The contents of the Recording Industry Association of America's website was removed from public view over the weekend thanks in part to a link posted on social networking site Reddit.com
The link was shared between Reddit users and exploited a hole in the SQL database backend used by the site. The attack caused the system to slow to a crawl by putting the database into benchmark mode, generating thousands of pointless MD5 checksums and wasting scads of CPU time.
It seems that at least one Reddit user wasn't satisfied with attempting a denial-of-service type attack on the website of the enemy of music lovers everywhere though, and upped the ante by modifying the SQL injection code to drop the tables containing the website content.
At least, that's what seems
to have happened.
The RIAA is keeping tight-lipped about the whole affair, but we do know that the content was completely missing for a large portion of the weekend, as confirmed in the screenshot included with this article. Without any statement available from the RIAA it's impossible to know if the content was removed maliciously by an unknown troublemaker or if it was simply part of the clean-up prompted by discovery of the suddenly process-intensive database server.
Whatever the reason, the RIAA certainly has egg on its face right now. Although the site is now fixed – and the hole plugged – there are plenty of screenshots out there demonstrating that the group lobbying for ever-tighter controls on digital music distribution is seemingly incapable of securing their own servers.
That said, I hope the perpetrators are suitably ashamed. Speaking as a sysadmin myself, I wish a lifetime of Windows ME installs on anyone responsible for waking me up at o-dark-hundred because one of the servers I'm responsible for has gone non-linear. No matter what your opinion of an organisation, malicious attacks are never acceptable.
A bad joke turned ugly, or do you think the RIAA had it coming? Share your thoughts over in the forums