ALEKO said he’d been obtaining music from hackers.
The hacking phenomenon is detailed by IFPI in the remaining slides. The music group reports that producers very often send tracks via email, so hackers try to gain access to their accounts in order to get music, even before it gets into promo form.
In order to protect their members from such attacks (and this is good advice for anyone operating an email account), IFPI warns against phishing emails which claim to be from well-known file-storage sites but are really there to obtain email log-in details.
IFPI suggests a number of techniques for identifying bogus emails but then goes a step further by giving instructions on how to set up honey-traps to capture would-be music hackers.
IFPI say this method has already ensnared a number of individuals. Interestingly, one slide appears to shine light on a big pre-release raid earlier this year. The screenshot in the presentation slide below shows the RnBXclusive release blog site after it had been raided by the UK’s Serious Organized Crime Agency.
At the time, no-one could understand why the organized crime division of the police would be interested in a lowly music blog. But the inclusion of the site’s seized homepage in this report and the message that “The majority of music files that were available via this site were stolen from the artists” seem to point in a particular direction, at least as far as IFPI are concerned.
Finally, it seems appropriate that we should augment this anti-leaking advice from IFPI with some security guidance of our own.
In order to prevent reports on global anti-piracy strategy, offline vs online swapping, and another on the ineffectiveness of SOPA leaking out in public, please ensure that your Intranet doesn’t have a public-facing Internet webpage, even if it is only for a few minutes.