Jim Louderback, CEO of Revision3, was surprised when he found out that MediaDefender was behind the attack that took down their whole network over the weekend. MediaDefender used Revsison3 BitTorrent tracker for the fake torrents they upload to BitTorrent sites.

In a detailed blog post Louderback writes," Media Defender was abusing one of Revision3′s servers for their own purposes – quite without our approval. When we closed off their backdoor access, MediaDefender’s servers freaked out, and went into attack mode – much like how a petulant toddler will throw an epic tantrum if you take away an ill-gotten Oreo."

Louderback continues, "They saw us as a ‘distributor’ – even though we were using BitTorrent for legitimate reasons. Once we shut them out, their vast network of servers were automatically programmed to implement a scorched earth policy, and shut us down in turn."

Louderback says the FBI is looking into the matter and that MediaDefender executives have admitted to being behind the attack. Media Defender says it has since taken steps to make sure it won’t happen again.

In the end Louderback does not believe that MediaDefender deliberately targeted Revision3 but did point out that the company has a history of using their servers to launch denial of service attacks against distributors.

An FBI investigation is ongoing into MediaDefender’s role in disrupting Revision3′s service, according to Louderback. He posted about the discovery of the company behind the flood of disruptive traffic, and his chat with MediaDefender’s executives about their firm’s outrageous conduct:

First, they willingly admitted to abusing Revision3’s network, over a period of months, by injecting a broad array of torrents into our tracking server. They were able to do this because we configured the server to track hashes only – to improve performance and stability. That, in turn, opened up a back door which allowed their networking experts to exploit its capabilities for their own personal profit.

Second, and here’s where the chain of events come into focus, although not the motive. We’d noticed some unauthorized use of our tracking server, and took steps to de-authorize torrents pointing to non-Revision3 files. That, as it turns out, was exactly the wrong thing to do. MediaDefender’s servers, at that point, initiated a flood of SYN packets attempting to reconnect to the files stored on our server. And that torrential cascade of “Hi”s brought down our network.

Grodsky admits that his computers sent those SYN packets to Revision3, but claims that their servers were each only trying to contact us every three hours. Our own logs show upwards of 8,000 packets a second.

Louderback pointed out how a dozen federal statutes cover the activity engaged in by MediaDefender.  “Revision3 suffered measurable harm to its business due to that flood of packets,” he said. “Thus we were unable to serve videos and advertising through much of the weekend, and into Tuesday – and even our internal email servers were brought down.”

Words simply fail us to describe MediaDefender’s cracking activity as described by Louderback. Instead, we’ll look forward to seeing a statement from the US Attorney General’s office, hopefully with the words “arrests” and “arraignments” prominently displayed.