The corporate espionage game: MediaDefender's attack on Revision3
Run don't walk to read Jim Louderback's account of how Revision3 was taken down by MediaDefender, a subsidiary of penny stock ArtistDirect.
The gist: Revision3 suffered a denial of service attack that was orchestrated by MediaDefender. Louderback's well-told tale has all the details, but we'll pick it up here:
So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at MediaDefender.
First, they willingly admitted to abusing Revision3's network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only - to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.
Second, and here's where the chain of events come into focus, although not the motive. We'd noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender's servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of "Hi"s brought down our network.
Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.
"MediaDefender did not do anything specific, targeted at Revision3″, claims Grodsky. "We didn't do anything to increase the traffic" - beyond what they'd normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender's back-door access to the server, "traffic piled up (to Revision3 from MediaDefender servers because) it didn't get any acknowledgment back."
Putting aside the company's outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I'm still left to wonder why they didn't just tell us our basement window was unlocked. A quick call or email and we'd have locked it up tighter than a drum.
My question: Why would MediaDefender call Revision3 when it was getting the goods? It's like a Peeping Tom going next door to tell the hot neighbor that she leaves her blinds up. It ain't happening folks.
I'd be more stunned by this incident if I didn't know it to happen all the time. Companies spy on each other--that's what so-called corporate intelligence departments are for. Now not all companies are as crooked as MediaDefender, but these things happen more often than you'd think. If you have an entry to monitor your enemy it's really hard to not watch. This behavior is galling, but there are a bunch of examples of these fun and games.
Baseline magazine had an excellent cover story detailing the corporate espionage market in 2004, the magazine apparently nuked its archive, but luckily the Wayback Machine had it. I hope you enjoy it given it took about a half hour to find the damn thing. Why would a media company cut off its long tail?