The Biggest Ever BitTorrent Leak: MediaDefender Internal Emails Go Public
When TorrentFreak reported that Media Defender (MD) was behind the video site MiiVi, they cast doubt on us. Now, in what is surely the biggest BitTorrent leak ever, nearly 700mb of MD’s emails have gone public. When MD’s Randy Saaf found out we rumbled MiiVi he said, “This is really fucked.” This is too, but much more so.
When we reported in July that an Anti-Piracy Gang Launches their own Video Download Site to Trap People and that the company was called Media Defender and, as anyone who aims to be a credible news resource would, we checked and double checked our sources. We said, with some confidence:
Media Defender, a notorious anti piracy gang working for the MPAA, RIAA and several independent media production companies, just launched their very own video upload service called “miivi.com”. The sole purpose of the site is to trap people into uploading copyrighted material, and bust them for doing so.
However, in comments made to Ars technica, Media Defender’s Randy Saaf chose to rubbish our claims, calling it an ‘accidentally un-secured internal project’.
From the emails we cannot be sure that it’s an entrapment site or that it is related to the MPAA (perhaps it’s a legit a P2P video client?), but it does look suspicious.
Unfortunately for Media Defender - a company dedicated to mitigating the effects of internet leaks - they can do nothing about being the subject of the biggest BitTorrent leak of all time. Over 700mb of their own internal emails, dating back over 6 months have been leaked to the internet in what will be a devastating blow to the company. Many are very recent, having September 2007 dates and the majority involve the most senior people in the company. Apparently this is not the first time that a MediaDefender email leaked onto the Internet.
According to the .nfo file posted with the Mbox file the emails were obtained by a group called “MediaDefender-Defenders”. It states: “By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,” and “A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account”
Note: The mbox formatted file is circulating publicly on BitTorrent, completely unedited. However, for publication here we have removed the username and password logins for Media Defender’s servers, and replaced them with asterisks and avoided publishing emails of a personal nature, e.g pay negotiations etc. We believe that the emails are the real deal and all the info posted here serves the public interest.
At first we couldn’t believe that it was real, but after we scanned through the e-mails it became clear that it was indeed the real deal. Hundreds of IPs and logins to their servers, lists of their decoy/entrapment trackers, decoy strategies, the effectiveness of their fake torrents (in many cases with a breakdown of success, title specific), high and low priority sites, .torrent watchlists, information on their monitoring of competitors, pictures of their weekend trips and even the anti-piracy strategy for dealing with The Simpsons Movie leak:
# REMINDER: “The Simpson’s Movie” premieres this Friday (to Torrents).
* Decoy files are available in torrents MDfile server.
* Use Public Trackers for pre-Leak releases.
* Create two new trackers for this project.
o Ebert to inform Torrents of these new machines.
* Send a list of 5 release names from each torrent team member to Ebert.
* REMEMBER to input torrent file into interdiction if a real Leak is available this weekend.
It’s impossible to sum up all the juicy details in one post as the amount of information is staggering, so as much as we’d like to tell you about the custom Media Defender software (called ProxyMaster) included in the leak, we’ll focus mainly on the MiiVi case.
Let’s start off with their response to our story about MiiVi.com.
From: Ben Grodsky
Sent: Tue 03-Jul-07 20:19
To: MIIVI; Randy Saaf; Octavio Herrera; Steve Lyons
Subject: MiiVi got DuggLooks like the domain transfer has screwed us over:
http://torrentfreak.com/anti-piracy-gang-launches-their-own
-video-download-site-to-trap-people/
http://digg.com/users/AcePup/news/dugg-Ben
And the response from Randy Saaf himself.
This is really fucked.
Let’s pull miivi offline.
Apparently our reports about MiiVi made them really paranoid. They are worried that reporters will apply for jobs just to find out more about their secret project.
From Ben Grodsky, Media Defender
Subject: care in interviewing
Given all the recent Digg, SlashDot and derivative online articles about MD, be careful what you say in job interviews. Specifically, I’m concerned about giving any information BEYOND what’s already on the mediadefender.com website. I’m worried about someone interviewing for a position just for the purpose of getting more info to post online. For example, if anyone asks anything about MiiVi, just reiterate what Randy has said online (it was an internal video project that we probably should have password protected; we were in no way directed to, or working with, the MPAA on that project; NO part of the project was a honeypot designed to trap downloaders).
Seemingly every last detail of the MiiVi preparations are laid bare for all to see, such as these attempts to deal with some unexpected content. Interestingly, if MiiVi was only an internal operation, where on earth did this content come from?:
From Ben Grodsky, Media Defender
Dylan,
I wouldn’t normally e-mail you directly about MiiVi stuff, because a lot of what I say about this is total crap (so keep that in mind) and Jay filters the crap from the important stuff for you. Is there a way to add this hash/title to the porn filter explicitly?
hash=30755326A4E4B28E678BFF8CB2AF5FC4A4FBF710&i=3 (the title is Celebrity deathmatch: Korn vs slipknot and the exact URL is http://129.47.9.160/zonie/media.php?hash=30755326A)
I just flagged it as Other Terms of Use violation. It’s a warthog (or maybe it’s a big bushy dog, I can’t tell) having sex with a woman and NOT a Korn vs. Slipknot mash-up video.
If this is a big deal, don’t worry about it for now.
And, If MiiVi was an internal project only, how does that sit with these attempts to generate lots of traffic?
Dylan,
Another thing we can do to increase Google and other search engine traffic is to get more link-ins. At the next MiiVi meeting, I’m going to ask Randy for permission to incentivize people to link-in a MiiVi video on their MySpace. Colin is already doing this and it helps the word-of-mouth spread, even if the link-ins are nominal. I’m not sure what we could do in the link-in regard early on, but getting the cumulative ~1000+ MySpace friends of MediaDefender employees to see MiiVi link-ins can’t hurt….
Colin — start coming up with a list the list of keywords and descriptors for hidden metadata entries, per Dylan’s e-mail below.
Thanks,
Ben
One can only speculate what the MiiVi client might’ve been capable of, should it have gotten off the ground:
From: Ben Grodsky
To: Jay Mairs
Cc: Randy Saaf
Sent: Wed Jun 20 23:36:54 2007
Subject: miivi emule spoofJay,
Do you think it would break a lot and take more time than its worth for the MiiVi application/installer also to act like Serge’s Proxy client and spoof on eMule?
-Ben
Just about every aspect of the company’s operations on every file sharing network is revealed in the emails, including their fake eDonkey server and Soulseek activities, not to mention payroll issues and discussions about what to eat for lunch.
Of course, Mr Saaf was always very keen to distance MediaDefender from MiiVi, as this email shows:
From: Randy Saaf
Sent: Wed 6/13/2007 12:54 AM
To: Colin Keller
Cc: Ben Grodsky; Steve Lyons; Jay Mairs
Subject: miivi emailsColin:
Set up your email so that you always reply with a ckeller@miivi.com, dmca@miivi.com, or an info@miivi.com address respectively. I don’t want MediaDefender anywhere in your email replies to people contacting Miivi. Steve and Ben can help you set up your email for this. Make sure MediaDefender can not be seen in any of the hidden email data crap that smart people can look in.
I am setting up ckeller@miivi.com to forward to ckeller@mediadefender.com.
R
They made up fake company (MiiVi Inc.), edited their own Wikipedia entries and hosted Miivi on IPs that couldn’t be traced back to MediaDefender.
Ben E:
Can you please do what you can to eliminate this entry? Let me know if you have any success.
R
From: Jay Mairs
Sent: Tue 7/3/2007 9:59 PM
To: Steve Lyons; Randy Saaf; Octavio Herrera
Cc: Ty Heath; Dylan Douglas; Ben Grodsky; Ivan Kwok (gmail)
Subject: Re: MiiVi got DuggSteve, please redirect miivi.com to point to an ip that’s not one of ours (random ip or whatever).
Dylan, if there’s nothing critical running on the miivi server, please shut the computer down. If there is something critical on there, please let us know ASAP.
MediaDefender took down MiiVi.com but it seems they aren’t ditching the project but instead looking for a new name because domain names are really important for internal projects:
From: Randy Saaf
Sent: Friday, July 13, 2007 4:44 PM
To: Jay Mairs; Colin Keller
Subject: FW: New miivi name.Do you like vidber.com or bivvid.com or vidorama.com?
——————————————————-
Reply from: Colin KellerVidorama would be my first choice (though it is a bit 70’s, kind of like a bad video rental store). Vidber doesn’t spark much interest (kind of ends too abruptly), and bivvid I’m not really feeling.
Or maybe they’ll just change the domain name to something similar, and move things round a little?
Subject: MiiVi (currently on www.viide.com)
From: grodsky@mediadefender.com
Date: 23/07/2007 18:05
To: michael.potts@artistdirect.comMichael,
When you get a chance, we would love you to start taking a look at www.viide.com. That is the current home of our MiiVi site. We have totally locked-down the site, while we improve the look and feel from the blogosphere saw. Accordingly, to access the site you will need to login using the following login/password *****/**** (we have also made a login/password for Bobby, in case you think we could use some help with our graphics :) — *****/*****).
Once you log on the site, surf over to www.viide.com/download.php to get our application. The website currently acts a GUI for the application. When we go live with the site for the general public, there will also be a java applet that also minimal/one-off type use of MiiVi (but this feature is inaccessible with the current locked-down version of the site).
From: tabish@mediadefender.com
Date: 27/07/2007 23:56
To: MIIVI@mediadefender.comI’m not sure if you guys are planning on going live with the Viide domain name….but in case you are….you might want to remove all references of Miivi on the homepage of viide.com before it gets Googled or someone public comes across it. For example, at the bottom under terms of service and on the HTML Title where it says “MiiVi, Inc”, and probably the default image of the skyscrapers (which are the same as Miivi).
Also, the WHOIS information is still linked to MediaDefender, Inc.
-TH
Yes, they need to get on top of the WHOIS situation before someone sees it.
After the MiiVi incident, we later reported that Media Defender owned the p2p.net domain name. A little later, our claims were proven correct when they made the p2p.net domain link back to our own article, which it still does to this day. We took this as a compliment and this is what the guys had to say about it:
From: Ben Grodsky
To: Jay Mairs; Ben Ebert; Octavio Herrera
Sent: Fri Jul 13 12:18:02 2007
Subject: FW: p2p.net on digg and torrentfreakthis is too funny. torrentfreak accused us of buying p2p.net on ebay earlier this year. Randy found out and redirected it to that vary article on torrentfreak. now there’s an article about the redirected p2p.net!
We admit it, it was quite funny at the time and proved that even anti-piracy guys have a sense of humor but sadly, it’s doubtful that the comedy will extend through this latest episode, as it’s expected that thousands of file-sharers will dissect and disseminate their commercially sensitive data into every corner of internet.
For a business model that gets its life-blood from piracy, in a twisted way this leak is likely to help generate even more business and develop the market. Funny old world.
Update: MediaDefender Phone Call and Gnutella Tracking Database Leaked
Previously: Prince Hires the Web Sheriff to Take on The Pirate Bay
Next: Porn Industry Gloats Over Hollow Win vs BitTorrent
266 Responses
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 » Show All
These guys don’t work very much. Half the emails are them taking off.
guys like that should realy go to jail…
its not very far from fishing operations except instead of trapping bank numbers their trapping all other kinds of information..
fishing = jail so this kind of activity should also have serious consequenses… imo..
but let me gues, its an american corperation right? …
For those that would prefer it this way.
http://www.megaupload.com/?d=CN71JJMP
Haha, it looks like they were storing music files for analysis on ftpumg.umusic.com. And there’s login info. >.<
Maybe this is also related:
* Experiment with a dedicated tracker for public use, to get
confidence at first, and then screw with their torrents later in time
(to Gerald).
[quote]Jay,
Do you think it would break a lot and take more time than its worth for the MiiVi application/installer also to act like Serge’s Proxy client and spoof on eMule?
-Ben[/quote]
To my eye, this reads like they were planning to install eMule spoofing and bittorrent spoof proxying software on unsuspecting users’ PCs alongside with the “miivi client”, whatever that might be. Sucking away people’s bandwidth, possibly adding to those poor bastards’ intarbutts bill where bandwidth is metered.
And that, my friends, sounds rather severely illegal. As in, unauthorized use of a computer system illegal. “Pound you in the bottom” illegal, if you will.
If i had the money id take legal actions right away against that company.
Here’s a big list of their used IPs.
DCA2F
38.99.254.204-38.99.254.226
DCA2G
38.99.254.227-38.99.254.249
DCA2H
38.99.254.250
38.99.254.251
38.99.254.252
38.99.254.253
38.99.255.2
38.99.255.3
38.99.255.4
38.99.255.5
38.99.255.6
38.99.255.7
38.99.255.8
38.99.255.9
38.99.255.10
38.99.255.11
38.99.255.12
38.99.255.13
38.99.255.14
38.99.255.15
38.99.255.16
38.99.255.17
38.99.255.18
38.99.255.19
38.99.255.20
DCA2I
38.99.255.21-38.99.255.43
DCA2E
38.99.255.44-38.99.255.58
teleglobe1
66.110.61.2-66.110.61.26
alchemy1
205.177.78.130
205.177.78.135
205.177.78.140
205.177.78.145
205.177.78.150
205.177.78.155
205.177.78.160
205.177.78.165
205.177.78.170
205.177.78.175
205.177.78.180
205.177.78.185
205.177.78.190
205.177.78.195
205.177.78.200
205.177.78.205
205.177.78.210
205.177.78.215
205.177.78.220
205.177.78.225
205.177.78.230
205.177.78.235
205.177.78.240
205.177.78.245
205.177.78.250
teleglobe1a
207.45.196.98
207.45.196.101
207.45.196.104
207.45.196.107
207.45.196.110
207.45.196.113
207.45.196.116
207.45.196.119
64.86.230.34
64.86.230.37
64.86.230.40
64.86.230.43
64.86.230.46
64.86.230.49
64.86.230.52
64.86.230.55
64.86.230.58
66.198.35.98
66.198.35.101
66.198.35.104
66.198.35.107
66.198.35.110
66.198.35.113
66.198.35.116
66.198.35.119
Cyberverse707
66.180.205.2-66.180.205.26
Cyberverse708
66.180.205.27-66.180.205.51
Cyberverse709
66.180.205.52-66.180.205.71
Cyberverse710
66.180.205.72-66.180.205.96
DCA4A
38.99.252.2-38.99.252.24
DCA3I
38.99.252.25-38.99.252.47
DCA3H
38.99.252.48-38.99.252.70
DCA3G
38.99.252.71-38.99.252.93
DCA3F
38.99.252.94-38.99.252.116
DCA2A
38.99.252.117-38.99.252.136
DCA2B
38.99.252.137-38.99.252.156
DCA2C
38.99.252.157-38.99.252.179
DCA4D
38.99.252.230-38.99.252.249
DCA4C
38.99.252.250
38.99.252.251
38.99.252.252
38.99.252.253
38.99.253.2
38.99.253.3
38.99.253.4
38.99.253.5
38.99.253.6
38.99.253.7
38.99.253.8
38.99.253.9
38.99.253.10
38.99.253.11
38.99.253.12
38.99.253.13
38.99.253.14
38.99.253.15
38.99.253.16
38.99.253.17
DCA4B
38.99.253.18-38.99.253.38
DCA1J
38.99.253.39-38.99.253.58
DCA1i
38.99.253.59-38.99.253.78
DCA1H
38.99.253.79-38.99.253.98
DCA1G
38.99.253.99-38.99.253.118
DCA1F
38.99.253.119-38.99.253.139
DCA1E
38.99.253.140-38.99.253.159
DCA1D
38.99.253.160-38.99.253.177
38.99.255.240
38.99.255.241
DCA1C
38.99.253.178-38.99.253.197
DCA2D
38.99.253.198-38.99.253.204
DCA4E
38.99.253.205-38.99.253.224
DCA4J
38.99.253.225-38.99.253.247
DCA4I
38.99.253.248
38.99.253.249
38.99.253.250
38.99.253.251
38.99.253.252
38.99.253.253
38.99.254.2
38.99.254.3
38.99.254.4
38.99.254.5
38.99.254.6
38.99.254.7
38.99.254.8
38.99.254.9
38.99.254.10
38.99.254.11
38.99.254.12
38.99.254.13
38.99.254.14
38.99.254.15
38.99.254.16
38.99.254.17
38.99.254.18
DCA4H
38.99.254.19-38.99.254.41
DCA4G
38.99.254.42-38.99.254.64
DCA4F
38.99.254.65-38.99.254.87
DCA3E
38.99.254.88-38.99.254.110
DCA3D
38.99.254.111-38.99.254.133
DCA3C
38.99.254.134-38.99.254.156
DCA3B
38.99.254.157-38.99.254.180
DCA3A
38.99.254.181-38.99.254.203
DCA1A
129.47.9.193-129.47.9.216
DCA1B
129.47.9.217-129.47.9.241
DCB1K
64.93.88.2-64.93.88.24
DCB1J
64.93.88.25-64.93.88.47
DCB1I
64.93.88.48-64.93.88.70
DCB1H
64.93.88.71-64.93.88.93
DCB4C
64.93.88.94-64.93.88.113
DCB4D
64.93.88.114-64.93.88.133
DCB1G
64.93.88.134-64.93.88.156
DCB1F
64.93.88.157-64.93.88.179
DCB1E
64.93.88.180-64.93.88.202
DCB1D
64.93.88.203-64.93.88.225
DCB1C
64.93.88.226-64.93.88.248
DCB2B
64.93.89.2-64.93.89.24
DCB2C
64.93.89.25-64.93.89.47
DCB2D
64.93.90.200-64.93.90.222
DCB2E
64.93.89.71-64.93.89.93
DCB2F
64.93.89.94-64.93.89.116
DCB2G
64.93.89.117-64.93.89.136
DCB4E
64.93.89.137-64.93.89.156
DCB2H
64.93.89.157-64.93.89.176
DCB2I
64.93.89.177-64.93.89.199
DCB2J
64.93.89.200-64.93.89.222
DCB2K
64.93.89.223-64.93.89.245
DCB3A
64.93.90.2-64.93.90.24
DCB3B
64.93.90.25-64.93.90.47
DCB3C
64.93.90.48-64.93.90.70
DCB3D
64.93.90.71-64.93.90.93
DCB3F
64.93.90.94-64.93.90.116
DCB3E
IP64.93.90.139-64.93.90.144
DCB4B
64.93.90.223-64.93.90.245
DCB1B
64.93.91.2-64.93.91.24
DCB1A
64.93.91.25-64.93.91.47
DCB2A
64.93.91.48-64.93.91.70
DCB4H
64.93.91.71-64.93.91.93
DCB4F
64.93.91.94-64.93.91.113
DCB4G
64.93.91.114-64.93.91.133
DCB4I
64.93.91.134-64.93.91.153
1and1 are bitches when it comes to open depts ;-)
38.99.254.204-38.99.254.226
38.99.254.227-38.99.254.249
38.99.254.250
38.99.254.251
38.99.254.252
38.99.254.253
38.99.255.2
38.99.255.3
38.99.255.4
38.99.255.5
38.99.255.6
38.99.255.7
38.99.255.8
38.99.255.9
38.99.255.10
38.99.255.11
38.99.255.12
38.99.255.13
38.99.255.14
38.99.255.15
38.99.255.16
38.99.255.17
38.99.255.18
38.99.255.19
38.99.255.20
38.99.255.21-38.99.255.43
38.99.255.44-38.99.255.58
66.110.61.2-66.110.61.26
205.177.78.130
205.177.78.135
205.177.78.140
205.177.78.145
205.177.78.150
205.177.78.155
205.177.78.160
205.177.78.165
205.177.78.170
205.177.78.175
205.177.78.180
205.177.78.185
205.177.78.190
205.177.78.195
205.177.78.200
205.177.78.205
205.177.78.210
205.177.78.215
205.177.78.220
205.177.78.225
205.177.78.230
205.177.78.235
205.177.78.240
205.177.78.245
205.177.78.250
207.45.196.98
207.45.196.101
207.45.196.104
207.45.196.107
207.45.196.110
207.45.196.113
207.45.196.116
207.45.196.119
64.86.230.34
64.86.230.37
64.86.230.40
64.86.230.43
64.86.230.46
64.86.230.49
64.86.230.52
64.86.230.55
64.86.230.58
66.198.35.98
66.198.35.101
66.198.35.104
66.198.35.107
66.198.35.110
66.198.35.113
66.198.35.116
66.198.35.119
66.180.205.2-66.180.205.26
66.180.205.27-66.180.205.51
66.180.205.52-66.180.205.71
66.180.205.72-66.180.205.96
38.99.252.2-38.99.252.24
38.99.252.25-38.99.252.47
38.99.252.48-38.99.252.70
38.99.252.71-38.99.252.93
38.99.252.94-38.99.252.116
38.99.252.117-38.99.252.136
38.99.252.137-38.99.252.156
38.99.252.157-38.99.252.179
38.99.252.230-38.99.252.249
38.99.252.250
38.99.252.251
38.99.252.252
38.99.252.253
38.99.253.2
38.99.253.3
38.99.253.4
38.99.253.5
38.99.253.6
38.99.253.7
38.99.253.8
38.99.253.9
38.99.253.10
38.99.253.11
38.99.253.12
38.99.253.13
38.99.253.14
38.99.253.15
38.99.253.16
38.99.253.17
38.99.253.18-38.99.253.38
38.99.253.39-38.99.253.58
38.99.253.59-38.99.253.78
38.99.253.79-38.99.253.98
38.99.253.99-38.99.253.118
38.99.253.119-38.99.253.139
38.99.253.140-38.99.253.159
38.99.253.160-38.99.253.177
38.99.255.240
38.99.255.241
38.99.253.178-38.99.253.197
38.99.253.198-38.99.253.204
38.99.253.205-38.99.253.224
38.99.253.225-38.99.253.247
38.99.253.248
38.99.253.249
38.99.253.250
38.99.253.251
38.99.253.252
38.99.253.253
38.99.254.2
38.99.254.3
38.99.254.4
38.99.254.5
38.99.254.6
38.99.254.7
38.99.254.8
38.99.254.9
38.99.254.10
38.99.254.11
38.99.254.12
38.99.254.13
38.99.254.14
38.99.254.15
38.99.254.16
38.99.254.17
38.99.254.18
38.99.254.19-38.99.254.41
38.99.254.42-38.99.254.64
38.99.254.65-38.99.254.87
38.99.254.88-38.99.254.110
38.99.254.111-38.99.254.133
38.99.254.134-38.99.254.156
38.99.254.157-38.99.254.180
38.99.254.181-38.99.254.203
129.47.9.193-129.47.9.216
129.47.9.217-129.47.9.241
64.93.88.2-64.93.88.24
64.93.88.25-64.93.88.47
64.93.88.48-64.93.88.70
64.93.88.71-64.93.88.93
64.93.88.94-64.93.88.113
64.93.88.114-64.93.88.133
64.93.88.134-64.93.88.156
64.93.88.157-64.93.88.179
64.93.88.180-64.93.88.202
64.93.88.203-64.93.88.225
64.93.88.226-64.93.88.248
64.93.89.2-64.93.89.24
64.93.89.25-64.93.89.47
64.93.90.200-64.93.90.222
64.93.89.71-64.93.89.93
64.93.89.94-64.93.89.116
64.93.89.117-64.93.89.136
64.93.89.137-64.93.89.156
64.93.89.157-64.93.89.176
64.93.89.177-64.93.89.199
64.93.89.200-64.93.89.222
64.93.89.223-64.93.89.245
64.93.90.2-64.93.90.24
64.93.90.25-64.93.90.47
64.93.90.48-64.93.90.70
64.93.90.71-64.93.90.93
64.93.90.94-64.93.90.116
IP64.93.90.139-64.93.90.144
64.93.90.223-64.93.90.245
64.93.91.2-64.93.91.24
64.93.91.25-64.93.91.47
64.93.91.48-64.93.91.70
64.93.91.71-64.93.91.93
64.93.91.94-64.93.91.113
64.93.91.114-64.93.91.133
64.93.91.134-64.93.91.153
dan, i’m guessing those are MediaDefender IPs, correct?
Yes. They’re in a message “new namelist”
“I have converted the old Aleron1, 3 and 5 into a single network now called DCA2E with 15 servers. The IP range is 38.99.255.44 - .58. Two servers have bad power supplies and a third has a bad hard drive.
38.99.255.47 Bad Power Supply
38.99.255.49 Bad Power Supply
38.99.255.58 Bad Hard Drive
I have included a new namelist and network.ini file with this updated info.
Jose”
It includes the internal names for the servers along with the ip ranges.
[quote comment="165285"]Has anyone ran ProxyMaster?
I’m curious what it is but am definitely not installing it :)[/quote]
From the context of various e-mails, it appears that the program runs in the background of a persons computer (such as the employees), and uses their bandwidth/connection/IP/processor to spoof eDonkey servers specified by a central host
Wow, again, I am speechless. This e-mail leak is spreading throughout the net like that blaster worm way back when.
Although, I really do not want the employees to be physically harmed, as it would go too far, way beyond of what most people want happen to the company.
I’d like to see the company go down, but no physical harm to the employees.
Anyway, as this story evolves second by second, this will eventually knock some sense into Jurisdictions deps and section of governments hopefully around the world.
Keep spreading the news, all of you.
http://youtube.com/user/TheShockwave
YouTube profile of one of the MediaDefender employees.
IP Ping Time Users Files Owner Name
————————————————————————————————————————–
64.93.90.203:1234 Never Pinged 273654 39953545 ** MediaDefender ** Razorback 69
64.93.90.204:9238 Never Pinged 135795 16023894 ** MediaDefender ** Torbe Cerdo
64.93.90.220:4661 Never Pinged 168116 24544973 ** MediaDefender ** http://www.Sofort-Downloads.de 02
64.93.90.239:9237 Never Pinged 77445 11539377 ** MediaDefender ** JP Server
64.93.90.238:5000 Never Pinged 524838 36213855 ** MediaDefender ** Razorback 3.0
64.93.90.234:9237 Never Pinged 131944 15965290 ** MediaDefender ** Razorback 3.2
72.51.37.109:15932 Never Pinged 1210882 187686816 ** MediaDefender ** DonkeyServer No2
64.93.90.201:9273 Never Pinged 314044 24495473 ** MediaDefender ** xLax
64.93.90.228:6869 Never Pinged 146293 10679390 ** MediaDefender ** http://www.UseNeXT.info
64.93.90.208:9743 Never Pinged 116933 13096603 ** MediaDefender ** BiG BanG x
64.93.90.210:4661 Never Pinged 85149 7748628 ** MediaDefender ** !-=www.FreeSexBay.com =-!
64.93.90.207:4661 Never Pinged 127353 16683337 ** MediaDefender ** http://www.wmule.com
64.93.90.236:4661 Never Pinged 151479 17874556 ** MediaDefender ** rohan
72.51.38.142:2222 Never Pinged 245991 26075114 ** MediaDefender ** ##acabose verbose emule—
87.239.51.4:1997 Never Pinged 695990 103006553 ** MediaDefender ** Bassifondi
72.51.38.139:5691 Never Pinged 208353 21460423 ** MediaDefender ** Divx megaficheros
72.51.38.141:1390 Never Pinged 337518 27339005 ** MediaDefender ** didl0 factory
64.34.169.45:4242 Never Pinged 484074 42114494 ** MediaDefender ** DonkeyServer No9
64.93.90.214:2937 Never Pinged 147835 8130936 ** MediaDefender ** ZIRCONIUM “IRISH”
64.93.90.218:9439 Never Pinged 161581 12603351 ** MediaDefender ** !-=www.FreeSexBay.com =-!
64.93.90.237:2121 Never Pinged 263579 29257289 ** MediaDefender ** -~=SexMachine=~-
64.93.90.205:2366 Never Pinged 81850 8103233 ** MediaDefender ** BiG BanG 14
64.93.90.219:6116 Never Pinged 221196 13271773 ** MediaDefender ** http://www.Sofort-Downloads.de
64.93.90.224:2794 Never Pinged 98372 8361687 ** MediaDefender ** http://www.Sofort-Downloads.de 01
64.93.90.241:10000 Never Pinged 169727 20197527 ** MediaDefender ** 2.718281828459045235360287471352
64.93.90.222:4661 Never Pinged 78111 9217208 ** MediaDefender ** ! * * * * FUCK ME * * * * !
72.51.37.108:9009 Never Pinged 1103076 211790592 ** MediaDefender ** DonkeyServer No3
64.93.90.213:7932 Never Pinged 367174 42225013 ** MediaDefender ** ZIRCONIUM “IRISH”
64.93.90.215:7890 Never Pinged 159638 9897611 ** MediaDefender ** Razorback
64.93.90.229:7255 Never Pinged 123698 6308632 ** MediaDefender ** http://www.YouFling.com
208.68.235.101:46969 Never Pinged 30086 2316653 ** MediaDefender ** Fuck Buddies
72.51.39.150:8763 Never Pinged 20993 1196639 ** MediaDefender ** #FAST scramjet
64.93.90.230:7892 Never Pinged 130783 17917389 ** MediaDefender ** muelbomber/turboesel.no-ip.org
64.93.90.206:4927 Never Pinged 223628 23033697 ** MediaDefender ** !-= http://www.FreeSexBay.com =-!
64.93.90.227:5000 Never Pinged 82008 7790764 ** MediaDefender ** Byte Devils
64.93.90.244:6886 Never Pinged 99798 14171353 ** MediaDefender ** NiNcubator
72.51.37.107:9123 Never Pinged 945862 150392214 ** MediaDefender ** DonkeyServer No4
64.93.90.242:6666 Never Pinged 174134 12537698 ** MediaDefender ** 0, 1, 1, 2, 3, 5, 8, 13, 21, 34,
62.241.53.16:4242 Never Pinged 903251 137870767 DonkeyServer No2
62.241.53.15:4242 Never Pinged 182910 31652034 DonkeyServer No6
62.241.53.3:4242 Never Pinged 104262 20222420 DonkeyServer No4
62.241.53.4:4242 Never Pinged 294774 40013727 DonkeyServer No5
64.93.90.240:3000 Never Pinged 123257 18488654 ** MediaDefender ** JD2K http://www.telechargerdusex
62.241.53.17:4242 Never Pinged 344261 45946120 DonkeyServer No3
62.241.53.2:4242 Never Pinged 536370 83681712 DonkeyServer No1
61.145.112.13:3721 Never Pinged 2244 711344 Popgo Anime Server
Interesting technique they talk about in a message titled “Preemptive post file”:
1. Find a newly leaked movie on torrent site A, download it.
2. Modify the torrent to use a bad tracker.
3. Upload the torrent to site B, using an account publicly known to be owned by MediaDefender.
4. Site B bans the (valid) movie hash.
Interesting!
Interesting files in email:
Fw: NPD Historical Data 21.8.2007 20:10
[quote]I really hope none of you call these people. Flaming them on the internet is one thing, but pestering them at home is fucked up.[/quote]
Agreed, all in all they may be the ppl who try and dupe you into downloading bs files but, the end of the day they just ppl who need money to live…dont cross the line by calling them and harassing them …besides if you fall victim to those files, whos fault is that for suing shitty resources…personally, these emails are a clear indication on where NOT to go for torrents..Pirate Bay was listed and Demonoid was called out in the emails but we all know they check their shit so those are fine, but all the meta indexers, Blah, find diff sources.
6 references to this post
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 » Show All
Responses are closed
All remaining responses will continue to be archived. Thanks to all who made serious comments.