If the RIAA can't keep its site up, who can?

For one reason or another your business or organization has raised the ire of some very tech savvy individuals and you can't seem to keep your Web site up and running. What do you do?

That may just be what the Recording Industry Association of America Inc. (RIAA) is asking itself, given that its site came under attack yet again on Friday.

The recent downing is just the latest in a string of assaults on the music industry group's site, apparently stemming from the RIAA's recent crackdown on illegal peer-to-peer (P-to-P) file swapping.

The takeoff of P-to-P sites, beginning with the advent of Napster Inc. -- pushed out of business by an RIAA lawsuit -- and continuing with players such as Kazaa and Morpheus, has been considered a serious threat to record labels' business. The RIAA has expressed growing concern as more and more Net users opt to trade music for free rather than buy CDs. Hence, the group's problems.

The group, which represents the Big Five record labels, has had its site felled repeatedly, and for longer periods of time, over the last several months. Hackers have even gone as far as modifying the RIAA site by adding links to illegal music downloads. The latest attack came last month, and IDG News Service staffers noted that they were not able to access the site for at least three days.

At that time, the RIAA announced that the U.S. Federal Bureau of Investigation (FBI) and the Secret Service were investigating.

But because the RIAA has been reticent in commenting on the subject, and issued a standard statement Friday that it is "investigating the latest attack," it is unclear why the deep-pocketed group has not been able to more adequately defend itself.

Records posted on Netcraft Ltd.'s Web site, which offers reports on networks connected to the Internet, show that the group has switched hosting providers twice in the last two months, moving from UUNET Technologies Inc. to Digex Inc. in December and then from Digex to Tomorrow's Solutions Today Inc. (TST) on Jan. 29.

TST, a small company, owns a block of IP addresses hosted by Savvis Communications. Alif Terranson, lead operations security network engineer at Savvis, confirmed that his company replaced Digex as the RIAA's hosting provider. He also added that the RIAA had been bombarded by hackers and "script-kiddies" for some time now.

"It's part of the problem of attracting so much attention," Terranson said. "These kids have so much time to spare."

The RIAA's move to Savvis would seem like a logical choice, given that the hosting company is offering a high-technology criminal investigation program to federal, state and local law enforcement agencies, according to a press release posted on the company's Web site earlier this week. Coincidently the release was pulled from Savvis' site shortly after posting because the program was not supposed to be officially launched until next week.

But the downing of the RIAA site again on Friday raises the question of why a hosting provider that is planning to train law enforcement officials and the FBI and Secret Service cannot keep the site up.

"The federal government is going out to see if they can get the private industry to help for areas where they are lacking expertise," Terranson said, discussing efforts to collaborate on Internet security. "They don't have the background or expertise necessary to track attacks on a moment to moment basis."

He added that traditional law enforcement training does not always prepare investigators to conduct efficient investigations of security-related crime.

A pair of security experts also voiced their concerns about how much ground the federal government will ever be able to cover in cyberspace due to the challenging nature of Internet security.

"It's an arms race," said Steve Bellovin, a security researcher at AT&T Labs.

As a high-profile site, the RIAA faces an army of hackers and, like any business, must deal with bad software code. "Most security problems are due to buggy code, and all the security in the world does not solve that problem," Bellovin said. "We can make progress, but there are no answers."

Revelations that the security industry and federal government have a long way to go in filling online security holes come at an uneasy time when the U.S. has been forced to shore up its Internet security amid increased terrorist threats.

A reorganization of the FBI following the Sept. 11, 2001 terrorist attacks has put an emphasis on securing cyberspace, yet it is still unclear how the agency will sharpen its skills and knowledge in the field.

Avi Rubin, associate professor of computer science at Johns Hopkins University, in Baltimore, said problems with Internet security are only exacerbated by the government's use of secrecy in its investigations.

"The government is paying a lot of lip service right now to cybersecurity and making a big deal out of it," Rubin said. "It is not uncommon for politicians to go after whatever they think is important. The government by their very nature does a lot of research that is classified and that may work for some things, but in security nothing works better than sharing information with peers."

When asked this week about the probe into the RIAA site hackings, an FBI representative said the agency does not comment on ongoing investigations. However, with its appeal to private companies such as Savvis for help, it seems clear the agency is taking cyber crime issues seriously.

Meanwhile, the challenges of Net security seem to change and grow with the advent of new technologies and even more savvy hackers, leaving both the security industry and the government struggling to keep up, Bellovin said.

How authorities respond to these challenges remains to be seen. Considering reports Friday that President George W. Bush has directed the government to develop a policy on waging cyber-warfare, the issue most likely will continue to garner attention.

However, Bellovin said there is only so much that can be done to help a site under attack.

"There are no magic answers to this problem," he said.

For the RIAA, and other Web site owners who have become the target of hackers, that fact may be cold comfort.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?