From Wired
The Recording Industry Association of America may not want people to share digital files, but the organization certainly seems to be in favor of open access to its website.
On Monday, the RIAA site was hacked for the sixth time in six months.
This time, the defacement resulted in bogus press releases on the front door, touting the joys of cheese and interspecies romantic relationships.
The RIAA’s role as the music industry’s voice against digital piracy makes it an obvious target for those who are angered by what they see as the organization’s overly vehement crusade for copyright owners’ rights.
Since the RIAA site is such a tempting target, many wonder why the organization hasn’t made more of an effort to secure its site. On Monday, access to the site’s supposedly private innards was gained in much the same way as it was last August.
Some security experts said in no uncertain terms that the latest defacements indicate the RIAA is clueless about technology. They charge that this ignorance has resulted in the RIAA attempting to combat digital file sharing in ineffective, counter-productive ways.
“It’s obvious that they don’t get the Web, and they don’t get technology, or they’d understand how to protect their own website,” said Wall Street systems administrator Anthony Negil.
“The flaws that people are exploiting to access their site are elementary security issues and there’s no excuse for an organization that purports to understand the dark side of the Internet to leave such gaping holes in their own network infrastructure.”
In response to the August defacements, the RIAA upgraded its server software. But the software wasn’t the problem.
“My opinion is that the people at the RIAA (who are) making the statements about P2P hacking and the (Digital Millennium Copyright Act), the executives and legal staff, are completely disconnected from the technical folks who actually run the website,” said Robert Ferrell, a systems security specialist.
Ferrell and others predicted that if the RIAA escalates its anti-piracy efforts, the organization’s site will be completely knocked off the Internet.
“The RIAA honestly has no idea what they’re up against. They will be toast the first time they try to shut down a P2P network being used by any serious black hats,” Ferrell said.
The last time the RIAA site was hacked, downloadable pirated music was posted. This time, a URL allowing access to the RIAA’s system for posting press releases was made publicly accessible, allowing people to post messages which then appeared on the RIAA’s official press release page.
The hole stayed open for seven hours.
“Hey, don’t you think they should have noticed that press release urging people to have sex with barnyard animals by now?” one chat participant asked, several hours after the bogus press releases first hit the RIAA site.
“I believe that the RIAA honestly has no idea what they’re up against,” Ferrell said. “The RIAA and MPAA are Internet disasters of potentially epic proportions just waiting to happen, and while I don’t ordinarily side with defacers and script kiddies, in this case I’ll make an exception.”
You can read the entire story here.
Related Posts
- RIAA website has been hacked!
- RIAA hacked, Again!
- RIAA hacked (have we seen this before?)
- RIAA site hacked again, for the 3rd time!
- EliteTorrents.org Hacked or Shutdown?
Loading ...
