TorrentFreak Email Update |
| Anti-Piracy Outfit Will Not Sue Hadopi ‘Hacker’ Posted: 21 May 2011 03:43 AM PDT
Blogger and security researcher Olivier Laurelli, aka Bluetouff, told us that a TMG virtual machine had been leaking data, including security tools and, according to a later report by news resource Numerama, IP-addresses of French citizens. Naturally the revelations generated controversy, with the Hadopi agency announcing that they had suspended electronic connections with TMG and had resorted to shifting file-sharing monitoring data around on DVD instead. As the pressure mounted on TMG, in the middle of the week they called in Commission Nationale de l’informatique et des Libertés (CNIL) to investigate the security issue. CNIL is the French authority responsible for ensuring that data privacy law is applied to the collection, handling, and use of personal data, Then yesterday, Telecom Paper reported that TMG would sue the person responsible for finding the security flaw, but adding that it would be unusual for the French courts to prosecute people who expose lax security as doing so is deemed to be in the public interest. TMG’s position, however, is slightly more awkward than that. After first trying to play the situation up, using language such as “we have been the victim of data theft”, TMG followed up with claims that the exposed information was in fact nothing to do with their main systems. Furthermore, the server from which it came allegedly carried no live end-user data and was in fact a mere test machine. According to a source quoted by PCInpact, this is why TMG left it unprotected. So on what basis would TMG sue Bluetouff? TorrentFreak asked him. “TMG first said to the press it was an unprotected test server with no confidential data, and that there was no hack. So I’m really wondering on what basis they could attack,” he explained. “I guess they need to sue someone because of insurance stuff or just to avoid admitting their own fail. So just wait and see but I’m quite sure they won’t sue.” Bluetouff then reminded us of the security flaw he discovered in software developed by ISP Orange, which inadvertently leaked users’ IP addresses as it tried to block file-sharing. “Orange had the same reaction, to send me lawyers first over their splendid ‘hadopiware’. Then they tried to understand what happened and who is guilty of what afterwards,” he explained. Then within minutes we had another message from Bluetouff. “Wow, that was fast,” he said. As predicted, TMG had announced that they won’t sue after all, unless they find evidence of “a formal intrusion”, something which presumably won’t be possible on a server they left deliberately open. Time will tell what conclusions the CNIL data inspectors will draw from the episode. Their report is forthcoming. |
| Pirate Party Servers Raided by German Police Posted: 20 May 2011 07:26 AM PDT
The reason for the raid is unclear at this point, but the Pirate Party believes that it’s unrelated to the party’s activities. The board of the Pirate Party has promised full transparency to assist with the investigation. “At the moment, the Board does not expect delinquency on behalf of the Pirate Party. The investigation is not directed against the party or any of its subsidiaries, they are only involved as the server's operators. The results are awaited with curiosity,” the Party said in a statement. The information which the authorities provided to the Pirate Party suggests that the police were targeting a public service on a virtual server. The service has not been named, but there are concerns that the action to take the party’s entire server network down was disproportionate. The timing of the raid is also unfortunate, as it happens just two days before the Bremen elections. “The disconnection of all servers is a massive intrusion into the communications infrastructure of the sixth largest party in Germany. Considering the state elections taking place in Bremen in two days, this caused severe political damage, which the Board condemns decisively,” the Party continued. “In relation to the ongoing investigations, it will have to be verified whether the issued search warrant was actually appropriate, especially whether the principle of proportionality was followed. After all, this action has led to a large-scale breakdown of the technical infrastructure of Pirate Party Germany.” Although we can only speculate at this point, a plausible target of the raid could be the Piratepad service. Piratepad allows people to collaboratively draft documents, and unconfirmed rumors suggest that it was used to plan a DDoS attack against a French company. Thus far, however, no official information has been provided about the nature of the French investigation. We will update this post accordingly as more information comes in. Update: The Pirate Part released some additional information. The servers were raided this morning 9:15 am following a warrant ordered by the Darmstadt prosecutor. The investigation is not directed at the Pirate Party, but at unknown users of the Piratepad service who published an SSH Key which was allegedly used to attack a server of the French energy group EDF. The Pirate Party stresses that the damage to their organization is enormous. Two days before the election their entire communication system was wiped out, and although the main page was brought back up, most services are still interrupted. The Pirate Party further distances itself from the attacks on the websites of the German police, which started after the raid. |
Last Saturday, we 
Just a few hours ago German police confiscated several servers belonging to the Pirate Party. The servers, hosted at AixIT in Offenbach, were taken following a request from the French authorities.| You are subscribed to email updates from TorrentFreak To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
No comments:
Post a Comment