Morpheus Was Hacked.

By Richard Menta 3/03/2002

It looks like we called it a few days ago in our article Morpheus Still Down when we said something was fishy about the booting of Morpheus from the FastTrack network and that the event may have been the result of a DDoS attack. Yesterday on the company website, Morpheus confirmed our suspicions and announced they were hacked.

The letter from StreamCast CEO Steve Griffin posted on the site started, "This week MusicCity and Morpheus users suffered dual attacks. First, early this week MusicCity's servers were hit by a massive Denial of Service attack. Soon thereafter, Morpheus users found that a separate attack had been launched on their computers and their Morpheus software programs".

The most ominous part about the attacks is the fact that one of the hacks enters the registry of all users who attempt to log into the FastTrack network through Morpheus, altering the registry.

It appears that the attacks included an encrypted message being repeatedly sent directly to your computers that changed registry settings in your computer. Later, it appears our ad servers were attacked resulting in messages being sent to other sites without our knowledge, which threatened our most basic revenue model. We believe some of these attacks continue as Morpheus users attempt to connect to the old Morpheus User Network. This was why it is important to quickly deploy our new software product.

It was only a few weeks ago that word spread that Morpheus had a security hole that made user's PCs vulnerable to attack. Morpheus vigorously denied this was true, using their home page as a forum for what they called a fasle rumor. That denial was on the company's website when its system was brought down.

The attacks have forced the company to dramatically rework their plans for the client. Most prominent is the confirmation of our suspicions that Morpheus is abandoning the proprietary FastTrack network for Gnutella.

This is a major blow to FastTrack in two ways. First, this action by StreamCast is an official vote of no confidence over the safety of the FastTrack Network. It's essentially a public announcement that the system is not secure and will never be.

Second, FastTrack has lost tens-of-millions of users whose files are no longer available on the network to trade with the remaining KaZaa and Grokster users, two programs nearly identical to Morpheus, but both saddled with spyware that alone will scare away many of Morpheus' users.

StreamCast's plan for switching Morpheus to an open protocol network also may undermine the legal liability that FastTrack may have opened itself up to with this event. Morpheus, Grokster and KaZaa are presently being sued by the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), two brutal industry lobby groups that hope to exterminate all P2P services. Aware that their legal exposure may have increased, Morpheus decided to pull out for a network more insulated from litigation.

Rumors have been flying about the Net that the RIAA is the mastermind behind the Morpheus hack. There is no evidence to support such an accusation, one that illuminates consumer distrust of the record industry more than that of a legitimate conspiracy. Still, the RIAA's subversion of Congress by slipping in the work-for-hire clause into legislation certainly precludes me from dismissing such a notion outright, even if it sounds outlandish. As Dave Marsh describes the work-for-hire fiasco in his column, outlandish is not a word foreign to the RIAA.

Maybe she (Rosen) got busy defending herself against the lawsuit has now filed, naming her personally as well as the RIAA in a libel action, an indication that others also find Rosen rather strongly identified with the group. Or maybe she had her hands full once it came out that she and the RIAA had hired Mitch Glazier as their new lobbyist.

Glazier is the now-former majority counsel on the House Judiciary Committee's Intellectual Property subcommittee. It was Glazier who inserted the three sentences into the 1999 appropriations bill that changed the copyright law to read that sound recordings could be considered works for hire, the first step in yet another effort by the RIAA labels to screw artists out of their rights. Glazier's reward for this deed-which was, according to both the chairman and ranking minority member of the Subcommittee done without their knowledge in the dead of night, is a job worth about $500,000 plus perks annually. This is a raise of about $430,000 from his old gig. In the realm of political payoff, you will never find an act more blatant, and there's nothing outrageous about that statement. Mitch Glazier is 34 years old; he was admitted to the bar in 1991. He has virtually no other experience, except for working for the chairman of the full Judiciary Committee, the notorious Henry Hyde. If Glazier didn't get the RIAA job as a payoff for that three-line insertion, why else did he get it?

That is about as damning a statement over the RIAA's credibility as one will find. Still, it's not proof they had any knowledge about the Morpheus attack.

Yesterday, Morpheus released of Morpheus Preview Edition, a program that the company admits is still a bit raw. The new client can be downloaded from the company website. No word yet on how many Morpheus users are switching to the new program as many already use other programs for Gnutella access like LimeWire and BearShare (we recommend Xolox, which is available from Zeropaid here). We suspect there will be a good number of them, but its days of ruling's top download charts may be over.



This Nike PSA[Play 120 comes with 64MB of memory and an external remote control unit and is available for purchase on Amazon

Other Stories and Reviews:
UPDATE: KaZaa Admits to Morpheus Shutdown? Says Bills Not Paid.- 3/4/2002
Online Movies, Taiwanese Law, and the American Film Industry
Review: The New Pay Napster
Review: SongSpy
Review: eDonkey2000
Review: AudioGalaxy
Review: LimeWire
Review: BearShare - best of the Gnutella clients
Review: Newtella - mediocre Gnutella client at best.
Review: Imesh


Back to