MediaDefender Anti-Piracy Tools Leaked
Written by Ernesto on September 20, 2007The MediaDefender-Defenders have released the source code for the “trapping” and decoy software that MediaDefender uses to spread fake files on P2P networks.
Similar to the previously released e-mails, tracking database and phone call this leak is also spread by the group that goes by the name “MediaDefender-Defenders“. In the .nfo that was posted with the torrent we read:
The source is complete for their operations regarding Kazaa, bittorrent, gnutella etc. This system is now released for the public in order to identify the decoys they set up. A special thanks to the MD employee that gave this to us.
It appears that this leak was not collected from the e-mails. The MD-Defenders themselves claim that a MD employee handed over the files to them, but this hasn’t be verified by other sources at this point.
This leak contains a wealth of information and seriously harm MediaDefender’s future operations. BitTorrent tracker owners and other admins who are involved in managing P2P networks can utilize the leaked information to brace themselves against companies like MediaDefender, who try to pollute their networks with fake files.
From the leak it seems that MediaDefender is active on virtually every P2P network, including Usenet.
Not surprisingly, most applications are dedicated to BitTorrent, which is probably their main target because of its popularity. Application names BTPoster, BTSeedInflator, BTDecoyClient and BTInterdictor make it quite obvious what they are supposed to do.
At this point it is still unclear who the MediaDefender-Defenders are and how they got their hands on all this information. MediaDefender has announced that the FBI will be investigating the source of the leaks.
To be continued?
Update: A list of leaked utilities is now available:
AresDataCollector, AresLauncher, AresProtector, AresSupernode, AresUDPDataCollector, AutoUpdater, AutoUpdaterSource, BTClient, BTDataCollector, BTDecoyClient, BTInflationDest, BTInterdictor, BTIPGatherer, BTPoster, BTRemover, BTScraper, BTScraperDLL, BTSearcher, BTSeedInflator, BTTorrentGenerator, BTTorrentSource, BTTracker, BTTrackerChecker, CVS, DCMaster, DCScanner, DCSupply, DistributedKazaaCollector, DllLoader, ED2KSupplyProcessor, EdonkeyIpBanner, FastTrackGift, FastTrackGiftDecoyer, GnutellaDecoyer, GnutellaFileDownloader, GnutellaProtector, GnutellaSupply, KademliaProtector, KazaaDBManager, KazaaLauncher, KazaaSupplyProcessor, KazaaSupplyTaker, KazaaSwarmerDest, KazaaSwarmerDistributedSource, KazaaSwarmerDownloader, KazaaSwarmerSource, MediaMaker, MediaSwarmerDest, MediaSwarmerSource, MetaMachine, MetaMachineHashSetCollector, MetaMachineSpoofer, MI-GnutellaSupply, MovieMaker, NameServer, NetworkMonitor, OverNetLauncher, OvernetProtector, OvernetSpoofer, P2PFileIndexer, PioletDC, PioletPoisoner, PioletSpoofer, SamplePlugIn, SLSKSpooferDLL, SoulSeekClient, StatusDest, StatusSource, SupernodeCollector, SupernodeController, SupernodeDistributer, SupplyProcessor, TKCom, TKFileTransfer, TKLauncher, TKProjectManager, TKSyncher, UsenetPoster, UsenetSearcher, WatchDogControllerDestination, WatchDogControllerSource, WinMxDC, WinMxLauncher, WinMxProtector, wma generator
Previously: Talk Like a Pirate Day 2007 is Here
Next: Speed Up Your Torrents With Ono
125 Responses (Add yours or TrackBack)
Too sweet for words!
mediadefender-defenders.com — Still debating whether i should post the source code for download
It’s a shame that personal info like social security numbers made it out along with great stuff like this.
…Waiting for somebody who understands this knot of C++ and could tell us exactly what this does ;)
what a great week to have lousy weather outside..
… seems like there is a compiled version of TrapperKeeper in the /release/ dir.
Goodbye MediaDefender
Yeah.. so could someone break down what this stuff is?? I am friggin clueless
Well, it is not a ready-to-compile package just yet.
Too many unsolved external references, like crypt51, mysql, …
I posted an earlier item linking to the first MediaDefender email leak, yesterday I noticed mediasentry.net (?) in my weblogs. I wonder if that item I posted was the cause? I kind of hope they send a DMCA notification so I can counter notify and advise them of our free speech rights as a media publisher.
Mediadefender != Mediasentry
I guess a competitor just wanted to get reliable information …
Torrentfreak keep up the good work letting everyone know whats going on in the scene!
BTW I hope these apps, wont be used by the other scumbags who make all the scam torrents.
“Yeah.. so could someone break down what this stuff is?? I am friggin clueless”
It’s the code that describes more exactly how their tools may exploit, for example, P2P software weaknesses in order to attack the major P2P networks. Hopefully the information within will aid coders in better patching any exploits.
As #12 said however, nothing is stopping this info from being exploited by scammers etc. But hopefully the P2P developers will win out on this one and the end result will be a more robust network.
I wonder how long till these companies relize that fighting us is a losing battle?
The media companies are greedy knuckleheads.
It’ll be a looong time until they cave in.
A link please ?
Hmm, Would be interesting to know just how “Legal” these tools are from an juridical point of view.
We’re spamming usenet, too:
//
// This file contains a list of
//
//
//
//
giganews news-60.giganews.com gn124059 V3Lrt // banned - searching only
easynews news.easynews.com pauldaman ebertsux37 // banned
giganews-2 news-60.giganews.com gn58936 J4nCid // good
easynews-2 news.easynews.com jomama2069 givemesome420 // good
usenetguide news.usenetguide.com Babykillah@usenetguide.com N7xVlE08 // banned
uncensorednewsfeed binaries.uncensorednewsfeed.com musicman tacobell // good
corenews news.corenews.com gde974cn 168umz // good
I LOVE MEDIADEFENDER!
just for to TPB alook for Mediadefender.
Could happen to a nicer bunch of dickheads
Ewwwww, they used Visual Studio.
:ssh;username=jnutter;password=103181;hostname=38.119.66.41:/usr/local/repository
lol, shitty passwords, what amateurs
U cannot break us! at least we have our looks and attitude!
Proof: http://bayimg.com/bAHmgAAbb
Up urs
Randy
Bravo!
I find it interesting that it mentions a new domain I’ve yet to see ‘linked’ to MD: onsystems dot com
So should i add all the mediadefender ip’s to peer gaurdian? Anyone have it preformatted as a text file I can just load up? At mediadefender-defenders.com it looks like it would be the 14mb file of ip’s and the one below it of the MD owned IP’s.
and zip torrent ip’s and anyone else who is an a**hole. (wink)
onsystems.com is owned by Mr. Randy Saaf:
Registrant:
interfriendly
PO 42066
Los Angeles, CA 90042
US
310-306-9110
Domain Name: ONSYSTEMS.COM
Administrative Contact:
Saaf, Randy info@mediadefender.com
PO 42066
Los Angeles, CA 90042
US
310-306-9110
Technical Contact:
Saaf, Randy info@mediadefender.com
PO 42066
Los Angeles, CA 90042
US
310-306-9110
~~~~~~~~~~~~~~~~~~~~~~
OnSystems is the pioneer of private, secure peer to peer (P2P) networking. PeerSystem is the name of OnSystems’ technology that will change the way people view the Internet. PeerSystem technology allows people to easily create private networks between PCs over the Internet. The figure below demonstrates the impact that OnSystems’ PeerSystem technology will have on the Internet. The figure depicts two models of the Internet. The present Internet consists of all home and office PCs connected to servers that provide content. This model is good for “surfing the web.” Surfing the web is limited because it only involves interactions between users and web pages. Users do not interact directly with other users. The future Internet will maintain all the traditional capabilities of the current web but will have the added capability of direct interfacing between individuals’ PCs.
http://onsystems.com/main.html
Interesting !! Another mivii-like P2P trap ?
thats is a fucking ownage if i ever seen one, fuck those fags at MD
pwned.
Yea. The onsystems.com is very odd… it is on wayback machine for 5+ years, but now mediadefender owns the domain?
Just thought you’d like to know that a friend (who didn’t want to submit this to you) found what appears to be the MediaDefender private key, in case it’s useful for anything.
http://mediadefender-defenders.com/msg04671.html
re: onsystems.com
they mentioned something about Tijit somewhere in the emails.. i think it was related to a digg link.
There’s something even more important here.
Remember that the leaked e-mails say that some of the Media Defender technologies (these utilities) just copied techniques first used by their corporate competition.
Maybe Media Defender put up a honeypot for their corporate competition to mess with, then tracked the actions of their corporate competition and built utilities that used those same techniques. However they did it, they did it.
If Media Defender’s utilities really exploit the exact same vulnerabilities as their competition, fixing the exploits detailed in these utilities could stop intrusions from all the other obstruction companies.
Aside from putting Media Defender in a dire business situation, this source code could do tremendous damage to the entire P2P obstruction and tracking industry.
Yep, private keys and various other mediadefender certificates leaked in that big email batch - MD is fucked.
down with media defenders!
Future use of the private keys and certificates can easily be revoked, and probably already have been.
My gawd I’m almost lost for words. Big-up’s to you, MD-D!
[quote comment="169391"]My gawd I’m almost lost for words. Big-up’s to you, MD-D![/quote]
I second this, Props!…
Wow, this is crazy. At least I hardly BT anymore… I used to when it was cool and safe. Now I buy most everything. Or GameFly it. Or NetFlix.
Still, I own a BT site, but it doesn’t host torrents. It’s just a search engine.
haha what a cock up
From user/pass in MediaDefender source files:
Giganews account info:
Octavio Herrera
4505 Glencoe Ave
Marina Del Rey
CA
CA
90292
(310) 306-9110
babykillah2003@yahoo.com
Supernews account:
octonsys@yahoo.com
wow this is incredible
could someone kindly post a rapidshare or megaupload link? I cannot torrent this
Please take my contact information down. You are violating my rights. Thank you.
From user/pass in MediaDefender source files:
Giganews account info:
Octavio Herrera
4505 Glencoe Ave
Marina Del Rey
CA
CA
90292
(310) 306-9110
babykillah2003@yahoo.com
Supernews account:
octonsys@yahoo.com
This violates nothing Octavio. I hope you get horrible genital warts!!!
lol, funny shit ^^ These guys really haven’t a fucking clue whats going on.
[quote]Please take my contact information down. You are violating my rights. Thank you.[/quote]
Would you mind taking a scan around the MD office (if you have one) with a video camera and posting it on the internet so we can see your expressions to the news of the leak, even if it is a bit late? We are the reason you guys have (had?) a job, we don’t ask for any compensation, just this :D
how can we be sure that you are Octavio Herrera?
someone impersonating you in these comments might well be happening.
[quote]how can we be sure that you are Octavio Herrera?
someone impersonating you in these comments might well be happening[/quote]
I am the real whatever his (my?) name is!
I’m Octavio!
[quote comment="169614"]I’m Octavio![/quote]
No, he’s Octavio!
No! I’m Octavio!
And I’m Ivan Kwok, the guy responsible for this whole mess. :) ebert sux !
Is it just me, or are these guys as dumb as a box of rocks?
I have been glued to this stuff since Saturday. I frankly can’t believe it.
What gets me is, as riveting as this leak is, the level of ignorance inside media defender and their practices is quite simply mind blowing.
and no, I am Octavio.
It seems that the sources are quite old, the files have been last modified about a year ago.
I’d hoped to learn what BT interdiction does, but there’s very little code in BTInterdictor, which in my opinion doesn’t really do anything.
Has anybody checked this out yet ?
No, I am Spar…er…Octavio!
Is that really you Octavio?
If it is, please call Mom. She hasn’t heard from you for three weeks and needs to know if you’re coming to Susan’s birthday party.
Thanks,
Dad
No, I’m the real Octavio Herrera and so’s my wife.
Hey MD-D guys, if you are reading this - the current, uptodate version of BTInterdictior sources is needed ! :)
FBI should be investigating the obvious shady corperation MediaDefender and not the ones exposing their filth!
How to block MD
“MediaDefender is a kind of the criminal organization which acts by the support and money of international media companies.
For your protection:
1) Download
http://thepiratebay.org/tor/3812404/MediaDefender_IPs_blocklist_for_PeerGuardian
2) Unpack.
3) Add this list to your Peer Guardian 2 program.”
No! I’m Octavio
little snipplet - I find it funny that the “CEO” of MD lives with a roommate :)
Source from MDD
Quote:
On Apr 30, 2007, at 9:50 PM, Jay Mairs wrote:
Randy had a few things he wanted on the web page.
His roommate thought the selection and deletion in the lists (library, queue, favorites,history) was confusing.
according to BISS, the mediadefender ip’s gleamed from the emails are for a long time already included in the bluetack blocklists also used by peerguardian. there is no new ip information in the emails that was not already known
so no need to rush to add ip’s to your blocklists, they are already there
there are new attacks coming out of mediadefender space using new ip’s which mediadefender-defender are publishing here:
http://mediadefender-defenders.com/ips.txt
add these ranges to your blocklists
Has the mailtard committed suicide yet?
http://bayimg.com/iaHeKAABC
THIS IS FUCKED
-RANDY SAAF
Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.
Mediadefender crying because their information is being passed around? Their reps being trashed?
Stiff shit dudes, you do that everyday to P2P sites and users. Sympathy level running @ 0% and falling. If you guys can’t stand the heat, get out of the fucking kitchen!
[quote comment="170116"]Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.[/quote]
good to know. h33t was spammed with 20+ FunFile.org torrents and each has a lengthy description inviting people to download the latest and greatest from FunFile.org
they did not get past the torrent moderators because the uploads were missing any description other than the advert for FunFile.org
i can only speak for Europe and what is interesting legally is that entrapment is an illegal activity in ALL European countries. let me rephrase that for our American friends, in Europe entrapment is a criminal activity. a policeman in possession of a bag of crack trying to sell it to a customer is guilt of the crime of possession with intent to supply, for crack in Europe that is a life sentence
organised extortion of the type perpetrated by the agents of the **AA is a ditch they have thrown themselves into. on the basis of their record, European judicial systems will never permit these mobsters to gain a foothold in their systems
MediaDefender asstunnels are about to do the perp walk for the botnet software.
Photo here
http://i10.tinypic.com/4uu6nhf.jpg
I don’t know if anyone else posted this, but apparently Mediadefender-defenders.com was hit by a Denial of Service attack. Apparently those idiots at MD think that crashing their website will make everything better. They just don’t learn.
By the way I find it hard to read the posts and article with this dark wallpaper, is there a reason for this?
Jay,
Please confirm that the following are your current home and cell number:
Home 310.802.3208
Cell: 310.408.9722
A
These asstunnels still have their numbers active…I called from a pay phone……BTW I had a hard time finding one!
I would NOT call from your home or cell phone, I AM SURE THE FBI is NOW watching and listening!!!! Remember the Bush phone tap laws in the US… Homeland security BS.
Long Live MD-D
[quote comment="169182"]It’s a shame that personal info like social security numbers made it out along with great stuff like this.[/quote]
It’s a shame people are sending completely confidential data via email which is anything but a secure medium.
I listened to the conversation, and all i can say is these guys have no idea of what is happening, how it happened, and how to deal with it.
To hear the attorney getting edgy about security because of their dealings with the defender boys is quite funny.I can hardly wait until the software they were going to use is reverse engineered so it all heads back to attack defender.
I love sharing
It will never die!
We the people will unite and become even stronger! Long live p2p!
vivi la revolution!
[quote comment="170116"]Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.[/quote]
heh, care to share where you got this information?
[quote comment="170196"][quote comment="170116"]Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.[/quote]
good to know. h33t was spammed with 20+ FunFile.org torrents and each has a lengthy description inviting people to download the latest and greatest from FunFile.org
they did not get past the torrent moderators because the uploads were missing any description other than the advert for FunFile.org
i can only speak for Europe and what is interesting legally is that entrapment is an illegal activity in ALL European countries. let me rephrase that for our American friends, in Europe entrapment is a criminal activity. a policeman in possession of a bag of crack trying to sell it to a customer is guilt of the crime of possession with intent to supply, for crack in Europe that is a life sentence
organised extortion of the type perpetrated by the agents of the **AA is a ditch they have thrown themselves into. on the basis of their record, European judicial systems will never permit these mobsters to gain a foothold in their systems[/quote]
I know for a fact that this statement about FunFile.org is not true. We are a legit private torrent site and the person who posted this used to be on staff and was kicked off because of inappropriate behavior. This post is only a childish attempt to get even for what was just cause for dismissal.
lol thats funny seen as funfile.org has been arround alot longer than media defender but hey if there ex staff want to be childish thats cool i know for a fact this site is legit ive been a member since day 1
[quote comment="170116"]Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.[/quote]
this is a prime example why you do not hire children to mod for your site,
An0nym0us is a loser, nicked locoboi187 from funfile.org he was a moderator there until he started turning childish,
i am Jaws10214 SySop on FunFile.org and i can assure you that we are not anything close to a mediadefender site.
sorry this site had to see this embarassment of an ex-employee’s temper tantrum
[quote comment="180784"][quote comment="170116"]Its not appart of this topic really but… just a heads up
Warning to all fellow P2P members and and guests… the site FunFile.org is a MediaDefender run site and should be avoided at all costs.[/quote]
this is a prime example why you do not hire children to mod for your site,
An0nym0us is a loser, nicked locoboi187 from funfile.org he was a moderator there until he started turning childish,
i am Jaws10214 SySop on FunFile.org and i can assure you that we are not anything close to a mediadefender site.
sorry this site had to see this embarassment of an ex-employee’s temper tantrum[/quote]
This is LoCoBoi187. I am not An0nym0us , i dont even know wat mediadefender is.
I dont understand. http://www.FunFile.org is the BEST website there is. I never hurt funfile ever, and l respected everyone and loved my job. Anyone not in Funfile is MISSING OUT big.
[quote comment="180811"]I dont understand. http://www.FunFile.org is the BEST website there is. I never hurt funfile ever, and l respected everyone and loved my job. Anyone not in Funfile is MISSING OUT big.[/quote]
I would suggest staying away from this site.
once they get your email they will spam the hell out of it !
anyways we need to get back on topic
[quote comment="181890"][quote comment="180811"]I dont understand. http://www.FunFile.org is the BEST website there is. I never hurt funfile ever, and l respected everyone and loved my job. Anyone not in Funfile is MISSING OUT big.[/quote]
I would suggest staying away from this site.
once they get your email they will spam the hell out of it !
anyways we need to get back on topic[/quote]
we dont spam users email at all a$$wipe where the hell do you get your info from??
again.. I am SysOp for Funfile.org you can think what you want m8.
the only route of contact I’ve ever used to any user on Funfile is site pm’s!
I do not email the users!
obviously Funfile.org rubs you the wrong way is that an excuse to try and verbally attack my site?
also H33T the only reason our torrents ended up on your site is because mods disobeyed what we told them not to do
they were dealt with quickly sorry for the inconvenience to your site will not happen again
every new private site does that to public sites m8 ;)
maybe the torrent for the leaked apps is a trap ?
“about the person who leaked all this”…Never has so much been owned to so few
er so is it a trap or not !_!
been seeing thier torrents flooding several sites lately ~_~\
mr.torrentfreak mind checking in on this one? [i figure your the only one who can see ips etc]
[quote comment="275843"]er so is it a trap or not !_!
been seeing thier torrents flooding several sites lately ~_~\
mr.torrentfreak mind checking in on this one? [i figure your the only one who can see ips etc][/quote]
no it is not a trap…..
:sigh:
every private site out there pubs torrents..
till they fill they’re user quota w\e ppl, funfile is a great community, the owners spend countless amounts on our site, we have fulltime mods, admins and sysops ready to help even the n00bs get into torrenting. cause really no one wants retards like mpaa or other shit like them, annoying us in any way.
dont really care what you retards think of our site..
the less idiots like these ppl the less h&r’s and stupid forum posts we have to deal with.
[quote comment="169452"]Wow, this is crazy. At least I hardly BT anymore… I used to when it was cool and safe. Now I buy most everything. Or GameFly it. Or NetFlix.
Still, I own a BT site, but it doesn’t host torrents. It’s just a search engine.[/quote]
Mediadefender in damage control mode? PS I now buy all my stuff too as it’s safer! haha
[quote comment="257320"][quote comment="181890"][quote comment="180811"]I dont understand. http://www.FunFile.org is the BEST website there is. I never hurt funfile ever, and l respected everyone and loved my job. Anyone not in Funfile is MISSING OUT big.[/quote]
I would suggest staying away from this site.
once they get your email they will spam the hell out of it !
anyways we need to get back on topic[/quote]
we dont spam users email at all a$$wipe where the hell do you get your info from??
again.. I am SysOp for Funfile.org [/quote]
Hey, great way to attract customers m8. You sound trustworthy 8=D
[quote comment="171167"][quote comment="169182"]It’s a shame that personal info like social security numbers made it out along with great stuff like this.[/quote]
It’s a shame people are sending completely confidential data via email which is anything but a secure medium.[/quote]
I think it’s a great idea. So what if they get scammed? What goes around comes around. How you treat others is how you get treated in return. Nobody can complain, nor should anyone feel sorry for them.
34 references to this post
Add your response