• United States
by Ann Harrison

RIAA Web site hacked again

Jan 16, 20032 mins
Enterprise Applications

* Attacks on RIAA site betrays its technical ignorance

The relentless effort by the Recording Industry Association of America to battle against file traders has made the organization an obvious target for attacks on its Web site. At the end of December, the RIAA’s site was hacked for the sixth time in six months. During one past hacking episode, attackers posted downloadable copyrighted music just to make their point.

You would think that after all those past attacks, the RIAA would do something to secure its site.  But the organization’s cluelessness about the technical imperatives of digital file trading evidently extends to its own Internet presence.

Remember this is the organization that wants to hack into YOUR hard drive in search of alleged copyrighted material and yet be shielded from lawsuits by injured computer owners. It also wants to use the Digital Millennium Copyright Act to prosecute and jail people who develop ways to circumvent content scrambling systems, even if they legally own the material. A Norwegian court has just acquitted Jon Johansen who was prosecuted by the U.S. movie industry for doing this very thing with security codes on DVD movies.

Security analysts say that the most recent attack on the RIAA site exploited an elementary security hole that any competent systems administrator could have corrected. The RIAA had reportedly upgraded its server software after a past attack. But this did not repel the most recent attackers who publicly posted an URL allowing access to the RIAA’s system for displaying RIAA press releases.

Of course lots of people took the opportunity to post nasty messages and fake press releases on the RIAA’s official press page. The URL kept circulating on Internet relay chat groups, but the security hole stayed open for seven hours.

Is the RIAA awake?

The RIAA later said the delay occurred because the attack took place during a vacation week. This is an organization that wants to dictate the terms on which you can use the Internet. If the RIAA continues to target Internet users in its so-called antipiracy campaigns, it will remain the target of escalating cyberattacks that may well knock its site off the Web entirely.