Sponsored Links

ACS:Law - Leaked E-mails

Bob2002

ULTIMATE Member
ACS:Law Anti-Piracy Law Firm Torn Apart By Leaked Emails
Earlier this week, anti-piracy lawyers ACS:Law had their website taken down by a 4chan DDoS attack. Adding insult to injury, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls. Now, through a fault with his website, hundreds of megabytes of private emails have been exposed to the public and uploaded to The Pirate Bay. To those hoping that this is a MediaDefender-type fiasco all over again, trust us – it is.

Rest of article ...

Couldn't of happened to a nicer firm. :hrmph:
 
this is hilarious lol
 
Sponsored Links
What we really need is someone to fake his office IP and download a few terabytes of copyrighted material using it; how about starting with Metallica? I understand they are very tolerant of piracy:D
 
heh, l thought U2 would be a starting point...
 
I've read through a selection, and the sheer amount of potentially damaging personal and business information there is just staggering.

It's tragic, yet hilarious at the same time.
 
Agrajag, Ive read some too, all I have got to say, couldn't have happened to a nicer fellow..
 
Sponsored Links
There are literally thousands of records on there from the likes of Sky and Plusnet. They contain the the IP address, the names and addresses, the file in question and the time/date the file was shared.

I hope that ISPs seriously reconsider sending this man any more information until he can assure them that it wont end up all over the internet, better yet just stop sending him information. The fact that he can't keep it secure should be enough to satisfy a court that he shouldn't have it.
 
I think by the time this is over, he's going to wish that he was. ;)

From what I understand, no hacking actually took place, the email files were inadvertently "made available" by ACS:Law while trying to restore their website after a DOS attack.

Some emails have attachments which contain spreadsheet (.xls) files containing many thousands of names and addresses along with the details of what they have downloaded. Apart from a few music tracks, the downloads consist almost entirely of pornography. Other emails even contain credit card numbers (with CVS codes) and other bank details.

I imagine there are a number of people on those lists who's careers are going to suffer when their employers found out what they have been downloading.

Since the lists were made available by ACS:Law, the Information Commissioner will no doubt get involved, and then there are the people on the lists themselves who may decide to take legal action.

There's a portable version of Thunderbird doing the rounds, which comes preloaded with all the emails.
 
Last edited:
The email files were inadvertently "made available" by ACS:Law while trying to restore their website after a DOS attack.
In fairness it's quite difficult to prove whether that was actually the case, unless ACS:Law corroborates it. So far we only really have the DDoS attackers words to go on.
 
Sponsored Links
Possible legal action? -

Press Release

Privacy International has announced that it is planning legal action against a UK law firm for breaching the privacy of internet users after a security breach.

The information held by ACS:Law, a law firm that has been tracking internet users to pursue legal action for breach of copyright, includes vast amounts of information on thousands of internet users. While the full extent of this breach is not yet known, one report stated that among the stolen files is a single email containing the personal information of approximately 10,000 people assumed to have been involved in file-sharing of pornographic works, exposing their names, addresses, postcodes, and Internet protocol addresses. Other reports indicate that credit card details have also been made available.

According to Alexander Hanff, PI Advisor: "This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress."

"This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk."

PI has briefed the Information Commissioner's Office and is preparing a complaint. PI is also accepting complaints directly from the public, and we urge anyone who is a victim of this breach to get in touch as soon as possible by emailing alex@privacy.org.

:hrmph:
 
In fairness it's quite difficult to prove whether that was actually the case, unless ACS:Law corroborates it. So far we only really have the DDoS attackers words to go on.

Even if it wasn't the case, the fact that extremely sensitive information was stored on sever which clearly wasn't secure, wont go down too well with the Information Commissioner.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Data Protection Act 1998
 
just wondered if anyones noticed how this is being reported over the past day...

from what lve seen and mostly heard is that they have now changed to ACS:Law was hacked rather than negligent... or at least thats the general gist of what ld interpret from the wording, a day back listening to the radio made it pretty obvious that there wasnt a breech more the stupidity of a webmaster but now it seems like its being made out to be that it was "hacked" in fact those words were specifically used, a day or two back that wasnt the case.
 
Hard to tell because ACS:Law has given a "no comment" to almost everybody that asks them. I think it's just that some journo's don't know the difference between hacking and DDoS. Hackers might perform a DDoS but DDoS itself is an attack and not a breach of server security.
 
The ISPs themselves say that they are "reluctantly" cooperating with ACS:Law, but it didn't stop them from earning a few quid themselves from the venture.

MJac1.jpg


In a few of the mails, we see Entanet demanding several thousands of pounds in unpaid fees.

Say what you like about Talk Talk and Virgin, but at least they stood up to ACS:Law and didn't present them with any information at all, and before anyone mentions "court order", why were the others compelled to present ACS:Law with the information and not Talk Talk and Virgin (two of the largest ISPs in the country), who i'm sure would have been presented with the very same court orders.

Maybe their customers mattered more to them than pocketing a few extra quid?
 
Sponsored Links
Don't forget that some ISPs might be using that as a financial "barrier" to put lawyers off taking such action, although it's definitely not looking good.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6027)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2440)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules