MPAA can kiss my internet service provider

ViRGE · Feb 26, 2013

I'll try to respond to these as I can.

ImpulsE69 said:
I really think you 2 are missing the point or purposely posturing.

I'm not purposely posturing, I'm serious and sincere about all of this. To that end I don't believe I'm missing the point, but please tell me if I'm wrong.

No amount of wireless security is going to prevent something like this.

As others have pointed out through various links by now, that's incorrect. WPA2-AES has no known weaknesses, meaning the only method of recovering passwords is to dictionary attack or brute force it all. If the problem is indeed your network being compromised over wireless, then exclusive use of WPA2-AES with a strong key should repel all invaders. WEP, WPA, and WPA2-TKIP are all considered insecure in 2013.

Do you really expect every person to be able to know how to lock down a network?

These days, yes. Most wireless routers come with reasonably thorough advice to use WPA2-AES with a strong key, and what a strong key is.

Do you honestly believe that it is the consumers responsibility?

Yes. To use a car analogy, an internet connection is a valuable tool, like a car. And like a car it's registered, so authorities and others know who it belongs to. So if your tool (heh, heh) gets used in a crime, it's reasonable to expect the owner to prove that they were not the user of the tool at that time. If they can prove that, then they may be unfortunately negligent, but they obviously aren't a criminal.

Companies can't even keep their networks secure and those are blamed on the hackers. See the double standard here?

For the record, you're confusing wireless network hacking with spearphishing. In those cases attackers broke into various networks by stealing credentials from employees caught in said spearphishing attacks. The network actually did exactly what it was supposed to.

The overall point to this portion is, they have no proof. At all. They have an IP.

And that's proof. That's really good proof. It means they were able to connect to a machine operating on or through your network and exchange data for the file in question. To be clear here, trawling for copyright infrigers through BitTorrent involves querying trackers and DHT swarms and then confirming that the IP in question is engaging in infringement. This is done by connecting to the machine, thereby confirming a 2-way connection and consequently a valid IP.

It has nothing to do with if I may or may have not downloaded material in the past. You are letting the thought process of "he must have downloaded it" cloud the subject.

Actually, I believe you. I'm not giving you this advice because I want you to somehow profess guilt. I'm giving you this advice because for the good of the rest of the Internet I'd like for you to secure your network.

ImpulsE69 · Feb 26, 2013

Train said:
Wow, I didn't see your edit until someone quoted it. But let me just say, the bolded part could not any be further from the truth. If you understood anything about hasing at all you would know that what you stated is impossible.

Yes, I was incorrect and was referring to the WPS pin - I recnetly went to DDWRT which allowed that to be shut off only hadn't shut it off ;p My best guess is that's what happened, and no, I'm no expert on hashing or networking, but I do know more than the average person.

@ Virge - yeah, I get that, but disagree on Joe Blow knowing how to lock down a wireless network, I know many people who know 0 about them but use them wide open. The whole premise of this thread is that in reality, the process of aquireing and accusing someone of copyright infringement with this method is obviously flawed because the IP is not the be all end all proof they need as has been demonstrated. I was in no way trying to justify why it happened, and 3/4 of the thread is pointless because that's what people are focusing on.

I was making aware that this is indeed happening just like people predicted.

Exterous · Feb 26, 2013

ViRGE said:
WEP, WPA, and WPA2-TKIP are all considered insecure in 2013.

I am not saying this is the case but there are a very large number of routers out there that suffer from the WPS vulnerability that render your encryption type, password length and any other security measure irrelevant. By manufacturer design the WPS is often simple 4-8 digit PINs that are incredibly easy to bruteforce. To make matters worse a large number of the afflicted routers do not have the ability to disable WPS or the disable WPS selection does not actually disable the WPS. The only way I could disable the WPS on my linksys router was to go with a third party firmware.

http://www.us-cert.gov/ncas/alerts/ta12-006a

Cuda1447 · Feb 26, 2013

Is this part of the new 6 strikes policy? They sure did get you fast.

ImpulsE69 · Feb 26, 2013

Cuda1447 said:
Is this part of the new 6 strikes policy? They sure did get you fast.

Yea, interesting is the timeline. Changed firmware around 2 weeks ago. The report came in as happening on the 21st, reported on the 22nd, and they hit it on the 25th. That's fast..but I had them send me the notice they received and it was by email so it's not like they had to try real hard. It's all pretty automated.

Cuda1447 · Feb 26, 2013

ImpulsE69 said:
Yea, interesting is the timeline. Changed firmware around 2 weeks ago. The report came in as happening on the 21st, reported on the 22nd, and they hit it on the 25th. That's fast..but I had them send me the notice they received and it was by email so it's not like they had to try real hard. It's all pretty automated.

Very surprised it happened so quick. I'm just waiting until I get a notice.

ViRGE · Feb 26, 2013

ImpulsE69 said:
The whole premise of this thread is that in reality, the process of aquireing and accusing someone of copyright infringement with this method is obviously flawed because the IP is not the be all end all proof they need as has been demonstrated.

How is it not the be all end all proof? As I stated previously, they connect to every address they flag. This isn't something that can be faked. How is that not proof?

ImpulsE69 · Feb 26, 2013

ViRGE said:
How is it not the be all end all proof? As I stated previously, they connect to every address they flag. This isn't something that can be faked. How is that not proof?

Because I'm the one who got accused of it, and I know for a fact it was not me or anyone within my house that did it. To go back to your car analogy, a better way to put it is if someone stole your car and robbed a bank while using it. If you knew it was gone and didn't report it that is one thing, but if it was stolen and you weren't aware, you are not at fault even though you own it.

By the way, I'm not crazy here, the courts are upholding my opinion.

Or to put it as simple as I can. They said I did it, and presented "this" as evidence. I know I didn't do it. Can I prove I didn't do it? Not really. Can they prove I did it? Not really. This is why it is not the be all end all proof. The very fact I know I didn't do it and they say I did negates it as proof. It's circumstantial. Ultimately it is my word against theirs, except as I keep saying, I know I didn't do it.

ViRGE · Feb 26, 2013

ImpulsE69 said:
Because I'm the one who got accused of it, and I know for a fact it was not me or anyone within my house that did it. To go back to your car analogy, a better way to put it is if someone stole your car and robbed a bank while using it. If you knew it was gone and didn't report it that is one thing, but if it was stolen and you weren't aware, you are not at fault even though you own it.

By the way, I'm not crazy here, the courts are upholding my opinion.

Correct. And no, you're not crazy. But to continue the analogy, to fully absolve the owner there has to be proof that the car was stolen. Alibis for the owners, police finding said cars ditched/destroyed, fingerprints, etc. What's not at question is which car was used; merely who was using it.

As I said before, I believe you when you say you didn't do it. But that means someone else got access to your network. All I'm really looking for here is some agreement that your network was indeed (ab)used here, so that we can move on to trying to figure out what went wrong and how to secure it.

ImpulsE69 · Feb 26, 2013

ViRGE said:
Correct. And no, you're not crazy. But to continue the analogy, to fully absolve the owner there has to be proof that the car was stolen. Alibis for the owners, police finding said cars ditched/destroyed, fingerprints, etc. What's not at question is which car was used; merely who was using it.

As I said before, I believe you when you say you didn't do it. But that means someone else got access to your network. All I'm really looking for here is some agreement that your network was indeed (ab)used here, so that we can move on to trying to figure out what went wrong and how to secure it.

But that really isn't what this thread was for

I was on my router looking while I was on the phone with my ISP and saw the culprit and took steps at that point to fix the issue as best I could before I actually made the first post. The status of my wireless security was the least of my concerns as I don't feel that it's my responsibility to police my network any more than it's my ISP's. (I mean in terms of how it was being used..obviously I dont want people snooping around my network). Obviously I underestimated the knowledge/abilities of the locals in my small podunk town.

If I hadn't actually seen the foreign mac address on my router I would have been at a loss as to how it happened.

ViRGE · Feb 26, 2013

ImpulsE69 said:
But that really isn't what this thread was for I was on my router looking while I was on the phone with my ISP and saw the culprit and took steps at that point to fix the issue as best I could before I actually made the first post. The status of my wireless security was the least of my concerns as I don't feel that it's my responsibility to police my network any more than it's my ISP's. (I mean in terms of how it was being used..obviously I dont want people snooping around my network). Obviously I underestimated the knowledge/abilities of the locals in my small podunk town.

If I hadn't actually seen the foreign mac address on my router I would have been at a loss as to how it happened.

Oh, okay. So you did find an foreign MAC address. I must have missed that.

The neighborly thing to do would be to invest in gear to let you track them down. Setup a honeypot and then use a scanner to figure out where they're coming from, after which you can go have a "civil discussion".

Alternatively, just look for whoever has the 14 year old nerd.

Just out of curiosity, what were you running for wireless security? (e.g. WPA-TKIP?) I'm curious just how much effort they had to go through to break in.

HamburgerBoy · Feb 26, 2013

2/10 thread until op posts name of video downloaded.

Ichinisan · Feb 26, 2013

ImpulsE69 said:
Yes, I was incorrect and was referring to the WPS pin - I recnetly went to DDWRT which allowed that to be shut off only hadn't shut it off ;p My best guess is that's what happened, and no, I'm no expert on hashing or networking, but I do know more than the average person.

@ Virge - yeah, I get that, but disagree on Joe Blow knowing how to lock down a wireless network, I know many people who know 0 about them but use them wide open. The whole premise of this thread is that in reality, the process of aquireing and accusing someone of copyright infringement with this method is obviously flawed because the IP is not the be all end all proof they need as has been demonstrated. I was in no way trying to justify why it happened, and 3/4 of the thread is pointless because that's what people are focusing on.

I was making aware that this is indeed happening just like people predicted.

IIRC, DD-WRT doesn't support WPS at all.

Red Squirrel · Feb 26, 2013

I just thought of something, can these be fought in court at all, or are you guilty on the spot with no parole?

Would be interesting to make them PROVE that the 4GB file called "spiderman" for example *REALLY* is the Spiderman movie. Maybe it was a 3 hour amateur footage of a spider making a web and it was just called that? Would they be obligated to prove that it was actually the movie? OR can they pretty much point the finger to any random person they want and they're automatically guilty of whatever crime they say?

If they actually do legally have to prove it, could simply make it standard practice that between real torrents, lot of fake torrents are also downloaded and uploaded. Basically random video data that is the same size as real movies, with the same name. This could be automated by either the bittorrent protocol, or torrent clients where that option is checked. Obviously, it would add lot more traffic, but often your torrent client is sitting idle and only seeding, so instead it could also be downloading these fake torrents, while also seeding them. Generate lot of bullshit for them to sort through.

ImpulsE69 · Feb 26, 2013

ViRGE said:
Oh, okay. So you did find an foreign MAC address. I must have missed that.

Just out of curiosity, what were you running for wireless security? (e.g. WPA-TKIP?) I'm curious just how much effort they had to go through to break in.

I am/was running WPA2-TKIP+AES. (now that I think about it, I dont' think I need TKIP anymore had it on for some legacy equipment).

Ichinisan said:
IIRC, DD-WRT doesn't support WPS at all.

yes, it does actually and was enabled by default. I never use it and never bothered with it in the past, but shut it off when I was locking the router down. However, it wasn't until this thread when someone mentioned how easy it was to bypass that I even knew it was an issue.

HamburgerBoy said:
2/10 thread until op posts name of video downloaded.

was covered on first page

ViRGE · Feb 26, 2013

Red Squirrel said:
I just thought of something, can these be fought in court at all, or are you guilty on the spot with no parole?

If it's part of the new 6 strikes system, then you can appeal to arbitration for $35. That said, unless your ISP is threatening to restrict your internet access as punishment (something that would occur on the 4th or later offense), there doesn't seem to be much point.

Would be interesting to make them PROVE that the 4GB file called "spiderman" for example *REALLY* is the Spiderman movie. Maybe it was a 3 hour amateur footage of a spider making a web and it was just called that? Would they be obligated to prove that it was actually the movie? OR can they pretty much point the finger to any random person they want and they're automatically guilty of whatever crime they say?

They can prove it's the movie. They will download it to confirm the file in question, or in the case where they already have the file they will use the torrent's SHA-1 sums to verify it.

Red Squirrel · Feb 26, 2013

Oh so they actually download it? I thought they just packet sniffed networks that have public traffic and looked for some keywords like filenames and IPs? So they go beyond that then connect to said IPs to initiate downloads? I guess my idea could still work to waste their time though.

Search

MPAA can kiss my internet service provider

ViRGE

Elite Member, Moderator Emeritus

ImpulsE69

Lifer

Exterous

Cuda1447

Lifer

ImpulsE69

Lifer

Cuda1447

Lifer

ViRGE

Elite Member, Moderator Emeritus

ImpulsE69

Lifer

ViRGE

Elite Member, Moderator Emeritus

ImpulsE69

Lifer

ViRGE

Elite Member, Moderator Emeritus

HamburgerBoy

Lifer

Ichinisan

Lifer

Red Squirrel

No Lifer

ImpulsE69

Lifer

ViRGE

Elite Member, Moderator Emeritus

Red Squirrel

No Lifer

TRENDING THREADS