dslreports logo
 story category
UK Copyright Harrassment Law Firm Crushed By Privacy Bomb
ACS:Law site hack causes massive PR damage for ISPs, law firm
ACS:Law is a pioneer in the growing field of "lawsuit-o-matic" business models: wherein the company threatens file traders with lawsuits in the hopes they'll be unable to defend themselves and settle before the case sees a courtroom. Last week saw the firm's website hacked, resulting in the posting of a massive volume of private information to BitTorrent. That information included ACS:Law e-mails, user records obtained by ISPs, company financials, and more. Needless to say, UK consumers aren't happy to have their identities -- and porn BitTorrent activity exposed publicly, ACS:Law now faces possible lawsuits, and the leak exposes just how cavalierly many ISPs hand over subscriber information to these kind of unaccountable copyright pugilists.
view:
topics flat nest 
old_wiz_60
join:2005-06-03
Bedford, MA

old_wiz_60

Member

isps..

don't really give a rats tushie about customer privacy. Handing over subscriber information is fine with them. I wonder if the lawyers give the ISPs a cut of the profits?

knightmb
Everybody Lies
join:2003-12-01
Franklin, TN

1 recommendation

knightmb

Member

Re: isps..

said by old_wiz_60:

don't really give a rats tushie about customer privacy. Handing over subscriber information is fine with them. I wonder if the lawyers give the ISPs a cut of the profits?
Speak for yourself, my ISP doesn't hand over squat unless it's signed by a judge first.

Packeteers
Premium Member
join:2005-06-18
Forest Hills, NY
Asus RT-AC3100
(Software) Asuswrt-Merlin

Packeteers

Premium Member

Re: isps..

said by knightmb:

my ISP doesn't hand over squat unless it's signed by a judge first.
dream on dude - any law enforcement agency can get any ISP's data about you in seconds - no judge is required.

SLD
Premium Member
join:2002-04-17
San Francisco, CA

1 edit

SLD to knightmb

Premium Member

to knightmb
Your profile shows AT&T as your ISP. LOL!!!!!!!!
[Edit] occurs to me you were joking

James Promph
@opaltelecom.net

James Promph to old_wiz_60

Anon

to old_wiz_60
Yes they do get a cut of the profits, a leaked email from them shows the enumeration package to the ISP's involved. About £60+ ($90US) for low numbers per name. This is for volumes up to 1000 names from the ISP. So yes it is big money, and is nothing more than blackmail.

And the ISP's do use this as part of there revenue, as also disclosed in the emails, O2 asking for payments that are overdue etc.

The whole thing is a total scam, the technology has been proven wrong, and the maximum in the UK if it did go to court would be the value of the product concerned, about 70p for a song.

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru

MVM

Why was it on the webserver?

quote:
That information included ACS:Law e-mails, user records obtained by ISPs, company financials, and more
Why was all that stuff on the webserver to begin with? It seems to me that ACS:Law's webmaster should go back to Webservers 101 when it comes to securing things, and keeping sensitive information off public servers where it probably doesn't need to be anyways.

Daarken
Rara Avises
Premium Member
join:2005-01-12
Southwest LA

Daarken

Premium Member

Re: Why was it on the webserver?

Probably like many other firms, they are too cheap to have a hosting company, instead they just keep it all running on a local server in their office.

Serves them right if they get sued.
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to cdru

Premium Member

to cdru
I actually asked the same thing on a different forum, Just does not make sense to have that stuff in the website restore files.

Upside for those who grabbed it though is that its not hacking if it was not behind any security and just there for download.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

1 recommendation

DownTheShore

Premium Member

Gee, I Wonder...

...if they'll "settle before the case[s] sees a courtroom"?

bobsmith
@194.75.37.x

bobsmith

Anon

facts, i think

From what i understand their website was not 'hacked'. It was subjected to a DDoS attack and crippled as a result.

When ACS:Law put the site back online later they screwed up and put the email/client info that is everywhere now easily accessible to download.

DataRiker
Premium Member
join:2002-05-19
00000

3 edits

DataRiker

Premium Member

Re: facts, i think

That was the official story, but it does not make sense on many levels. Personally I think those files had truly anonymous help getting onto the root of the drive. From the looks of the leaked financial info of this company I bet it was inside help. They paid their help next to nothing.

Just another case of what goes around comes around.
gorehound
join:2009-06-19
Portland, ME

gorehound to bobsmith

Member

to bobsmith
someone needs to do the same thing to those asses the USCG !!!

trainwreck6
join:2010-09-21
off track

trainwreck6

Member

Re: facts, i think

If you're gonna steal stuff, better go deep VPN underground, or, "buy used" as you say...
munky99999
Munky
join:2004-04-10
canada

munky99999 to bobsmith

Member

to bobsmith
The website was defaced first. Then the ddos occured. While it was down they wiped the machine because well... if it got defaced it got pwned. Gotta clean it out.

They then had their clean default machine with basic services like webserver goin. Then they were to do their backing up without doing a real backup. Except the full backup files were put on the machine to pick from.

When ddos stopped... they had a webfacing unpatched machine with full backups ready to be downloaded by the same attackers who originally defaced. They grabbed the backups and ran to bittorrent

Probably defaced it a 2nd time.
munky99999

munky99999

Member

2 things?

What forces you to give real details to your ISP? Are they seriously doing a background check on you? If I give a fake name and use prepaid credit cards... they dont have much of a case against me...

As for potential lawsuits for privacy breach... im not sure you really have a case. The means to getting access to the backups is more or less illegal no doubt... or at least they can point to ddos and say so.

If I break into a doctor's office and steal patient's info... then post that info on the net... im pretty sure nobody can sue the doctor.

I wonder if there's any case history for this sort of thing.

joako
Premium Member
join:2000-09-07
/dev/null

joako

Premium Member

Re: 2 things?

It looks like they messed up restoring their website to another server. So they are 100% responsible for setting up a webserver with that data on it. "We were in a hurry" is not a valid excuse.

N9MD
Too busy to chat
Premium Member
join:2005-10-08
Boca Raton, FL

N9MD to munky99999

Premium Member

to munky99999
said by munky99999:

...If I break into a doctor's office and steal patient's info... then post that info on the net... im pretty sure nobody can sue the doctor.
Totally inaccurate, munky! New Federal laws within the last few years mandate that all patient records be kept in securely locked spaces (file cabinets, file rooms or on secure computer hard disks). This was part of the HIPAA patient privacy rules sent down from Wash, DC. We physicians can indeed be sued by a patient (or charged by the Federal government) if records are compromised or stolen (even if we think they were secure). Of course, the actual outcome of these legal actions would be determined in a court of law ... but the cost of litigation would bankrupt any physicians' offices.

Bottom line ... anyone can litigate anything, be it private or public entities. Ultimately, it's up to the judicial system as to who wins and who loses.