Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

RIAA- The New Super Spy

by Wayne Porter

We have talked a lot about spyware, malware and adware programs that are being installed by some file sharing applications. There exist some obvious drawbacks for users as many services install BHO?s, or throw-up pop-up ads in order to monetize the file sharing service. After all nothing in life is every truly free and there is usually a price that has to be paid by someone, somewhere down the line. Now the price is starting to get steep for some users as the Recording Industry Association of America has went on a rampage of lawsuits against individuals who are sharing copyrighted files via P2P networks.


Who or what is RIAA?

The Recording Industry Association of America (RIAA) is the trade group that represents the U.S. recording industry. According to their website their mission is ?to foster a business and legal climate that supports and promotes our members' creative and financial vitality.? Their members are the record companies that comprise the most make up most of the music industry. To give you an idea about the RIAA?s reach their members create, manufacture and/or distribute approximately 90% of all legitimate sound recordings produced and sold in the United States. In short the RIAA is a corporate behemoth.


So what is the scoop?

If you or someone in your household has used Kazaa, Grokster or any other file-swapping software application recently and you have left your computer open to the internet then you do run, albeit a somewhat remote, legal risk. The RIAA continues their mission to single out users for lawsuits on the grounds of infringement.

Here's a quick look at how the RIAA conducts their digital spying missions. Savvy spyware enthusiasts will note how some of the methodology mimics the same techniques used by anti-spy authors in matching digital footprints against target lists.

Shared Folders- The world?s gateway to your PC.

If you have a shared folder on Kazaa, Morpheus, Grokster or using any other service your file sharing activity can be monitored by the outside world- this includes the RIAA. The RIAA now uses automated tools that search for files and compare it to their ?hit list?. When it finds a person sharing a file on this list, it downloads all or some of the files to verify the content. Once verified they take screenshots of the information on the person?s shared folder. Naturally this evidence, with date and timestamps, is what will surface in court.

Next they capture the IP address of the person sharing the files. While using proxy servers can complicate this type of investigation the information usually isn?t that hard to get. Remember your IP address can tell people a lot of information about your connection. For example, what city region you are connected from and what ISP you are using. When cross-referenced with ISP records a party can correlate your online activities with the ISP?s records to verify your machine was involved. This is not always a bad thing as this can be very useful to triangulate in on hackers or fraudsters but it certainly makes you wonder about your privacy doesn?t it?

Digital Footprints- They are real.

The RIAA hasn?t stopped with simple IP address gathering and they are now taking cues from the current spyware versus anti-spy battle to refine espionage techniques to trap users. Once they have the file they can check the artist's name, title, and any metadata information attached to the files, looking for information that may indicate what piece of software has been used to create the file or any messages left behind by the original file ripper. Often your favorite song player can show you this metadata. Interestingly enough this same technique can be used for documents like the one?s created in Microsoft Word to ferret out all kinds of interesting information about who created a document or has read a document or signed off on a document. Remember that even if you can?t see the information documents and files hold many digital clues for those with trained eyes.

The RIAA analyzes, in minute detail, some of the files' contents to ferret out information to match against their databases of "hashes,. Hashes work like digital fingerprints. These hashes can identify songs that were swapped online as far back as the Napster era. Investigators check these fingerprints against their databases and look for matches. A positive match means the file has more than likely originated from the original Napster file they built.

Once they have collected all the digital fingerprints, IP addresses, and screen shots they head to court to get a subpoena. (The term comes from the Medieval Latin sub poena, which means "under penalty?.) While some ISPs are fighting the subpoenas, most have been forced to comply. The bottom line is to never, ever rely on your ISP for privacy.

So what can you do about it?

If you want to continue safer digital sharing the easiest thing to do is to disable the "sharing" or "uploading" features on your software application that allow other users on the network to get copies of files from your computer or your music directories. For help on how to do this for popular applications check the Duke University list below.



http://www.oit.duke.edu/helpdesk/filesharing/kazaa.html (Warning: Some versions are reported to contain adware)

Windows http://www.oit.duke.edu/helpdesk/filesharing/aimster.html
Mac OS http://www.oit.duke.edu/helpdesk/filesharing/aimster_mac.html




MacOS http://www.oit.duke.edu/helpdesk/filesharing/limewiremac.html
Windows http://www.oit.duke.edu/helpdesk/filesharing/limewirewin.html




Also be sure you don?t have filenames of artists that are RIAA members since these are the artists they are targeting. You should check their site (http://www.riaa.com/about/members/) to get an idea just what artists could lead you into hot water. You might also wish to turn off the ?supernode? feature that many file sharing applications offer since the RIAA seems to be going after Supernodes on P2P networks. Consult your file sharing software application documentation for details on how to turn off supernode functionality.

Most importantly remember to use caution and common sense. While the chances of being targeted with a lawsuit are remote they do exist. You must evaluate if it is worth taking the risk. The safest choice is to ensure that you are not sharing copyrighted information. Unfortunately punitive damages and legal settlements can easily outweigh the damage that annoying adware can cause.

Unless otherwise noted this article is Copyright © 2018 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts

There was an error communicating with the requested site.

Recent Modifications
2018-4-16  Adult Networks/Services
2017-2-10  Adult Hosts
2016-3-30  CoolWebSearch
2015-9-29  Malicious URLS
2015-5-19  Dialers
2015-1-5  Email Threats
2013-7-20  Date Manager
2013-4-10  BeeBus
2012-12-18  JT.Moonwalk
2012-12-18  Sadbiz

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

© Copyright 2007, FaceTime Communications, Inc. All rights reserved.