October 25, 2007
Robert Anderson, the MPAA hacker, speaks to Wired
My very first post on Cyberpunk Review’s meatspace was a ZDNet article about the MPAA hiring a hacker to steal data from TorrentSpy. Now that hacker, Robert Anderson, has given an exclusive interview to Wired giving his reason for joining the anti-sharing movie group, and what lead him to leave.
All about the Benjamins. Anderson approached the MPAA to help their anti-piracy efforts after an online advertising venture with TorrentSpy founder Justin Bunnell didn’t pan out. For the MPAA, who reports that the movie industry loses billions due to piracy via file sharing, to have someone with inside knowledge of an “enemy organization” on their side would be an answer to their prayers, and the MPAA was going to do whatever they needed to do to keep him on their side:
According to Anderson, the MPAA told him: “We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed…. if you save Hollywood for us you can become rich and powerful.”
In 2005, the MPAA paid Anderson $15,000 for inside information about TorrentSpy — information at the heart of a copyright-infringement lawsuit brought by the MPAA against TorrentSpy of Los Angeles.
Anderson was put in contact with Dean Garfield, then legal director now executive vice president and chief strategic officer, who believed Anderson had “an informant that can intercept any e-mail communication.” But Anderson himself was the “informant,” and how he intercepted the e-mails is what has both the MPAA and TorrentSpy at odds with each other.
A sticky wicket. Anderson was able to intercept not only e-mails, but software and source codes, invoices, and even passwords. How did he do it?
The hacker, then 23 and living in Vancouver, British Columbia, claims he had cracked TorrentSpy’s servers by simply guessing an administrative password. He knew the password was weak — a combination of a name and some numbers.
“I just kept changing the numbers until it fit,” he says. “I guess you can call it luck. It took a little more than 30 tries.”
Once inside, he programmed TorrentSpy’s mail system to relay e-mail to a newly created external account he could access.
There’s a trace of pride in his voice as he details the hack. “The e-mails weren’t forwarded using the mail command. They were sent actually before it reached anyone’s mailbox,” he says. “So it was more like interception before delivery. I could even stop certain mail from reaching their box.”
Anderson also received a contract to sign, with provisions like:
… the information the MPAA was seeking would “include, but is not limited to, the names, addresses, and phone numbers of the owners of TorrentSpy.com.”
The contract also requested information on The Pirate Bay, and called for Anderson to look for “evidence concerning and correspondence between these entities.”
The contract prohibited both parties from disclosing “the existence of this agreement to anyone,” and said the MPAA would pay $15,000 for services to Anderson’s business, Vaga Ventures. Finally, the contract dictated that the confidential data would be obtained “through legal means.”
The data being obtained “through legal means” was at the heart of a countersuit filed by Bunnell against the MPAA, claiming Anderson’s actions violated wiretapping laws.
A falling out, and the fallout. At one point, Anderson knew the honeymoon was over:
But once Anderson turned over the data and cashed the MPAA’s check, he quickly realized that Garfield had no further use for him. “He lost interest in me,” he says. Anderson felt abandoned: During negotiations with Garfield, the hacker had become convinced he was starting a long-term, lucrative relationship with the motion picture industry. “He was stringing me along personally.”
Hollywood’s cold shoulder put Anderson’s allegiance back up for grabs, and about a year later he came clean with TorrentSpy’s Bunnell in an online chat. “‘I sold you out to the MPAA,’” Anderson says he told Bunnell. “I felt guilty (for) what happened and I kinda also thought at that point the MPAA wasn’t going to do anything.”
After Anderson’s chat, Bunnell filed the countersuit. The suit is currently on hold pending an appeal, while the MPAA can use the stolen data in their ongoing persecutions. TorrentSpy was also ordered to track US users, but they countered by blocking them and increasing privacy for everyone else.
The worse may be yet to come. Given the almost soap-operatic nature of this case so far, what else Anderson “intercepted” is something to give cause for alarm… if it weren’t for other enterprising hackers:
Among the purloined files was the source code for TorrentSpy’s backend software, says Anderson. Anderson alleges this interested the MPAA, which he says wanted to set up a fake BitTorrent site of its own. According to Anderson, the MPAA said, “We’ll set up a fake Torrent site. We’ll contact the other Torrent sites. We’ll get their names, address books, contact information and banking information…. (They) wanted to run this as a shadow portion of the MPAA.”
Can you say MediaDefender?
Robert Anderson wanted to make money, but he had to sell his soul to a corporate gestapo to get that paycheck. In the process, he may have done something to help protect us from the virtual reality “they” (the MPAA) want to keep us asleep in…
Anderson’s account shows that the content industry may be willing to go to significant — and some say ethically questionable — lengths in its war against online piracy, and that it is determined to keep its methods secret.
Comments
October 30, 2007
zenaphex said:
Unless this guy knew the people who hosted these servers or socially engineered them, I don’t see how you can simply “guess” their password. Little more than 30 tries? Luck? I find it hard to believe. Anyways, I love the fact that his last name is Anderson. I was thinking of the movie, The Matrix, and was saying to myself, “MISTER Anderson”.
November 3, 2007
Deep_Logic said:
I remembered when that was called a snitch.. He didn’t really do anything sophisticated; he snitched.
November 4, 2007
Illusive Mind said:
Cool article. I always laugh when I see the estimated losses by the MPAA et al. due to online piracy. They are ridiculous, as though for each and every download that person would have otherwise shelled out the cash for their product.
December 3, 2007
Therion said:
I’m in two minds about this. Now all music/video is digital, once a format changes it’s damn hard to get CD quality if you just rip, rip rip…. As well formats change as technology advances. So, it’ll be the data receiving objects that will escalate in price.
I think in general people like to actually own a product. The issue really is they are overpriced for the actual value of the item. For example cinema prices range from £3, 4€ to 14€ or £10. Throw in some popcorn and a small coke and you could have had a 3 course meal with wine. Combine it with your kids going along and you could take them to a theme park or on an easyjet or ryan air flight to paris/london/barcelona!
Being in an emerging band I understand that with the units Metallica, Madonna sell they could feasibly sell units for 8 euros and still be multimillionaires. It’s the middleman that’s the issue and the greed for excessive profits.
With the rise of these profits we have a bloated market with crap software made by software giants, musicians who can’t sing nor compose, films being released that have made ironic sites like rottentomatoes.com tailored for them.
The issue is rather simply put… the MPAA is saying they like to protect the food industry, but with only the McDonalds like companies in mind. Budget movies, yes real hard copy, left the shops in droves for Donnie Darko and led to its cult and mainstream success.
February 29, 2008
Terabyte said:
Hack Robert Anderson
September 4, 2010
RAkemsAKeM said:
I agree completely with Therion’s post above. They wouldn’t have a problem with piracy if u didn’t have to pay $40 inclusive for two people to go see a flick with popcorn and drinks. People dont download movies to be a rebel, or just because they wanna watch them at home. They do it because going to the movie theater is like a prison rape gang to your wallet. If people could go see a movie for $10, everyone would be happy and no one would need to steal from them(MPAA). I mean honestly….How the hell much can a bag of frickin popcorn really cost……. 25 cents maybe for the biggest bag, and 10 cents for the container, with another 20 cents in butter…? And the charge $8 for a large popcorn?????? They are stealing from us if you really look at it $6 drink that really costs $1, an $8 popcorn that really costs 55 cents, a box of candy thats $4.50 but really costs $1.50, and a $10-$12 movie ticket that only a few years ago cost $6-$7…….. Ouch… my butt hurts just thinking about it….
March 20, 2011
willito said:
oh…what…seriously?…SERIOUSLY?!…we are “hurting” the Mighty MPAA?! SERIOUSLY!!?? Because,the last time I checked,you MPAA FAT GREASY BASTARDS were in fact stealing from us! Stealing from the people that made THE “ALL MIGHTY MPAA” possible.DON’T YOU EVER FORGET THAT! If it wasn’t for us,you GREEDY FAT GREASY RICH BASTARDS,there wouldn’t even be a Motion Pictures Association IN AMERICA! greedy thieves!
willito said:
…and don’t get me started on how much money they (Motion pictures association of america) have stolen from us throughout aaaaall the years prior to the invention of the internet! THAT’S RIGHT…i said it! INTERNET! p.s. WE MAKE YOU POSSIBLE! DONT FORGET THAT!