Megaupload Host Wants To Delete Data

  /     /     /  
Publicated : 22/11/2024   Category : security


Megaupload Host Wants To Delete Data


Movie industry association wants data retained indefinitely, but hosting company says its too expensive. Meanwhile, questions rise over why Anonymous launched retaliatory attack--and who paid for it.



Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
The music, movies, and other data uploaded to cyberlocker website Megaupload before it was shut down may soon be deleted.
According to court documents filed Tuesday, Carpathia Hosting requested an emergency action to protect it from undue expense and burden resulting from the continued storage of 1,103 computer servers containing 25 petabytes (25 million gigabytes) of data, which were used to provide services to Megaupload.
Megauploads servers were
taken offline by court order
in January after federal authorities
unsealed an indictment
accusing seven executives at the cyberlocker service of engaging in racketeering, money laundering, and copyright violations. Four of the people charged, including 37-year-old Megaupload CEO and founder Kim Dotcom, were arrested by New Zealand authorities. While they were later
granted bail
, its expected that U.S. authorities will seek at least Dotcoms extradition.
[ Call 2011 the year of the hacktivist. See
When Hackers Want Much More Than Money
. ]
Since the Megaupload takedown, Carpathia said its been spending about $9,000 per day to maintain the servers at
Equinix data centers
. But due to the Megaupload contracts having been canceled, it must now remove them by April 6, 2012. So Carpathia said its begun relocating the servers, which have a book value of $1.25 million, to its own data centers, which it said will involve $65,000 in transportation costs and $37,000 per month to lease storage space.
But as noted in the court filing, the servers could be repurposed to generate revenue for Carpathia if they were not being used to store data for this litigation. Accordingly, its asked the court to allow it to delete and reprovision the servers; sell them outright to Megaupload, the
Motion Picture Association of America
(MPAA), or the Electronic Frontier Foundation (EFF), since all have expressed interest in the data stored on the servers; or to require one or more of those organizations to help pay for their upkeep.
The Carpathia court filing, first reported by
Wired
, includes a copy of a letter from the EFF, co-signed by Kim Dotcoms lawyer, which requests that the hosting companies retain the data for future litigation, as well as to hopefully
reunite innocent individuals with their data
. Another letter included in the filing is from the MPAA, which demanded that Carpathia retain the data indefinitely, including details of which users uploaded specific files, although the MPAA told
Wired
that it had no plans to sue individual users.
The MPAAs letter, dated January 31, 2012, and the EFFs letter, dated February 1, 2012, appear to have been triggered by news reports that authorities told Megauploads two hosting companies, Carpathia Hosting and Cogent Communications, that theyd likely be able to
begin deleting the Megaupload data
as early as February 2, 2012, since investigators had nearly finished reviewing the data.
But the MPAA argued otherwise. In light of the potential civil claims by the studios, we demand that Carpathia preserve all material in its possession, custody, or control, including electronic data and database, related to Megaupload or its operations, wrote MPAA attorney Steven B. Frabrizio, of law firm Jenner & Block, to Carpathia. This would include, but is not limited to, all information identifying or otherwise related to the content files uploaded to, stored on, and/or downloaded from Megaupload; all data associated with those content files, the uploading or downloading of those files, and the Megaupload users who uploaded or downloaded those files. While questions persist over how soon that data might be deleted, new questions have arisen over the Megaupload takedown, including the series of
retaliatory distributed denial-of-service
(DDoS) attacks launched by Anonymous against the public-facing websites of the FBI, Justice Department, as well as industry music and movie associations. Those attacks were launched in large part using the Anonymous
Low Orbit Ion Cannon
(LOIC) DDoS tool, as well as by tricking people into clicking on JavaScript links that would trigger DDoS attacks.
The Anonymous attacks are interesting, however, because they were so relatively high-powered. Weve seen LOIC, weve figured out how much load it can put out on occasion, weve seen the crowd that they were able to attract for that attack that we tracked down, and its consistent with most of the activities attributed to Anonymous over the years [which are] low-scale attacks, said Amichai Shulman, CTO of Imperva, in a meeting at the RSA conference in San Francisco last month. (The Anonymous attack that Imperva tracked down, according to news reports, was
launched against a Vatican website
.)
But something about the high-powered attacks in defense of Megaupload may not add up. There are very few incidents in which Anonymous went after large targets and were able to actually produce very high traffic volumes, he said. For example, take
Operation Payback
. They went after very large targets, and were able for a few minutes at least to produce enough bandwidth to at least somewhat affect those applications.
Producing that bandwidth required more than LOIC; it took
botnets
. But who paid for the botnets? Ditto for the intensive series of attacks launched as part of Operation Megaupload. Whos funding that, and why on those occasions? said Shulman.
In fact, some of the
highest-profile Anonymous attacks
look like the work of organizations or industries that stood to lose a substantial amount of money, be it through receiving donations, or selling cyberlocker service subscriptions. Operation Payback, for example, wasnt a retaliation for [Julian] Assanges arrest. It was a retaliation for the fact that they stopped moving funds to WikiLeaks, Shulman said. Megaupload was presumably an attack against freedom of the Internet and speech, but basically it was a takedown of a very profitable financial operation. The only question Im asking is, is this coincidence?
Its no longer a matter of if you get hacked, but when. In this special retrospective of news coverage,
Monitoring Tools And Logs Make All The Difference
, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Megaupload Host Wants To Delete Data