Hollywood backs DoS attacks on file-sharers

The movie industry is trying to beat hackers at their own game, employing so-called 'cyber hitmen' to launch attacks against pirate sites hosting illegal movies.

In an interview, Girish Kumar, managing director of Indian IT company Aiplex Software, told Australian newspaper the Sydney Morning Herald that his company was actively working for clients in the movie industry to launch attacks aimed at clobbering sites that failed to comply with take-down notices issued to companies suspected of infringing copyright.

And while most of Kumar's business comes from India's Bollywood film industry, he revealed that key Hollywood players were in on the act too.

"Most movies are released on Friday morning at 10am in India.The movie is released in the morning [and] by afternoon it's on the internet."

From that point, the hunt is on to catch the pirates.

"We find the hosting server and send them a copyright infringement notice," Kumar explained. "If they don't remove [the link] we send them a second notice and ask them [again] to remove it."

Kumar says that 95 per cent of sites contacted by Aiplex co-operate with the notices. Big video-sharing hosts such as YouTube are quick to comply, but a number - such as the torrent sites often used to facilitate illegal file-sharing - are not.

Sites that fail to comply with this second demand are then, Kumar said, subjected to a 'denial of service' (DoS) attack - flooding the site's servers with millions of requests for information - in an attempt to bring them down.

Kumar admits to going even further in his attempts to prevent illegal movies from spreading. In an interview with news site Daily News & Analysis, he is reported as saying:

"At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further."

Confirming that US studios were seeking his services in India, Kumar said:

"We are tied up with Fox STAR Studios - Star TV and 20th Century Fox - who are a joint venture company in India."

Under UK law, Denial of Service attacks escaped prosecution for some time thanks to a loophole in the 1990 Computer Misuse Act.

This was successfully closed by the 2006 Police and Justice Act, which makes launching a Denial of Service attack - and, crucially, paying someone to launch an attack for you - an offence punishable by up to 10 years in jail.

Supplying the software tools to launch an attack, or offering access to a botnet is punishable by up to two years' imprisonment.

A spokesperson for industry enforcement group Motion Picture Association in the UK told THINQ: "We would never endorse illegal activity. Our policy is one of reaching out to ISPs for co-operation, but if sites are nefarious we would pursue litigation."