When MediaDefender rained down an attack of some 8,000 SYN packets a second on an open BitTorrent tracker that pointed the way to hundreds of thousands of copyrighted movies for the taking, it had no idea it was shuttering a legitimate San Francisco media company.

Revision3, the San Francisco-based site that produces and distributes the popular Diggnation show and others via the BitTorrent protocol, went offline over the Memorial Day weekend after its servers buckled under the attack. Revision3's distribution tracker was open, and was pointing the way for pirates to download copyrighted movies unbeknownst to Revision3.

MediaDefender is paid by the recording and motion picture industries to seed fake files to illicit torrent tracking services. When Revision3 closed the tracker during the holiday weekend, the result was a denial of service attack by MediaDefender, which had been seeding the tracker with fake torrents.

"Our systems were targeting a tracker not even knowing it was Revision3's tracker," Randy Saaf, Media Defender's CEO, said in an interview. "They were using the tracker as the tracker for their legitimate content. It had been open for years."

At Fenopy.com, Revision3's tracker was used for 296,000 downloads, mostly of unauthorized copyrighted movies, Saaf said.

Jim Louderback, Revision3's CEO, said the attack shut down the company's internet site, RSS server and internal corporate e-mail.

It's an open debate whether MediaDefender's actions were lawful, even when it targets illicit torrent-tracking sites pointing the way to unauthorized, copyrighted material. The FBI is examining the Revision3 affair.

One bureau source told Threat Level that it was a "gray" area in federal computer security law.

Then there's the area of corporate responsibility. Louderback said in an interview that Revision3 closed the hole in its tracker over the Memorial Day weekend and subsequently got slammed by MediaDefender.

"That's when MediaDefender went into overdrive and started pummeling us," Louderback said. "If a tracker was previously open and suddenly shut, their systems are automatically configured to put them out of business."

Saaf said MediaDefender had been seeding the tracker with fake torrents for some time. Fake files corrupt BitTorrent downloads.

"We saw an open BitTorrent tracker with a lot of pirated content on it. We had been posting fake files to their tracker. Over Memorial Day weekend, Revision3 changed some configurations," Saaf said.

MediaDefender, of Santa Monica, California, holds some 2,000 servers with a 9-GBps dedicated connection.

Louderback said if MediaDefender was "concerned that we were tracking copyrighted material, they should have called us."

He wondered aloud over what tragedy may have happened had Revision3 "been an airport using BitTorrent to distribute approaches to the runaway?"

See Also: