A diplomatic cable leaked by Wikileaks reveals that entertainment industry groups and law enforcement combined their efforts to infiltrate Warez Scene topsites. One of the strategies they discuss during a 2009 meeting is to have an informant leak music before the official release date, to gain trust of the site’s operator and gain access to the highly secured Scene servers.
If anything, the diplomatic cables that were released by Wikileaks reveal that entertainment industry groups such as the MPAA, RIAA and IFPI are pitching their agendas at the highest political levels.
These private groups train law enforcement officers around the world and are used to gather evidence, as if they were law enforcement branches.
A good example of the above is cable from October 2009, written by Kathleen Stephens, U.S. ambassador in South Korea. In the cable Stephens writes about a meeting between South Korean law enforcement officials, lobby groups IFPI and the MPAA, and a representative from the U.S. Immigration and Customs Enforcement (ICE) unit.
The meeting was organized to discuss enforcement actions against topsites, Scene servers that are at top of the so-called piracy pyramid. These servers are the source for much of the pirated content that eventually ends up at file-sharing websites.
After a failed attempt to bust several Korean topsites in 2008, the parties have come together to make new arrangements. What is immediately clear from reading the cables is that the law enforcement groups and the entertainment industry representatives find it extremely hard to take down these scene servers.
“Locating and penetrating topsites are extremely challenging because people can only gain access by proving that they can make a valuable contribution and gaining trust over an extended period of time. Access to topsite servers is encrypted and shielded and the operators respond to indications of investigation by legal authorities by destroying critical evidence and rapidly moving the servers,” the cable, signed by the ambassador, reads.
The meeting was further used to discuss the problems these topsites pose to the entertainment industry, and what options there are to go after them. One of the options is to infiltrate these servers and bust them from the inside out. This is a strategy that ICE seems to be familiar with, and they are happy to teach their skills to the Koreans.
“In response to questions about the role of his agency, ICE Attache explained that DHS ICE is currently investigating topsite-related issues in the U.S., and that there are numerous types of investigative methods that can be
incorporated to infiltrate topsites,” the cable reads.
“ICE Attache offered to provide training and a tour of the DHS ICE IPR Center in Washington, DC. The tour would allow Korean investigative entities to observe current methods used by law enforcement to combat topsites.”
One of the main problems with infiltration is that the topsite operators have to trust the ‘poser.’ To accomplish this, the ICE representative suggested that copyright holders could give them access to pre-release music that they can use to gain credibility as a source.
“[The ICE representative] also suggested encouraging a rightsholder to purposefully pre-release a song to law enforcement, in order to gain access to a topsite. Law enforcement could use the pre-released song to gain trust and consequent access from the topsite administrator. This idea was met with interest and may be pursued further,” the ambassador writes in the cable.
One of the plans that was brought up in the meeting was to let IFPI do the dirty infiltration work, after which they share their findings with law enforcement.
“As the meeting progressed, a basic investigative plan emerged in which IFPI performs the more arduous task of infiltrating topsites and gathering the IP addresses necessary to locate them. IFPI will then present an evidence
packet, which will include the IP address and the amount of files stored, to the Prosecutors’ Office. The Prosecutors’ Office will track down the physical location of the topsite, exercising maximum operational discretion.”
To avoid making the same mistake as in 2008, at no point during the investigations the ISPs can be notified, as they may be involved in the topsite themselves.
“The Prosecutors’ Office appears to understand that notifying an Internet Service Provider that one of its clients is under investigation, which it intended to do in the failed investigations of 2008, presents an enormous risk of
revealing the investigation to the topsite operator. It is even possible, as Mr. Ng noted, that someone working for the Internet Service Provider itself is operating the topsite.”
The cable further goes on to describe the need for action, and options that can be taken, but no concrete plans are worked out.
Although many have expected that infiltration of topsites was a common investigative tactic, this is the first time that we have it in writing.
In recent years dozens of topsites have been raided, including BAR, LOST, DLR and SC during a massive police action in Europe last year. Whether the above meeting resulted in any action from the South Koreans is unknown, but for as far as we are aware no Korea based topsites have been raided recently.