RIAA- The New Super Spy
by Wayne Porter
We have talked a lot about spyware, malware and adware programs that are being installed by some file sharing applications. There exist some obvious drawbacks for users as many services install BHO?s, or throw-up pop-up ads in order to monetize the file sharing service. After all nothing in life is every truly free and there is usually a price that has to be paid by someone, somewhere down the line. Now the price is starting to get steep for some users as the Recording Industry Association of America has went on a rampage of lawsuits against individuals who are sharing copyrighted files via P2P networks. ? Who or what is RIAA?The Recording Industry Association of America (RIAA) is the trade group that represents the U.S. recording industry. According to their website their mission is ?to foster a business and legal climate that supports and promotes our members' creative and financial vitality.? Their members are the record companies that comprise the most make up most of the music industry. To give you an idea about the RIAA?s reach their members create, manufacture and/or distribute approximately 90% of all legitimate sound recordings produced and sold in the United States. In short the RIAA is a corporate behemoth. ? So what is the scoop?If you or someone in your household has used Kazaa, Grokster or any other file-swapping software application recently and you have left your computer open to the internet then you do run, albeit a somewhat remote, legal risk. The RIAA continues their mission to single out users for lawsuits on the grounds of infringement. Here's a quick look at how the RIAA conducts their digital spying missions. Savvy spyware enthusiasts will note how some of the methodology mimics the same techniques used by anti-spy authors in matching digital footprints against target lists. Shared Folders- The world?s gateway to your PC.If you have a shared folder on Kazaa, Morpheus, Grokster or using any other service your file sharing activity can be monitored by the outside world- this includes the RIAA. The RIAA now uses automated tools that search for files and compare it to their ?hit list?. When it finds a person sharing a file on this list, it downloads all or some of the files to verify the content. Once verified they take screenshots of the information on the person?s shared folder. Naturally this evidence, with date and timestamps, is what will surface in court. Next they capture the IP address of the person sharing the files. While using proxy servers can complicate this type of investigation the information usually isn?t that hard to get. Remember your IP address can tell people a lot of information about your connection. For example, what city region you are connected from and what ISP you are using. When cross-referenced with ISP records a party can correlate your online activities with the ISP?s records to verify your machine was involved. This is not always a bad thing as this can be very useful to triangulate in on hackers or fraudsters but it certainly makes you wonder about your privacy doesn?t it? Digital Footprints- They are real.The RIAA hasn?t stopped with simple IP address gathering and they are now taking cues from the current spyware versus anti-spy battle to refine espionage techniques to trap users. Once they have the file they can check the artist's name, title, and any metadata information attached to the files, looking for information that may indicate what piece of software has been used to create the file or any messages left behind by the original file ripper. Often your favorite song player can show you this metadata. Interestingly enough this same technique can be used for documents like the one?s created in Microsoft Word to ferret out all kinds of interesting information about who created a document or has read a document or signed off on a document. Remember that even if you can?t see the information documents and files hold many digital clues for those with trained eyes. The RIAA analyzes, in minute detail, some of the files' contents to ferret out information to match against their databases of "hashes,. Hashes work like digital fingerprints. These hashes can identify songs that were swapped online as far back as the Napster era. Investigators check these fingerprints against their databases and look for matches. A positive match means the file has more than likely originated from the original Napster file they built. Once they have collected all the digital fingerprints, IP addresses, and screen shots they head to court to get a subpoena. (The term comes from the Medieval Latin sub poena, which means "under penalty?.) While some ISPs are fighting the subpoenas, most have been forced to comply. The bottom line is to never, ever rely on your ISP for privacy. So what can you do about it?If you want to continue safer digital sharing the easiest thing to do is to disable the "sharing" or "uploading" features on your software application that allow other users on the network to get copies of files from your computer or your music directories. For help on how to do this for popular applications check the Duke University list below. Grokster http://www.oit.duke.edu/helpdesk/filesharing/grokster.html Morpheus http://www.oit.duke.edu/helpdesk/filesharing/morpheus.html KaZaA http://www.oit.duke.edu/helpdesk/filesharing/kazaa.html (Warning: Some versions are reported to contain adware) Aimster/Madster Windows http://www.oit.duke.edu/helpdesk/filesharing/aimster.html Mac OS http://www.oit.duke.edu/helpdesk/filesharing/aimster_mac.html Mactella http://www.oit.duke.edu/helpdesk/filesharing/mactella.html Gnucleus http://www.oit.duke.edu/helpdesk/filesharing/gnucleus.html Gnotella http://www.oit.duke.edu/helpdesk/filesharing/gnotella.html LimeWire MacOS http://www.oit.duke.edu/helpdesk/filesharing/limewiremac.html Windows http://www.oit.duke.edu/helpdesk/filesharing/limewirewin.html BearShare http://www.oit.duke.edu/helpdesk/filesharing/bearshare.html iMesh http://www.oit.duke.edu/helpdesk/filesharing/imesh.html WinMX http://www.oit.duke.edu/helpdesk/filesharing/winmx.html Also be sure you don?t have filenames of artists that are RIAA members since these are the artists they are targeting. You should check their site (http://www.riaa.com/about/members/) to get an idea just what artists could lead you into hot water. You might also wish to turn off the ?supernode? feature that many file sharing applications offer since the RIAA seems to be going after Supernodes on P2P networks. Consult your file sharing software application documentation for details on how to turn off supernode functionality. Most importantly remember to use caution and common sense. While the chances of being targeted with a lawsuit are remote they do exist. You must evaluate if it is worth taking the risk. The safest choice is to ensure that you are not sharing copyrighted information. Unfortunately punitive damages and legal settlements can easily outweigh the damage that annoying adware can cause.
This article is copyright 2005 by XBlock.com.
It may not be reprinted or copied without the express written consent of the author.
Read other articles (back to full list)
|