Podcast Hijacked, Held for Ransom

By Lisa Vaas  |  Posted 2005-11-30

Podcast Hijacked, Held for Ransom

In an assault reminiscent of the early days of the Internet, Podcaster Erik Marcus recently found that his RSS feed had been inexplicably redirected.

According to Marcus, rather than fully cooperate to address the situation, the cyber-squatter is demanding payment or permanent agreement to terms, and Marcus is seeking legal redress for this new form of Internet extortion.

Marcus publishes Vegan.com and the "Eriks Diner" Podcasts.

Over the course of the past year, Marcus has built his listenership from 100 people per show up to some 1,500. Over the past few weeks, he noticed that Yahoo Inc. had created an entry for his show on its beta site, Podcasts.yahoo.com.

The page had an RSS feed belonging not to Vegan.com, however, but to a site named Podkeyword.com.

Marcus shared with Ziff Davis Internet News a letter he sent to a lawyer who specializes in intellectual property and who has agreed to work with him on his case.

In the letter, Marcus said he contacted Yahoo repeatedly for about a month. The company never responded. Yahoo had failed to correct the RSS listing and had also failed to return phone calls seeking comment for this story by the time it was posted.

Marcus e-mailed Podkeyword directly in order to "nip this problem in the bud rather than let it grow," he said in his letter to his lawyer, Colette Vogele.

Podkeyword honored his request, Marcus said, after which his listener numbers abruptly collapsed. Marcus came to find that Apple Computer Inc.s iTunes service, which shields RSS information from its users, had also picked up the Podkeyword URL.

"This has cost me more than 1,000 listeners per show," Marcus wrote in the letter.

Marcus contacted Apple, which has to date not fixed the URL.

Marcus then wrote back to Podkeyword to ask that his listing be temporarily reinstated on Podkeyword while he worked to fix things with Apple. Podkeyword reportedly responded that the listing would be reinstated only if Marcus provided an unspecified payment or agreed permanently to its terms.

Click here to read about Podcasting usage tools from Audible.

The manner in which the purported hijacking occurred exemplifies the fact that RSS feeds are far more vulnerable to squatters than Web site domains. The method doesnt require stolen passwords or other overtly illegal methods.

Rather, it merely involves finding a target Podcast and creating a unique URL for it on a Web site that the hijacker can control. The hijacker then points his URL to the RSS feed of the target Podcast.

Next, the hijacker does whatever it takes to ensure that, as new Podcast engines come to market, the page each engine creates for the target Podcast points to the hijackers URL instead of to the Podcast creators official URL.

Vogele, a non-residential fellow at Stanford Universitys Center for Internet and Society and head of the firm Vogele & Associates, told Ziff Davis Internet News that she is mulling over a number of approaches to determine which laws might pertain in the case, including claims of unfair competition, trademark infringement/dilution, computer fraud and abuse, trespass, right of publicity and misappropriation.

Californias right of publicity law, for example, stipulates that an individual has a right to control his or her likeness and image, including, most likely, voice, she said. If Podkeyword is in fact making money off of Marcus Podcast, it might be at risk of being found guilty of violating right of publicity, Vogele said.

Next Page: Applying IP concepts to RSS.

Applying IP Concepts to


At any rate, it is unclear how existing laws pertain to such recent technology as Podcasts or RSS feeds, Vogele said.

"Ive been doing [intellectual property] law for quite awhile," she said. "Every time theres a new [technology], its a little brain teaser. We know its wrong, but how does law [respond] to that? It takes a while in the legal system, and technology changes [more rapidly than laws]."

The lack of response from Apple and Yahoo may have to do with laws that shield such companies from copyright infringement, Vogele said.

While they should be applauded for making part of the engine that enables Podcasting, she said, such companies would be better Internet citizens were they to make available a means for hijack victims to contact the companies, tell them whats happening and have the companies fix this in a reasonable time.

This is particularly the case, Vogele said, "since they get financial benefits from all these Podcasters creating this content for free … I think they need to think about what systems they can put in place and be good citizens in this process."

Marcus suggested that Podcasters can protect themselves from hijacking by checking to make sure that all Podcast directories and search engines list RSS feeds that point to their official URLs/RSS feeds.

Also, if Podcasters learn of a hijacking, they can write to the hijacker and demand that they cease and desist. Hijacked Podcasters should also write to the Podcast directories and search engines to point out the misconduct.

Corporate Podcasts target the IT community. Read more here.

Those who posted responses to Vogeles Weblog entry on the matter suggested other defensive strategies. One is to rename Podcast audio files on occasion and point to the new names in the legitimate RSS feed, thus causing the malicious sites RSS feed to stop working and hence to cease gaining popularity.

Another tactic is to look at the referrers tags for Podcast downloads in a Podcasters Web server logs. Names of malicious sites that point to a Podcast will come up in the logs, and a large number of off-site listener referrals should raise flags.

Another tactic proposed on Vogeles blog is to mention the site and feed URL in each Podcast. Those who take the time to notice what URL theyre using may notice that the URL is in fact not the official one.

Check out eWEEK.coms for more on IM and other collaboration technologies.

Rocket Fuel