• United States
by Ann Harrison

P2P worm created with RIAA blessing, group claims

Jan 23, 20032 mins
Enterprise ApplicationsSecurity

* Gobbles Security claims development of P2P tracking worm

Last week, I wrote about a hole in the Recording Industry Association of America’s Web site that allowed anyone to post a bogus RIAA press release. In this week’s news comes another example of hackers having some fun at the expense of the recording industry.

This episode involved a group called Gobbles Security which posted an announcement on the BugTraq mailing list alleging that it was helping the RIAA infect MP3 files. The group claimed to have developed a “hydra” or a worm to audit P2P traffic and disable file-swapping systems.

The group said it was focused on creating virii/worm hybrids that could infect and spread over P2P networks. Gobbles claimed that its tool allowed the RIAA to move beyond passively monitoring P2P traffic to actively controlling the majority of hosts using these networks. When a P2P host is infected, Gobbles said the “hydra” catalogs the material and sends the data back to RIAA headquarters while propagating the exploit to other nodes.

“Our software worked better than even we hoped,” said the Gobbles posting, “and current reports indicate that nearly 95% of all P2P-participating hosts are now infected with the software that we developed for the RIAA.”

The RIAA denounced the claim as a complete hoax. But the announcement contained enough grains of truth to make the point that such measures could be used against file traders. A piece of software code attached to the notice describes an actual, working frame header security exploit for the Linux MP3 player MPG123. Plus the RIAA’s efforts against piracy is supported by Rep. Howard Berman’s “P2P Piracy Prevention” bill, which would allow the RIAA to conduct such security exploits against P2P users without legal liability.

The RIAA did begin to back away from that position on Jan. 14 when it issued a policy statement entitled: “Technology and Record Company Policy Principles.” According to the statement: “The role of government, if needed at all, should be limited to enforcing compliance with voluntarily developed functional specifications reflecting consensus among affected interests.”

Is there consensus among affected interests? Depends how you define “interests.” Certainly there is not much consensus between the entertainment industry and P2P networks and their users. Berman is expected to reintroduce his the bill in this Congressional session.