Friday , June 14 2024

RIAA Security Hoax

The RIAA website has been under regular attack by hackers for some time now. There may be some humor in the nature of some of the attacks, but as a method of publicizing displeasure with the organization the attacks are counterproductive, giving the RIAA PR and political ammo against computer enthusiasts in general.

The latest attack is not to the site itself, but against the organization in the form of a hoax security advisory:

    Several months ago, GOBBLES Security was recruited by the RIAA (
    to invent, create, and finally deploy the future of antipiracy tools. We
    focused on creating virii/worm hybrids to infect and spread over p2p nets.
    Until we became RIAA contracters, the best they could do was to passively
    monitor traffic. Our contributions to the RIAA have given them the power
    to actively control the majority of hosts using these networks.

    We focused our research on vulnerabilities in audio and video players.
    The idea was to come up with holes in various programs, so that we could
    spread malicious media through the p2p networks, and gain access to the
    host when the media was viewed.

    During our research, we auditted and developed our hydra for the following
    media tools:
    mplayer (
    WinAMP (
    Windows Media Player (
    xine (
    mpg123 (
    xmms (

    After developing robust exploits for each, we presented this first part of
    our research to the RIAA. They were pleased, and approved us to continue
    to phase two of the project — development of the mechanism by which the
    infection will spread.

    It took us about a month to develop the complex hydra, and another month to
    bring it up to the standards of excellence that the RIAA demanded of us. In
    the end, we submitted them what is perhaps the most sophisticated tool for
    compromising millions of computers in moments.

    Our system works by first infecting a single host. It then fingerprints a
    connecting host on the p2p network via passive traffic analysis, and
    determines what the best possible method of infection for that host would
    be. Then, the proper search results are sent back to the “victim” (not the
    hard-working artists who p2p technology rapes, and the RIAA protects). The
    user will then (hopefully) download the infected media file off the RIAA
    server, and later play it on their own machine.

    When the player is exploited, a few things happen. First, all p2p-serving
    software on the machine is infected, which will allow it to infect other
    hosts on the p2p network. Next, all media on the machine is cataloged, and
    the full list is sent back to the RIAA headquarters (through specially
    crafted requests over the p2p networks), where it is added to their records
    and stored until a later time, when it can be used as evidence in criminal
    proceedings against those criminals who think it’s OK to break the law.

    Our software worked better than even we hoped, and current reports indicate
    that nearly 95% of all p2p-participating hosts are now infected with the
    software that we developed for the RIAA.

    Things to keep in mind:
    1) If you participate in illegal file-sharing networks, your
    computer now belongs to the RIAA.
    2) Your BlackIce Defender(tm) firewall will not help you.
    3) Snort, RealSecure, Dragon, NFR, and all that other crap
    cannot detect this attack, or this type of attack.
    4) Don’t fuck with the RIAA again, scriptkids.
    5) We have our own private version of this hydra actively
    infecting p2p users, and building one giant ddosnet.

Whoa, scary and highly illegal if true. The RIAA says it isn’t:

    A hoax message posted to two security mailing lists Monday suggests that the Recording Industry Association of America has hired a group of hackers who have developed a worm capable of infecting and shutting down peer-to-peer file-sharing software. The hackers claim to have released the worm, on the RIAA’s orders, and that it now controls almost 95 percent of “all P2P participating hosts.”
    The RIAA said the message was a total fabrication.

    It’s a complete hoax,” said an RIAA spokesman in Washington. “Someone forwarded the message to us and that was the first we heard or read about it.”

    Although the existence of the worm and the RIAA’s involvement are clearly a hoax, there is a working exploit for a vulnerability in the Mpg123 media player attached to the message. Several sources verified that the code does in fact exploit a buffer overrun in the player.

    The outlandish claims are part of a “security advisory” supposedly written by a group called Gobbles Security. The group is known for publishing humorous advisories on serious software vulnerabilities, many of which are posted with exploit code.

    The message says the RIAA hired Gobbles “to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over P2P nets.” [eWeek]

The net result of all this should be a sobering reminder that such sabotage is not unthinkable, is in some form possible, and needs to be guarded against.

About Eric Olsen

Career media professional and serial entrepreneur Eric Olsen flung himself into the paranormal world in 2012, creating the America's Most Haunted brand and co-authoring the award-winning America's Most Haunted book, published by Berkley/Penguin in Sept, 2014. Olsen is co-host of the nationally syndicated broadcast and Internet radio talk show After Hours AM; his entertaining and informative America's Most Haunted website and social media outlets are must-reads: Twitter@amhaunted,, Pinterest America's Most Haunted. Olsen is also guitarist/singer for popular and wildly eclectic Cleveland cover band The Props.

Check Also

Tribeca Film Festival Review: ‘Brats’

In 'Brats' Andrew McCarthy meets with fellow actors to discuss how a New York magazine cover story, 'The Brat Pack,' impacted their careers.