Failed Clinton Campaign $30 Million In Debt

in , , ,

AP reports that Clinton will report about $30 million in debt, $11 million of it to herself, and that she'll seek Obama's help in clearing it.

That's a lot of money.

A few notes here: First, she's under no personal obligation to pay it off. The debt belongs to her committee, not to her personally, and if she wants to run again, she can start another committee. But if she doesn't clear it, it'll make fundraising and dealing with vendors much harder on a future run, and generate quite a bit of ill will.

Second, Obama can't pay it directly. He can ask his donors to help. There's a question of whether they'll balk at the $11 million that would go directly back into the Clintons' pockets.

Third, Clinton is able to conduct a kind of trade. She has her own massive fundraising machine, and can now point it in Obama's direction — though many of her donors will go that way with or without her urging.

Also: Expect Clinton to do a lot of fundraising for Senate and House candidates this cycle, another way to cement her place as a leader of the party.

Six Degrees of Wikipedia

in , , ,

A researcher at Trinity College Dublin has software that lets users map the links between Wikipedia pages. His Web site is called “Six Degrees of Wikipedia,” modeled after the trivia game “Six Degrees of Kevin Bacon.” Instead of the degrees being measured by presence in the same film, degrees are determined by articles that link to each other.

For example, how many clicks through Wikipedia does it take to get from “Gatorade” to “Genghis Khan”? Three: Start at “Gatorade,” then click to “Connecticut,” then “June 1,” then “Genghis Khan.”

Stephen Dolan, the researcher who created the software, has also used the code to determine which Wikipedia article is the “center” of Wikipedia—that is, which article is the hub that most other articles must go through in the “Six Degrees” game. Not including the articles that are just lists (e.g., years), the article closest to the center is “United Kingdom,” at an average of 3.67 clicks to any other article. “Billie Jean King” and “United States” follow, with an average of 3.68 clicks and 3.69 clicks, respectively.

More detailed information can be found on Mr. Dolan’s Web site.


Article reposted from the Chronicle.

Obama's Fundraising at the Beginning of the General Election

in , , ,

Jeanne Cummings does the math:

• If each of Obama’s donors gave him a modest $250, he’d have $375 million to spend during the two-month general election sprint. That’s $186 million a month, $47 million a week.

• During the same September to Nov. 4 period, McCain will have about $85 million to spend, since he has decided to take taxpayer money to help finance his campaign activities.

• The Republican National Committee, which is charged with closing the gap between McCain and Obama, has $40 million in cash. Obama raised almost as much — $31 million — from just his small donors in the month of February. His total for the month, $57 million, exceeded the RNC’s cash balance.

• Obama has more than 1.5 million donors; McCain has a few hundred thousand. If just a million of Obama’s donors sent him the maximum donation, $2,300, he could raise $2.3 billion.

How Obama Did It

in , , , , ,

Barack Obama was campaigning last October in South Carolina when he got an urgent call from Penny Pritzker, the hotel heiress who leads his campaign's finance committee. About 200 of his biggest fund raisers were meeting in Des Moines, Iowa, and among them, near panic was setting in. Pritzker's team had raised money faster than any other campaign ever had. Its candidate was drawing mega-crowds wherever he went. Yet he was still running at least 20 points behind Hillary Clinton in polls. His above-the-fray brand of politics just wasn't getting the job done, and some of his top moneymen were urging him to rethink his strategy, shake up his staff, go negative. You'd better get here, Pritzker told Obama. And fast.

Obama made an unscheduled appearance that Sunday night and called for a show of hands from his finance committee. "Can I see how many people in this room I told that this was going to be easy?" he asked. "If anybody signed up thinking it was going to be easy, then I didn't make myself clear." A win in Iowa, Obama promised, would give him the momentum he needed to win across the map — but his backers wouldn't see much evidence of progress before then. "We're up against the most formidable team in 25 years," he said. "But we've got a plan, and we've got to have faith in it."

More than seven months later, that faith has been rewarded. The 2008 presidential campaign has produced its share of surprises, but one of the most important is that a newcomer from Chicago put together by far the best political operation of either party. Obama's campaign has been that rare, frictionless machine that runs with the energy of an insurgency and the efficiency of a corporation. His team has lacked what his rivals' have specialized in: there have been no staff shake-ups, no financial crises, no change in game plan and no visible strife. Even its campaign slogan — "Change we can believe in" — has remained the same.

How did he do it? How did Obama become the first Democratic insurgent in a generation or more to knock off the party's Establishment front runner? Facing an operation as formidable as Clinton's, Obama says in an interview, "was liberating ... What I'd felt was that we could try some things in a different way and build an organization that reflected my personality and what I thought the country was looking for. We didn't have to unlearn a bunch of bad habits."

When Betsy Myers first met with Obama in his Senate office on Jan. 3, 2007, about two weeks before he announced he was forming an exploratory committee to run for President, Obama laid down three ruling principles for his future chief operating officer: Run the campaign with respect; build it from the bottom up; and finally, no drama. Myers was struck by how closely Obama had studied the two campaigns of George W. Bush. "He said he wanted to run our campaign like a business," says Myers. And in a good business, the customer is king. Early on, before it had the resources to do much else, the campaign outsourced a "customer-service center" so that anyone who called, at any hour of the day or night, would find a human voice on the other end of the line.

Meanwhile, Obama's Chicago headquarters made technology its running mate from the start. That wasn't just for fund-raising: in state after state, the campaign turned over its voter lists — normally a closely guarded crown jewel — to volunteers, who used their own laptops and the unlimited night and weekend minutes of their cell-phone plans to contact every name and populate a political organization from the ground up. "The tools were there, and they built it," says Joe Trippi, who ran Howard Dean's 2004 campaign. "In a lot of ways, the Dean campaign was like the Wright brothers. Four years later, we're watching the Apollo project."

Even Obama admits he did not expect the Internet to be such a good friend. "What I didn't anticipate was how effectively we could use the Internet to harness that grass-roots base, both on the financial side and the organizing side," Obama says. "That, I think, was probably one of the biggest surprises of the campaign, just how powerfully our message merged with the social networking and the power of the Internet." But three other fundamentals were crucial to making Obama the Democratic nominee:

A Brave New Party

In most presidential elections, the Iowa caucuses are an anomaly. Competing there is a complicated, labor-intensive undertaking that, once finished, is cast off as an oddity and never repeated. But in 2008 it became for Obama the road test of a youth-oriented, technology-fueled organization and the model for many of the wins that followed. It was also a challenge to history. The iron rule of Iowa had always been that caucusgoers tended to look the same year in and year out: older people, union households, party stalwarts — just the kind of folks who would seem more inclined to back Clinton or John Edwards — trudging out into the cold night for a few hours of political conversation. Instead, Obama saw the Iowa caucuses as a chance to put a stake through Clinton's inevitability. "Mission No. 1 was finishing ahead of Hillary Clinton in Iowa," recalls Obama campaign manager David Plouffe. "If we hadn't done that, it would have been hard to stop her."

But counting on new voters had proved disastrous for Dean in 2004. The Obama campaign knew that it would have to build a network of Iowans rather than supporters brought in from other parts of the country, says Plouffe, but "we didn't have to accept the electorate as it is." At bottom, Obama built a new party in 2008. It was difficult. Not until the morning of the caucuses did the campaign reach its goal of 97,000 Iowans pledged to support Obama that it thought it would need to win. Then came the real question: Would these people show up?

Show up they did, shattering turnout records. Obama prevailed with a surprising eight-point margin over Edwards, who came in second. Obama counts Iowa as his biggest victory, the one that foreshadowed the rest. "Voters under 30 participated at the same rates as voters over 65. That had never happened before," the Democratic nominee says. "That continues to be something I'm very proud of — how we've expanded the voter rolls in every state where we've campaigned. I think that means we can put into play some states that might normally not be in play."

The Iowa playbook, as everyone now knows, hasn't always worked. In Texas, for instance, the grass-roots operation counted on more African-American voters than actually turned out. In California, organizers expected more young voters. But while Obama rarely managed a clean win against Clinton in the big states — the ones that will count most in the fall — he kept winning delegates even when he lost primaries. By April, it became almost mathematically impossible for Clinton to catch him.

The Key-Chain Campaign
Atlanta businessman Kirk Dornbush has raised millions of dollars for the Democratic Party and its candidates over the past 16 years. Before campaign-finance laws banned unregulated soft money, he recalls, there were times he walked around with six-figure checks in both pockets of his jacket. But these days, he does much of his fund-raising in a much humbler fashion: selling $3 key chains and $25 T shirts at Obama rallies. At the first merchandise table Dornbush set up for a Georgia event, "we were just completely sold out," he says. "There were lines of people. It was unbelievable."

Dornbush's experience explains the second fundamental change Obama has brought to politics: his campaign was built from the bottom up. Even fund-raising, once the realm of the richest in politics, became a grass-roots organizational tool. At nearly every event this year, Team Obama set up little tabletop trinket shops, known as "chum stores" because all those little Obama-branded doodads aren't only keepsakes; they are also bait. Every person who buys a button or hat is recorded as a campaign donor. But the real goal of the chum operations was building a list of workers, supporters and their e-mail addresses.

A similar innovation came in fund-raising. Normally, it is only the big donors who get quality time with a candidate. But Obama devoted far more of his schedule to small-dollar events. In Kentucky, the month after he announced his run for President, the first such effort quickly sold out all 3,200 tickets at $25 a head — and produced the beginning of a local organization. "It's the difference between hunting and farming," says Obama moneyman Matthew Barzun, 37, the Louisville Internet-publishing entrepreneur who arranged the event. "You plant a seed, and you get much more."

Obama uses a different frame of reference. "As somebody who had been a community organizer," Obama recalls, "I was convinced that if you invited people to get engaged, if you weren't trying to campaign like you were selling soap but instead said, 'This is your campaign, you own it, and you can run with it,' that people would respond and we could build a new electoral map." The chum stores, the e-mail obsession and the way Obama organizations sprang up organically in almost every congressional district in the country meant that by the time Obama's field organizers arrived in a state, all they had to do was fire up an engine that had already been designed and built locally. "We had to rely on the grass roots, and we had clarity on that from the beginning," says Plouffe.

By contrast, the Clinton campaign, which started out with superior resources and the mantle of inevitability, was a top-down operation in which decision-making rested with a small coterie of longtime aides. Her state organizers often got mixed signals from the headquarters near Washington. Decisions from Hillaryland often came too late for her field organization to execute. Obama's bottom-up philosophy also helps explain why he was able to sweep the organization-heavy caucus states, which were so crucial to building up his insurmountable lead in pledged delegates. What was not appreciated by many at the time: while Clinton spent heavily in every state she contested, Obama's approach saved money. Says Dean-campaign veteran Trippi: "His volunteers were organizing his caucus victories for free."

Obama Means No Drama
The team that Obama put together was a mix of people who, for the most part, had never worked together before but behaved as if they had. Some — like chief strategist David Axelrod and adviser Valerie Jarrett — came from Chicago and had advised Obama in earlier races. Axelrod's business partner Plouffe had worked in former House Democratic leader Dick Gephardt's operation; deputy campaign manager Steve Hildebrand, who oversaw the field organization, had come from former Senate majority leader Tom Daschle's. Daschle's former chief of staff Pete Rouse served that same role in Obama's Senate office, from which the candidate also brought aboard communications director Robert Gibbs, who had briefly worked for John Kerry. Obama tapped the business world as well, filling key operational posts with executives who had worked for Orbitz, McDonald's and other firms.

And yet, Obama says, they all had the same philosophy. "Because I was not favored, that meant that the people who signed up for this campaign really believed in what the campaign was about. So they weren't mercenaries. They weren't coming in to just attach to a campaign," he explains. Temperament mattered too. "It was very important to have a consistent team," Obama says, "a circle of people who were collaborative and nondefensive."

Like the team around Bush, Obama's is watertight. Leaks are rare, and for all the millions Obama has raked in, Plouffe keeps a sharp eye on where it is going. Consider the salaries: Clinton spokesman Howard Wolfson was paid almost twice as much in a month — $266,000 went to his firm, according to her January campaign filing — as the $144,000 that Obama paid Gibbs for all of last year. Obama staffers are expected to double up in hotel rooms when they are on the road and are reimbursed by the campaign if they take the subway (about $2) to the downtown-Chicago campaign headquarters from O'Hare International Airport but not if they take a cab (about $50). Volunteers are asked to take along their own food when they are canvassing.

How will a team that has been living off the land fare against the kind of GOP operation that was so effective at turning out the traditional Republican base in 2004? John McCain's campaign manager, Rick Davis, flatly declares that what got Obama the nomination "is not a general-election strategy" and contends that Obama's operation will be weak against McCain's crossover appeal in such states as Ohio, Michigan, Wisconsin, Minnesota and Nevada.

Maybe so, but compared with McCain's, Obama's operation has been a model of efficiency — and executive function. Obama has already changed the way politics is practiced in America — and he is poised to keep doing so. After delivering his dramatic victory speech in St. Paul, Minn., Obama walked offstage and spent the next 45 minutes signing dozens and dozens of his books that had been brought to the Xcel Center by admirers. When he finished, he happened to see fund raiser Dornbush and told him, "Enjoy the celebration tonight." Then Obama took a few steps, turned around and added, "But it's right back to work tomorrow."

What Newspapers Still Don’t Understand About The Web

in , , ,

This article originally appeared on Publishing 2.0.

Why is Google making more money everyday while newspapers are making less? I’m going to pick on The Washington Post again only because it’s my local paper and this is a local example.

There were severe storms in the Washington area today, and the power went out in our Reston office. I wanted to find some information about the status of power outages to see whether we should go into the office tomorrow. Here’s what I found on the homepage of WashingtonPost.com:

Washington Post Not Local

This is the WASHINGTON Post, right? So where’s the news about Washington? We just got pounded by a nasty storm — but it’s not homepage worthy.

Fortunately, although it’s not top of mind for the homepage editors, it is top of mind for readers — I found the article about the storm in the list of most viewed articles in the far corner of the homepage. I go to the article, where I find highly useful information like this:

“We have a ton of trees down, a ton of traffic lights out,” said Loudoun County Sheriff’s Office spokesman Kraig Troxell.

Great, that’s very helpful.

So what’s my next step, when I can’t find what I want on the web? Of course:

Power Outages Northern Virginia

Thanks, Google, just what I was looking for:

Virginia Power Outages

Wow, I thought — it can’t be that bad, can it? So I went back to the WashingtonPost.com homepage. This time, I clicked on the Metro section in the main navigation. Sure enough, the storm was the lead story.

Washington Post Metro Section

And there at the top was the link to the same useless article. But then below the photo was this tiny link: Capital Weather Gang Blog: Storm Updates

I clicked on the link, and wow:

Capital Weather Gang

Real-time radar, frequent storm warning updates with LINKS, and… a link to that page I had been SEARCHING for on Dominion Power about outages. (Note the link to the useless news story buried at the bottom.)

Capital Weather Gang Example

It was a brilliant web-native news and information effort — BURIED three layers deep, where I couldn’t FIND it.

Is it any wonder why Google makes $20 billion on search?

And what’s the root cause problem? The useless article with no real-time data and no links was written for the PRINT newspaper. And the homepage is edited to match what will be important in the PRINT newspaper. And the navigation assumes I think like I do when I’m reading the PRINT newspaper. Want local news? Go to the metro SECTION.

The Capital Weather Gang blog is a great example of “getting” the web — but then making it impossible to find…

Oh, and if you click on the tiny Weather link on the homepage (which I only noticed on my fourth visit), you get a page that looks like the weather page in, you guessed it, the print newspaper — all STATIC.

Again, it takes another click to get to the dynamic, web-native weather blog.

Yesterday, I saw a ranking of the top 25 “newspaper websites” — and that’s exactly the problem, isn’t it? These are newsPAPER websites, instead of WEBsites.

WashingtonPost.com ranks #5, with this comment:

The figures from the WPO 10-Q indicate that revenue for the company’s online business is relatively small and represents only a modest part of the sales for the newspaper group. That is unfortunate. If any company should be right behind The New York Times in internet revenue it is the Post.

So much potential, like the hugely innovative weather blog, crushed by the weight of tradition. And it’s not just the Post, of course (not to unfairly pick on them) — it’s every print publisher boxed in by the legacy business.

Here’s an idea for newspaper website homepages — just a search box and a list of blogs. Seriously. Instead of putting all the web-native content and publishing in the blog ghetto, like NYTimes.com does, why not make that the WHOLE site? (I mean seriously, having a blog section on the website is like having a section in the paper for 14 column inch stories.)

It’s like newspapers on the web as saying: here’s all the static stuff we produced for the paper — you want all of our dynamic web innovation? Oh, that’s downstairs, in the back room. Knock twice before you enter.

It’s a shame — so much marginalized value.

I bet I could stop going to the New York Times site entirely and just subscribe to all of their blog RSS feeds, and still get all the news, but in a web-native format, with data and LINKS.

Of course, the only way to do that is click on 50 RSS buttons one at a time. And they only publish partial feeds.

Sigh.

UPDATE:

Mark Potts had a similar frustration with the storm coverage — and it looks like he never even found the weather blog.

Another big missed opportunity — the Dominion electric site can’t tell me specifically if the power is still out in our office in Reston. But I bet Washington Post readers with offices in that area - or even in our office condo — could help me out, if someone gave them a place to do so. The Post weather blog has a ton of comments, but information is haphazard — how about a structured data form where you can post your power outage status, maybe map it on Google maps?

Lastly, at least Google knows how to make the Post’s weather blog findable:

Reston Power Outage

The War on Photography

in ,

What is it with photographers these days? Are they really all terrorists, or does everyone just think they are?

Since 9/11, there has been an increasing war on photography. Photographers have been harrassed, questioned, detained, arrested or worse, and declared to be unwelcome. We've been repeatedly told to watch out for photographers, especially suspicious ones. Clearly any terrorist is going to first photograph his target, so vigilance is required.

Except that it's nonsense. The 9/11 terrorists didn't photograph anything. Nor did the London transport bombers, the Madrid subway bombers, or the liquid bombers arrested in 2006. Timothy McVeigh didn't photograph the Oklahoma City Federal Building. The Unabomber didn't photograph anything; neither did shoe-bomber Richard Reid. Photographs aren't being found amongst the papers of Palestinian suicide bombers. The IRA wasn't known for its photography. Even those manufactured terrorist plots that the US government likes to talk about -- the Ft. Dix terrorists, the JFK airport bombers, the Miami 7, the Lackawanna 6 -- no photography.

Given that real terrorists, and even wannabe terrorists, don't seem to photograph anything, why is it such pervasive conventional wisdom that terrorists photograph their targets? Why are our fears so great that we have no choice but to be suspicious of any photographer?

Because it's a movie-plot threat.

A movie-plot threat is a specific threat, vivid in our minds like the plot of a movie. You remember them from the months after the 9/11 attacks: anthrax spread from crop dusters, a contaminated milk supply, terrorist scuba divers armed with almanacs. Our imaginations run wild with detailed and specific threats, from the news, and from actual movies and television shows. These movie plots resonate in our minds and in the minds of others we talk to. And many of us get scared.

Terrorists taking pictures is a quintessential detail in any good movie. Of course it makes sense that terrorists will take pictures of their targets. They have to do reconnaissance, don't they? We need 45 minutes of television action before the actual terrorist attack -- 90 minutes if it's a movie -- and a photography scene is just perfect. It's our movie-plot terrorists that are photographers, even if the real-world ones are not.

The problem with movie-plot security is it only works if we guess the plot correctly. If we spend a zillion dollars defending Wimbledon and terrorists blow up a different sporting event, that's money wasted. If we post guards all over the Underground and terrorists bomb a crowded shopping area, that's also a waste. If we teach everyone to be alert for photographers, and terrorists don't take photographs, we've wasted money and effort, and taught people to fear something they shouldn't.

And even if terrorists did photograph their targets, the math doesn't make sense. Billions of photographs are taken by honest people every year, 50 billion by amateurs alone in the US And the national monuments you imagine terrorists taking photographs of are the same ones tourists like to take pictures of. If you see someone taking one of those photographs, the odds are infinitesimal that he's a terrorist.

Of course, it's far easier to explain the problem than it is to fix it. Because we're a species of storytellers, we find movie-plot threats uniquely compelling. A single vivid scenario will do more to convince people that photographers might be terrorists than all the data I can muster to demonstrate that they're not.

Fear aside, there aren't many legal restrictions on what you can photograph from a public place that's already in public view. If you're harassed, it's almost certainly a law enforcement official, public or private, acting way beyond his authority. There's nothing in any post-9/11 law that restricts your right to photograph.

This is worth fighting. Search "photographer rights" on Google and download one of the several wallet documents that can help you if you get harassed; I found one for the UK, US, and Australia. Don't cede your right to photograph in public. Don't propagate the terrorist photographer story. Remind them that prohibiting photography was something we used to ridicule about the USSR. Eventually sanity will be restored, but it may take a while.

This article originally appeared on Bruch Schneier's Blog

Yes We Did

in , ,

Updated 2:55 PM -

AP: Obama Has Clinched The Nomination


The Associated Press weighs in with another big one (and with a bit of luck on the news orgs' part, this one will turn out to be accurate)...
Barack Obama effectively clinched the Democratic presidential nomination Tuesday, based on an Associated Press tally of convention delegates, becoming the first black candidate ever to lead his party into a fall campaign for the White House.

Of course, the AP's track record today leaves something to be desired. But put that aside for a sec.

The key to understanding how the AP reached its conclusion is this from later in the piece...

The AP tally was based on public commitments from delegates as well as more than a dozen private commitments. It also included a minimum number of delegates Obama was guaranteed even if he lost the final two primaries in South Dakota and Montana later in the day.

The AP is including over a dozen super-dels who privately indicated to the news org that they will ultimately back Obama, should the contest continue, but haven't said so publicly. Not everyone counts private commitments; the Obama campaign, for instance, only includes publicly declared supporters in its super-delegate tally.

So this isn't an official clinching of the nomination, obviously. And indeed, it's really a no-brainer that Obama has reached the magic number when you factor in private commitments. It's highly likely that far more than a dozen have privately signaled support for Obama.

UPDATED 11:55 AM - Before I even finished writing this post, the AP and CNN have both changed their stories due to Clinton top aides denying this.

FINALLY!!!!!! The day has arrived where facts finally overrule spin!


Clinton set to concede delegate race to Obama


By BETH FOUHY, Associated Press Writer 5 minutes ago




WASHINGTON - Hillary Rodham Clinton will concede Tuesday night that Barack Obama has the delegates to secure the Democratic nomination, campaign officials said, effectively ending her bid to be the nation's first female president.


Inside the Attack that Crippled Revision3

in , , ,

The popular Internet television network Revision3 suffered from a severe DDoS attack, launched by the infamous anti-piracy organization MediaDefender. After targeting The Pirate Bay’s trackers, MediaDefender apparently thought it was a good idea to spread their fake torrents through Revision3.


revision 3The CEO of Revision3 - Jim Louderback - was quite surprised when he found out that MediaDefender was the source of the attack that took down their entire network this weekend. He found out that MediaDefender used the Revision3 BitTorrent tracker for the fake torrents they upload to various BitTorrent sites.

In a lengthy blog post Louderback explains what happened, as he writes: “Media Defender was abusing one of Revision3’s servers for their own purposes – quite without our approval. When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode – much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.”

MediaDefender’s attack effectively took down the Revision3 BitTorrent tracker this weekend, and people were unable to grab the latest episodes. That was not all, the flood of SYN packets also took out their webserver and their email. These kind of attacks are illegal according to US law, and if Revision3 decides to pursue this case in court, it would not be the first time MediaDefender gets caught.

Only a few months ago, The Pirate Bay sued several media companies that hired MediaDefender, for exactly the same behavior. Pirate Bay founder Peter Sunde said at the time: “They are going around accusing the pirate community for doing immoral stuff, when they do illegal stuff. We need to make a statement that just because something might be hard to fight it doesn’t mean that laws do not imply in the case.”

Louderback has no idea whether the attack on their network was intentional or not, but said he involved the FBI. “Was it malicious? Intentional? Negligent? Spoofed? I can’t say. But what I do know is that the FBI is looking into the matter – and it’s far more serious than toddlers squabbling over broken toys and lost cookies.”

This is yet another epic fail in MediaDefender’s history, and this might very well be the the final punch to knock the company out. Most of you probably remember the leaked emails and confidential information, which cost the company hundreds of thousands of dollars, and brought them on the verge of bankruptcy.

To quote MediaDefender’s CEO Randy Saaf: “This is really fucked.”

Jim Louderback's Blogpost is contained below, in full:



Inside the Attack that Crippled Revision3


on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics


As many of you know, Revision3’s servers were brought down over the Memorial Day weekend by a denial of service attack. It’s an all too common occurrence these days. But this one wasn’t your normal cybercrime – there’s a chilling twist at the end. Here’s what happened, and why we’re even more concerned today, after it’s over, than we were on Saturday when it started.

It all started with just a simple “hi”. Now “hi” can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess – like by a cranky 3-year old–it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking “hi” over and over again, and you begin to understand what our poor servers went through this past weekend.

On the internet, computers say hi with a special type of packet, called “SYN”. A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet – routers, firewalls and load balancers – are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.

For adults, it’s typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.

revision3_f5_dos.jpg
That’s what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down – bringing the rest of Revision3 with it. In webspeak it’s called a Denial of Service attack – aka DoS – and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.
(Note the photo of our server equipment responding to the DoS Attack)

In its coverage Tuesday CNet asked the question, “Now who would want to attack Revision3?” Who indeed? So we set out to find out.

Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that’s the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.

Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a “torrent”, which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or “tracker”. You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.

Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It’s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.

But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?

Along with where it’s bound, every internet packet has a return address. Often, particularly in cases like this, it’s forged – or spoofed. But interestingly enough, whoever was sending these SYN packets wasn’t shy. Far from it: it’s as if they wanted us to know who they were.

A bit of address translation, and we’d discovered our nemesis. But instead of some shadowy underground criminal syndicate, the packets were coming from right in our home state of California. In fact, we traced the vast majority of those packets to a public company called Artistdirect (ARTD.OB). Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to a subsidiary of Artist Direct, called MediaDefender.

Now why would MediaDefender be trying to put Revision3 out of business? Heck, we’re one of the biggest defenders of media around. So I stopped by their website and found that MediaDefender provides “anti-piracy solutions in the emerging Internet-Piracy-Prevention industry.” The company aims to “stop the spread of illegally traded copyrighted material over the internet and peer-to-peer networks.” Hmm. We use the internet and peer-to-peer networks to accelerate the spread of legally traded materials that we own. That’s sort of directly opposite to what Media Defender is supposed to be doing.

Who pays MediaDefender to disrupt peer to peer networks? I don’t know who’s ponying up today, but in the past their clients have included Sony, Universal Music, and the central industry groups for both music and movies – the RIAA and MPAA. According to an article by Ars Technica, the company uses “its array of 2,000 servers and a 9GBps dedicated connection to propagate fake files and launch denial of service attacks against distributors.” Another Ars Technica story claims that MediaDefender used a similar denial of service attack to bring down a group critical of its actions.

Hmm. Now this could have been just a huge misunderstanding. Someone could have incorrectly configured a server on Friday, and left it to flood us mercilessly with SYN packets over the long Memorial Day weekend. If so, luckily it was pointed at us, and not, say, at the intensive care unit at Northwest Hospital and Medical Center But Occam’s razor leads to an entirely different conclusion.

So I picked up the phone and tried to get in touch with ArtistDirect interim CEO Dimitri Villard. I eventually had a fascinating phone call with both Dimitri Villard and Ben Grodsky, Vice President of Operations at Media Defender.

First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only – to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.

Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of “Hi”s brought down our network.

Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.

“Media Defender did not do anything specific, targeted at Revision3″, claims Grodsky. “We didn’t do anything to increase the traffic” – beyond what they’d normally be sending us due to the fact that Revision3 was hosting thousands of MediaDefender torrents improperly injected into our corporate server. His claim: that once we turned off MediaDefender’s back-door access to the server, “traffic piled up (to Revision3 from MediaDefender servers because) it didn’t get any acknowledgment back.”

Putting aside the company’s outrageous use of our servers for their own profit, and the large difference between one connection every three hours and 8,000 packets a second, I’m still left to wonder why they didn’t just tell us our basement window was unlocked. A quick call or email and we’d have locked it up tighter than a drum.

It’s as if McGruff the Crime Dog snuck into our basement, enlisted an army of cellar rats to eat up all of our cheese, and then burned the house down when we finally locked him out – instead of just knocking on the front door to tell us the window was open.

In the end, here’s what I know:


  • A torrential flood of SYN packets rained down on Revision3’s network over Memorial Day weekend.

  • Those packets – up to 8,000 a second – came primarily from computers controlled by MediaDefender, who is in the business of shutting down illegal torrent sites.

  • Revision3 suffered measurable harm to its business due to that flood of packets, as the attacks on our legitimate and legal Torrent Tracking server spilled over into our entire internet infrastructure. Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday – and even our internal email servers were brought down.

  • Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act.


Although I can only guess, here’s what I think really happened. Media Defender was abusing one of Revision3’s servers for their own purposes – quite without our approval. When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode – much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo.

That tantrum threw upwards of 8,000 SYN packets a second at our servers. And that was enough to bring down both our public facing site, our RSS server, and even our internal corporate email – basically the entire Revision3 business. Smashing the cookie jar, as it were, so that no one else could have any Oreos either.

Was it malicious? Intentional? Negligent? Spoofed? I can’t say. But what I do know is that the FBI is looking into the matter – and it’s far more serious than toddlers squabbling over broken toys and lost cookies.

MediaDefender claims that they have taken steps to ensure this won’t happen again. “We’ve added a policy that will investigate open public trackers to see if they are associated with other companies”, promised Grodsky, “and first will make a communication that says, hey are you aware of this.”

In the end, I don’t think Media Defender deliberately targeted Revision3 specifically. However, the company has a history of using their servers to, as Ars Technica said, “launch denial of service attacks against distributors.” They saw us as a “distributor” – even though we were using Bittorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn. The long Memorial Day weekend holiday made it impossible for us to contact either Media Defender or their ISP, which only exacerbated the problem.

All I want, for Revision3, is to get our weekend back – both the countless hours spent by our heroic tech staff attempting to unravel the mess, and the revenue, traffic and entertainment that we didn’t deliver.

If it can happen to Revision3, it could happen to your business too. We’re simply in the business of delivering entertainment and information – that’s not life or death stuff. But what if MediaDefender discovers a tracker inside a hospital, fire department or 911 center? If it happened to us, it could happen to them too. In my opinion, Media Defender practices risky business, and needs to overhaul how it operates. Because in this country, as far as I know, we’re still innocent until proven guilty – not drawn, quartered and executed simply because someone thinks you’re an outlaw.

- Jim Louderback
CEO - Revision3