"Once This Hits 4chan, It's Over:" RIAA/MPAA Privacy/Security Failure

Written by Jolie O'Dell / May 14, 2009 8:58 PM / 28 Comments

Our good friends over at TechDirt discovered an interesting anomaly and enormous security hole in BayTSP's website today.

BayTSP, a Los Gatos, CA-based company, is best known for putting the cease-and-desist smackdown on peer-to-peer copyright violators. The site serves infringement information forms to offending parties on behalf of the copyright holders. Think of them as the online debt collectors of the BitTorrent universe, with all the information security risk that implies.

BayTSP's process involved sending suspected copyright violators a URL to a "Web Infringement Response System." These pages were online forms containing fields with infringement notice ID numbers, email addresses, IP addresses, DNS names, and URLs that would identify users by household or even by device.

If the information were secure, this might be fine. However, in some monumental lapse of judgement, the entire site was left open to search spiders and accordingly indexed by Google, allowing anyone with hackerish leanings ample opportunity to create all kinds of mischief.

A Google search for "'infringement information' site:baytsp.com" yields distressing results. Some of the pages have been removed, but you can still have a look at the cached versions:

Whoops!

Not only have the forms been online for Google and the waiting world to view; the forms could also be completed and submitted online by just about anyone.

More technically savvy tricksters could send infringement notices of their own. "And, on top of that," the TechDirt blogger writes, "some have discovered that BayTSP's site has some scripting vulnerabilities such that you could create a fake complaint and get people to, say, download malware or enter credit card data."

Although this recent debacle is simply one more PR disaster for the media industries themselves, my first thoughts were echoed by TechDirt commenter Mechwarrior: "Once this hits 4chan, it's over."

Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

"Once this hits 4chan, it's over."

Let make sure it hits 4Chan then ;)

Posted by: Tschai | May 15, 2009 5:27 AM

pity 4chan's down for a couple of hours.

Posted by: bazzar | May 15, 2009 5:42 AM

4chan... yick. bTard central.

Arrrrrrrr Matey!

Posted by: Anrkist | May 15, 2009 3:10 PM

too late it's over. 4chan has been up for a few days.

Posted by: black_box | May 16, 2009 9:05 AM

WHY WHY WHY would you give it that title? 4chan's gonna purposely troll it to death now

Posted by: anon | May 16, 2009 3:24 PM

@anon Call it my colorful sense of humor. =)

Posted by: Jolie O'Dell | May 16, 2009 3:30 PM

HEEEEEEEERE WEEEEEEEE COOOOOOOOOMEEEEEEEEEEEEE!!!!

Posted by: 4chan | May 16, 2009 3:58 PM

I love your sense of humor Jolie :-)

Posted by: Fabrice Epelboin | May 17, 2009 8:34 AM

here comes the dawning of doom

Posted by: deathwalker | May 25, 2009 3:36 PM

I'm 12 years old and what is this?

Posted by: Christian Chandler | June 1, 2009 3:03 AM

Eric, that's terribly racist. I believe you and you're terrible website (http://www.ebuamsworld.com/)needs to be taken down.

Posted by: Chips Handon | June 3, 2009 7:54 PM

It's up on 4chan now.

also, cocks

Posted by: mandingo | June 14, 2009 1:28 PM

LOLOLOLOLOL.

LOL. MICHAEL JACKSON.

Posted by: Habu Denver | June 14, 2009 1:31 PM

wow. This is serious bullshit.

Everything on my hard drive is pirated. Everything. Even my OS for god's sake. The RIAA can kiss the fattest part of my ass IMHO, since they can never, and will never, stop people from downloading free stuff. Bittorrent and P2P FTW.

Well, i'm off to download movies, or listen to free music, or play my cracked version of Crysis: Warhead.

anon (but not really anonymous, since some asshat will use the email address forcefully provided (but I put my real one anyways since that's how I roll) to look up my IP. If a cop knocks on my door I will be sure to flip them off and say "This one if courtesy of the entire fucking internet". They may catch one of us, but they cannot get us all.

letoast91@hotmail.com

hit me up

Posted by: anonymous | June 14, 2009 5:21 PM

"letoast91@hotmail.com"

it's people like you that draw attention to p2p and get it castrated.

Posted by: jas | June 14, 2009 7:15 PM

jas stfu your ghey

Posted by: mush | June 15, 2009 11:52 AM

IT AINT OVER TIL ITS OVER MOTHERFUCKER

▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲▲
▲ ▲
▲ ▲ ▲
▲ ▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲

Courtesy of Ebaums

Posted by: Anon | June 16, 2009 9:07 AM

I'm going to put my dick in your vagina now

Posted by: anonherek | June 19, 2009 4:52 PM

Obvious trap is obvious.

Posted by: What is this I don't even | June 19, 2009 11:22 PM

You fools. This has already hit 4chan.
Also, if the only thing you have to worry about cops finding on your hard drive is pirated movies... you're doing it wrong and are not a real /b/tard. GTFO newfag.
I'll tell you one thing... the partyvan shows up at my house... i'm ripping my HDD straight out and sticking it in the microwave... good luck finding any compromising data on that mwahahaha

Posted by: Anon | June 22, 2009 6:01 PM

we are hackers on steroids. we are ebaumsworld

Posted by: Pete. O'beare | June 30, 2009 7:31 PM

@20:

OR BLAST THEM WITH THE SHOTTY, LOL /K/ HERE

Posted by: Yomam | July 3, 2009 3:23 PM

Proof for the millionth time that the anti-piracy axis are bigger criminals than all the pirates of the world combined. Not that there's any point in pointing that out.

Posted by: Anamenous | July 3, 2009 3:34 PM

Not only was 4chan photoshopped but these comments are 'shopped as well.

Jolie O'Dell...how YOU doin'?

Posted by: Phil E. Drifter | August 4, 2009 5:06 AM