Risk
1/23/2012
01:45 PM
50%
50%

Megaupload Takedown Questioned By Users, Lawyers

Scrutiny increases from users and lawyers regarding the DOJ's decision to block legally uploaded content and pursue criminal charges against file-sharing company..

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Did U.S. authorities overstep their jurisdiction when they pulled the plug on cyberlocker service Megaupload last week?

To make its case that the file-sharing site needed to be shuttered, the Justice Department Thursday seized Megaupload's servers and released a 72-page indictment accusing seven Megaupload executives of racketeering, money laundering, and copyright violations, which allowed them to amass $175 million in "criminal proceeds" since the company was founded in 2005.

Legally speaking, the feds were able to execute their takedown of Megaupload in part because the company, which is based in Hong Kong, hosted many of its servers in Virginia and Washington, D.C..

But the founder of Megaupload, Kim Dotcom (aka Kim Tim Jim Vestor, aka Kim Schmitz), has denied all of the charges leveled against him. Dotcom appeared Monday in a New Zealand courtroom, together with three other Megaupload executives who'd been apprehended in that country at the request of U.S. authorities. All four men have requested bail, but police have labeled Dotcom a flight risk, saying he might have access to secret bank accounts abroad. Accordingly, the presiding judge said he'll review the matter and issue a ruling by Wednesday, according to media reports, which will likely apply to all four men. Parole questions aside, experts estimate that extradition proceedings, if initiated by the United States, could take up to a year.

[ Read about how hacktivist group Anonymous retaliated for the DOJ's takedown of Megaupload. Anonymous Retaliates For Megaupload Raids: 10 Key Facts. ]

Currently, Megaupload's servers remain offline, and browsing to the site resolves to a graphic announcing that "this domain name associated with the website Megaupload.com has been seized pursuant to an order issued by a U.S. District Court." The statement provides no indication of when any of the data stored by the site might be restored, if ever.

In response to the FBI's crackdown on Megaupload, file-sharing site Filesonic immediately disabled link sharing for uploaded content. According to a notice posted on the site: "All sharing functionality on FileSonic is now disabled. Our service can only be used to upload and retrieve files that you have uploaded personally."

But users' inability to access content that they'd legally stored on Megaupload has been leading to a populist backlash against the takedown. Academic Steve Su, for example, told The Sydney Morning Herald in Australia that the FBI's mass takedown had inappropriately blocked legitimate content that he'd uploaded for sharing with his students.

"It's like confiscating everyone's mobile phone because terrorists used them," he said. "I don't think it's correct to penalize the technology because, based on that logic, shouldn't the Internet be taken down, as this is how people infringe copyright?"

Meanwhile, veteran Spanish privacy attorney Carlos Snchez Almeida, who's based in Barcelona, said the takedown may have violated people's privacy rights under Spanish law. Accordingly, he's threatened to file suit over the Megaupload takedown. On his Jaque Perpetuo blog, Almeida wrote Friday that "Spanish citizens who had accounts in Megaupload should collect as much information about the files that they had hosted, for the purposes of a possible claim" against the U.S. government. In particular, the U.S. government's actions may conflict with Spanish data-access and privacy laws, especially if U.S. authorities begin accessing data that was stored by Megaupload.

Interestingly, the majority of Megaupload's user traffic came from outside the United States, based on statistics from traffic measurement company Alexa. The greatest share of user traffic came from France (10%), followed by Brazil (8.8%), the United States (7.3%), and Spain (7.2%), reported The Daily Caller.

The Justice Department's tactics, including accusing a file-sharing website of racketeering, money laundering, in addition to copyright violations, has some U.S. legal experts asking whether the case would stand up in court. "These actions, more suitable to the type of steps that the government takes against an organized-crime enterprise dedicated to murder, theft, and racketeering, are astonishing," said Jeff Ifrah, an attorney who co-chairs the American Bar Association's criminal justice section and committee on white collar crime, via phone.

"The government seems to have ignored the fact that other popular content-sharing sites have successfully defended themselves in civil cases by using the safe harbor provisions of the Digital Millennium Copyright Act, which provide immunity to a site that promptly takes down infringing content," he said.

To make the Justice Department's case, prosecutors must prove that safe harbor rules didn't apply to Megaupload. Accordingly, the indictment accused Megaupload executives of failing to remove copyrighted material from their site, even after copyright holders had requested it be removed. But Ifrah said it's not clear whether Megaupload's failure to remove certain pieces of content reached the level of criminal intent. Perhaps, instead, the company didn't receive some takedown notices, or disagreed with certain requests.

Furthermore, the government's racketeering charge--typically only used for mob cases involving drugs or gambling--suggests to Ifrah that prosecutors are overreaching. "The allegations here are very similar to the allegations that were made in the YouTube case," in which Viacom accused the video-sharing site of hosting almost 160,000 unauthorized pieces of content, he said. "Certainly no one accused YouTube of having mob-like activities."

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
John doe
50%
50%
John doe,
User Rank: Apprentice
1/23/2012 | 8:20:25 PM
re: Megaupload Takedown Questioned By Users, Lawyers
All this because the MPAA lobbyists threatened to pull financial support to White house.

Hey White house I need help with my business too, can you close down the restuarant next to mine. They have a customer in there that plays music all day and I think he downloaded it from the internet. So please close down there place and I will contribute to your reelection. Your doing it for the MPAA so its only fair right? Thanks.
BeckOla
50%
50%
BeckOla,
User Rank: Apprentice
1/23/2012 | 10:36:51 PM
re: Megaupload Takedown Questioned By Users, Lawyers
"All this because the MPAA lobbyists threatened to pull financial support to White house."

In the USA Today:

Google's fourth-quarter lobbying bill triples to $3.8M

The amount that Google Inc. spent making its political points from October through December is by far the company's highest lobbying tab for any three-month period since Google's Washington office opened in 2005. The total compared with a lobbying budget of $1.24 million during the final three months of 2010 and $2.38 million in the third quarter of 2011.

Don't be evil?
Hmmmm
50%
50%
Hmmmm,
User Rank: Apprentice
1/23/2012 | 8:57:11 PM
re: Megaupload Takedown Questioned By Users, Lawyers
As usual the US has tried to bully its way around again and as usual has stretched the law to suit itself in the hope it will get at least something out of the action. This time they have gone to far. This time they have tried to bully a person with the money to fight them back and then sue the britches off the US government.
To pursue this action leaves universities, that rely on the net to educate their students in distance education, in line for prosecution as all material in schools are written by someone else. Not only that all students that upload their assessments, and assignments for the teacher to mark will now face legal action for copyright infringement. Yes we know it is their own work but if the US were to succeed in their action this is what WILL happen. The US intends to deploy legal action against all material used and since most research and empirical material comes from the US, uni's world wide are now in a lot of trouble.
Will the US succeed? No. It is not possible and the international legal community is moving to stop the US pulling this off. The world no longer tolerates the US's bullying and reacts quickly to any attempt at control by the US.
It is time now for all students to seek litigation against the US government for illegally stopping them downloading or uploading their own material. This is going to be rather profitable for many people and the bill for the yanks is going to finally make them wake up to the reality they don't control the world anymore nor will they get away with bullying.
Steven Noyes
50%
50%
Steven Noyes,
User Rank: Apprentice
1/23/2012 | 9:35:59 PM
re: Megaupload Takedown Questioned By Users, Lawyers
Quite a rant for something with no basis in reality. It was funny to read, however.

PS: If you are a student, then I suggest you actually read up and understand copyright laws so you can make some rational points next time.
BeckOla
50%
50%
BeckOla,
User Rank: Apprentice
1/23/2012 | 10:13:34 PM
re: Megaupload Takedown Questioned By Users, Lawyers
Thanks for making sense Steven.
acd
50%
50%
acd,
User Rank: Apprentice
1/23/2012 | 10:20:28 PM
re: Megaupload Takedown Questioned By Users, Lawyers
That is the most nonsensical rant about nothing.
Do I agree that the US DOj overstepped is authority, yes
However the notion that private citizens could sue them and I lost you after that

Simple obama did not get his soap or pipa bills and needs to look like he is out for Hollywood and music industry leaders so he can get their support for losing re-election campaign. In short he needs their money. If is goes south he can just through Eric holder under the bus as he is damaged goods anyway.
shyshar
50%
50%
shyshar,
User Rank: Apprentice
1/23/2012 | 9:00:58 PM
re: Megaupload Takedown Questioned By Users, Lawyers
I am really confused what US government is targeting? What they think these types of sites will shut down? Megaupload already created a new site, check this http://bit.ly/zv5iO7
NovaAnderon
50%
50%
NovaAnderon,
User Rank: Apprentice
1/23/2012 | 10:17:03 PM
re: Megaupload Takedown Questioned By Users, Lawyers
Let's ban knives while we're at it. Crimes have been committed with those too.
BeckOla
50%
50%
BeckOla,
User Rank: Apprentice
1/23/2012 | 10:50:27 PM
re: Megaupload Takedown Questioned By Users, Lawyers
FYI - No one is proposing a ban on computers. A knife is a useful tool (as are computers). However, that doesnGÇÖt mean that we should condone crimes committed with these tools. If you were stabbed I'd bet youGÇÖd call the cops because a crime was committed. This is no different. DonGÇÖt blame the tool; itGÇÖs the criminal using the tool that is at the root of this problem.
PMULLEN000
50%
50%
PMULLEN000,
User Rank: Apprentice
1/23/2012 | 11:04:10 PM
re: Megaupload Takedown Questioned By Users, Lawyers
Read the indictment. Its posted at http://www.washingtonpost.com/...

The Feds address all these points. If the quoted emails are genuine, and I assume they are, Kim DotCom knew that most of his income was coming from illegal content. He complained when his partners granted too many DMCA requests. They deliberately removed illegal files from their published "Top 100 downloads" list. So they must have known they were illegal.
Also the indictment alleges when they did receive a DMCA take-down request, they only deleted the link to the file, not the file itself, and left hundreds of other links to the same file online, even though they knew (from the hash value of the uploaded file) that these links pointed to the same content. One of the emails from Dotcom told his associates to set up dummy user accounts to host duplicate links to popular content in case the original link was taken down.
Oh yes, and, according to those same emails, they knowingly chose to pay bonus awards of up to $1500 to people who had uploaded popular illegal content, although their site said they wouldn't.
One email said "we are not pirates, we just provide shipping services for pirates".
BrainiacV
50%
50%
BrainiacV,
User Rank: Apprentice
1/24/2012 | 9:05:31 PM
re: Megaupload Takedown Questioned By Users, Lawyers
MEGAUPLOAD - The BetaMax battle for the 21st Century. The MPAA lost that one, but obviously they still yearn for the days when they could dictate what movies you could see, when you could see them, and made sure you paid for every showing.
FreedomOrElse
50%
50%
FreedomOrElse,
User Rank: Apprentice
1/24/2012 | 11:49:01 PM
re: Megaupload Takedown Questioned By Users, Lawyers
"Did U.S. authorities overstep their jurisdiction when they pulled the plug on cyberlocker service Megaupload last week?"

Absolutely. As an American citizen with family that served this country in the armed forces for generations, I assure you that we are appalled. Freedom in computing, freedom of speech and various freedoms granted us by serving what we believe in is being trampled on by large corporate interests. If large organizations do not like what the Internet does for their business, they need to change "THEIR BUSINESS POLICY", and learn to work with the future and modern technologies. Not remedy via unpatriotic donations and sponsorship to their choice of lame duck polititions that have done little in years to protect the rights of the citizens as outlined in the United States Constitution. We died for this country. This country sent us to do the job. We expect freedom in this country and it's slowly being erroded from under our feet.

The government of the United States should have absolutely no control over the Internet. None. I'm tired of hearing our Congressman bark at what they call "Wild Wild West" in terms of the Internet. They have no clue. None. We built it. We have degrees and knowledge in the tech world. Why is it that the clueless rule over the wise?

It's freedom or else. The govenment of the United States better learn to live with that motto.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.