Slashdot

Normally I don't advocate cracking someone's site. It's childish and petty. Kinda like the RIAA itself.

But, for some reason, I'm having a really hard time working up any real sense of moral outrage over it.

This probably makes me a bad, biased person.

C'est la vie!

It would have been so much better to make it a temporary mirror for thepiratebay.org :D

Wonder if they would have started a lawsuit against themselves...

instead I would have used my cunning to download the latest Britney album to their server in DRM-free MP3 format. And then promptly reported them to themselves.

ZOMG!!!!11111oneone!!1! The RIAA got hax0rzed. Well I guess they had it coming to them. While I understand their cause, I do not understand their tactics, their methods, or how they say they fight for the artists. I must say good job to the people who found the SQL injection flaw. May their programmers be whipped and stoned... well... I guess they would just throw lawsuits and blank CD's at their programmers and accuse them of stealing MP3's. Oh well. still great news.

to justify further restrictions on P2P software. I'm sure they will be able to twist this attack into some type of political message to show that the P2P community is just a bunch of cracking criminals which need to be stopped.

While I hold little sympathy for RIAA in this matter, I would rather people found different and legal ways to thwart the RIAA's mission.

they were using copyprotection on their site.

Do not rule out the RIAA to hire someone to do the hacking to win moral high ground.

RIAA may now turn their media machine to connect evil hackers with the pirate bay and try to put them in the same corner as child molesters and nazis.

If you are going to break into a website, then you need some sort of plan for when/if you succeed.

How about a statement like this:

"The protections applied to this website were more robust than the Digital Rights Management that is applied to CDs DVDs and other forms of digital media. Yet even that didn't stop a determined individual. If this website were a CD, it would be leaked all over the internet, and once cracked, DRM simply becomes an impediment to the legitimate users."

At least they could have tried to make it relevant. However, it is quite possible that they didn't have all that much time or total access to the site. (though if you can erase something, I'm pretty sure that is as close to total access as you need) I'm not too familiar with databases and websites so I don't know how far they could go with it.

I like the site a bunch, so I say this with a twinge of reluctance. And I certainly don't like the RIAA. But that kind of behavior is plain criminal. Doesn't matter who owns the computer, it is private property and deserves respect as such.

Maybe it was people protesting the RIAA's plan to put RFID chips on CDs [bbspot.com] to combat piracy that caused the attack.

Anybody got a screen capture?

So you're the most hated site on the internet essentially, especially by people who proudly go by the name "pirates". And you don't protect your site??? Who exactly is running this operation?

"HA HA!"

The OP should have posted a link to RIAA.org so that it could have been slashdotted. =)

First... I agree that shutting someone else up is not a great way to have a conversation...

But if you are going to do something like this, then have a little panache.

For example, you could upload a few Mp3's with links to download them from the site.

Or upload some key quotes "Copyright should be good for forever less one day".

Or upload Jefferson's statements on copyright.

ah well...

that someone report them for using unlicensed software.

How about some screenshots?

Attacking their website will only aid them in public opinion. This gives credit to their argument that people who oppose them are criminals.

I slapped as many of the screenshots I could find together. I'll try to update. Either way, here's the hack...

Velcroman98.googlepages.com/riaa/ [slashdot.org]

Looks like someone was using the RIAA web server's CD-ROM drive to listen to their Sony album collection again...

Hackers: 1
RIAA: 0

Goooooooooooooooooooooooooo!! Hackers!!!!!!!!

For whatever reason, as much as I try, I can't bring myself to feel sorry for the RIAA. They stand between me and the reasonable use of content that I purchase with my hard earned cash. If I purchase an MP3, I expect to be able to listen to that MP3 anywhere that I listen to music. But thats not the case. While I can listen to it on my computer, I can't lug my desktop out to my car with me. So I must use my mp3 player. Except, my mp3 player is a 6 year old creative jukebox. Not compatible with any modern DRM scheme. I must then spend MORE money on a newer mp3 player or risk legal implications by stripping the DRM away from the mp3. That's like buying an orange at the grocery store and being told that I can't use my fingers to peel it because my fingers aren't "compatible" with the skin of the orange. Instead, I must buy a knife to legally peel the skin from the orange. But I can't just buy any knife. I hafta buy an "iKnife." As a consumer, I feel no sympathy for the RIAA.

Whether by ignorance or lack of attention to detail, the RIAA left a security hole big enough to drive a truck through. Someone figured out where the hole was and then posted instructions on how to drive the truck. It was only a matter of time before someone jumped into the drivers seat. While my understanding of SQL isn't exactly at a mastery level, it seems to me that this exploit could have been easily avoided. So, as a system admin, I again feel no sympathy.

Having said that, this is/was illegal. Those who helped deface the RIAA website have done nothing more than stoop to the level that the RIAA has made its home in for some time now. The RIAA is not averse to using tricks, legal games, and outright dishonesty in pushing its agenda. How is hacking their website any better?

There are better and more legal ways to fight the greed that the RIAA represents. All hacking their website does is add another dimension to an already complicated problem. Way to go guys.

Just because you can, doesn't mean you should.

The RIAA can sue its own ass off. I only support any company which isn't on their client list.

The only way to get them to listen is by NOT listening.

Mullah Omar was right but for all the wrong reasons.

A lot of the posts on this news seem to focus on what could have been done instead of just blanking the site, but do we have any evidence that the wipe was the only thing that occurred? If the person/people who did this really wanted to hurt the RIAA then this would be a good way to get some trojans onto RIAA computers. To be really sneaky they might have even done some research on which IP blocks are most likely assigned to RIAA and member networks and only infect computers coming from those blocks, thus sparing most innocent visitors. Then you've got a direct line into RIAA operations and much more valuable data than whatever is on their web servers. Not that I'm advocating this, merely postulating that there could be more at work than a simple website wipe.

I'm actually surprised this happened only just now.

The RIAA must be one of the most hated computer related organizations on the planet.
I'm pretty sure a lot of people have attempted to hack the RIAA in one way or another. I mean c'mon, if you're into the "black-hat" thing and you're looking for a new target wouldn't the RIAA be a very obvious and satisfying target?
'I took the RIAA' down!, now that would be one hell of a e-peen enlarger.

Though the method used now was really really sloppy on their side. I can imagine their internal IT team must deal with a lot of attack attempts, so this being the first time, doesn't that make the RIAA pretty much bulletproof?

That being said...

HA! :)

I am really worried that http://riaa.org/ [riaa.org] is still up - so I load it in my browser and then I keep hitting refresh every second to make sure its still there ;)