Death By Email Blog

MediaDefender's poor reputation on the Internet became much worse this weekend with the leak of nearly 700MB of email and VOIP calls on the Internet.  The emails go back over six months, with the most recent dated September 2007.  It includes mail from top executives and personal content, such as Social Security and bank account numbers.  But, it is the information on their business practices that is bringing the attention of the blogging community.

"The emails reveal many aspects of MediaDefender's elaborate P2P (peer-to-peer networking) disruption strategies, illuminate previously undisclosed details about the MiiVii scandal, and bring to light details regarding MediaDefender's collaboration with the New York Attorney General's office on a secret law enforcement project," reported Ars-Technica, which has studied the messages for days.

There is little discussion about the legality of the leak.  According to Ars-Technica, "MediaDefender employee Jay Mairs forwarded all of his company e-mails to a Gmail account, which was eventually infiltrated."  There is no discussion about how the account was infiltrated.  Therefore, unlike the Enron emails, which were legally released to the public via the Federal Energy Regulatory Commission, these messages may or may not be subject to action in the future.

In the meantime, the Internet is buzzing with the content.

MediaDefender describes itself as "the leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention (IPP) industry.  We provide services that stop the spread of illegally traded copyrighted material over the Internet and Peer-to-Peer networks."

However, it is their methods that get attention.  "Among the services it offers are "decoying" and "spoofing" -- flooding the Internet with fake files that mimic real content to make it difficult for pirates to find the real thing. It also offers "leak alerts" that tell the studios and labels which of their products are circulating among Internet pirates," according to today's Wall Street Journal.

The MiiVii software would allegedly track a user's activity without their knowledge and report the information back to MediaDefender, according to the Journal, citing copies of the e-mails circulating on the Web. (CNet)

"According to at least one email, MediaDefender also appeared to be considering software to co-opt MiiVii users' computers and turn them into antipiracy machines that would send out bogus files across the Internet to hinder other users' attempts to download copyright content. Such files appear to be valid copies of the pirated song or movie, but in fact would come up empty or tie up downloaders' computers for hours. Mr. Saaf (Media Defender's CEO) denied the company has such plans," according to the Journal.

"At first we couldn’t believe that it was real," said Ars-Technica, "but after we scanned through the e-mails it became clear that it was indeed the real deal. Hundreds of IPs and logins to their servers, lists of their decoy/entrapment trackers, decoy strategies, the effectiveness of their fake torrents (in many cases with a breakdown of success, title specific), high and low priority sites, .torrent watch lists, information on their monitoring of competitors, pictures of their weekend trips and even the anti-piracy strategy for dealing with The Simpsons Movie leak:

# REMINDER: “The Simpson’s Movie” premieres this Friday (to Torrents).

* Decoy files are available in torrents MDfile server.
* Use Public Trackers for pre-Leak releases.
* Create two new trackers for this project.
o Ebert to inform Torrents of these new machines.
* Send a list of 5 release names from each torrent team member to Ebert.
* REMEMBER to input torrent file into interdiction if a real Leak is available this weekend.

My personal favorite is the Wall Street Journal's coverage of an Internet-based phone call.  "One phone call circulating as an audio file on the Internet purports to be a discussion between the office of the New York State attorney general and MediaDefender, which appeared to be working with it on a child-pornography crackdown. During the call, the issue of security comes up, and a MediaDefender employee assures the attorney general's staff that communications are secure. Just before that, the call cuts in and out and the employee asks if they are on a mobile phone; a staffer explains they are actually calling using an Internet phone line."

I anticipate that we will see many web sites reviewing the emails and phone calls over the days, weeks, and years to come.  There will probably be some legal action and, given the nature of MediaDefender, I would not be shocked if there were some arrests.  Yet, the email content will be on the web for anyone to view.  Once the genie is out of the bottle, it is hard to put it back in.