Anyone seen this?

Wed Jan 15 01:57:40 UTC 2003

Thanks Arjen,
Glad to see that...the most disturbing part here, is the creation of a DDos 
network. When I read that, I could clearly see conflict with computer 
intrusion statutes.

At 14:36 1/15/03 +1300, you wrote:
>Hoax.  See www.e-secure-it.us Global security News
>
>A hoax message posted to two security mailing lists Monday suggests that the
>Recording Industry Association of America has hired a group of hackers who
>have developed a worm capable of infecting and shutting down peer-to-peer
>file-sharing software. The hackers claim to have released the worm, on the
>RIAA's orders, and that it now controls almost 95 percent of "all P2P
>participating hosts." The RIAA said the message was a total fabrication.
>"It's a complete hoax," said an RIAA spokesman in Washington. "Someone
>forwarded the message to us and that was the first we heard or read about
>it." The outlandish claims are part of a "security advisory" supposedly
>written by a group called Gobbles Security. However, the message bears
>little resemblance to the group's other advisories and also seems to make
>fun of Gobbles' habit of posting vulnerability information and exploits
>without notifying affected vendors in advance.
>
>Cheers,
>Arjen
>New Zealand
>
>
>
>-----Original Message-----
>From: blitz [mailto:blitz at macronet.net]
>Sent: Wednesday, 15 January 2003 2:17 p.m.
>To: nanog at merit.edu
>Subject: FYI: Anyone seen this?
>
>
>
>  From ISN:
>
>
>
>
> >http://www.theregister.co.uk/content/6/28842.html
> >
> >By Andrew Orlowski in San Francisco
> >Posted: 14/01/2003
> >
> >The RIAA is preparing to infect MP3 files in order to audit and
> >eventually disable file swapping, according to a startling claim by
> >hacker group Gobbles. In a posting to the Bugtraq mailing list,
> >Gobbles himself claims to have offered his code to the RIAA, creating
> >a monitoring "hydra".
> >
> >"Several months ago, GOBBLES Security was recruited by the RIAA
> >(riaa.org) to invent, create, and finally deploy the future of
> >antipiracy tools. We focused on creating virii/worm hybrids to infect
> >and spread over p2p nets," writes Gobbles.
> >
> >"Until we became RIAA contracters [sic], the best they could do was to
> >passively monitor traffic. Our contributions to the RIAA have given
> >them the power to actively control the majority of hosts using these
> >networks."
> >
> >Gobbles claims that when a peer to peer host is infected, it catalogs
> >media and sends the information "back to the RIAA headquarters
> >(through specifically crafter requests over the p2p networks) where it
> >is added to their records", and also propagates the exploit to other
> >nodes.
> >
> >"Our software worked better than even we hoped, and current reports
> >indicate that nearly 95% of all p2p-participating hosts are now
> >infected with the software that we developed for the RIAA."
> >
> >The "hydra" is uncorroborated.
> >
> >Gobbles attached two pieces of code, one of which jinglebellz.c
> >details a frame header exploit for the Linux player mpg123. The code
> >chastises OpenBSD lead Theo de Raadt for failing to checksum the
> >public MP3s (written to celebrate each OpenBSD release). The group has
> >singled out OpenBSD in its previous exploits
> >
> >In their presentation to last year's DefCon, the group described
> >itself as "the largest active nonprofit security group in existence
> >(that favors full disclosure)," consisting of 17+ members.
> >
> >"They're real, and they're damn good. They have made what appeared to
> >be extremely exaggerated claims in the past, and when mocked, they
> >have demonstrated that they are serious," one security expert familiar
> >with their work, who declined to be named, told The Register.
> >
> >"He's a funny guy," De Raadt told us. "This is a buffer overflow
> >exploit," he confirmed. De Raadt said he was more concerned by social
> >engineering than by external exploits. "We had Fluffy Bunny, now we
> >have Gobbles. They come in waves. "
> >
> >An exploit of this nature is of dubious legality, right now, but
> >language in Howard Berman's "P2P Piracy Prevention" bill last year
> >legitimizing such exploits was backed by RIAA chief Hilary Rosen:-
> >
> >The Berman bill, ensured a copyright owner would not be liable for
> >"disabling, interfering with, blocking, diverting, or otherwise
> >impairing the unauthorized distribution, display, performance, or
> >reproduction of his or her copyrighted work on a publicly accessible
> >peer-to-peer file trading network, if such impairment does not,
> >without authorization, alter, delete, or otherwise impair the
> >integrity of any computer file or data residing on the computer of a
> >file trader." Berman is expected to re-introduce the bill in this
> >Congressional session.