French Anti-piracy Agency Hit By A Simple Hack

Eric Doyle, ChannelBiz,

The French battle against illegal file sharers suffers a setback as its surveillance agency TMG is hacked

The French government appears to have struck out with its approach to online copyright infringement following a security breach. The problem faced by the French should be a bellwether warning for the UK’s plans to introduce a similar illegal file sharing law under the Digital Economy Act.

To implement its monitoring scheme, the French government appointed an independent company, Trident Media Guard (TMG), to collect the IP addresses of illegal file-sharers. Security researcher Olivier Laurelli reported that he had accessed an insecure TMG server and downloaded programs and scripts. This included a list of IP addresses gathered by the company. Laurelli published his findings on the Reflets.info blog.

HADOPI Announces Jitters On Twitter

The French writer expressed his hope that the server would prove to be a honeytrap but, soon after his revelation, Eric Walter, the head of France’s antipiracy agency HADOPI (Haute Autorité pour la Diffusion des Oeuvres et la Protection des Droits sur Internet), tweeted that the organisation’s connections with TMG had been temporarily suspended.

TMG has claimed that the server was only used to test its surveillance software but Laurelli maintains that this trial used real IP addresses. In fact, the data had to be tested in Germany because it would break French law to use real data in this way.

Follow this story on our sister site, Silicon.fr

The situation is very similar to the problems experienced by ACS:Law in the UK. The law firm, which was sending letters to alleged file sharers, suffered severed denial-of service attacks, and a data breach which exposed personal details of its targets on its site. The storm eventually broke up the company and resulted in a fine. If the UK government does implement its plan for a crackdown on illegal file sharing it will attract hackers and DDoS attacks which may lead to a similar breach scandal.

The HADOPI law is based on a “three strikes” approach. After three warnings, the case is passed to the courts for a fine to be levied on anyone found to be illegally sharing copyrighted material on the Internet. The final judgement could also be accompanied by a ban from Internet access for the infringers. The UK plan is similar but does not threaten disconnection.