Monday, 26 September 2011

How the FBI caught an actor uploading movie screeners to the pirate bay

http://torrentfreak.com/how-the-fbi-caught-an-actor-uploading-movie-screeners-to-pirate-bay-110914/



In April 2011, the FBI raided the apartment of a Screen Actor’s Guild member suspected of uploading several pre-release screeners of Hollywood blockbusters to The Pirate Bay. The man, an actor, has now agreed to plead guilty and potentially faces three years in prison. There were claims he could’ve been connected to a release group but as his amateurish online actions show, nothing could be further from the truth.

In mid-April, Screen Actor’s Guild (SAG) member Wes DeSoto had his premises raided on suspicion of uploading several pre-release movies to the Internet.

As Google’s cache at the time revealed, DeSoto uploaded torrents to The Pirate Bay including The King’s Speech, Rabbit Hole, 127 Hours, The Fighter and Black Swan, all between January 23 and January 29. As a member of the Guild, DeSoto had access to DVD quality screeners which were delivered to him via the use of special codes on the iTunes store.

According to Wired, DeSoto, who had a bit-part in CSI: Crime Scene Investigation, agreed Monday to plead guilty to one count of breaching the Family Entertainment and Copyright Act of 2005 for uploading the movie Black Swan to BitTorrent. He faces a maximum of 3 years in prison although the state is seeking three years probation.

So how did DeSoto find himself in the arms of the FBI? According to the affidavit, that was made easy by an almost unbelievable series of amateurish mistakes.

After being hired by Paramount Pictures to monitor online piracy for the movie The Fighter, on January 28th Deluxe Webwatch discovered a high-quality screener version being made available by release group TiMPE.

Politely the group indicated that the source of the file as being a “720p SAG screener (mf34inc)”, but unfortunately this courtesy was to set the ball rolling in DeSoto’s direction.

After downloading the movie but failing to find a previously implanted watermark, nor any evidence to show the movie had come from iTunes, Deluxe went back to Paramount. It turned out that the studio had indeed put specific marks into the iTunes version of the movie.

Rather than hunt down TiMPE, Deluxe was told to find “mf34inc” and for this they rolled out one of the world’s most powerful detective tools – Google. Their search led them to The Pirate Bay where they found a user of the same name who had uploaded The Fighter plus 127 Hours, The Kings Speech and Black Swan.

While Deluxe were clearly too late to find the IP address of mf34inc when the previous movies were uploaded, all they had to do was remain patient for more uploads. On January 28th they struck gold, as the same user began to upload another screener, this time of the movie Rabbit Hole. His IP address had been logged and the chase was on.

The next pieces of evidence against DeSoto came thanks to him responding to criticism in The Pirate Bay’s comment section. After several users questioned the authenticity of the file, mf34inc weighed in with “SAG now send out iTunes download codes for screeners” and the utterly priceless “I’m a SAG member and thought i’d share these.”

Armed with mf34inc’s IP address and a timestamp from the Rabbit Hole upload (allocated to Time Warner Cable / Road Runner), investigators asked the ISP to show who was using the resource at the time. It led directly to one of their subscribers – one Wesley DeSoto of Los Angeles. But it gets worse.

According to iTunes, the account name registered to the download of The Fighter was “wes@mf34.com”. Furthermore, the IP address used to download The Fighter from iTunes matched the IP address used to upload Rabbit Hole to The Pirate Bay.

From here DeSoto’s details were cross-referenced with the California Department of Motor Vehicles Database and his photo was obtained. But the simple username mf34inc was to prove an even more fruitful source of evidence for investigators.

By using Google again, Deluxe discovered that mf34inc was a reference to a clothing company called m34, short for The March Forth. When searching YouTube, Deluxe found an account for the company with the name of – you’ve guessed it – mf34inc.

In a video uploaded to the account, a BMX rider on The March Forth’s racing team said: “Wes over there is a really cool guy, takes care of all of us.” Wes, it transpires, is the owner of The March Forth.

A visit to DeSoto’s Linkedin profile yielded another photograph. It matched the one on his driving license.

After all the dots had been joined, DeSoto had a visit from the FBI. Following his arrest he said he was a “nobody” in the file-sharing world and denied being a member of a release group. From DeSoto’s catalogue of errors, which if anything seem to suggest that he didn’t even attempt to cover his tracks, no one will be disputing his version of events.

DeSoto is expected in court next month.

11 comments:

  1. Wow, sad. I would be better at not getting caught than this turdburglar.

    ReplyDelete
  2. It's kinda hard to feel sympathy for this guy.

    ReplyDelete
  3. Well, damn. That means less good screeners.

    ReplyDelete
  4. Mr De Soto is his own worst enemy and will get no sympathy from me. Three or more years in jail will do him good :-).

    ReplyDelete
  5. Why do people do this? It's just not worth it.

    ReplyDelete
  6. Heh, the guy's a sucker. Maybe he'll have some time to learn something while in prison.

    ReplyDelete
  7. lol. the fbi are patting themselves on the back for googling someone. what genius detective work!

    hes not going to see any time. he'll get the three years probation and thats about it. california prisons are over crowded with people that actually deserve to be there.

    get it together people.

    ReplyDelete
  8. lol. the fbi are patting themselves on the back for googling someone. what genius detective work!

    hes not going to see any time. he'll get the three years probation and thats about it. california prisons are over crowded with people that actually deserve to be there.

    get it together people.

    ReplyDelete
  9. lol. the fbi are patting themselves on the back for googling someone. what genius detective work!

    hes not going to see any time. he'll get the three years probation and thats about it. california prisons are over crowded with people that actually deserve to be there.

    get it together people.

    ReplyDelete