Exclusive: I Was a Hacker for the MPAA

By David Kravets Email 10.22.07
Hacker Robert Anderson first approached the Motion Picture Association with a plan to help the movie studios' lobbying arm beat piracy. Among other things, Anderson proposed to implement an anti-piracy marketing campaign for the MPAA. Here's a screenshot of his Powerpoint pitch, illustrating for the MPAA the Bittorrent ecosystem.
Image: Rob Anderson

Promises of Hollywood fame and fortune persuaded a young hacker to betray former associates in the BitTorrent scene to Tinseltown's anti-piracy lobby, according to the hacker.

In an exclusive interview with Wired News, gun-for-hire hacker Robert Anderson tells for the first time how the Motion Picture Association of America promised him money and power if he provided confidential information on TorrentSpy, a popular BitTorrent search site.

According to Anderson, the MPAA told him: "We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed.... if you save Hollywood for us you can become rich and powerful."

In 2005, the MPAA paid Anderson $15,000 for inside information about TorrentSpy -- information at the heart of a copyright-infringement lawsuit brought by the MPAA against TorrentSpy of Los Angeles. The material is also the subject of a wiretapping countersuit against the MPAA brought by TorrentSpy's founder, Justin Bunnell, who alleges the information was obtained illegally.

The MPAA does not dispute it paid Anderson for the sensitive information, but insists that it had no idea that Anderson stole the data. "The MPAA obtains information from third parties only if it believes the evidence has been collected legally," says MPAA spokeswoman Elizabeth Kaltman.

The MPAA's use of Anderson is one of a series of controversies the movie industry is confronting in its zero-tolerance war on piracy. MediaDefender, a California company that tracks and disrupts file sharing of movies and music, was reported to Swedish authorities last month by The Pirate Bay, after an internet leak revealed the extent to which MediaDefender pollutes file-sharing services with fake, decoy content. And an executive at a national theater chain successfully pressed New Jersey authorities in August to prosecute a teenager for filming 20 seconds of a movie at a theater to show to her little brother later.

Anderson's account shows that the content industry may be willing to go to significant -- and some say ethically questionable -- lengths in its war against online piracy, and that it is determined to keep its methods secret.

"It was an understanding," Anderson says of the deal, "that it was hush-hush."

Anderson's brief Hollywood career began in the spring of 2005, after a online advertising venture with TorrentSpy founder Bunnell turned sour.

Looking to profit in other ways, Anderson approached the MPAA with an e-mail offering to help the movie studios' lobbying arm beat piracy, which the industry says costs it billions in lost sales each year. Among other things, Anderson proposed to implement an anti-piracy marketing campaign for the MPAA.

But he says he also offered to provide inside information on TorrentSpy, which, along with The Pirate Bay, is among the most popular BitTorrent destinations for downloaders looking for free movies and music.

"It was an opportunity to make money, because I knew how these networks operated," he says.

On June 8, 2005, within weeks of sending his unsolicited e-mail, Anderson says he was put in touch with the MPAA's Dean Garfield, then the organization's legal director. Anderson says he told Garfield that he had "an informant that can intercept any e-mail communication."

Anderson didn't tell Garfield he was the "informant," and that he'd already hacked into TorrentSpy's systems. The hacker, then 23 and living in Vancouver, British Columbia, claims he had cracked TorrentSpy's servers by simply guessing an administrative password. He knew the password was weak -- a combination of a name and some numbers.

"I just kept changing the numbers until it fit," he says. "I guess you can call it luck. It took a little more than 30 tries."

Once inside, he programmed TorrentSpy's mail system to relay e-mail to a newly created external account he could access.

There's a trace of pride in his voice as he details the hack. "The e-mails weren't forwarded using the mail command. They were sent actually before it reached anyone's mailbox," he says. "So it was more like interception before delivery. I could even stop certain mail from reaching their box."

In this manner, Anderson says, he sucked down about three dozen pages of e-mails detailing banking, advertising and other confidential information. "Everything they were talking about was sent to my Gmail," he says. "Everything they sent, anything sent to them, I got: invoices; in one case they sent passwords."

Among the purloined files was the source code for TorrentSpy's backend software, says Anderson. Anderson alleges this interested the MPAA, which he says wanted to set up a fake BitTorrent site of its own. According to Anderson, the MPAA said, "We'll set up a fake Torrent site. We'll contact the other Torrent sites. We'll get their names, address books, contact information and banking information.... (They) wanted to run this as a shadow portion of the MPAA."

MPAA spokeswoman Kaltman says the MPAA had no such plans, and says the accusation that the MPAA wanted to set up a phony Torrent site is "patently false."

Related Topics:

Services