Piracy activists posted an internal email database of anti-piracy legal firm ACS:Law to The Pirate Bay.
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full photo gallery)
After the piracy activist group known as 4can targeted the MPAA and RIAA websites with a distributed denial of service (DDoS) attack one week ago, a group of activists has locked on a new target: anti-piracy lawyers.
On Friday, according to Slyck, a website dedicated to file sharing, the website root directory of anti-piracy law firm ACS:Law was exposed, creating the possibility of a "cataclysmic data breach" for the company. Sure enough, Slyck noted that "a torrent file claiming to be the internal email database of ACS:Law and solicitor Andrew Crossley has been posted to The Pirate Bay and on the web."
One of the leaders behind the attack told TorrentFreak, a BitTorrent news site, that after the DDoS attack, when ACS:Law's website came back online, "on their frontpage was accidentally a backup file of the whole website (default directory listing, their site was empty), including emails and passwords" and that "the email contains billing passwords and some information that ACS:Law is having financial problems."
Slyck said that several torrent files are now in circulation, one including a month's worth of solicitor Andrew Crossley's email. Another contained other employees' emails as well as the firm's in-box from a longer period of time. All told, the torrent contained roughly 350MB of emails.
According to TorrentFreak, recovered documents "reveal intentions to take down Slyck," as well as an email from one of the law firm's clients. In it, the client raises concerns "over the accuracy of the data that you provide and the methods used to obtain such data" in light of a report by Which?, Europe's largest consumer rights organization, which accused the firm of bullying innocent people.
As noted, ACS:Law was also a target in the so-called Operation Payback about one week ago, in which hackers using the 4chan message boards coordinated attacks against the websites of the MPAA, RIAA and similar entities. The moves reportedly came as a response to comments made by Girish Kumar, the managing director of anti-piracy software company AiPlex Software, to the Sydney Morning Herald. Kumar said that his firm had been hired by copyright holders to launch denial of service attacks against websites that made torrents of their copyrighted material available online, and that his clients included about 30 Bollywood studios.