MegaUpload: What Made It a Rogue Site Worthy of Destruction?

Home > Anti-Piracy > Takedowns and Seizures >

File-hosting services all around the world will have looked on in horror yesterday as MegaUpload, one of the world's largest cyberlocker services, was taken apart by the FBI. Foreign citizens were arrested in foreign lands and at least $50 million in assets seized. So what exactly prompted this action? TorrentFreak read every word of the 72-page indictment so you don't have to, and we were surprised by its contents.

megauploadYesterday a massive operation took down MegaUpload, one of the world’s leading file-storage services and one of the world’s biggest sites, period.

While the timing came as a huge post-SOPA protest surprise, the fact the site was targeted was not – for many months there have been rumblings behind the scenes that something might be “done” about MegaUpload. Nevertheless, the manner in which the action was taken and the language used by the authorities in doing so was utterly unprecedented.

So the key question this morning is this – What made MegaUpload a rogue site which deserved to be completely dismantled and its key staff arrested? The answers lie in the 72-page indictment and show just how the authorities (with the massive assistance of the MPAA, no doubt) framed Mega’s activities in such a way as to strip it of any protection under the DMCA.

In the U.S., online service providers are eligible for safe harbor under the DMCA from copyright infringement suits by meeting certain criteria. However, the indictment states that member of the “Mega Conspiracy” (capital M, capital C no less) do not meet these criteria because…

…they are willfully infringing copyrights themselves on these systems; have actual knowledge that the materials on their systems are infringing (or alternatively know facts or circumstances that would make infringing material apparent); receive a financial benefit directly attributable to copyright-infringing activity where the provider can control that activity; and have not removed, or disabled access to, known copyright infringing material from servers they control.

Let’s cover the last point first – the apparent non-removal of known copyright material from MegaUpload’s servers. First, a little background on how MegaUpload’s user uploading system worked because this is absolutely crucial to the case against the site.

Mega had developed a system whereby files set to be uploaded by users were hashed in order to discover if a copy of the file already exists on the Mega servers. If a file existed, the user did not have to upload his copy and was simply given a unique URL in order to access the content in future. What this meant in practice is that there could be countless URLs ‘owned’ by various users but which all pointed to the same file.

Megaupload’s “Abuse Tool” to which major copyright holders were given access, enabled the removal of links to infringing works hosted on MegaUpload’s servers. However, the indictment claims that it “did not actually function as a DMCA compliance tool as the copyright owners were led to believe.” And here’s why.

The indictment claims that when a copyright holder issued a takedown notice for content referenced by its URL, only the URL was taken down, not the content to which it pointed. So although the URL in question would report that it had been removed and would no longer resolve to infringing material, URLs issued to others would remain operational.

Furthermore, the indictment states that although MegaUpload staff (referred to as Members of the Conspiracy) discussed how they could automatically remove child pornography from their systems given a specific hash value, the same standards weren’t applied to complained-about copyright works.

In June 2010, it appears that MegaUpload was subjected to a something of a test by the authorities. The company was informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing movies were being stored on their servers at Carpathia Hosting in the Eastern District of Virginia.

“A member of the Mega Conspiracy informed several of his co-conspirators at that time that he located the named files using internal searches of their systems. As of November 18, 2011, more than a year later, thirty-six of the thirty-nine infringing motion pictures were still being stored on the servers controlled by the Mega Conspiracy,” the indictment reads.

The paperworks goes on to accuse MegaUpload of running a program between September 2005 and July 2011 which rewarded users for uploading infringing material.

A citation from an internal MegaUpload email from February 2007 entitled “reward payments” claims to show that at least two key staff members knew that cash payments were being paid to users who uploaded infringing material including “full popular DVD rips” and “software with keygenerators (Warez)”.

Then the indictment starts to throw up some very interesting questions, specifically how the authorities managed to get hold of not just one but many of MegaUpload’s internal company emails (dating back to 2006) to use in the case against them.

It’s certainly possible that the authorities were monitoring MegaUpload’s correspondence but there are also at least two mentions in the indictment of an unnamed person described as “an unindicted co-conspirator”. While prosecutors sometimes use this term to describe people who have been excluded from an indictment on evidentiary concerns, they also use it to describe individuals who have been granted immunity from prosecution.

In any event, these emails are being heavily relied upon since many appear to indicate a knowledge among staff that copyright works were held on the company’s servers. Here’s a sample:

An email from 2006 claims to show how MegaUpload attempted to download large amounts of content from YouTube and appeared by April that year to have obtained 30% of the site’s content. A follow up email in 2007 claimed that “Kim [MegaUpload’s founder] really wants to copy Youtube one to one.”

An email from August 2006 titled “lol” contained a screenshot of a MegaUpload download page showing a cracked copy of CD burning software Alcohol 120%.

Other correspondence quoted in the indictment appears to show key staff members sending each other links to copyright works hosted on MegaUpload.

One contained 100 MegaUpload links to content by recording artist Armin Van Buuren. Another, allegedly sent in December 2006 by Kim Dotcom to another staff member, carried a link to a music file hosted on a MegaUpload server entitled “05-50_cent_feat._mobb_deep-nah-c4.mp3”. No context for the sending of these links is given in the indictment.

Other emails show staff asking each other to help locate copies of infringing content including TV series The Sopranos and Seinfeld, and music from a band called Grand Archives. Again, no context is offered in the indictment.

An email sent in July 2008 shows a key staff member reporting an earlier conversation with another entitled “funny chat-log.”

“We have a funny business . . . modern days pirates,” the exchange begins. “We’re not
pirates,” came the reply. “We’re just providing shipping services to pirates.”

But aside from exchanging links to copyright works, the indictment claims that key staff members also uploaded material themselves including a TV show from the BBC and a copy of the movie Taken.

The indictment lists several other examples which are supposed to demonstrate that the admins of MegaUpload knew that their service was being used for the storage and distribution of illegal material.

Emails from customers are cited where they complain that for various reasons they’re unable to watch named copyrighted works. Others ask how to find pirate movies on Mega and are told to go to sites that index Mega-hosted material, such as the, a site seized as part of Operation in Our Sites.

On at least two occasions the indictment reports key MegaUpload staff discussing TorrentFreak articles on seizure operations being carried out by the US authorities.

In one email, Kim Dotcom reportedly stated: “This is a serious threat to our business. Please look into this and see how we can protect ourselfs [sic],” adding, “Should we move our domain to another country, Canada or even HK?”

The indictment separately lists several movies being distributed from MegaUpload’s servers in the United States, all of which were not yet commercially available. There is no indication, however, that MegaUpload’s operators knew they were there.

On face value it would seem that in a handful of cited instances staff at the company did indeed link each other to copyright works, but when the massive scale of the MegaUpload operation is set beside them, their significance is put into a different perspective.

The issue of not taking down content is a fascinating one. MegaUpload is not on its own when it hashes content then allows users to access already-stored versions of the same files. Nevertheless, will taking down a specific URL and not the content itself be enough to appease the courts?

Finally, and despite the assertions of the MPAA, RIAA and the authorities, MegaUpload carried a huge amount of non-infringing content, giving the service itself “substantial non-infringing users”. Nevertheless, all content has now been seized, leaving millions of people and companies without their personal data.

Cyberlocker services and potential startups all around the world will be watching this case like hawks. Seismic doesn’t really come close.


Popular Posts
From 2 Years ago…