Home “Once This Hits 4chan, It’s Over:” RIAA/MPAA Privacy/Security Failure

“Once This Hits 4chan, It’s Over:” RIAA/MPAA Privacy/Security Failure

Our good friends over at TechDirt discovered an interesting anomaly and enormous security hole in BayTSP‘s website today.

BayTSP, a Los Gatos, CA-based company, is best known for putting the cease-and-desist smackdown on peer-to-peer copyright violators. The site serves infringement information forms to offending parties on behalf of the copyright holders. Think of them as the online debt collectors of the BitTorrent universe, with all the information security risk that implies.

BayTSP’s process involved sending suspected copyright violators a URL to a “Web Infringement Response System.” These pages were online forms containing fields with infringement notice ID numbers, email addresses, IP addresses, DNS names, and URLs that would identify users by household or even by device.

If the information were secure, this might be fine. However, in some monumental lapse of judgement, the entire site was left open to search spiders and accordingly indexed by Google, allowing anyone with hackerish leanings ample opportunity to create all kinds of mischief.

A Google search for “‘infringement information’ site:baytsp.com” yields distressing results. Some of the pages have been removed, but you can still have a look at the cached versions:

Whoops!

Not only have the forms been online for Google and the waiting world to view; the forms could also be completed and submitted online by just about anyone.

More technically savvy tricksters could send infringement notices of their own. “And, on top of that,” the TechDirt blogger writes, “some have discovered that BayTSP’s site has some scripting vulnerabilities such that you could create a fake complaint and get people to, say, download malware or enter credit card data.”

Although this recent debacle is simply one more PR disaster for the media industries themselves, my first thoughts were echoed by TechDirt commenter Mechwarrior: “Once this hits 4chan, it’s over.”

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.