How To Frame a Printer For Copyright Infringement

An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."

Glad it's in a reputable media source

[pwnies]

While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on /.) will soon realize just how ludicrous these methods are.

Re:Glad it's in a reputable media source

[Tom90deg]

Nobody expects the Spanish Inquisition!

Re:Glad it's in a reputable media source

[Mephistro]

I'm a spanish Inquisitor, you insensitive clod!

Re:

[city]

Then think of the Inquisitees, you insensitive clod! [wikipedia.org]

Re:Glad it's in a reputable media source

[illeism]

and you are quite unexpected

Re:Glad it's in a reputable media source

[sm62704]

You must be new here. Amongst our weaponry are such diverse elements as fear, surprise, ruthless efficiency, an almost fanatical devotion to the Pope, and nice red uniforms - Oh damn! I can't say it - you'll have to say it.

Re:Glad it's in a reputable media source

[just_another_sean]

...nice red uniforms ...

And... A comfy chair!

Re:Glad it's in a reputable media source

[MobileTatsu-NJG]

I'm a spanish Inquisitor, you insensitive clod!

Insensitive? He made that joke expecting you to not show up!

Re:Glad it's in a reputable media source

[Eudial]

Nobody expects the Spanish Inquisition!

Our three weapons are fear, surprise, and ruthless efficiency. And bogus copyright claims. Our four, ... no. Amongst our weaponry are such diverse elements as: fear, surprise, ruthless efficiency, and bogus copyright claims. ... I'll come in again.

Re:Glad it's in a reputable media source

[DoofusOfDeath]

Nobody expects the Spanish Inquisition!

Ha HAH! The Spanish Inquisition never expected a Hewlett Packard !

Re:Glad it's in a reputable media source

[greed]

"You are accused of heresy, in thought, word and deed! How do you plead?"

PC LOAD LETTER

Re:Glad it's in a reputable media source

[nbowman]

PC Load letter, what the fuck does that mean?!

Re:

[jonbryce]

You have A4 paper in my tray. The computer has asked me to print on Letter sized paper. Please could you insert some Letter sized paper in the tray. (or fix MS Word to use A4 as the default paper size)

Re:

[Anonymous Coward]

Whoosh!

Indeed this subtle joke was missed by the HP Printer posting on slashdot.

Re:Glad it's in a reputable media source

[HTTP Error 403 403.9]

Only old people expect the Korean inquisition.

Re:Glad it's in a reputable media source

[TheRedSeven]

Yes, but will this sort of study ever make it to trial in any shape or form that is likely to put the kibosh on the MAFIAAs strongarm tactics?

Unless the little guys can pony up the cash to get these guys as expert witnesses, the MAFIAA will simply commission their own, contradictory study in order to discredit this one.

I hope at some point (and some point SOON) we get a critical mass of people and evidence against the big industry players so that they'll stop this crap. I don't think it'll happen though--there's just too many dollars at stake for them to give up.

Re:Glad it's in a reputable media source

[Hyppy]

Somewhat offtopic, but related to your post. The EFF maintains a mailing list for technologists who would be willing to assist as witnesses or in other ways for cases such as this. When an attorney needs an expert witness for, say, a defense case against the RIAA, the EFF happily forwards it to this list. http://www.eff.org/about/opportunities/volunteer [eff.org]

Re:Is this safe?

[gstoddart]

What's to prevent the RIAA from having fake "experts" volunteer to do this, only to offer easily-refuted arguments in court?

What? Conspire to subvert the legal system, and come close to perjury? I say, bring it on and let the jail terms fly.

Presumably, the EFF would vet their people, but I should think intentionally doing what you suggest might get you some kind of sanctions.

Then again, your cynicism might not be completely unfounded. Which, is a depressing thought.

Cheers

Re:Is this safe?

[jd]

British Nuclear Fuels Limited used to do that all the time, during lawsuits over dangerous levels of contamination in the environment.

Re:

[Original Replica]

They don't need "fake" experts they just need "real" experts that emphasis points that they want heard and minimize points they don't. In an adversarial legal system each side does this; it's up to the jury to decide which expert is full of it.

Your point makes me wonder if in this day and age we don't need non-biased experts in the same way we need non-biased jurors. I would propose that each court district should have and online listing of which experts are needed, and volunteering to fill that need woul

Re:Glad it's in a reputable media source

[liegeofmelkor]

I think there is another reason to be glad that is more important than being in the media, IMHO. An NSF grant-backed publication from a large research institution will carry some weight in court.

IP address spoofing has been invoked by the defense in previous lawsuits to attack the prosecution's investigation methods, however, this assertion has always had to be provided by an expert witness. A scholarly publication backed by the U of W and the NSF will bolster this point. It might even stick with a jury (who knows). Anyway, this will come in handy in the courtroom, I think.

Re:Glad it's in a reputable media source

[PhreakOfTime]

The other favored method these days seems to be sending out non-sensical Cease and Desist [demystify.info] Letters claiming all sorts of things, including copyright infringement, and CRIMINAL charges because someone has a domain that you want.

Caton Commercial [willcounty...tcourt.com] engages in this, and seems to find this practice acceptable.

Case 08OV003345

[Mateorabi]

I liked Case # 08OV003345:

CVS PHARMACY STORE 6 24 8 402 130 08OV003345 0 SALE OF EXPIRED BABY 1-7 Arraignment

I mean what gall they have to sell expired babies to their customers!

Re:

[DMUTPeregrine]

Baby bones lose the satisfying crunch after a few days, and the flesh is just not nearly as flavourful. Selling expired babies should be a crime.

Re:Glad it's in a reputable media source

[anexkahn]

someone should start spoofing MPAA machines of sharing music and RIAA machines of sharing movies...that should make for some fireworks!

PC LOAD MUSIC

[GigaHurtsMyRobot]

Maybe now my employer will have to take down that LaserJet IIIp and upgrade to a newer model.

Re:PC LOAD MUSIC

[Anonymous Coward]

PC Load Music?

WTF does that mean?

Re:

[conteXXt]

it's an old printer error message

PC (Paper Cartridge) Load LETTER

(out of letter sized paper)

Re:PC LOAD MUSIC

[omeomi]

whoosh!

Re:PC LOAD MUSIC

[Anonymous Coward]

From God^H^H^HWikipedia:

The term was popularized by the comedy cult film Office Space. Michael Bolton (David Herman), one of the three main characters, reads the error message from the LCD status display on a fax machine, after which he asks, "'PC Load Letter'? What the fuck does that mean?"

Re:PC LOAD MUSIC

[porcupine8]

It's an old printer error.

It means you need to restart the printer's download of Geto Boys MP3s.

Sweet!

[Hankapobe]

An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of âoeIron Manâ and the latest Indiana Jones film.

1. Download movies and sell them
2. pin it on cop's printer
3. in the meantime while they're arresting the printer
4. Profit!

Re:Sweet!

[McFly69]

1. Download movies 2. Pin it on RIAA's website IP address (76.74.24.143) 3. Let the cops arrest RIAA 4. Peace and Quiet 5. Profit! But seriously... if you can spoof using any IP address (Printer, Website, etc), then everyone can claim it was not them downloading anything and there is not sure way to prove it. Just food for Thought.

Re:

[despe666]

Ding ding ding! You figured it out. I'm guessing these guys will be very busy being expert witnesses in upcoming trials.

Re:

[gstoddart]

But seriously... if you can spoof using any IP address

I don't think you can spoof any IP address. I think you'd still need to be on the same subnet/domain in order for routing to work.

You can spoof your neighbor, but you can't spoof something in a different network range.

At least, I don't think you could spoof an arbitrary IP address.

Cheers

Re:

[xappax]

From the report:

based on the inconclusive nature of the current monitoring methods, we find that it is possible for amalicious user (or buggy software) to implicate (frame) seemingly any network endpoint in the sharing of copyrighted materials
(emphasis added)

Re:Sweet!

[mysidia]

Sorry, I have to debunk the theory that it is only technically possible to spoof a source address on your local subnet, it's just not true.

First of all, you can send people in your local subnet messages with any fake outside source IP you want, and there are various techniques to convince your local subnet's router to send _you_ the response traffic instead of the rightful recipient, so you can have full socket connectivity in both directions.

(I.E. ICMP redirect packets sent to the default gateway, static routes, etc)

Also, there are methods to spoof source IPs outside your subnet, even when sending to destinations outside your subnet, unless your provider is specifically using techniques to block spoofed traffic (which possibly, some are now).

If you can guess the right sequence numbers and port numbers (very hard), then you can even inject data into someone else's live TCP connection, or just force that connection to close (by sending a RST)

Use of technologies such as SSL or TLS protect against sending unauthorized commands or allowing corrupt data to be transmitted, but don't protect against a third party forcibly closing the connection.

Spoofing outside the subnet is just extremely difficult, and fairly improbable for targets utilizing modern TCP stacks -- but theoretically possible; IRC networks used to have problems with script kiddies generating spoofed clone floods.

(This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)

Receiving traffic in both directions over a spoofed connection is also possible, but hard, I.E. requires hijacking the legitimate equipment's IP, and fooling network equipment into sending traffic to the wrong place (the spoofer's computer).

I'm not saying it's easy, safe, invisible, non-destructive, or you won't easily get caught, but I must say that such spoofing is 100% possible.

Re:

[Vancorps]

Sorry, at some point when it's so extraordinarily difficult to do you just accept that it's impossible. Sending source-routed packets out is very difficult these days unless you have an old school ISP like an AT&T or a business pipe.

Most of the problems of the 90s were indeed solved and much of the issues you describe went the way of the dodo then. At this point is so easy to secure against these types of attacks that any ISP would be negligent not too.

Also most of your techniques involved compromis

Re:

[Vancorps]

Yes, we agree exactly. Indirect IP connectivity is through the ISP's router and not a direct connection to your neighbor. Some cable providers don't do this well as you say, they are in the same broadcast domain with their immediate neighbor but there are never very many customers on a single pop.

A good number of ISPs use transparent proxies as you describe as well which further makes direct connection difficult. Of course most of the transparent proxies only function with HTTP traffic so anything with a

Re:

[complete loony]

http://wiki.theory.org/BitTorrentSpecification#Tracker_Request_Parameters [theory.org]

# ip: Optional. The true IP address of the client machine, in dotted quad format or rfc3513 defined hexed IPv6 address. Notes: In general this parameter is not necessary as the address of the client can be determined from the IP address from which the HTTP request came. The parameter is only needed in the case where the IP address that the request came in on is not the IP address of the client. This happens if the client is communicating to the tracker through a proxy (or a transparent web proxy/cache.) It also is necessary when both the client and the tracker are on the same local side of a NAT gateway. The reason for this is that otherwise the tracker would give out the internal (RFC1918) address of the client, which is not routeable. Therefore the client must explicitly state its (external, routeable) IP address to be given out to external peers. Various trackers treat this parameter differently. Some only honor it only if the IP address that the request came in on is in RFC1918 space. Others honor it unconditionally, while others ignore it completely. In case of IPv6 address (e.g.: 2001:db8:1:2::100) it indicates only that client can communicate via IPv6.

Depending on the tracker, you may be able to impersonate anyone at all.

You're on to something there

[Weaselmancer]

Apparently since a DDOS is a legal move in this game (if you'll recall the MediaDefender fiasco recently), [slashdot.org] maybe we could use this technique and flood P2P space with false positives.

I'll bet once every single judge in the USA gets a "Cease and Desist" letter they'll eventually see that the RIAA's tactics aren't valid.

Subtlety is not required - brute force it

[Weaselmancer]

An interested party could figure out a judge's address. And when you've got that then you'd know who their potential local providers are. And once you know those you know the range of possible IP addresses. And once you've got that - brute force. Ping everyone. Any return ping gets a spoofed false positive. Or if you're of the 'nuke it from orbit' mindset, false positive the whole subnet.

Piece of cake. If someone were so inclined, that is. Not that I'd advocate anyone ever doing this, of course. Oh heavens, no.

Wow ....

[gstoddart]

So, will we have a variant on the Chewbacca defense?

"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit ... if the toner cartridge won't fit, you must acquit."

Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.

It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."

Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman. :-P

Cheers

Re:Wow ....

[OglinTatas]

Why would a printer, an inanimate object with no reproductive organs...

In other news, printers now have reproductive organs [slashdot.org]

Re:Wow ....

[sunwukong]

What the .... ?

Why the hell is this printer out of toner, again?! And where the hell is all of the kleenex?

Sweet!

[Layer 3 Ninja]

Time to exact my revenge on that stupid Lexmark E240 of the 5th floor.

Re:

[TheGratefulNet]

pc-load-letter.mycompany.com - now I finally have you! bwahahaha.

And?

[Colin Smith]

Were the printers imprisoned?

 

Re:And?

[Idbar]

More important, do they have to be defended by lawyers, or can the fax machine do the job?

Re:And?

[powerlord]

I'm not sure, but I hear the PBX is looking to consolidate things into a Class Action.

Re:And?

[EMeta]

Just the fax, ma'am. Just the fax.

Re:And?

[kesuki]

but where will we get a jury of their peers? the local area network?

As I said

[davburns]

It's so nice when one's uniformed speculation [slashdot.org] is proved correct.

Yay.

Re:As I said

[KevinKnSC]

I don't see how what you wear while speculating is relevant.

Re:

[davburns]

Good catch. One missing 'n' makes a lot of difference. I *did* preview. And spell-checked. A grammar checker would not have helped.

Oh, well. Have fun.

If the right people get framed...

[the_womble]

....it might change things. Legislators in the US and EU, for example.

Re:

[Jor-Al]

Nah, they'll weasel themselves out of it through some sort of retroactive immunity.

Clippy helps me steal

[DeadDecoy]

Clippy: Looks like you're making a letter. Would you like help?
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *

Re:

[DaveM753]

See, this is exactly why nobody likes Clippy. If Microsoft wants people to like Clippy, get him (it) to say stuff like

Clippy: Looks like you're infringing on a copyright. Would you like DVD5 or DVD9? ...much more useful. (Uh oh. I'm off-topic... apologies)

iron man url and tracker

[conteXXt]

I appreciate them giving me a tracker and url for iron man. Haven't seen it yet.

(just kidding, I'll wait for it to be released on dvd first)

Re:iron man url and tracker

[PopeRatzo]

(just kidding, I'll wait for it to be released on dvd first)

How quaint!

Ridiculous!

[saterdaies]

This is completely ridiculous and I'm sure any judge would see a printer downloading copyrighted songs as completely silly.

So, anyone wanna help me get NetBSD on my Epson?

Re:Ridiculous!

[myxiplx]

This is slashdot... home of geeks... think outside the box a little, then re-read the parent post.

Too flimsy

[Endo13]

While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.

1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.

Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.

We need some heavy ammo to shut them down, and I'm afraid this is not it.

Re:Too flimsy

[gstoddart]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Well, it does two things.

First, it shows that you can get a subpoena for not actually doing anything illegal. Presumably, connecting to a tracker isn't illegal.

Second, it begins to dispel the myths that the content holders have perpetuated about how they actually gather their evidence and if the collection methodology is valid.

I think actual University research which is covered by the NYT might be an awful good start. It's by no means everything that needs to happen, but starting to establish that their data collection is faulty is better than nothing.

Cheers

Re:

[coyote-san]

I vaguely recall there being a key legal point that you have to be able to simultaneously point to one party and exclude all others. Check with a lawyer (or law school student) to be sure.

The reason is to prevent an "I was framed!" defense as much as preventing framing innocent parties. It's not unheard of for people to plant evidence of their own guilt. Discredit the planted evidence and most people will (reasonably) have a lot of doubt about the rest of it.

Re:Too flimsy

[link-error]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Actually, that is the worst part.. they are sending out take-down notices/suing people that didn't download anything..
    Remember, innocent until proven guilty. They aren't even trying to actually determine this.

Re:Too flimsy

[bigstrat2003]

No, it's still innocent until proven guilty. The standard of proof is just different.

Re:

[networkBoy]

What is your defense was that you actually monitor *tons* of trackers, looking for say popularity spikes/curves/what have you; and when they try to bulldog you you produce the data of your analysis:
I.e. linux distro trackers surge in the hours following a release, the curves for TV shows, movies, games, books, whatever.
So long as you don't claim you didn't download anything you have committed an error of omission, not a factual lie (IANAL), assuming you did download the torrent in question. However, so lon

Re:Too flimsy

[Bryansix]

Maybe you missed the part where they framed the printer? The point is they just connected to a tracker but in real life what is more likely is that the guy in the dorm next to me is actually downloading the film that he didn't pay for but he pins it on me who wasn't involved in doing any copyright infringing at all. THAT IS THE POINT. Too many cases get brought up that are accusing the WRONG PERSON of doing the infringing.

Re:

[assassinator42]

The IP spoofing described in this paper wouldn't allow for that. It involves telling a tracker another IP address to use instead of the one you're connecting from. Thus he couldn't actually download the illegal content.
The article does talk about mistaken identification based on a shorter DHCP timeout than tracker timeout, which might be closer to what you're talking about. That could be extended by manually setting your IP address to one authenticated by someone else. This is especially possible in a dorm

Re:

[jimicus]

[sarcasm]Yes, of course I missed the part about the printer.[/sarcasm]

What I did miss was their explanation in the article on exactly what they did to get the printer implicated.

Clue: It's in the paper the article references.

Re:Too flimsy

[s.bots]

It only points out two things, both of which are already commonly known by almost everyone in IT.

And that's why this is relevant. Because it is not common knowledge outside the IT field, and it makes an appearance in the New York Times. The article could be more in-depth, or provide more conclusive evidence I agree, but getting the facts out there to the average (NYT reading) Joe is a good first step.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate.

Re:

[Necreia]

Imagine a warehouse full of drug dealers dealing their drugs. You're there, but neither selling nor buying drugs, just watching it all. If the place gets raided, you certainly wouldn't be shocked if you were arrested along with everyone else.

Now imagine this same situation where you're not even home that day, and you get arrested. That's what's happening with these printers. They weren't connected to the tracker, but they got dinged because that IP was spoofed.

Re:Too flimsy...not really

[Fallen Kell]

Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.

Re:

[Anonymous Coward]

Did you miss the part where any malicious client can send an alternate client IP address to a tracker which supports the appropriate protocol extensions; the tracker will then report that IP address as participating in the swarm?

Also, consider this: As commonly compressed, each reported peer takes up essentially 6 bytes; 4 for the IPv4 address, 2 for the port, because the less data the trackers have to push out during a scrape, the better.

That gives a two-third chance that any corruption (undetected by the

Re:

[Applekid]

[This] article is very weak . . . [it] only points out two things, both of which are already commonly known by almost everyone in IT.

Granted, but the study is being reported in the New York Times, not a trade magazine. Now we don't have to stroke our neck beards and demand the ignorant just understand, we can just point with "hey, look, it's in the New York Times," and continue to stroke our neck beards because, frankly, it's quite soothing.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Here's the detail, though, should connecting to another computer, something as simple as a handshake, immediately trigger a Cease & Desist? If it goes for BitTorrent connections to trackers, why

Re:

[Sloppy]

If you're connected to the tracker, odds are about 99,999,999,999 to 1 that you're uploading or downloading -- or at least trying to.

Not anymore. Thanks to this paper, people are going to connect just to inject noise into the system.

Re:

[Endo13]

You're probably right. And that could be the one good thing that comes from this.

Frame everybody

[FranTaylor]

With this approach, it seems like it would be possible to frame every Internet user, or at least a significant number of them. What a monkey-wrench that would throw into the works! The modern version of 'I, Spartacus'.

The time has come

[gmuslera]

We need an UN declaration on Machine Rights. There are no punishment for smash, throw out windows, sued for file sharing without a fair judgement or even (is hard for me to write this, human cruelty have no limits) install windows in them.

How you think a singularity will decide to show up in such environment?

has the mafiaa ever fought an IT guy?

[TheGratefulNet]

I have not read about this - has anyone heard any anecdotes on this subject?

I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?

so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.

Re:

[TheGratefulNet]

what logs are you referring to?

'home users' (even clueful ones) often don't keep 'logs' of AP activity. or, they simply roll-over and over-write log data, like a circular buffered log would do.

I keep intrusion logs from my firewall but that doesn't log ALL activity, just break-in attempts. and if you run an open AP that is outside your firewall (as is prudent to do) then there is no NEED to keep a log on that - its 'open' afterall. and if they want to get into your private LAN they need to jump thru your

Re:

[beegle]

At a previous job, I had to spend some time processing the DMCA notices. They were obviously auto-generated, and it was pretty common for them to just not make sense. IP address but no timestamp (very handy for dynamic address ranges), indecipherable protocol in the url (really. When even Google's no help, you need to at least provide a -hint-.), etc. When I'd respond with simple questions, it would take them weeks to respond. Meanwhile, they expected people to jump on their requests within hours.

The New Way To Evade Detection

[Nom du Keyboard]

1: Find a network printer assigned an IP address.
2: Set your NATting wireless router to mimic that printer's MAC address.
3: Insert your NATting router between the printer and the LAN and steal its IP address.
4: Connect to router and fileshare to your heart's content.
5: Watch printer be arrested for your piracy.
6: PROFIT!

I have been getting these five years ago

[guacamole]

I used to work as a sysadmin in academia and we used to get such false infringement notices on a regular basis. Here is a typical story. Some professor, let's call him Smith, puts some tar and zip files on this webpage or on his ftp site, which naturally has a URL like ftp:somehost.edu/pub/users/smith/bundle.zip [somehost.edu]

Eventually we get emails some trade association: "We are asking you in good faith to remove the material that infringes on out IP rights. The site in question is such and such and it contains a copy of a Nintendo game "Mr. Smith's Day Out"" or some other non-sense like that. I found those amusing.

Easier Way to Frame someone

[Thergrim]

A much easier way to frame someone for infringement. You will need; -the IP address of the target -a copy of what an infringement letter looks like (find them on the Internet) -software to alter or create a fake infringement letter Using the target's IP address, look up their ISP's snailmail address. Fake up your Infringement letter. Mail it to the ISP. Do this 3 to 5 times and your target will get booted from their ISP. ISP's do not check the validity of these letters.

A New Plan

[camperdave]

1. Install embedded processor and storage in printer
2. Download stuff
3. If RIAA come a'knocking, point to the printer
4. Watch them go away embarrased
5. Retrieve downloads from the printer
6. Profit

This just in

[greymond]

Apparently IP spoofing still works.

There. I just saved you 7 pages of walled text.

Blame everyone!

[Bones3D_mac]

How difficult would it be to coordinate a spoofing system like this that is gradually directed at every used IP across the internet? If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board, maybe someone might actually begin questioning the current system used to identify those illegally download copyrighted material.

Think of it... the most respected and powerful people in every community simultaneously getting bogus cease and desist letters. (Lawyers, judges, politicians, etc...) I'd be inclined to think *something* just might happen after that.

Re:

[Jor-Al]

What the hell does that mean?

Re:

[cashman73]

Sadly, said printer didn't just go to Federal PMITA Prison. Oh no! It got the Death Penalty [youtube.com],...

Re:Simply send this message to the printer:

[Actually, I do RTFA]

What the hell does that mean?

Networked printer needs paper, badly.

Re:

[Anonymous Coward]

Please don't confuse an RIAA investigation with a police investigation. The RIAA are not the police (yet....)

Re:

[Sneftel]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

Investigated, sure. They'll cordon off your yard, bring in body-sniffing dogs, dig everything up, search your garbage bags, find nothing, and conclude that you were just fucking with them. They would do this, rather than immediately strapping you to the electric chair, because "first degree hacking up of people into little bits" is a criminal matter, not a civil one, and circumstantial evidence is not sufficient for a criminal conviction. It's not "beyond a reasonable doubt". In the civil arena, though, t

Re:Big surprise!

[d34thm0nk3y]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.

Re:

[Alpha830RulZ]

but if the only evidence presented at the case was the odd behavior you would be found not-guilty

Unless you're black or hispanic and live in Texas.

Re:

[Grym]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder. If I build a large enclosure in my backyard, and fill it with heating lamps which use a prodigious amount of electricity and generate a lot of heat, and I sit on my front porch smoking a leafy substance wrapped in paper, I'll probably be investigated for running a grow-op. If I show u

Re:

[Blakey Rat]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

Hm, good point-- I better start using the back yard.

Re:

[TheRedSeven]

A better analogy (and a bit of a 'social experiment' I actually did once out of boredom):
It's not illegal to destroy your own property when you're done with it. Say, to tear up old, out-of-date travel guide books about Spain. It's your property, you can do what you want with it. It's not even illegal to do so on public property. I could do that and throw out the pieces in a public park, for instance.

However, if you try to do that in a public library, some old(er) ladies will have a fit...

When I was in