Digital Decoys

In an attempt to foil those seeking free music, the recording industry is flooding the Internet with fake song files

3 min read
Illustration: Christoph Niemann
Illustration: Christoph Niemann

It plays like something out of the “Twilight Zone”: consider the story of Joe Music Fan. He logs on to his favorite peer-to-peer network to download the new Eminem song. But when he boots up the track, something spooky occurs. Eminem is repeating the same four words over and over. “Holy Encryption!” Joe Music Fan exclaims, “Spoofed again.”

Scenes like this occur a million times a day among the clients of the burgeoning peer-to-peer (P2P) services that have taken over music file sharing from Napster. Recording companies are now taking the offensive against music piracy, and Napster successors such as Morpheus and LimeWire are facing their onslaught—the flooding of their P2P services with so-called spoofs, that is, falsified MP3 files that appear under a song’s usual track name but, when played, offer only a frustrating mix of looped choruses or noise.

special report copy protection graphic

The idea is to hit pirates where it hurts —boxing their ears with spoiled music to encourage them to buy CDs or obtain music on the Web through legitimate methods rather than download songs illegally for free. “Copyright owners would like to use technology to protect their interests so long as they’re not causing damage,” says Cary Sherman, president of the Recording Industry Association of America (RIAA, Washington, D.C.), the recording industry’s trade group. The question is: what, if any, damage is being done?

The company behind the spoofs is Overpeer Inc. (New York City). Overpeer is run by Marc Morgenstern, former senior vice president for new media for the music publishing company, American Society of Composers, Authors, and Publishers (New York City). Overpeer employs dozens of engineers who create altered MP3 files. According to Morgenstern, they protect more than 30 000 titles—including songs, videos, and games—by producing spoofs of them and putting them on the Internet. He calculates that his group blocks more than 200 million acts of piracy every month when its spoofs are downloaded instead of the real things.

“It’s a real cat-and-mouse game,” Morgenstern says. “We continually upgrade and adapt our solution to keep up with the changes of the peer-to-peer clients.”

P2P company Morpheus says that it will have anti-spoof wares in its next upgrade. And BearShare, used by Gnutella surfers, and KaZaA software already employ forms of user ratings that can blow a spoof’s cover.

Mark Gorton, CEO of LimeWire LLC (New York City) just doesn’t see any long-term impact. “I don’t think spoofs have potential to hurt the peer-to-peer network,” he says. “People who download something other than what they’re looking for just delete it and try something else.”

Surveys tell a different story. Lee Black, a senior analyst for Jupiter Research (New York City), a technology research firm, has found that spoofs do frustrate many users. This could help the music industry get its wish: drive consumers to join its online music subscription clubs, MusicNet Inc. or Pressplay (both in New York City).

Meanwhile, content owners want ever stronger weapons. The Peer-to-Peer Piracy Prevention Act, introduced in Congress by Representative Howard L. Berman (D-Calif.), would grant content owners the right to unleash a barrage of hack attacks against online pirates. An example might be denial of service, an online attack that swamps a server with so many requests for a single file that the computer crashes, or at least cannot fulfill legitimate requests.

But the act’s draconian aspects—such as relieving government hackers of liability for any damage done during the pursuit of pirates—have created opposition. Berman no sooner introduced the bill than the Computer & Communications Industry Association (Washington, D.C.), a trade group whose member companies include Yahoo! and AOL Time Warner, issued a press release, declaring that “the last thing we need is to create a protected group of hackers.”

Unprotected hackers expressed their displeasure by swamping the RIAA’s Web site with their own denial-of-service attack. With spoofing on the rise, the salvos have likely just begun.

The Conversation (0)

System Sniffs Out Trojans in Electromagnetic Emissions

Startup Aether Argus' system spotted trojans in an AI accelerator card and more

3 min read
Aether Argus

Is that a warplane or a commercial airliner? Mistaking one for the other has had truly tragic consequences. So if you've got an automated system doing it, you better know for sure that it hasn't been compromised with a malicious hardware trojan somewhere along the supply chain.

It's such scenarios that the Defense Advanced Research Agency (DARPA) is hoping to defeat with a project called SHEATH (for Safeguards against Hidden Effects and Anomalous Trojans in Hardware), which recently wrapped up its 18-month run. The result? A system called TEMPEST that can tell if part of a computer has been compromised just from its electromagnetic emissions. Engineers from Aether Argus, in Atlanta, revealed the system and its results this week at DARPA's annual Electronics Resurgence Initiative Summit.

Keep Reading ↓ Show less

Inspire Kids to Study STEM with These Educational Resources

A new portal includes best practices, programs, and events

2 min read

Careers in science, technology, engineering, and mathematics are on the rise around the world. According to the U.S. Bureau of Labor Statistics, STEM careers were expected to grow by nearly 9 percent between 2017 and 2029. The Economic Times reported that India experienced a 44 percent increase in STEM jobs from 2016 to 2019. The Danish Technological Institute estimated that the European STEM labor market would grow by 12.1 percent from 2013 to 2025.

It is crucial to teach preuniversity students about the potential of STEM careers through outreach programs. To help increase the number of qualified professionals, IEEE has created the IEEE Pre-University Volunteer STEM Portal.

Keep Reading ↓ Show less

How to Write Exceptionally Clear Requirements: 21 Tips

Avoid bad requirements with these 21 tips

1 min read

Systems Engineers face a major dilemma: More than 50% of project defects are caused by poorly written requirements. It's important to identify problematic language early on, before it develops into late-stage rework, cost-overruns, and recalls. Learn how to identify risks, errors and ambiguities in requirements before they cripple your project.