The “Three-Strikes” anti-piracy legislation that went into effect in France last year is currently on hold following a hack that occurred over the weekend. The hacking incident impacted the file-sharing network monitoring firm that the government contracts with to operate enforcement of the law.
It didn’t take much work on the part of the hackers to breach the security systems of the firm, Trident Media Guard (TMG), according to reports. All of the information anyone needed to break into TMG was actually released by the firm itself.
“A virtual machine leaked a lot of information like scripts, p2p clients to generate fake peers, local physical addresses in the datacenter and even a password that could lead to a major global TMG security breach,” security researcher Olivier Laurelli explained to TorrentFreak.
IP addresses of French citizens who had been under TMG’s watch for violating the anti-piracy law may have also been leaked, reports say.
Eric Walter, secretary-general of HADOPI, the government anti-piracy task force in charge of Three-Strikes, confirmed that “as a precaution Hadopi has decided to temporarily suspend its interconnection with TMG.”
The firm is also facing tough scrutiny from the security community.
“Any firm that gets involved in this will need to make sure that its security is nailed down,” John Walker, professor at Nottingham Trent University’s school of computing told BBC news. “This was the perfect storm waiting to happen. It was an instant target for hacktivists. You can’t even call it a hack, it was a walk-in, a travesty,” he said.
Responsibility for the TMG data leak has not yet been claimed, however comparisons have been made to last year’s email archive leak that exposed predatory collection tactics by UK anti-piracy law firm ACS:Law following a DDoS attack by hacker collective Anonymous.
In order to begin Three-Strikes monitoring operations again, either the security situation at TMG will need to be repaired to the French government’s approval, or HADOPI will have to create a relationship with a new monitoring firm. Currently, TMG is the only company licensed to perform the government’s anti-piracy monitoring.