Revision3 suffered Denial of Service attack from... MediaDefender?
Revision3, host of such video podcasts as Diggnation, Systm and TekZilla, suffered a Denial of Service attack over the Memorial Day weekend. The interesting twist in this is that Revision3 says MediaDefender was the one causing the DoS attack.
Why is this interesting? Because for years discussions have been going on about the moral and legal issues of remotely trying to patch a machine that is part of a zombie network. The strategy is using a similar technique as the controllers of the network use to tell their zombies what to do, but in this case it tells the zombies to patch themselves and “revive” them from zombiness. The main point of discussion is whether or not it is morally and legally correct to control someone else’s machine, even if the purpose of that control is to fix a problem.
And here is MediaDefender doing that exact thing, with the disastrous end result that prevents anti-virus companies from employing the remote patch strategy. According to Jim Louderback’s blog post (CEO of Revision3), MediaDefender readily admits to using Revision3 servers for what they believe a good cause (distributing fake torrents to identify and neutralize illegal file sharing websites). The problem is, they never informed Revision3, who noticed the unknown torrents, identified them, and blocked access to them. At that point, the MediaDefender servers went postal, believing that some distributor had blocked them, and started a SYN flood on the Revision3 servers.
When Revision3 traced all this back to MediaDefender, there was no apology or anything. Just a statement saying that they now added a policy to prevent this from happening again. Which is perfectly fine, but what about the thought behind the original policy? What if this DoS was targeted against something more critical than Revision3’s video distribution (not belittling Revision3), like a hospital, power plant or EMS station?
I hope Revision3 follows up on this. Apparently the FBI is involved (a DoS attack is illegal), and hopefully this will result in something more than a slap on the hand.
Update: Wired has blogged about this as well.