TorrentSpy IDs Hacker, Details Attack

TorrentSpy named the hacker whom it claims broke into its computer systems on behalf of the Motion Picture Association of America (MPAA), as part of a legal request that would force the MPAA to turn over documents stolen from the Internet file-searching company.

TorrentSpy accused the MPAA in May of paying a hacker US$15,000 to steal confidential company information, including e-mails and passwords for accessing TorrentSpy’s servers. The MPAA has called the charges baseless.

On Thursday, TorrentSpy asked the U.S. District Court, Central District of California, to require the MPAA to hand over any documents it acquired and reveal who has seen them. If the court grants the request, made as part of the discovery stage of the case, the MPAA will have 10 days to comply.

TorrentSpy included with its court filing a declaration from Robert Anderson, the hacker allegedly hired by the MPAA, detailing his activities and his ties to TorrentSpy.

Anderson describes himself as an “acquaintance” of Justin Bunnell, a principal of the company that runs TorrentSpy.com, who did some marketing work in 2004 and 2005 for a company Bunnell was involved with. The two parted ways in April last year, when Anderson stopped working for the company and became “upset” with Bunnell, he said in his declaration.

Two months later, Anderson contacted the MPAA and offered to provide it with information about TorrentSpy, he said. The court filing includes a document described as a contract signed by the MPAA and a bogus company, representing Anderson, that includes the MPAA’s agreement to pay Anderson the $15,000 for his services.

Anderson says the MPAA “knew, or reasonably should have known,” that he was not authorized to obtain the information he did, which also included e-mails, client billing information, IP addresses of servers, a cash-flow spreadsheet and a personal utility bill of one of the company’s principals.

He also names a private investigator firm that he allegedly helped hire on behalf of the MPAA to comb through Bunnell’s trash and that of other TorrentSpy associates.

The MPAA didn’t immediately respond to a request for comment Friday morning. In the past it has described the claims as “baseless” and accused TorrentSpy of filing its lawsuit in retaliation against earlier suits filed by the MPAA.

The MPAA filed several lawsuits earlier this year in an effort to shut down websites operated by companies, including TorrentSpy, that help users find digital music and video files online.

TorrentSpy operates a search engine that allows users to find files that can be shared using BitTorrent’s file-sharing system. TorrentSpy argues that it only helps users find files but doesn’t actually offer content itself, so it can’t be held liable for users who download illegal content.

Those suits, and the action initiated by TorrentSpy regarding the hacker allegations, are ongoing.

-Nancy Gohring, IDG News Service (Dublin Bureau)

Keep checking in at our CSO Security Feed page for updatded news coverage.