There are papers going back to at least 2005 (this one, a top search result, is cited 390 times: http://www.cl.cam.ac.uk/~mgk25/sc2005-distance.pdf ), so it would not be all that surprising if there are some existing commercial implementations. The current rash of thefts seem to come down to the systems being completely naive to amplification attacks though.
