What the DOS Attack Against Revision3 Was Really About

The denial-of-service attack against online video distributor Revision3 continues to make waves. Revision3 CEO Jim Louderback revealed yesterday that his company had identified the anti-piracy outlet Mediadefender as the source of a massive flood of messages that brought Revision3’s infrastructure to its knees.

The incident is one more blow for Mediadefender, which has been in the headlines for the better part of the last year for its attempt to start a P2P distribution platform that critics viewed as entrapment, as well as for a hacker attack against its own servers that culminated in the leak of over 600 corporate emails. It also seems to be a clear-cut case for Revision3. The company uses BitTorrent to serve its own legal content and shouldn’t have been targeted by Mediadefender in the first place. It’s good vs. evil, startup versus corporate muscle, right? Well, it’s a little more complex than that — it even involves an aging action hero on a mission.

It all started with Rambo. A blogger that calls himself “The Lazy Canadian” was looking for some entertainment last weekend. He decided to give the latest Rambo flick a try, and scoured the net to find a torrent somewhere. This didn’t take too long, but he was surprised when he noticed that the tracker associated with the torrent in question belonged to Revision3. He published a quick post about it on the Revision3 forums, which prompted the company to take a second look at its torrent tracker.

Revision3 is running a torrent tracker to facilitate the BitTorrent downloads of its own shows, but it turned out that the company perhaps accidentally had been running this tracker server in a way that allowed anyone to use it for its own torrents as well. This is known in P2P circles as an “open tracker,” and BitTorrent uploaders have been making use of Revision3’s open tracker for years. The BitTorrent web site BTMon.com lists more than 22,000 torrents (not safe for work) associated with Revision3’s tracker, with the downloads in question ranging from current Hollywood blockbusters to pop and pornography. Some of these torrents were published as early as four years ago.

Mediadefender used this open tracker in the same manner as other BitTorrent users — to publish its own content — which mainly consists of corrupted and decoy content aimed to frustrate downloaders. It’s unclear how many of those 22,000 torrents were actually from Mediadefender, but the list of files makes it clear that there was a good amount from other sources as well. It’s just very unlikely Mediadefender was hired to spread decoys of biology term papers.

Revision3 took a step against those 22,000 torrents a few days ago by installing a white list that barred the server from tracking any torrent not officially sanctioned by the company. Mediadefender’s servers reacted by flooding Revision3 with thousands and thousands of messages. Louderback published a very detailed account of the incident on Revision3’s blog, and speculated that “MediaDefender’s servers freaked out, and went into attack mode.”

While it would be easy to point fingers at Mediadefender and claim they tried to sink a tracker server that wasn’t cooperating with them, it’s far more likely that they were just running a shoddy script that went out of control. That’s still negligent, but it happens — and it wouldn’t really have made any headlines if Mediadefender wasn’t in the anti-piracy business. In fact, the whole story seems to be a little overblown. It boils down to two admins not doing their job, with one working at Revision3 and allowing its servers to track 22,000 warez, movie and porn torrents, and one working at Mediadefender and running scripts that don’t know when to stop.

Of course, there is another issue at hand here. The incident is further proof that technical anti-piracy measures don’t work. Trying to protect content by impairing a technology is a strategy that’s poised to backfire because you’re targeting the technology and not the bad guys, and technology gets used by honest people, too. That’s been true for DRM, and it’s been true for online-based anti-piracy efforts for some time as well. Just mark this one as another defeat for the idea of technical control.

Disclosure: Revision3 produces The GigaOM Show (which is currently on hiatus).