I’ve always enjoyed how the more the music industry tries to lock things down and keep music from leaking it just seems like more music gets on-line. One of the ways that the industry has been trying to cut back on leaks is by using services like Play MPE, a product of Vancouver’s Destiny Media Technologies, which allows record labels to distribute their music to radio stations and the music press without using physical CDs which were previously being leaked on-line. This way the media had access to unreleased music for their reviews, and there is supposed to be technologies in place to prevent the recipients of those songs from sharing them.
And just like shutting down Napster completely ended on-line music piracy that was the end of that.
Or was until AbsolutePunk reported that a “hacker” had gotten around Play MPE’s airtight security and was distributing music that had yet to hit store shelves via BitTorrent. The site reports that Play MPE sent the following letter to its clients letting them know that their protected music was out in the wild.
“A hacker managed to obtain a Play MPE account last week and found an exploit in the Play MPE Direct-to-Web player that allowed him access to your release, even though he was not on the recipient lists. We promptly disabled the offending account and closed this exploit on Monday but by then your album had been accessed.”
CNET reports that the “hacker” was an Australian teenager who applied to the site as an Australian music critic and was granted access. They also question AbsolutePunk and Play MPE’s definition of the teen as a hacker, noting that it seems that he was able to access the supposedly restricted music through the easiest of tricks.
It’s not as if he did any sophisticated DRM cracking. Rather, he noticed that that the URL in the Web-based download file had the characters “songid=” followed by a bunch of numbers. By changing the numbers, he was apparently able to to get other song downloads that he wasn’t supposed to see.
Destiny Media Technologies did not respond to an email asking for a comment on this story.