Messages

16

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: December 19, 2012, 03:52:38 PM »

Sorry guys, under advisement, I had to remove an earlier post.  Lets just say this is going to be getting good soon.  I will post more when I can. 

17

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: November 30, 2012, 05:09:13 PM »

"Even though the web server is public facing, it still has measures of protection enabled on it to protect it from unauthorized access.  PicScout.com bypassed those settings plain and simple to get to folders that were not available to them otherwise.  The only way to access the supposedly copyrighted image was to view it on the web page. "

In laymans words: Since picscout is a crawler and not a human beeing it can not see the pictures so they have to "intrude" to see the pictures by going into your files and taking a copy of your files.

Is my understanding correct ?

Khan

Correct....if they were only looking at the code of the page like most bots do, then all they would see would be a file name with a path to a folder. If the bot tried to access the folder, then would be blocked, so the bot or spider cannot access the files directly.  They use software that "tricks" the security measures that I had in place to think it is actually a user using a web browser, then they further trick the server to giving access to those hidden folders for access, then they download the image so they can compare the meta information.  This is the only way they can match up images as people usually rename files so matching the filename would do no good.  The problem with this is this bypassing bots and spiders cause excessive bandwidth usage on a server and can affect network performance. 

About a year and half ago, I starting noticing our bandwidth usage for our server going up, It nearly doubled to almost 2 GB downloaded every month (it used to be around 600 MB).  The number of visitors also jumped up by 20,000 to 30,000 more hits and I thought it was because of our social media tie ins, but I now know it was and still are trollers scanning my server and bypassing security settings to download files they have no business looking at.  If they want to actually use a human to view every page on my site looking for copyrighted images and then get screenshot captures of supposedly violations, then that would be completely ok.

I have already tracked down more IP addresses PicScout uses that are in the US including ones set aside to roll over to when their primary one gets found out.  It is truly amazing what searches on the Internet will uncover.

I am hoping to have a spreadsheet compiled of all of the more devious bots and spider domain info and IP addressing.  I need to have this so I can run my filters on our firewall logs so I can see when and how they were coming into my network and into my web server.

18

Getty Images Letter Forum / Re: Muso.bot: Another copyright bot for hire.

« on: November 29, 2012, 09:35:00 PM »

I have also blocked their domain and what IP addresses I could find for them on our firewall and on the web server. 

I need to do more research on these fake user agents has I have noticed a huge influx of unusual traffic like that.  Figured it was hacking attempts and now I know.

19

Getty Images Letter Forum / Re: Picscout sighting.

« on: November 29, 2012, 09:31:02 PM »

From some of my research so far, I have found that PicScout has used a server at BlueHost.

I really hate how these annoying spiders and bots are eating up my bandwidth on our web server...and all this time I thought we were getting more valid traffic.  These "trolls" are nothing more than hackers bypassing security measures for monetary gain.

20

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: November 29, 2012, 07:19:05 PM »

This is one of the reasons I keep coming to this site. New people get stung by Getty or Masterfile and they come up with new and innovative ways to fight back.

Welcome Jot. I have to say when I first heard your plan I didn't hold out much hope. But as you lay it out, it begins to make some amount of sense.

Now they may argue that the image was placed on a public-facing web page and its use was confirmed by a human being. But that doesn't negate the fact that they (may have) broke into your "house," snooped around a bit, and then decided to send a person to look for the image.

The uphill battle is the "access a computer without authorization" part. I think it will be tough to claim that tracking down the text and images presented on a public-facing web page somehow constitute "access a computer without authorization." I think the intent of this law was to prevent people from hacking into a database or protected directories, not scanning images.

But I seriously do not want to take the wind out of your sails. I encourage you to keep pushing.

I was thinking of that, but the fact the bypassed settings that were meant to stop particular bandwidth hogging spiders and bots and that they access folders that were hidden from those bots and spiders view to access those files, then download copies of them to analyze them for possible copyright infringement, then they violated the CFAA.

About 4 years ago, our web server was hacked by a Turkish hacker and our website was defaced and replaced with his own message.  Once that happened, we added all kinds of extra security settings and even third party software to stop intrusions and theft.  Even the FBI got involved with that investigation.  We are an insurance agency, so by most definitions, we are considered a financial intuition.  We have 40 to 60 attacks on our network daily, so I am constantly monitoring for an intrusion.  Even though the web server is public facing, it still has measures of protection enabled on it to protect it from unauthorized access.  PicScout.com bypassed those settings plain and simple to get to folders that were not available to them otherwise.  The only way to access the supposedly copyrighted image was to view it on the web page.

As I stated earlier, I have four years of logs to go through before I can present my case to the proper agencies.  I am still in the investigation mode at this time and I appreciate all comments as it helps me look in the right places. 

Because of this mess with Getty Images, I have now started learning Copy Right Laws, the Computer Fraud and Abuse Act, and all other related laws.  I did not realize having a website on the Internet would require me to get a law degree…LOL   

21

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: November 29, 2012, 06:44:01 PM »

Just found their other MX server (mail server)...it is a hosted Microsoft Exchange server located in Redmond, Washington....216.32.180.22

22

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: November 29, 2012, 06:04:43 PM »

welcome Jot!! your mission is a noble one for sure, but you're thinking "may be" flawed in several areas..

a. Picscout operates out of Israel, and does not follow the laws of the US. Getty may own it, but it's a separate entity...
b. in order to access a computer without authorization, the machine in question would need to be password protected.. I don't buy into or surmise that "any computer connected to the internet is protected"

It's also worth noting that Getty Images spends  a big chunk of change lobbying the asshats in DC..please do keep us posted in any event..

They may be based out of Israel, but the Patriot Act expanded the definition of protected computers....

“When Congress passed what is known as the USA Patriot Act after September 11, it dramatically expanded the legal definition of a "protected computer." Previously, the law considered a computer within the United States that was used by the federal government or a financial institution, or for interstate or foreign commerce, to be protected under the Computer Fraud and Abuse Act. But the definition now extends to computers outside of the United States where communications pass through a U.S.-based network.” article from… http://www.thefreelibrary.com/Patriot's+international+implications%3a+The+USA+Patriot+Act+expanded...-a084879167

And USLegal.com’s definition for a protected computer…

Under 18 USCS § 1030 a protected computer is defined as including any computer "used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States."

Because a web server is used for communication (it communicates information through the displaying of web pages} then it would be considered a protected computer.  Also, the fact that PicScout uses a Microsoft Exchange e-mail service at 66.147.242.156 (all publically available information) and that server is located here in the United States (Utah to be exact), they are using US based communications and can they fall under the Patriot Act.  Their scanning servers may be based in Israel, but they still have to go over a US based network to get to our sites here in the US.

And even if criminal charges can not be brought against them, civil suits can be brought against them for violating the CFAA

The CFAA is primarily a criminal statute. However, in 1994 a civil suit provision was added that provides a private cause of action if a violation causes loss or damage, as those terms are defined in the statute. 18 U.S.C. § 1030(g). To state a civil claim for violation of the CFAA, a plaintiff must allege
1. damage or loss;
2. caused by;
3.a violation of one of the substantive provisions set forth in § 1030(a); and
4. conduct involving one of the factors in § 1030(c)(4)(A)(i)(I)-(V).
 
18 U.S.C. § 1030(g).

Persons found to be civilly liable for a CFAA violation can be responsible for compensatory damages and injunctive or other equitable relief.


Because of the security breach from PicScout, our IT department spent two days beefing up the security settings on our web server and on our firewall.  Theoretically, we can charge them for the time spent to resolve the security breach.  Sure, it would not be much, but if they want to play we will sue you for infringement, then we can play, okay, we counter sue for violating the CFAA.

23

Getty Images Letter Forum / We are the latest victim of the Getty Image extortion scam

« on: November 29, 2012, 01:21:53 PM »

Sorry for not posting sooner, but I have been doing some extensive research since we first got our letter on November 19th claiming an image that is on 229,000+ websites (as of a few days ago) was a copyrighted work and that we pony up $875 (By the way, if they were collecting $875 from every website that was supposedly infringing on this copyright image, they would collect over $200 billion dollars)

I will have to admit, I first went into panic mode when I first received the 14 page letter from Getty Images, but after calming down and finding info about this “scam” and finding the extortionletterinfo.com site, my panic quickly turned into anger on how companies like Getty Images prey upon small business owners, people with blogs, and even nonprofit organizations that have mistaken used an image that supposedly may be copyrighted for a website.

Not only am I angry about companies like Getty Images and their unethical business practices, but I am upset on how the copyright laws are so antiquated and ambiguous that the common person who posts to a forum or blog, or has a webpage can be targeted by companies “trolling” the Internet for profit.

I am on a quest to stop companies like this from preying upon innocent people.  I am currently collecting information on how PicScout, a company acquired by Getty Images in 2009, accesses files on our personally hosted web server.  I have security settings in place to stop spiders and robots from accessing certain files, and from what info I have found, PicScout has a special algorithm to bypass these settings, go to all image folders, and then download these files for comparison in there database.

The Computer Fraud and Abuse Act (Title 18 U.S.C. § 1030) states (a) Whoever-- (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—(C) information from a protected computer.   Further definitions of “protected computer” surmise that any computer connected to the Internet is protected.  So by this definition, PicScout has violated the CFAA.

Currently I am reviewing 4 years of firewall logs as every bit of traffic to and from our webserver was logged.  I have the domain names that are used by PicScout and the other “trollers” along with their IP addresses.  Once I review all of the logs and can identify when they accessed the server and caused excessive bandwidth to be used, I will be presenting this information to the state and federal authorities.  I have already filed a claim to our state fraud division and one of our employees is also a state legislator who is putting me in touch with the right people to have this thoroughly looked into.

I will have more to post in a few days once I have done a little more research and compiled some more info.  These trollers messed with the wrong person!