Connect to share and comment

The digital world, explained.

Kim Dotcom's Mega site launch mired in controversy and security concerns

Kim Dotcom's latest project, Mega, is struggling to maintain viability as the security community expresses concerns over the site's encryption tools.
Kim Dotcom megaupload 7 10 2012Enlarge
Megaupload founder Kim Dotcom at North Shore District Court on February 22, 2012 in Auckland, New Zealand. (Sandra Mu/AFP/Getty Images)

Kim Dotcom’s latest project, Mega, launched over the weekend amid much hype and controversy. The site's launch came after more than a year of legal battles and the muddling of jurisdictions.

On Tuesday, Kim Dotcom took to Twitter to apologize for the issues surrounding the site launch, mostly having to do with trying to accommodate so many new users at one time. 

“The massive global PR around the #Mega launch is simply to[o] big to handle for our start-up. I apologize for poor service quality,” said Dotcom in a tweet. “We are making good progress. Adding servers & fixing bugs. It should not be long until you can enjoy #Mega without hiccups,” he added. 

Dotcom called Mega the “startup probably most scrutinized by lawyers in internet history,” while speaking to Ars Technica. It offers users 50 gigabytes of free cloud storage and the ability to share files with other Mega users.

There are growing concerns, however, over the security of the site and the ability of users to protect themselves from malicious attacks. Currently, there is no way to delete a Mega account, meaning that should an account be compromised by a hacker, there is no way to change the password or remove the account from the site. 

More from GlobalPost: Anonymous Mexico targets Defense Departs in support of Zapatistas 

Other concerns about Mega surround the site’s encryption technology. Dotcom has boasted 128 bits of Advanced Encryption Standard (AES) encryption. AES encryption is an industry standard established by the US National Institute of Standards and Technology in 2001 and has been adopted by the government and used worldwide.

“All files stored on MEGA are encrypted. All data transfers from and to MEGA are encrypted. And while most cloud storage providers can and do claim the same, MEGA is different – unlike the industry norm where the cloud storage provider holds the decryption key, with MEGA, you control the encryption, you hold the keys, and you decide who you grant or deny access to your files, without requiring any risky software installs. It’s all happening in your web browser!” reads Mega’s description of its user controlled encryption. 

But because the key given to users to decrypt and encrypt files is held on Mega’s own servers, a password must be entered to utilize Mega’s encryption key. With no ability to change a password, losing it would mean losing access to all of a user’s files. 

"The encryption is open source. We expect the security community to take a long and hard look and comment on possible weaknesses," said Mega CTO Mathias Ortman in a press conference. As confidence in Mega’s security wavers, such weaknesses may quickly be discovered, whether they’re being fixed or exploited. 

Compounding the technical problems with the site, enclaves within the Anonymous hacker collective have called for a boycott of all Mega services in light of Dotcom’s cooperation with US authorities last year in the prosecution of NinjaVideo, a pirating site that often linked to Megavideo’s streaming service.

More from GlobalPost: Anonymous adopts scorched earth policy for Uganda

“Kim Dotcom broke the pirate code. He is a snitch, and needs to be exposed to the world as such,” wrote Anonymous in a statement on Tuesday. 

Over a year before Dotcom's indictment and the subsequent raid on his New Zealand mansion, Megaupload aided the US prosecution of NinjaVideo by consenting to the search of several of the company's servers based in Virginia. In the search, user data of NinjaVideo operators were seized. That information led to the conviction of Hana Amal Beshara and Matthew David Howard Smith, both currently residing in US prisons. 

"Hana Beshara, 'Queen Phara,' has been sitting in FPC Bryan in Texas for the past year awaiting release this August because Kim willingly cooperated with this investigation, thinking he would be building a rapport with the IPR fanatics at DHS. Matthew David Howard Smith, aka (Dead1ine), founder of NinjaVideo, will be released from Butner Penitentiary in North Carolina this April,” continued the statement from Anonymous.

More from GlobalPost: Old Republic devs to segregate same gender relationships 

Kim Dotcom’s mansion in New Zealand was raided last year in a fashion befitting drug kingpins or mob bosses, not eccentric billionaires. The raid itself has become the subject of controversy. Dotcom’s attorneys and his supporters argue that the use of helicopters, submachine guns, assault rifles, attack dogs and brute force against Dotcom in front of his wife and children was excessive.

New Zealand citizens were also outraged by the presence of the FBI during the planning and execution of the raid.

The US is attempting to extradite Dotcom from New Zealand on charges of racketeering and money laundering, arguing megaupload.com facilitated huge amounts of internet piracy and online copyright violations.
 

http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/kim-dotcom-mega-controversy-security-anonymous-boycott

.

Featured Slideshow

Please select a gallery.

Please select a gallery.