The recent arrest of a 19-year-old man who was charged with stealing unfinished songs from the websites of prominent musicians and selling the work for Bitcoin has drawn new attention to the vulnerability of artists to predatory hackers.
The offices of Manhattan District Attorney Cyrus R. Vance, Jr., and City of London Police Commissioner Ian Dyson tracked down the suspect, a citizen of the United Kingdom, after an organization that represents the recording industry approached Vance’s team.
The artists’ managers took action after becoming aware that songs were being sold.
Due to British privacy laws, the names of the artists have not been released beyond their being “world famous.” Nor has the identity of the hacker, arrested in Ipswich, England, been made public. However, there is some speculation that these crimes are either inspired by or directly connected to a hack of the band Radiohead.
A cyber-extortionist stole 18 hours of unheard music from the Grammy-winning group and demanded $150,000 this year. Radiohead refused to pay the extortionist and instead released the music on Bandcamp in June, with all proceeds going to the climate advocacy group Extinction Rebellion.
With this new batch of crimes, it is unclear if ransoms were first issued or in any cases paid. But the music was definitely sold to buyers using cryptocurrency.
This crime is a variant on “ransomware,” when a type of malicious software designed to block access to a computer system is installed until the victim comes up with a sum of money. Cybersecurity firms have predicted that ransomware damages will cost the world $11.5 billion in 2019, up from $8 billion in 2018.
It is a brutal form of attack for musicians to cope with.
“It causes significant financial loss to those who work so incredibly hard to produce, write and make music for their fans to love and enjoy,” said Detective Inspector Nick Court, of the City of London Police Intellectual Property Crime Unit.
“This embodies the very definition of piracy — a high-tech version of studio recordings that, in the past, insiders would leak to bootleggers,” said Anthony DeCurtis, a contributing editor to Rolling Stone and author of a recent book on Lou Reed.
“The implications of this, however, are much broader, because it comes at a time when artists are making far less money on their recorded work.”
Added DeCurtis: “It’s theft, plain and simple; it violates both the right of artists to maintain the integrity of what they want to release to the public and their right to profit from it.”
Entertainment attorney Dainius Remeza pointed out that this is a nasty twist on an age-old problem that artists such as Bob Dylan, the Rolling Stone, and Bruce Springsteen have had to grapple with.
In the 1960s and 1970s, the artists’ music “somehow slipped unauthorized past the recording studio security and into the Greenwich Village bootleg record stores of the day,” said Remeza, a professor at John Jay College in New York.
“Back then, it was a little easier to narrow down the suspects, because very few people would have access to the master tapes – perhaps a recording engineer, a roadie, someone from the production team. So in many instances, we’re talking about people who the artist knew personally and that sometimes resulted in the artist not involving law enforcement, even if the relationship was broken beyond repair and some private settlement represented an imperfect but practical compromise.”
The Internet completely changed these dynamics and raised the stakes for musicians.
“The hacker could be anyone, anywhere – and without law enforcement assistance, the victim artist would never get justice,” Remeza said in an interview.
“Modern technology has very much transformed where and how music is recorded and it’s not uncommon for artists to cut albums in their home studio, save their work to a hard drive, and eventually release their music to the world from the same computer.”
Remeza continued, “But that type of access is a two-way street and artists, even those who take cyber-security seriously, are vulnerable to motivated and sophisticated hackers – so it’s good to see law enforcement actively monitoring these type of scenarios.”
DA Vance said in a statement that his office is dedicated to protecting artists’ intellectual property.
“As demonstrated by this investigation, my office has the expertise, resources, and partnerships to help cybercrime victims reach across the globe to get justice, and we urge anyone who has been a victim of a hack to report it to us at (212) 335-9600.”
Nancy Bilyeau is deputy editor of The Crime Report. Readers’ comments are welcome.