[OT] Did you know....

[MarauderX]

that the National Institute of Science and Technology (NIST) was hacked last week? Do you know who really was behind it?

Two NIST employees were downloading music using a peer-to-peer service on NIST machines, while at work. They were also burning CDs of the music they downloaded. Ok, so they were bad.

The Recording Industry of America (RIA) hired computer consultants (basically hackers) to track large volumes of music downloads, find out who the individuals were, and report what they found back to the RIA. Then the RIA would send the individuals a tersely worded letter stating that if they did not cease sharing the illegal downloads they could and would press charges.

So what happened? The consultants illegally broke through the various NIST firewalls to find the two employees who had that large volume of shared files, then discovered where they worked and who they were. NIST found out that they had been hacked and fired the two employees for the abuse of their computers as well as creating a breach in security before the RIA could figure out how to handle this touchy situation. NIST has not filed charges against the hackers or the RIA, and it doesn't look like the RIA is planning to change their tactics of hiring hackers.

"Ok, dude, what's your point?"

The point is what the RIA is doing is wrong, nothing is being done about it, and watch your back as well as your firewall. They are promoting consultants to illegally infiltrate corporate and private machines to stop file sharing. The RIA is not going after the file sharing services, as these programs will probably keep multiplying and morphing into something new that is hard to keep up with. Instead they will go after a firmly established network, like, say, kazaa, and track your downloads and activities for a while before sending you a strongly worded letter.

Just thought you should know.

 

[alsih2o]

this is sweet irony on multiple levels.

the hackers chasing the thieves stumble into a scientific database.

wow, geek campaign awaits!

seriously tho, when vigilantism is the only recourse....

 

[Pseudonym]

Do you have a link or other source for this information nugget?

 

[dshai527]

As an information security analyst for a medium size company, this has come on our radar screen lately. We have been looking into the legal liability that is posed to our comapny from our users that employ our T-1's and T-3's to download and store music.

It seems that there are many lines drawn in the sand right now and lots of attacks going both ways. I think that if the DoJ doesn't stand up and make a ruling that things will get very ugly soon. From an insiders perspective on the corporate front it is becoming more and more difficult to protect yourself and still be in compliance with federal and state laws.

What we are starting to see is large companies hiring hackers and security teams to protect their assets or launch assualts on those who try to breach their defenses. Viruses are being released (FIZZER) that attack P2P networks. It is almost like a bad plot from a Cyber Punk campaign where it seems that corporations have more power than the legal system. It is the wild wild west all over again except in virtual boot hill.

 

[Wippit Guud]

Does anyone else feel like they just read a Shadowrun story hour?

 

[pennywiz]

Two NIST employees were downloading music using a peer-to-peer service on NIST machines, while at work. They were also burning CDs of the music they downloaded. Ok, so they were bad.

The Recording Industry of America (RIA) hired computer consultants (basically hackers) to track large volumes of music downloads, find out who the individuals were, and report what they found back to the RIA.

---

The point is what the RIA is doing is wrong, ---

Are you saying one is only 'bad' and the other is 'wrong'?

 

[Heretic Apostate]

Okay, is there a LEGAL method to download and burn CDs? I stopped buying CDs when I realized I was paying $15 for a CD to get at most two or three songs that I liked. (Note: I have not now, nor have I ever, downloaded copyrighted music. Nor do I advocate such.)

If there was a site that would let you preview songs to see what you like, then design your own CDs, and have them mailed to you, that would be great. I'm currently paying $5 per song I like. I'd be willing to pay up to $2.50 per song I like (so the typical CD would have 12 tracks, that's $30, but of songs I love, without having to skip over 75% of them) for this service, as long as it's perfectly legal.

Until then, I'm stuck with three radio stations all well out of my area. I have to flip between them as they fade out, and sometimes all three of them are running commercials at the same time. Not fun.

 

[MarauderX]

Are you saying one is only 'bad' and the other is 'wrong'?

Not really. Both acts are illegal and should not be done; but violate rights of privacy to do it? Police are not allowed to go into your home without a search warrant, and even so can only search for the item(s) that the warrant expressly states. Are computer networks that much different? Are the files on your machine yours (or for your use on your machine) or public domain? I know I don't want anyone cruising around on my home or work LAN searching for anything that they deem was downloaded illegally. And right now the RIA has unleashed the hounds with the claim of 'Probable Cause,' which isn't good enough for me.

Does anyone else feel like they just read a Shadowrun story hour?

Yeah, very much so... eerie isn't it?

 

[Eridanis]

Moved to Software & Computers forum.

 

[dshai527]

I know there are some legal alternatives for downloading music and I also realize that they are not as convinient as the free ones, but I think the larger issues here is what the music industry is doing and what the DoJ is allowing them to do.

The RIA is not a law enforcement agency and even if they were what they are doing would be equal to an illegal search and seizure. What we are seeing is hired guns to keep internet justice. These worms and hack attacks that they have initiated could take down corpoarte networks or divulge sensitive information. Especially since many of these companies may not be aware that their employees are committing the crime.

The other side of the ball you have to ask what kind of person would endanger his company's reputation, legal rights and his own job just to download music. I will not comment on whether it is right or wrong to download music from these P2P sites, but to do it at work just seems idiotic. (I say that with no intention of offending anyone, I do realize that not everyone knows the inherent danger of a P2P network, much less the legal risks that the illegal activities pose to their hiring company).

In my opinion both sides are wrong, (All three if you count that the Institute should have kept better measures in place to stop the employees from downloading) but only one side is taking the law into their own hands and endangering the system by doing it. My hope is that congress can get with the technology age and finally pass some laws and enforce some viable laws that do not limit the internet or an individuals fair use rights.

Just my rant.