FYI: Anyone seen this?

Wed Jan 15 01:16:31 UTC 2003

 From ISN:


>http://www.theregister.co.uk/content/6/28842.html
>
>By Andrew Orlowski in San Francisco
>Posted: 14/01/2003
>
>The RIAA is preparing to infect MP3 files in order to audit and
>eventually disable file swapping, according to a startling claim by
>hacker group Gobbles. In a posting to the Bugtraq mailing list,
>Gobbles himself claims to have offered his code to the RIAA, creating
>a monitoring "hydra".
>
>"Several months ago, GOBBLES Security was recruited by the RIAA
>(riaa.org) to invent, create, and finally deploy the future of
>antipiracy tools. We focused on creating virii/worm hybrids to infect
>and spread over p2p nets," writes Gobbles.
>
>"Until we became RIAA contracters [sic], the best they could do was to
>passively monitor traffic. Our contributions to the RIAA have given
>them the power to actively control the majority of hosts using these
>networks."
>
>Gobbles claims that when a peer to peer host is infected, it catalogs
>media and sends the information "back to the RIAA headquarters
>(through specifically crafter requests over the p2p networks) where it
>is added to their records", and also propagates the exploit to other
>nodes.
>
>"Our software worked better than even we hoped, and current reports
>indicate that nearly 95% of all p2p-participating hosts are now
>infected with the software that we developed for the RIAA."
>
>The "hydra" is uncorroborated.
>
>Gobbles attached two pieces of code, one of which jinglebellz.c
>details a frame header exploit for the Linux player mpg123. The code
>chastises OpenBSD lead Theo de Raadt for failing to checksum the
>public MP3s (written to celebrate each OpenBSD release). The group has
>singled out OpenBSD in its previous exploits
>
>In their presentation to last year's DefCon, the group described
>itself as "the largest active nonprofit security group in existence
>(that favors full disclosure)," consisting of 17+ members.
>
>"They're real, and they're damn good. They have made what appeared to
>be extremely exaggerated claims in the past, and when mocked, they
>have demonstrated that they are serious," one security expert familiar
>with their work, who declined to be named, told The Register.
>
>"He's a funny guy," De Raadt told us. "This is a buffer overflow
>exploit," he confirmed. De Raadt said he was more concerned by social
>engineering than by external exploits. "We had Fluffy Bunny, now we
>have Gobbles. They come in waves. "
>
>An exploit of this nature is of dubious legality, right now, but
>language in Howard Berman's "P2P Piracy Prevention" bill last year
>legitimizing such exploits was backed by RIAA chief Hilary Rosen:-
>
>The Berman bill, ensured a copyright owner would not be liable for
>"disabling, interfering with, blocking, diverting, or otherwise
>impairing the unauthorized distribution, display, performance, or
>reproduction of his or her copyrighted work on a publicly accessible
>peer-to-peer file trading network, if such impairment does not,
>without authorization, alter, delete, or otherwise impair the
>integrity of any computer file or data residing on the computer of a
>file trader." Berman is expected to re-introduce the bill in this
>Congressional session.