From the various files made available, some were easily viewable with a standard text editor, others – such as an executable called server_interface.exe – were more tricky. Thanks to a admittedly fairly hostile Full Disclosure security report we now have a clearer idea of what the package is capable of.

Penned by ‘CULT OF THE DEAD HADOPI’, the report refers to TMG as “Too Many Gremlins” along with reports not to expose them to bright lights. In it the server_interface.exe code is described as a Delphi service to which anyone can connect and start sending commands, no authentication (username/password) required. Perhaps even more worrying is a script which accepts auto-updates.

“An attacker can use the ‘Auto Update’ feature (\x82) to force the server to download updates from an evil FTP server he controls. Of course, a downloaded file is executed
just after the download,” write the researchers.

“Hence, anyone who wants to raise an army against Too Many Gremlins, look for an open port on TCP 8500,” they add.

The implication here is that if this software was present on all TMG servers, in addition to being able to turn them on and off at will a hacker could take them over with custom code of his own choosing, potentially creating “an army” which could be used to attack TMG or indeed, anyone else.

Commenting on the research, Bluetouff told TorrentFreak that the discovery of the vulnerabilities mean that the French 3 strikes program might already have been compromised.

“If TMG is vulnerable to injectioning on the system used to provide IP addresses to the HADOPI, the whole process is fu**** up,” he explained.

“Someone could for example inject the Culture Ministry’s IP range, or worse, gain access between TMG and HADOPI’s VPN by stealing certificates… then gain access to a huge amount of personal data,” he added.

“For instance we don’t know if this new ‘test server’ leak can compromise the LAN(S) of TMG with this exploit. Opacity is even for HADOPI. That’s why they went to audit TMG’s infrastructure with the CNIL [French Data Protection Office].”

“Anyway, this new episode shows that HADOPI was right to close their access,” he concludes.

That closure of access is a reference to Hadopi severing their Internet links to TMG once they found out about the leak and resorting to shifting IP addresses around by DVD and the postal system instead. That is hardly efficient and undoubtedly TMG will be working hard to get back into the 21st century.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

As became evident, the term ‘hacked’ was probably overly generous to TMG, since according to Bluetouff the company had left the equivalent of its front door open.

“A virtual machine leaked a lot of information like scripts, p2p clients to generate fake peers, local physical addresses in the datacenter and even a password that could lead to a major global TMG security breach,” he explained.

TorrentFreak obtained and listed some of the files in question in our earlier report, but as the contents of the leak were examined in more detail, it became evident that TMG had not only leaked out its own data, but that belonging to the subjects of their monitoring.

The day after our report, Guillaume Champeau of Numerama, a publication which follows French file-sharing issues in-depth, contacted TorrentFreak to say he had been able to show that IP addresses linked to the 3-strikes process may also have been leaked. He informed the HADOPI agency of his find which led to them to report that they were taking the matter “very seriously”.

Indeed, that concern has been followed by an announcement from Eric Walter, the secretary-general of HADOPI. Walter, a friend of French President Nicolas Sarkozy, who now confirms that “as a precaution Hadopi has decided to temporarily suspend its interconnection with TMG.”

What this effectively means is that since TMG is the only company licensed to do this work for the government, from now on and pending a review, the French 3 strikes regime for dealing with illicit file-sharing is suspended. Data gathered before Saturday evening, however, can still be used.

This suspension will be seen by some as a major embarrassment for President Sarkozy. France has taken a particularly hard-line approach to unlawful file-sharing and the government has continually brushed aside calls from the public and various watchdogs to consider more carefully the privacy and related rights issues connected with such a regime.

Update: According to French news sources the three strikes regime is set to continue, but data will not be transferred to Hadopi via the usual electronic transfers, but on physical media.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Under the new Hadopi law, alleged copyright infringers will be reported to a judge once they have received three warnings. The judge will then review the case and hand down any one of a range of penalties, from fines through to disconnecting the Internet connection of the infringer.

Trident Media Guard, the investigative company that will be responsible for tracking down alleged infringers, was presented to the public today. Interestingly enough this private company was not appointed by the government but by the entertainment industries, including the major record labels and movie studios.

Among file-sharers Trident Media Guard (TMG) is not a new name. In fact, thousands if not millions of people have run into them already as they are known to hinder illegal downloads by spreading fake data. For their ‘revolutionary’ anti-P2P technology they have submitted a patent application which is currently under review.

Aside from polluting file-sharing networks, the company will now also be responsible for tracking and reporting pirates to the authorities. TMG has the capacity to record up to 25,000 infringements a day, and according to initial estimates 10,000 offenders a day are expected to receive a warning.

TMG’s tracking technology will cover a wide range of file-sharing networks, with four of them being monitored as a priority. There is little doubt that BitTorrent, eDonkey and Gnutella will be the major targets, but according to TMG it is also possible to monitor Rapidshare, newsgroups and streaming services.

How they will be able to monitor these non-P2P services remains a mystery for now, but it suggests some form of privacy invasion. Unlike with BitTorrent, a third party can’t simply see what a user is downloading as they do when they actively monitor a user’s P2P connections.

In the UK the ISP Virgin Media is trialling a technique which involves Deep Packet Inspection to monitor the level of illicit file-sharing across a percentage of its customer base.

Because systems like this are believed to breach the privacy of individual Internet users, the European Commission has been asked to review its legality.

Thus far no details have been published on the data gathering techniques of TMG, but considering the enormous opposition against the Hadopi law there is little doubt that their every move will be closely watched.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.