If the RIAA can't keep its site up, who can?

For one reason or another your business or organization has raised the ire of some very tech savvy individuals and you can't seem to keep your Web site up and running. What do you do?

That may just be what the Recording Industry Association of America Inc. (RIAA) is asking itself, given that its site came under attack yet again on Friday.

The recent downing is just the latest in a string of assaults on the music industry group's site, apparently stemming from the RIAA's recent crackdown on illegal peer-to-peer (P-to-P) file swapping.

The takeoff of P-to-P sites, beginning with the advent of Napster Inc. -- pushed out of business by an RIAA lawsuit -- and continuing with players such as Kazaa and Morpheus, has been considered a serious threat to record labels' business. The RIAA has expressed growing concern as more and more Net users opt to trade music for free rather than buy CDs. Hence, the group's problems.

The group, which represents the Big Five record labels, has had its site felled repeatedly, and for longer periods of time, over the last several months. Hackers have even gone as far as modifying the RIAA site by adding links to illegal music downloads. The latest attack came last month, and IDG News Service staffers noted that they were not able to access the site for at least three days.

At that time, the RIAA announced that the U.S. Federal Bureau of Investigation (FBI) and the Secret Service were investigating.

But because the RIAA has been reticent in commenting on the subject, and issued a standard statement Friday that it is "investigating the latest attack," it is unclear why the deep-pocketed group has not been able to more adequately defend itself.

Records posted on Netcraft Ltd.'s Web site, which offers reports on networks connected to the Internet, show that the group has switched hosting providers twice in the last two months, moving from UUNET Technologies Inc. to Digex Inc. in December and then from Digex to Tomorrow's Solutions Today Inc. (TST) on Jan. 29.

TST, a small company, owns a block of IP addresses hosted by Savvis Communications. Alif Terranson, lead operations security network engineer at Savvis, confirmed that his company replaced Digex as the RIAA's hosting provider. He also added that the RIAA had been bombarded by hackers and "script-kiddies" for some time now.

"It's part of the problem of attracting so much attention," Terranson said. "These kids have so much time to spare."

The RIAA's move to Savvis would seem like a logical choice, given that the hosting company is offering a high-technology criminal investigation program to federal, state and local law enforcement agencies, according to a press release posted on the company's Web site earlier this week. Coincidently the release was pulled from Savvis' site shortly after posting because the program was not supposed to be officially launched until next week.

But the downing of the RIAA site again on Friday raises the question of why a hosting provider that is planning to train law enforcement officials and the FBI and Secret Service cannot keep the site up.

"The federal government is going out to see if they can get the private industry to help for areas where they are lacking expertise," Terranson said, discussing efforts to collaborate on Internet security. "They don't have the background or expertise necessary to track attacks on a moment to moment basis."

He added that traditional law enforcement training does not always prepare investigators to conduct efficient investigations of security-related crime.

A pair of security experts also voiced their concerns about how much ground the federal government will ever be able to cover in cyberspace due to the challenging nature of Internet security.

"It's an arms race," said Steve Bellovin, a security researcher at AT&T Labs.

As a high-profile site, the RIAA faces an army of hackers and, like any business, must deal with bad software code. "Most security problems are due to buggy code, and all the security in the world does not solve that problem," Bellovin said. "We can make progress, but there are no answers."

Revelations that the security industry and federal government have a long way to go in filling online security holes come at an uneasy time when the U.S. has been forced to shore up its Internet security amid increased terrorist threats.

A reorganization of the FBI following the Sept. 11, 2001 terrorist attacks has put an emphasis on securing cyberspace, yet it is still unclear how the agency will sharpen its skills and knowledge in the field.

Avi Rubin, associate professor of computer science at Johns Hopkins University, in Baltimore, said problems with Internet security are only exacerbated by the government's use of secrecy in its investigations.

"The government is paying a lot of lip service right now to cybersecurity and making a big deal out of it," Rubin said. "It is not uncommon for politicians to go after whatever they think is important. The government by their very nature does a lot of research that is classified and that may work for some things, but in security nothing works better than sharing information with peers."

When asked this week about the probe into the RIAA site hackings, an FBI representative said the agency does not comment on ongoing investigations. However, with its appeal to private companies such as Savvis for help, it seems clear the agency is taking cyber crime issues seriously.

Meanwhile, the challenges of Net security seem to change and grow with the advent of new technologies and even more savvy hackers, leaving both the security industry and the government struggling to keep up, Bellovin said.

How authorities respond to these challenges remains to be seen. Considering reports Friday that President George W. Bush has directed the government to develop a policy on waging cyber-warfare, the issue most likely will continue to garner attention.

However, Bellovin said there is only so much that can be done to help a site under attack.

"There are no magic answers to this problem," he said.

For the RIAA, and other Web site owners who have become the target of hackers, that fact may be cold comfort.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?