IE 11 is not supported. For an optimal experience visit our site on another browser.

Megaupload Mayhem: Vengeful Hackers Wreak Havoc Across Web

/ Source: SecurityNewsDaily

The cry of the angry hacker echoed across the Internet Thursday and Friday (Jan. 19-20), as members of Anonymous took vengeance for the police shutdown of the file-sharing site by taking down numerous websites, including those of the U.S. Department of Justice, the FBI, Universal Music Group and the Recording Industry Association of America.

Meanwhile, New Zealand authorities released more details about the arrest of Megaupload founder Kit Dotcom, aka Kim Schmitz. Dotcom allegedly retreated into a safe room when police arrived at his Auckland, New Zealand, mansion. Police had to saw their way in, where Dotcom was found, sawed-off shotgun at his side.

And the 72-page indictment of Dotcom and his six co-defendants reveals that authorities did a little hacking of their own, examining the email traffic of at least two Megaupload executives to show a pattern of deliberate attempts to conceal copyright violations and evade takedown notices from copyright holders.

Revenge of the nerds

The Anonymous hacktivist movement struck within 30 minutes of the announcement Thursday afternoon that Megaupload had been shut down, quickly launching distributed denial-of-service (DDoS) attacks against websites belong to the Department of Justice (DOJ), the FBI and various music- and movie-company sites.

Twitter feeds belonging to various Anonymous-related groups chronicled the attacks.

" #TANGODOWN by #OpMegaupload - IN YA FACE BITCHES!" read two tweets by AnonymousIRC. " got attacked by a close-hauled sailing pirate fleet," referring to the Motion Picture Association of America.

"We Anonymous are launching our largest attack ever on government and music industry sites. Lulz," read a manifesto posted online. "The FBI didn't think they would get away with this did they? They should have expected us."

The posting also listed personal information on Motion Picture Association of America (MPAA) head Christopher Dodd, a former Democratic senator from Connecticut, including his home telephone number and address, as well as the names and ages of his wife and young daughters.

As of Friday morning, the websites for Warner Music Group and the royalties-collecting company Broadcast Music, Inc., were still unreachable, and the Universal Music Group site was "under maintenance." Connections to the DOJ site were spotty, but the FBI, Recording Industry Association of America and MPAA sites were all up.

Anonymous Twitter feeds claimed scalps further afield, including the websites of the New Zealand police and a Belgian anti-piracy organization.

Several observers noted that Anonymous seemed to be literally leveraging the power of Twitter to escalate their attacks.

"We've seen many links posted on Twitter, and no doubt elsewhere on the Internet, pointing to a page on the website," noted Graham Cluley of the security firm Sophos. "If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous's choice with unwanted traffic, helping to perpetuate a DDoS attack."

The problem is that Anonymous's main weapon, the so-called Low Orbit Ion Cannon, does not provide any anonymity. Websites being attacked will log the Internet Protocol addresses of attacking computers, which is how the FBI found many Anonymous supporters in raids conducted last year. Innocent people clicking on Twitter links may find themselves on the wrong side of the law without their knowledge.

Dramatic raid

A New Zealand police detective inspector gave the New York Times dramatic details of the arrest of Megaupload head Kim Dotcom early Friday morning local time, as police helicopters landed on the grounds of Dotcom Mansion outside Auckland, the country's largest city.

Dotcom, a 37-year-old German who legally changed his last name from Schmitz, fled to a fortified safe room. When police finally cut through the walls, Dotcom had a gun at his side.

"It was definitely not as simple as knocking at the front door," the detective inspector told the Times.

The indictment listed the property seized from Dotcom and the other defendants, including 10 Mercedes-Benzes with vanity license plates including "GOOD," "EVIL," "STONED," "CEO," "MAFIA," "HACKER," "POLICE," "KIMCOM," and "GUILTY." A Rolls-Royce Phantom belonging to Dotcom bore the license plate "GOD."

"Megaupload will vigorously defend itself," Ira Rothken, the company's California-based lawyer, said to Reuters. "The company is looking at its legal options for getting back its servers and its domain and getting its servers back up online."

In an interview with Cnet, Rothken pointed out that the charges against Megaupload had been beaten before.

"Many of the allegations made are similar to those in the copyright case filed against YouTube and that was a civil case," he said. "And YouTube won."

Like an old-fashioned crime boss, the baby-faced, heavyset Dotcom did his best to endear himself to the people of his adopted city, spending half a million dollars to pay for fireworks over Auckland on New Year's Eve 2010. He also posed with scantily clad models, posted videos of himself racking up high scores in violent video games and participated in the semi-legal Gumball 3000 road race across Europe.

Gizmodo posted an entertaining collage of photos showing Dotcom living large. But longtime Web watchers may notice a resemblance to a former online celebrity.

Megaupload itself cultivated relationships with celebrities, going to far as to list hip-hop producer Swizz Beatz (real name Kasseem Dean) as its CEO. Dean was not mentioned in the indictment, and does not appear to have any stake in the company.

Last month, Dotcom posted a slick promotional video, produced by Dean, on YouTube with half a dozen musical and sports celebrities, including singers Ciara, Kanye West, Diddy,, Game, Chris Brown and Lil John, actor Jamie Foxx, New York Knick Carmelo Anthony, boxer Floyd Mayweather, tennis player Serena Williams and Kim Kardashian all extolling the virtues of the file-sharing service.

Singer Macy Gray provides most of the vocals, and Dotcom himself can be seen rapping a few lines in the video:

Universal Music Group had the video taken down from YouTube, arguing that its artists West, Lil John and Game did not consent to be in the video,  but YouTube swiftly reposted it.

Hacked emails

The indictment also lays out in painstaking detail the efforts the Megaupload executives took to both encourage and conceal the uploading of illegal copies of music, movies, TV shows and software to their various sites.

"Infringing copies of many thousands of copyrighted works on and were made available to tens of millions of visitors each day," the indictment reads. "Members of the Conspiracy monitored the public actions of law enforcement regarding large-scale copyright infringement and took active steps to conceal the copyright-infringing activities taking place on the Mega Sites."

Emails sent to and from accounts belonging to Mathias Ortmann, a German described as the second-in-command at Megaupload, and Bram Van Der Kolk, the chief programmer, were presented as evidence, with some emails dating back to 2006. The email addresses were not disclosed, nor was the explanation why Dotcom and other executives' email accounts were not similarly examined.

"We have a funny business ... modern days pirates :)," Van Der Kolk told Ortmann in an instant-message chat he quoted in a 2008 email to a third party.

"We're not pirates, we're just providing shipping services to pirates :)," Ortmann responded.

Megaupload had a reward system for uploaders who submitted in-demand files, paying thousands of dollars to those whose uploads were downloaded the most by other users. Each file got a unique URL that would be propagated across third-party search sites that provided direct links to Megaupload.

Megaupload itself had no public search function, as it presented itself as a "dumb" storage locker with no knowledge of what was in its vaults — and hence no liability for copyright-infringing content its users might happen to upload.

However, the indictment alleges that Megaupload staffers had a private search function that they used to find copyright-infringing files for their personal use, and had full knowledge that vast amounts of illegally copied movies, music and software were on their servers. And it says the executives were directed by Dotcom not to take down files that had been reported as copyright infringing, unless the reporting entity was legally powerful.

"I told you many times not to delete links that are reported in batches of thousands from insignificant sources," Dotcom allegedly wrote in an April 2009 email to Ortmann, Van Der Kolk and lead graphic designer Julius Bencko, a Slovak also named in the indictment. "The fact that we lost significant revenue because of it justifies my reaction."

The next day, Dotcom wrote, "In the future please do not delete thousands of links at ones [sic] from a single source unless it comes from a major organization in the US."

Five months later, when Warner Bros. Entertainment wanted the power to remove 5,000 files from Megaupload per day, Ortmann wrote to Dotcom, "We should comply with their request — we can afford to be cooperative at current growth levels."

Steps not taken

But in 2010 and 2011, the Megaupload executives could sense the authorities closing in, as news reports circulated about similar sites being shut down and individuals arrested.

One email from Dotcom to Ortmann, both German citizens, posed a question in German: "Possibly not fly to Germany?"

And the Megaupload executives apparently chose not to take a simple step that could have offered them additional protection.

In a July 2010 email to Ortmann and Sven Echternach, also a defendant, Dotcom linked to an article that implied Megaupload was in the U.S. authorities' crosshairs.

"This is a serious threat to our business. Please look into this and see how we can protect ourselfs [sic]," Dotcom allegedly wrote. "Should we move our domain to another country (Canada or even HK [Hong Kong]?)"

"In case domains are being seized from the registrar," replied Echternach, "it would be safer to choose a non-US registrar."

Yet Megaupload never did change its domain from the U.S.-controlled ".com," which enabled U.S. authorities to swiftly shut down the site Thursday.