So says an article titled Why RIAA Keeps Getting Hacked over at Wired News. Seems the RIAA just had their site hacked again this past Monday with the hackers posting a URL that allowed anyone and everyone to post press releases on the official site. Many took advantage of it to post all kinds of amusing press releases.
The URL was widely circulated on Internet relay chat groups on Monday. People merrily posted bogus press releases and waited for the RIAA’s reaction.
Hours later, they were still waiting. The hole stayed open for seven hours.
“Hey, don’t you think they should have noticed that press release urging people to have sex with barnyard animals by now?” one chat participant asked, several hours after the bogus press releases first hit the RIAA site.
Security experts are saying the problem is that the RIAA is run by a bunch of idiots who don’t understand technology as much as they claim to.
Since the RIAA site is such a tempting target, many wonder why the organization hasn’t made more of an effort to secure its site. On Monday, access to the site’s supposedly private innards was gained in much the same way as it was last August.
Some security experts said in no uncertain terms that the latest defacements indicate the RIAA is clueless about technology. They charge that this ignorance has resulted in the RIAA attempting to combat digital file sharing in ineffective, counter-productive ways.
“It’s obvious that they don’t get the Web, and they don’t get technology, or they’d understand how to protect their own website,” said Wall Street systems administrator Anthony Negil.
“The flaws that people are exploiting to access their site are elementary security issues, and there’s no excuse for an organization that purports to understand the dark side of the Internet to leave such gaping holes in their own network infrastructure.”
Trying to keep up with all the security patches and such that come down the pike can be daunting so it’s not at all surprising that a much hated organization like the RIAA would be repeatedly hacked, but you’d think they’d at least fix the holes the hackers have already used once.
“My opinion is that the people at the RIAA (who are) making the statements about P2P hacking and the (Digital Millennium Copyright Act), the executives and legal staff, are completely disconnected from the technical folks who actually run the website,” said Robert Ferrell, a systems security specialist.
Ferrell and others predicted that if the RIAA escalates its antipiracy efforts, the organization’s site will be completely knocked off the Internet.
“The RIAA honestly has no idea what they’re up against. They will be toast the first time they try to shut down a P2P network being used by any serious black hats,” Ferrell said.
Naturally, the RIAA’s response to this will be to milk it for all it’s worth with Congress as another example of why the need new laws that allow them to drive over and shoot in the face at close range anyone they remotely respect of copying MP3 files. I’m almost left to wonder if they’re not fixing their website’s security holes on purpose just for the victimhood mileage they can get out of it.