MediaDefender Anti-Piracy Tools Leaked

Written by Ernesto on September 20, 2007 

The MediaDefender-Defenders have released the source code for the “trapping” and decoy software that MediaDefender uses to spread fake files on P2P networks.

Similar to the previously released e-mails, tracking database and phone call this leak is also spread by the group that goes by the name “MediaDefender-Defenders“. In the .nfo that was posted with the torrent we read:

The source is complete for their operations regarding Kazaa, bittorrent, gnutella etc. This system is now released for the public in order to identify the decoys they set up. A special thanks to the MD employee that gave this to us.

It appears that this leak was not collected from the e-mails. The MD-Defenders themselves claim that a MD employee handed over the files to them, but this hasn’t be verified by other sources at this point.

This leak contains a wealth of information and seriously harm MediaDefender’s future operations. BitTorrent tracker owners and other admins who are involved in managing P2P networks can utilize the leaked information to brace themselves against companies like MediaDefender, who try to pollute their networks with fake files.

From the leak it seems that MediaDefender is active on virtually every P2P network, including Usenet.

Not surprisingly, most applications are dedicated to BitTorrent, which is probably their main target because of its popularity. Application names BTPoster, BTSeedInflator, BTDecoyClient and BTInterdictor make it quite obvious what they are supposed to do.

At this point it is still unclear who the MediaDefender-Defenders are and how they got their hands on all this information. MediaDefender has announced that the FBI will be investigating the source of the leaks.

To be continued?

Update: A list of leaked utilities is now available:

AresDataCollector, AresLauncher, AresProtector, AresSupernode, AresUDPDataCollector, AutoUpdater, AutoUpdaterSource, BTClient, BTDataCollector, BTDecoyClient, BTInflationDest, BTInterdictor, BTIPGatherer, BTPoster, BTRemover, BTScraper, BTScraperDLL, BTSearcher, BTSeedInflator, BTTorrentGenerator, BTTorrentSource, BTTracker, BTTrackerChecker, CVS, DCMaster, DCScanner, DCSupply, DistributedKazaaCollector, DllLoader, ED2KSupplyProcessor, EdonkeyIpBanner, FastTrackGift, FastTrackGiftDecoyer, GnutellaDecoyer, GnutellaFileDownloader, GnutellaProtector, GnutellaSupply, KademliaProtector, KazaaDBManager, KazaaLauncher, KazaaSupplyProcessor, KazaaSupplyTaker, KazaaSwarmerDest, KazaaSwarmerDistributedSource, KazaaSwarmerDownloader, KazaaSwarmerSource, MediaMaker, MediaSwarmerDest, MediaSwarmerSource, MetaMachine, MetaMachineHashSetCollector, MetaMachineSpoofer, MI-GnutellaSupply, MovieMaker, NameServer, NetworkMonitor, OverNetLauncher, OvernetProtector, OvernetSpoofer, P2PFileIndexer, PioletDC, PioletPoisoner, PioletSpoofer, SamplePlugIn, SLSKSpooferDLL, SoulSeekClient, StatusDest, StatusSource, SupernodeCollector, SupernodeController, SupernodeDistributer, SupplyProcessor, TKCom, TKFileTransfer, TKLauncher, TKProjectManager, TKSyncher, UsenetPoster, UsenetSearcher, WatchDogControllerDestination, WatchDogControllerSource, WinMxDC, WinMxLauncher, WinMxProtector, wma generator

Previously: Talk Like a Pirate Day 2007 is Here

Next: Speed Up Your Torrents With Ono

125 Responses (Add yours or TrackBack)

Pages: « 1 [2] 3 4 5 » Show All

26 Sep 20, 2007 at 17:16 by Randy S

U cannot break us! at least we have our looks and attitude!
Proof: http://bayimg.com/bAHmgAAbb

Up urs
Randy

27 Sep 20, 2007 at 17:29 by bravo!

Bravo!

28 Sep 20, 2007 at 18:08 by rick

I find it interesting that it mentions a new domain I’ve yet to see ‘linked’ to MD: onsystems dot com

29 Sep 20, 2007 at 18:11 by Snuffles

So should i add all the mediadefender ip’s to peer gaurdian? Anyone have it preformatted as a text file I can just load up? At mediadefender-defenders.com it looks like it would be the 14mb file of ip’s and the one below it of the MD owned IP’s.

30 Sep 20, 2007 at 18:12 by Snuffles

and zip torrent ip’s and anyone else who is an a**hole. (wink)

31 Sep 20, 2007 at 18:13 by randy saaf

onsystems.com is owned by Mr. Randy Saaf:

Registrant:
interfriendly
PO 42066
Los Angeles, CA 90042
US
310-306-9110

Domain Name: ONSYSTEMS.COM

Administrative Contact:
Saaf, Randy info@mediadefender.com
PO 42066
Los Angeles, CA 90042
US
310-306-9110

Technical Contact:
Saaf, Randy info@mediadefender.com
PO 42066
Los Angeles, CA 90042
US
310-306-9110

~~~~~~~~~~~~~~~~~~~~~~

OnSystems is the pioneer of private, secure peer to peer (P2P) networking. PeerSystem is the name of OnSystems’ technology that will change the way people view the Internet. PeerSystem technology allows people to easily create private networks between PCs over the Internet. The figure below demonstrates the impact that OnSystems’ PeerSystem technology will have on the Internet. The figure depicts two models of the Internet. The present Internet consists of all home and office PCs connected to servers that provide content. This model is good for “surfing the web.” Surfing the web is limited because it only involves interactions between users and web pages. Users do not interact directly with other users. The future Internet will maintain all the traditional capabilities of the current web but will have the added capability of direct interfacing between individuals’ PCs.

http://onsystems.com/main.html

Interesting !! Another mivii-like P2P trap ?

32 Sep 20, 2007 at 18:27 by jo momma

thats is a fucking ownage if i ever seen one, fuck those fags at MD

33 Sep 20, 2007 at 18:34 by Renan "Renan_S2"

pwned.

34 Sep 20, 2007 at 18:47 by vryinterested

Yea. The onsystems.com is very odd… it is on wayback machine for 5+ years, but now mediadefender owns the domain?

35 Sep 20, 2007 at 18:51 by Q

Just thought you’d like to know that a friend (who didn’t want to submit this to you) found what appears to be the MediaDefender private key, in case it’s useful for anything.

http://mediadefender-defenders.com/msg04671.html

36 Sep 20, 2007 at 19:12 by hoodlum

re: onsystems.com

they mentioned something about Tijit somewhere in the emails.. i think it was related to a digg link.

37 Sep 20, 2007 at 19:29 by Rolf

There’s something even more important here.

Remember that the leaked e-mails say that some of the Media Defender technologies (these utilities) just copied techniques first used by their corporate competition.

Maybe Media Defender put up a honeypot for their corporate competition to mess with, then tracked the actions of their corporate competition and built utilities that used those same techniques. However they did it, they did it.

If Media Defender’s utilities really exploit the exact same vulnerabilities as their competition, fixing the exploits detailed in these utilities could stop intrusions from all the other obstruction companies.

Aside from putting Media Defender in a dire business situation, this source code could do tremendous damage to the entire P2P obstruction and tracking industry.

38 Sep 20, 2007 at 19:29 by randy saaf

Yep, private keys and various other mediadefender certificates leaked in that big email batch - MD is fucked.

39 Sep 20, 2007 at 19:32 by sandman

down with media defenders!

40 Sep 20, 2007 at 19:36 by vryinterested

Future use of the private keys and certificates can easily be revoked, and probably already have been.

41 Sep 20, 2007 at 19:36 by required

My gawd I’m almost lost for words. Big-up’s to you, MD-D!

42 Sep 20, 2007 at 20:23 by Yatti

[quote comment="169391"]My gawd I’m almost lost for words. Big-up’s to you, MD-D![/quote]

I second this, Props!…

43 Sep 20, 2007 at 21:21 by raven

Wow, this is crazy. At least I hardly BT anymore… I used to when it was cool and safe. Now I buy most everything. Or GameFly it. Or NetFlix.

Still, I own a BT site, but it doesn’t host torrents. It’s just a search engine.

Pages: « 1 [2] 3 4 5 » Show All

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.