ACS:Law Anti-Piracy Law Firm Torn Apart By Leaked Emails

[triky]

ACS:Law Fail

Happened over the weekend... Article from Torrent Freak http://torrentfreak.com/acslaw-anti-pir ... ls-100925/. Thread on /g/ as well... good stuff and serves Crossley right.



Earlier this week, anti-piracy lawyers ACS:Law had their website taken down by a 4chan DDoS attack. Adding insult to injury, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls. Now, through a fault with his website, hundreds of megabytes of private emails have been exposed to the public and uploaded to The Pirate Bay. To those hoping that this is a MediaDefender-type fiasco all over again, trust us – it is.

After coordinating DDoS attacks against the MPAA, RIAA and anti-piracy company AiPlex Software this week, 4chan turned to a new target.

Anti-piracy lawyers ACS:Law, who send out tens of thousands of letters demanding cash-settlements from often innocent Internet subscribers, became the new target. The company, which is headed up by lone principal Andrew Crossley, is widely hated among file-sharers and innocents alike and with 4chan’s Operation Payback now in full swing, payback is the operative word.

After prank telephone calling Crossley in the middle of the night during the week, it now seems that 4chan are aiming to tear his professional life apart, as they have obtained and are distributing a 350mb file of the company’s website which includes countless company emails.

So how were they obtained?

“Their site came back online [after the DDoS attack] – and on their frontpage was accidentally a backup file of the whole website (default directory listing, their site was empty), including emails and passwords,” a leader of the attacking group told TorrentFreak. “The email contains billing passwords and some information that ACS:Law is having financial problems.”

Financial problems? Interesting. Many tens of thousands of people who received letters from ACS:Law are also experiencing the same problem, having already paid up several hundred pounds each to make non-existent lawsuits go away.

“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” the attackers’ spokesman told us, adding:

“Payback is a bitch, isn’t it Andrew?”

The file is currently seeding on The Pirate Bay but most leechers are stuck with less than 60%. It is, however, available publicly on the web already. We have managed to secure one of those copies and are examining it now.

A little taster from emails read so far:

- ACS:Law and USCG (of Hurt Locker fame) appear to be cooperating
- Crossley boasts that his retained lawyer “literally wrote the SRA rules!”
- Crossley accuses Which? of ‘defamation’ and articles designed to “demean” and “denigrate”
- Crossley gives veiled warnings to Which? that he could sue them for libel
- Internal documents reveal intentions to take down Slyck.com
- Email from ACS:Law client which states the following:

Andrew,

Thank you for your email.

Our client remains concerned over the accuracy of the data that you provide and the methods used to obtain such data. It has been closely monitoring the recent press that your Firm has attracted regarding complaints to Which, in relation to demand letters that have incorrectly been sent to innocent internet subscribers, accused of copyright infringement. Your letter of 30 October 2009 was not satisfactory, in that it did not fully deal with the concerns raised in our letter of 21 July 2009, save as to state that you and your client disagree. Clearly there are flaws in your data gathering process. These are important and valid concerns that need to be satisfactorily addressed, so as to protect the rights of our client and innocent customers.

- Crossley brags about his financial status:

Spent much of the weekend looking for a new car. Finances are much better so can put £20-30k down. May go for a Lambo or Ferrari. I am so predictable!

(later emails reveal he bought a Jeep Compass 2.4CVT)

- Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media
- Crossley writes to monitoring company NG3Sys and says the following:

You are going to receive on average about £1,000.00 per 150 letters sent. This can be seen from the first tiny batch. Because we have good quality product being monitored and captures are high on the data we have, when the letters get sent out the figures therefore equate as follows:-

Phase 1: 2,500 letters, estimated revenue to you: £16,666.00
Phase 2: est. 4,000 letters, estimated revenue to: £26,666.00
Phase 3: est. 18,000 letters, estimated revenue to you: £120,000.00
That is data collated to date! I have more titles to give you, more data will be captured.

Please stay with this.

After falling out with NG3Sys, ACS:Law sent this out to other potential monitoring companies:

Dear Sirs,

I own and operate the most prominent law firm in the UK that carries out file sharing litigation. We are one of only two law firms in the UK currently carrying out this work.

We have a number of copyright clients and we have one client in particular,with a large number of copyright titles that have been collecting good numbrs of IP addresses. We have two phases run through and the latest phase has been collecting circa 20,000 IP addresses a month for UK alone. Germany also is gathering good figures.

Our current UK-based data monitoring company has let us down and we need to find another monitoring company to supply our IP data from now. There are currently 300 titles (all adult film titles – all legal and UK certificated) that were being actively monitored.

If you are interested in monitoring for us and to do so quickly, please let us know and we can talk further. We will be able to supply much more data if this works and would like to push the data into Germany also.

We are proposing to pay 10% of net revenues (after ISP costs and postage costs of letter=) to the data monitoring company. On current figures that equates to circa £8,800.00 (€9,750.00) to the monitoring company per 1,000 letters sent. Our next phase we anticipate 10,000 letters to be sent in the UK alone. These are estimates only, but based on current collections are accurate.

I look forward to hearing from you.

- Series of highly abusive emails from Crossley to his ex-wife, where in part he tells her to “Fuck off and keep out of my life” and accuses her of being with a “drug addled hermit”.

- Crossley tells his assistant Terence Tsang to “be more discreet with this stuff” when referring to our article where we revealed ACS:Law looked to buy anti-piracy tracking software on the cheap.

Of course, as with our coverage of the MediaDefender leaked emails back in 2007, TorrentFreak’s coverage of this debacle will be extensive.

[collige]

[elibomyekip]

Ahaha, oh wow

[lloydnoise]

awesome

anon do it again

[Pada]

ouch!

[DZA]

Gutted

[64hz]

i like 4chan again now.

[apmje]

Awesome times.

[djdowee]

amazing

[jowellz]

I love it when anon stop fapping and actually do something worthwhile.
A great victory.

[honey-d]

well done /b/tards

[triky]

Looks like ACS might get hit with a record fine that could bring them down...

http://www.bbc.co.uk/news/technology-11425789

The personal details of a further 8,000 people alleged to have shared music or films illegally have appeared online.

A list of more than 8,000 Sky broadband subscribers and a second of 400 PlusNet users surfaced following a security breach of legal firm ACS:Law.

It comes after a database of more than 5,000 people suspected of downloading adult films emerged on Monday.

The UK's Information Commissioner said ACS:Law could be fined up to half a million pounds for the breaches.

The two new lists, produced by ACS:Law, contain the names, addresses and Internet addresses (IP addresses) of users suspected of illegally sharing music.

In addition, they contain details of how much compensation infringers paid ACS:Law, along with internal case notes.

The BBC has also seen e-mails which contain credit card details of people who have paid the firm compensation. Others contain responses from people claiming their innocence.

The UK's Information Commissioner (ICO), speaking after the initial leak, told the BBC that ACS:Law had a number of questions to answer.

"The question we will be asking is how secure was this information and how it was so easily accessed from outside," said Christopher Graham.

"We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.

"The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the [Data Protection Act]," he added.

Privacy expert Simon Davies called the leaks "one of the worst breaches" of the Data Protection Act (DPA) he had ever seen.

Data breach

The documents appeared online after users of the notorious message board 4chan attacked ACS:Law's site in retaliation for its anti-piracy efforts, as part of what its users called Operation Payback.

ACS:Law has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court.

A BBC investigation in August found a number of people who said they were wrongly accused by ACS:Law of illegal file-sharing. The firm is under investigation by the Solicitors Regulation Authority (SRA) over its role in sending letters to alleged pirates.

The leaks consisted of about 1,000 confidential e-mails and attachments. It is thought documents may have also been acquired from the company's servers.

The collection was then uploaded to file sharing website The Pirate Bay, where it is being shared by hundreds of users.

The confidential messages include personal correspondence between Andrew Crossley - who runs ACS:Law - and work colleagues detailing a number of cases and how much money the firm had made from the letters.

Campaigners, who have long accused the firm of bullying tactics, have seized on the e-mails.

Speaking to BBC News, Mr Crossley said there were "legal issues" surrounding the leak.

"We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade," he added.
4chan attack poster A web poster encouraging users to target Mr Crossley and his firm was posted on the 4Chan message boards

Mr Crossley said he would not comment directly on the contents of individual e-mails.

"All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the lists of personal data.

"In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

Mr Crossley said he had no further comment when asked why the Excel documents was unencrypted, but said he had notified the police, the ICO and was in communication with the SRA.

A spokesperson for Sky told BBC News that they were investigating the new leaks and said they were "very concerned at the apparent security breach".

"Like other broadband providers, Sky can be required by court order to disclose information about customers whose accounts are alleged to have been used for illegal downloading. We only ever provide such data in encrypted form."

Mr Graham told BBC News that while he did not have the power to put ACS:Law "out of business" a large fine could have serious repercussions for the firm.

"I can't put ACS:Law out of business, but a company that is hit by a fine of up to half a million pounds suffers real reputation damage," he said.

How could my details end up one of these lists?

* Anti-piracy firms partner with music and film right's holders
* Firm uses software that tracks file-sharing sites and identifies the IP (internet protocol) addresses of the net connections used to share its clients' content
* Armed with the list of IP addresses, ACS:Law can then apply for a court order to obtain the physical address of suspected file-sharers from internet service providers whose network has been used
* ACS:Law then compiles its own lists cross-referencing the content that is alleged to have been shared with the personal details of ISP customers. Several of these lists were leaked
* A letter is then sent to the alleged pirate, asking them to either pay a one-off fee of around £300 per infringement or face court action
* Many targeted by ACS:Law contend that IP addresses can be spoofed, to make it appear their connection was used.
* Others point out that the IP address does not identify a computer, merely a connection, which could be shared between many people, hijacked or used without the owner's knowledge if not secured

[green plan]

Yeah hope everyone got in on these attacks. Doing my law dissertation on file sharing at the moment. ACS: Law, AFACT, everyone is just fucked.

[theedman]

This made my day He sounds like a right piece of work

[triky]

i love how this operation payback is still ongoing.

crossley says he is defeated ... http://torrentfreak.com/acslaw-boss-i-f ... pt-101003/

“I am worried about the latest developments. Apparently there are presently over 500 complaints against me thanks to the internet campaign and Which,” Crossley wrote to his advisor just over a month ago.

“Each complaint is essentially the same and they are borne out of a determination by some to stop legitimate steps being taken to curtail illegal file sharing. However, I do not know how I can avoid being found guilty of something, with 500 complaints to choose from,” he continued.

haha, you think?

and this DDOS attack from yesterday on Ministry of Sound website. Today is the date of their court hearing. They hired lawyers Gallant Macmillan to do what ACS law was basically doing. They've gone to ask a judge to force Plusnet to hand over IP data about supposed infringers of MoS copyright owned music... http://torrentfreak.com/ministry-of-sou ... ck-101004/

really hoping the judge tells them fack off.

[elibomyekip]

They should take action against Gene Simmons

http://www.ultimate-guitar.com/news/gen ... arers.html