Attacks On MPAA’s UK Law Firm Lead to Data Leaks, Lawsuit

A UK Law firm that has aggressively pursued cases against illegal file sharing on behalf of the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) now finds itself in the cross hairs of both hackers and and privacy activists. 

A UK Law firm that has aggressively pursued cases against illegal file sharing on behalf of the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) now finds itself in the cross hairs of both hackers and and privacy activists. 

The firm was the subject of distributed denial of service attacks orchestrated by the online prank group 4chan last week – part of a larger action against the Web sites of the MPAA, RIAA and an anti-piracy technology company, according to a report by torrentfreak.com. That attack prompted a feisty response in published reports from Andrew Crossley, a principal at the firm, after the firm was able to restore its Web site. That response, in turn, led to further attacks and the publication, over the weekend, of what appear to be personal and company e-mails from ACS. Those e-mail expose embarrassing personal correspondence, as well as personal details on UK residents who ACS was pursuing for illegal download activities and what appear to be disturbing insights into ACS’s pursuit of them on behalf of clients like the MPAA.

Crossley did not immediately respond to a request for comment. 

Torrents of the e-mail archives and stolen fax messages were published on the Pirate Bay, a file sharing hub, and on the Web. Due to heavy traffic, Threatpost.com was not able to view the files to confirm their authenticity. According to published reports, however, they include both Crossley’s personal e-mail and those of the firm and individual employees. The amount of e-mail stolen ranges from a month to several months. 

On Monday, the privacy rights group Privacy International said it notified the UK’s Information
Commissioner’s Office (ICO) of a breach of the Data Protection Act . The group said ACS violated UK laws by allowing a sensitive archive of data to be stored on a public facing web server and urged ACS to contact those whose names appear in the stolen e-mail trove to make them aware of the data leak. 

ACS Law first came to prominence in late 2009, when it sent out 30,000 letters to UK residents suspected of illegally trading in pirated movies online. The company had faced scrutiny since then for what some considered aggressive methods to identify and pursue individuals suspected of file sharing, often with the goal of exacting payment of fines from them. 

Suggested articles

45 Million Medical Images Left Exposed Online

45 Million Medical Images Left Exposed Online

A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.

Discussion

  • Anonymous on

    Good write up :)  PrivacyInternational.org are looking for people to contact them for their huge Data Protection Act violation case against ACS Law/Andrew Crossley.

    People should also contact their ISPs immediately to voice their concerns.  It's now time our ISPs did a full investigation into their dealings with scammer Andrew Crossley who has managed, beyond belief, to terrorize the UK and gain information from internet users for this long.

    The ACS Law email leak is up at http://acslaw.blogspot.com along with all the other coverage.

  • Anonymous on

    Fantastic news.  These assholes targetted my father and accused him of sharing some bullshit he'd never even heard of.  Thanks to the advice on the Slyck.com forums I told Crossley where to go and hadn't heard anything since.  Both myself and my father are now sharing his email database aka fraudulant law firms secrets on BitTorrent.  LOL.  http://acslaw.blogspot.com has all the torrents and a bunch of mirrors to boot.  Fuck you Andrew Crossley for messing with my dear ol' paps, I hope you rot in jail.

  • Anonymous on

    win

  • Anonymous on

    Wow. Anyone who calls themselves 4chan is a horrible person. These people had a right to a court of law, they had a right to keep the evidence private and prove the suits false. They could have collected damages if it was a frivolous lawsuit. And 4chan just smeared them over the internet. These people have no say and no recourse in this. This is why the U.S. and French laws are cracking down on our privacy, our anonimity. Thanks a lot 4chan. You make everything worse.
  • WareZwolF on

    Right on! F you Crossley!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.