The megaupload bust

January 23, 2012

My daughter was distressed yesterday after the Feds shutdown the megaupload file sharing site – “How am I going to see all those series and Korean movies I love? It’s not fair!”
The FBI have been after Mr Dotcom for 8 years. His big problem was not the file sharing but his other criminal activities.  After all, there is infinite demand for file sharing,  Filesonic is cleaning up now that Megaupload went bust and Viacom didn’t go after Erich Schmidt as Viacom lost their billion dollar copyright case to Google 2 years ago.
But really – beyond the consumer appetite for entertainment, and corporate appetite for filing intellectual property and copyright suites, why isn’t Hollywood getting it right when it comes to content protection?  If they were getting it right, Sony-Columbia would be running the file sharing sites, charging $1/movie and $3 for premium content and driving all the file sharing sites out of business.
Instead – the big studios are making the same mistake that corporate America makes when it comes to content protection – ignoring the attacker economics.
After all, the HDCP black-listing scheme defies the laws of physics and reason. For example, you may be a perfectly law-abiding citizen, but if someone in Sofia hacks your model XY500 DVD player, the device key is revoked, and you will never be able to play discs that came out after the date the device was compromised. If a hacker taps into the HDMI / HDCP signal copies a movie enroute to your model TV Set, the HDCP device key can be revoked and your 80 inch TV will never play high-definition again.
Blu-Ray copy protection was broken 5 years this month (January 2007) (Courtesy of muslix64, the same fellow who cracked HD-DVD). Both HD DVD and Blu-ray use HDCP (High-Bandwidth Digital Content Protection) for authentication and content playing, and both use the AACS (Advanced Access Content System) for content encryption. (AACS is the content protection for the video on DVDs and HDCP is the content protection on the HDMI link between the DVD player and the TV). It appears that muslix64 took a snapshot in memory of a running process, then used selective keying – serially trying bytes 1-4, then 2-5, 3-6 etc as the keys until the MPEG frame decrypted. (much faster than a pure brute force attack). If the video player process stores the key in clear text in memory, this type of attack will always work.
Like most flawed encryption schemes, AACS is vulnerable to threats to due a poor software implementation.

” The AACS design prevents legitimate purchasers from playing legitimately purchased content on legitimately purchased machines, and fails to prevent people from ripping the content and sharing it through bittorrent. The DRM people wanted something that could not be done, so unsurprisingly they winded up buying something that does not do it”
James Donald.

Now we understand why BitTorrent is so popular and why

More Articles