14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users

enigmax
November 12, 2007
157
hacker,
oink,
p3t3r,
RIAA,
waffles,
what.cd
Print

Users of OiNK-replacement What.cd, are receiving emails from what appears to be the RIAA. In it are threats that users must either stop their ‘criminal acts of piracy’ or have charges pressed against them. But is it the RIAA? Rival Waffles.fm? No, it’s a 14 yr old script kiddie out for revenge, says What.cd

web sheriff

Users of What.cd were in for more than a little shock today. Members of one of the OiNK replacement sites started receiving worrying emails from the music file-sharers arch nemesis – the mighty RIAA.

The email reads:

Date: 12 Nov 2007 11:35:46 +0100
Message-ID: <2007111XXXXXXX.XXXXX.qmail@bitient.org>
To: XXXXXXX
Subject: Music Piracy
From: piracy@riaa.org
Reply-To: piracy@riaa.org
X-Originating-IP: [76.74.24.143]
X-Originating-Email: [piracy@riaa.org]
X-Mailer: Internet Mail Service

Dear registered user of the site What.cd,

We have recently been investigating the activities of the users of the site http://www.what.cd/ and we have found that this site exists for the sole purpose of music piracy.

Pirating music is a criminal offence and we believe it should be obvious to you that the results outweigh the benefits – hard working artists won’t be rewarded for their work and will stop producing music, ultimately leading to a severely reduced selection of music both in the shops and for download.

The RIAA had hoped that the disabling by the police of the large illegal music site, Oink.cd, would stop a lot of people from engaging in piracy, as they don’t want to be seen as criminals. However, this appears to not be the case, as two large new sites have sprung up in its place.

This email is the final warning to all of you who were members of Oink.cd and are current members of What.cd. If we find you to be committing any more criminal acts of piracy then we will have to press charges against you, as representatives of the major record companies of
America.

Yours Faithfully,

The RIAA

Worrying, especially as the IP address in the email seems to indicate it really is from the RIAA. Visitors to the What.cd site were then greeted with this message:

This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn’t get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that’s 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.

Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they’ve now met the hot burny side of the firewall).

What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren’t going to publicly speculate on who is behind the attacks – we’ll leave that to you guys.

Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren’t going to flush them down the drain just because some people don’t like what we’re doing. The first of our plans involves a very cool freeleech plan, but we’re going to wait until we’re sure the tracker’s relatively stable for
that. For the time being, we’re keeping freeleech on until further notice.

But what about the emails? Is the RIAA really sending them out? If not, then who is and how did they get the What.cd user database? What.cd think they have the answer in a post on their site, replicated on this Pastebin page.

Other sites are already publishing the information above and a quick Google search does indeed reveal some interesting details. Apparently, the person held responsible for the hacking and the RIAA email is only 14 year old and not as much as a threat some believed him to be. The alleged hacker’s date of birth, his hometown, hobbies and much more are detailed on Google.

Before today, he probably enjoyed telling the world about himself on social networking sites too.

He’s also mentioned on this Pastebin page full of haxor code – along with what.cd.

The youth of today….what’s the world coming to?

Update: It appears someone claiming to be ‘biscuit’ offered the database for sale and even threatened to send it to the RIAA. After deciding that he should keep it – for later ‘blackmail’ purposes he hopefully considered this link and realized it’s not worth it, deleted the database and forgot all about it.

Update: biscuit wrote that he’s not responsible for the hacking and claims that the bash log is doctored.

Previous Post | Next Post

Follow @torrentfreak

inetiatic

get shit on peter
bludel

muhahaha
WhopperBoy

wow how gay and stupid of him and right after the take down of Oink

FUCK YOU P3T3R!
Mikle

Cute :)
z0ng

way to write an article about it. douche.
hack0rz

i know a guy who lives in yorkshire…i’ll have him do horrible crap to this dude
jesus

Here’s a chatlog from waffles with biscuit gloating:
http://pastebin.ca/770935
jenkem

hey torrent freak admin, not a smart idea to publicly post the information of a minor. just watching out for ya, guy. :)
anon

(edit: no need to post his address here)
learn

I’m not one to say things like this, as it often is immature and childish, but I can’t resist;

Owned!

And;

[quote] 1. the admins there are complete and utter jerks, and 2. i think there should be 1 big project instead of 2 lesser ones[/quote]

He’s an idiot. Wow.
Marcel

#8: His info is public available on the internet from the domain whois.
is someone in trouble

Oh man, putting out the name and city is basically giving out the address. Plus I’m sure there’ll be a lot of people that know him personally and will just post the address of where he lives. Let’s just hope people harass him online like he did to them, and don’t decide to teach him a lesson with physical harm.
learn

[quote]Oh man, putting out the name and city is basically giving out the address. Plus I’m sure there’ll be a lot of people that know him personally and will just post the address of where he lives. Let’s just hope people harass him online like he did to them, and don’t decide to teach him a lesson with physical harm.[/quote]

I agree; don’t do anything physically harming to him, just internet type stuff :)
Mikael

A 14 year old hacked the website? Then you post his whereabouts so people can harass him.

Yeah, there goes my support of what.cd
bt

Its public information. Don’t get twisted about it.
p3t3r is a hero

i love p3t3r.
WalterMitty

What a complete and utter fuckwit. I bet he is a chav too…
TotalWimp

What a f***ed kid. Dude, go and get a life!
jo

what.cd equals trouble, deleted my account today, everybody should.
asskicking

grr just read this and was about to get this dickheads site ddos’d, unfortionately its already down, looks like someones already done it…
Derf Elot

[quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]

i am thinking about doing the same. if a 14 year old kid has access to the database, it makes me wonder how old the rest of the staff is…
Treach

Hey it wasn’t p3t3r it was his older brother “biscuit” who was behind the attacks but he tried to frame his brother, check what.cd again for proof.
Derf Elot

especially because their way of responding does not show a lot of maturity either.
meh

anyone else but me shocked that the admins didn’t patch the original tb code before going online? seems pretty basic.
Anonymous

Gee, the kid should grow up. If he didn’t mess around, he wouldn’t be in problems now anyway.
boden

Great investigation!

Those little bastards!!!

Congrats!
logos

one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…

here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?
Wow

Wow, he’s gonna have to go to home scool and then isolate himself in his house for 20 years now.
Ed

Accidentily, just after what.cd started there were already jokes about it being in posession of a 14 year old. Probably a coincidence, but who knows…

Not sure about all the stuff going on with both waffles and what.cd they both don’t really come across as being a good “replacement”. I guess the old rule that you shouldn’t rejoin any projects of (members of) trackers that have been taken down is still true, alhough I hope they all come up with some good things in the end.
Truth

I can pretty much guess that the MPAA & RIAA have probably ‘hired out’ professional help to hit P2P sites, in order to bring them down. If they cannot do it legally they will do it ‘cloak and dagger’ style! They got the money, they are better oraganized, and P2P is a threat to their continued existence. We have numbers, software that keeps evolving to help us keep P2P going. They can’t possibly kill or put us all in jail. To these USA Corporations we are nothing more than a virus to be wiped out.
evox

tard.
Its Funny

You all know almost absolutely nothing about this, and most of you go by what you hear, not by what you know. Both sites are fine, both sites are good replacements. What.cd is not ran by little kiddies and the old server was the main problem. Thats all you get, feel free to continue to speculate what you don’t know.
Truths

I’m so happy I’m part of a music site that DOES have everything secure and didn’t rush into it head-first. *cough*STMusic*cough*
haxxor code?

that’s not haxxor code, it’s the BIND configuration file, for the DNS server…

I hope the server admin will change his control access key, even if it’s only available from the localhost…

hopefully he will also boot these idiots off his server
%

[quote]here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]

Obviously, Sweden has amazingly fast internet connection speeds. You should move to… Any country in the world that’s not Sweden, Japan, Korea, or a few others and see how much fun you have waiting for things to download :|
older brother who stole your email and pass

(edit: no need to post addresses here)
Not very well organized

[quote comment="211406"][quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]

i am thinking about doing the same. if a 14 year old kid has access to the database, it makes me wonder how old the rest of the staff is…[/quote]

The people running this site are complete IDIOTS! If a 14 year old can hack their site they are looosers with a CAPITAL “L”. AS well organized as the OINK site was the Admin is begging donations for his legal defense right now as I write this…
system

So after lambasting thereg for being “confused” about encryption, we have TF confusing a regular BIND config for “haxor” code?

Come on guys, it says right at the top there what it is.

// $Id: named.conf,v 1.1.1.1 2001/10/15 07:44:36 kap Exp $
//
// Refer to the named(8) man page for details.

What the guy did wasn’t what you’d call hacking. He’s a script kiddy using known exploits discovered by others. “hacking” tbsource sites can be taught to anyone in a couple of minutes. Any of these brand new sites not having security flaws would be a real suprise.
Anon

I hope for this kids sake he doesnt try to act all cool and do some stupid shit with this databse. I live like a 10 min drive from him and i swear to god i will fucking burn his house down while he and his whole fucking family is sleeping. Seriously kid, do the right thing and delete the whole thing before you get hurt for real.
me

fucking nerds.
TF, this was a pretty lame story, unworthy of your news. pass on them next time.
q

This kid better surrender and destory his PC. There are some crazy fucks out there that I’m sure could break into his house and fuck him up.

I feel bad for his family.
Deimon

35. That’s only because nearly Â±90% of the population are downloading :P
Some ISPs also have tests on their websites to help customers to know what speed you need. Most tests has questions like how many mp3 tracks are you downloading each month and so on.
Anonymous

[quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]

yeah, when i saw the RIAA email, even though i knew it had to be fake, i knew i’d be deleting my account soon. it’s just too unprofessional and too many problems to deal with right now, maybe i’ll join back later. but for now, no thanks.
$

I sense 14 year old littlefags on TF.
Travis

Teach this guy a lesson.

Someone find him, set an example of what we should do to people like him.
Anonymous

I don’t see anything wrong with this post at all. Lifes lessons script kiddies. I know if someone wanted to make my life a living hell they could, all that info is out hanging in cyberspace. Don’t do something to piss other people off, especially if those people tend to be computer savvy.

Dumb move kid.
WiReDJo

i wish to find this kid and kick his ass am also 14 :)
Anonymous

http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=5+Tenterfield+Rise&sll=53.805517,-1.411743&sspn=0.841774,3.010254&ie=UTF8&ll=53.73147,-1.829964&spn=0.003294,0.011759&t=h&z=17&om=1
stpsacnd2

[quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…

here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.
Final

[quote comment="211524"]http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=5+Tenterfield+Rise&sll=53.805517,-1.411743&sspn=0.841774,3.010254&ie=UTF8&ll=53.73147,-1.829964&spn=0.003294,0.011759&t=h&z=17&om=1[/quote]
Wtf is he living in, a shack?
lolz

What.cd and Waffles.fm are such halfwit, dipshit trackers. Allowing some idiots to thrash the site like that. And waffles don’t need anyone to ruin their tracker. They’re doing it quite well themselves. Fuck them both.

God, how I miss my sweet Oink.
shutr

I don’t think either site is fairing too badly given the small amount of time they have had to lay down the groundwork before the floodgates of users opened. Im a waffles user mainly now though.
TeamHCN

^^^
Looks like he’s been found. :)

I’m not normally one to condone violence, but somebody should really break P3T3R’s fingers, and Biscuit’s, too , anything to prevent them from using a computer to plot more shenanigans.
Anonymous

[quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…

here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.[/quote]

The site was apparently brought down by an 80megabits/s DDoS attack. It’s nothing to do with bits and bites though, it’s about how a DDoS works and about how one person with a 100Mb/s connection can’t get a site to send them 80Mb of data per second.
anon

this story shouldn’t be on digg
lolz

@shutr

You can give them all the time you want, but that won’t change the fact that both sites are run by fuckwits relying on scripts. I bet they never made a single line of code in their short, miserable lives. Fuck them and their so called “trackers”. Trackers my ass. How come that this shit we’ve seen on what and waffles don’t happen on other 100 private trackers I have in my bookmarks?
lolz

[quote comment="211552"]^^^
Looks like he’s been found. :)

I’m not normally one to condone violence, but somebody should really break P3T3R’s fingers, and Biscuit’s, too , anything to prevent them from using a computer to plot more shenanigans.[/quote]

What the fuck? Are you retarded, or something? Now I’m going to make such a nasty SQL injection attack on both those idiotic sites, and I’m going to post an OINK screenshot all over them, out of sheer spite. Just because I can.
logos

[quote comment="211538"][quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…

here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.[/quote]

both i and the news post wrote Mb (Megabits)so whats your point…?

and btw bits bites are two different spellings for the same thing (bits right, bites wrong) i think you are thinking of bits and Bytes (MeagaBytes MB <- note capital B)
anon

Loser.
london boy

hahaha peter is one dickwit,
if anyone wants his mumz fone number just email him @
azy_149_dizzy@hotmail.co.uk
FUCKIN BALSSNIFFA
Anonymous

its amazing what kidz can do these days…. -.- bwahahah
Anonymous

What.cd and Waffles.fm are a disgrace to the torrent community.
cheesesoda

These assumptions made by quite a few are just that… assumptions, and incorrect ones, at that.

What.cd is just fine, and so is waffles.fm. It’s quite easy to look at both and see that they pale in comparison to OiNK, but can any (music) torrent tracker compare? It’s awfully early to make assumptions about the fate of these two sites.

Much like Windows Vista, what and waffles are on the right path, but may have jumped the gun a wee bit. That doesn’t mean that one or both of the sites are a waste of time. Losing faith in these torrent trackers so quickly doesn’t give anybody any hope. Stick with it, and things will work out.
TD123

heh he got owned lol
Anonymous

biscuit rebuttal
http://de.pastebin.ca/771272
yame

from the pastebin above

“Then WhatMan, one of What.cd’s admins somehow deduced that it was P3T3R, my brother, in conjuction with me. He’s been outspoken against What.cd from the start, thinking they were ‘invading the server’, as he has an account on Noah’s server too, and that all the admins were retards. So somehow it’s all over the internet that a ’14 year old hacker’ took down What.cd. Which is complete bollocks. Especially since P3T3R is 13.”

no he’s 14, this is when he was born

http://www.i-am-bored.com/show_profile.asp?handle=petercole14

4/25/1993 (14 Years Old)
Mmm

I don’t think this is the real story. The rebutal post makes more sense, that it’s one of the what.cd owners whose also a kid framing this Peter kid. The mail and sql injections don’t jive with the story. Either way it’s an internal problem and people’s information shouldn’t be posted like that.
Teeth

[quote comment="211561"]What the fuck? Are you retarded, or something? Now I’m going to make such a nasty SQL injection attack on both those idiotic sites, and I’m going to post an OINK screenshot all over them, out of sheer spite. Just because I can.[/quote]
And just because you can’t get laid and must show teh worldz your 1337 h4xxor skills, yeah?
Anonymous

biscuit:
Richard Cole
http://www.iscuit.co.uk
b.iscuit.co.uk
biscuit

the real truth

http://pastebin.ca/771416
b

Ignore #70, it’s a juvenile edit of biscuit’s rebuttal at http://pastebin.ca/771272

I hope this blows over. It’s unfortunate that the personal info was publicized.

I don’t wanna get too involved in this, but from that rebuttal by biscuit:

“Then after having a powercut for 3 hours at home I came back on IRC. I did a CTCP on the #what.cd channel, as being a curious guy, I wanted to find out what IRC clients everyone was using.”

That seems really unconvincing to me. Sending a version request to an entire channel is pretty uncommon, and will probably get bad reactions anywhere. I’m not buying that excuse, personally.

“‘What’ posts on the frontpage of What.cd: ‘Sending version requests to everyone in a channel is the sort of thing script kiddies looking for someone to hack would do.’
…
“That’s funny, because I’ve never heard of any modern IRC clients having vulnerabilities in the CTCP protocol that could be exploited. And even if they could, the What.cd IRCd hides users’ IP addresses, so I’d have had no way of trying to exploit them.”

Seems like more misdirection. The obvious reason to send a version request isn’t to immediately crash the client, but to find out what version they’re using so you can look up exploits for that version. I googled ‘mirc vulnerability’ and the second result is this exploit, affecting versions 6.11 and earlier of the mIRC client. This exploit works purely over IRC and does not require knowing the victim’s IP address: http://www.securiteam.com/exploits/6J00D158KO.html

I only looked this up to confirm what was obvious to me — and probably biscuit too — which is that such exploits do exist.

The rest of that rebuttal is somewhat believable, but this far-fetched and misleading talk about CTCP VERSION makes me seriously doubt it.
Anonymous

biscuit:
thebiscuitguy@googlemail.com
http://www.atthefinish.co.uk
asciifreak

.__ .__
_______| | _____| | ____ ____
\_ __ \ | / ___/ | / _ \ / ___\
| | \/ |__\___ \| |_( ) /_/ >
|__| |____/____ >____/\____/\___ /
\/ /_____/
asciifreak

______________________
\__ ___/\_ _____/
| | | __)
| | | \
|____| \___ /
\/
Anonymous

P3T3R:
http://bebo.com/Profile.jsp?MemberId=4957663591
Anonymous

I do hope whoever did it reads the comments here and everywhere that this is discussed and shits himself for good reason.

Being a badass on the internet no longer means you’re untouchable if your neighbor is an MP3 loving fileswapper with big enough muscles and temper to go with it.

I don’t condone all the threads and violence. But do realize that without the threat of sanctions no rule or law in society would ever have any effect.

The RIAA try to scare everyone out of sharing with one another – well, maybe the whacked out behavior and anger will scare everyone out of trying to side with the RIAA ;p
Anonymous

Connected to IRC using their real IP? Lawl :|
SpikeIH

LOL, RIAA.ORG doesn’t even have an MX record, nor does RIAA use their own webserver as their mail service.

spike@darius:~> host -t MX riaa.com
riaa.com mail is handled by 100 riaa.com.s6a1.psmtp.com.
riaa.com mail is handled by 200 riaa.com.s6a2.psmtp.com.
riaa.com mail is handled by 300 riaa.com.s6b1.psmtp.com.
riaa.com mail is handled by 400 riaa.com.s6b2.psmtp.com.

spike@darius:~> host -t MX riaa.org
riaa.org has no MX record

Nice try.
RzmmDX

They should make a movie, this is just comedy gold right here
Noah

Anyone who does believe biscuit’s little rebuttal, whatever, I personally don’t care. Anyone who thinks I doctored the logs, I don’t care.

I would never destroy a site I helped create. And I created what.cd to fill a missing spot in my heart that is usally filled by OiNK.

I left the site of my own accord. I was not kicked off the team, or anything. I left simply because I did not need all my information associated with a semi-illegal site (depending on what country you are in).

I do not know why biscuit assumes that I would try to sabotage my own site. But I know very well that I wouldn’t even dream of such a thing. The admins at What.cd have always been nice to me, and I respect them for their continuing efforts.

Just to point out a couple things in his little rebuttal that don’t quite fit in.

Firstly, MySQL moved off my server a couple weeks ago, maybe a few days after starting the site even. I helped move it over, and we never installed PHPMyAdmin. (This explains why the bash log shows him installing it). So MySQL and the site were on different servers.

Secondly, after I left, I forfeited all my accounts on what.cd and the servers. Not to mention the countless password changes the staff must have done throughout these attacks. The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever.

Thirdly, lets presume I did want to torture the site. Wouldn’t it have been far simpler for me to change the pass and put a meta redirect in the source? I wouldn’t have to jump through the loopholes shown in the logs. Which the hacker, who IS NOT me, had to go through

Fourthly, why in God’s holy name would I want to destroy something I helped make!

Fifthly, as http://pastebin.ca/770935 shows, biscuit does in fact have users emails. Sounds a tad controversial to me.

Sixthly, why would I want to frame someone I have known, and befriended?

I hate that the evidence points to him, but, not much I can do about it except tell the truth.

Sorry pals.
lolinger

It twists and turns like epileptic candy raver. really was a interesting day, thanks to everybody who is participating. can’t wait for the movie.
Noah

Thanks lolinger. Should be out on DVD and BluRay within the coming months ;)
Anonymous

well, it really is a good story, but i guess it’s enough now.
Back to fighting the riaa not each other. :)
Anonymous

Thinking it was just some kid makes it easier, doesn’t it?

Anyone got a picture? Is it possible to have a picture of an imaginary person?

I love this.
h33t

what a lot of cheap publicity for a site that registrations have already closed because it is at full capacity. what a sorry cart of steaming BS. does 20,000 active members fill a twin cpu server before you must switch to LVS? and you started out on a shared server? your DDOS attack was traffic generated by TorrentFreak, fuktards

most likely what happened is the n00b admins could not handle the traffic generated by the TorrentFreak publicity and the whole sorry project fell in shame on the floor. ffs the site was on a shared server and any operator will tell you about the traffic Freak can generate …

the lady doth protest too much!
Sylar

h33t, interesting, that the Quad Core 2.66GHz Xeon we have running the MySQL database is at 87% usage right now isn’t it?

We started out on a shared server because none of us had the money to put forward for our own dedicated. Once donations came in, we bought two new servers. One cheap one which we regret, and the QuadCore for the database, which is 200 Euro / month.

And it was a DDoS, I’ve seen our logs.
pyromaniac

don’t let this little wannabe hacker discourage you on joining what.cd

the site is now secure, nothing to worry about now.
pyromaniac

[quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]

Just because you deleted your account doesn’t mean we all should follow as well. *rolls eyes*
Get over it.
pyromaniac

[quote comment="211486"]I hope for this kids sake he doesnt try to act all cool and do some stupid shit with this databse. I live like a 10 min drive from him and i swear to god i will fucking burn his house down while he and his whole fucking family is sleeping. Seriously kid, do the right thing and delete the whole thing before you get hurt for real.[/quote]

Amen.
pyromaniac

[quote comment="211582"]What.cd and Waffles.fm are a disgrace to the torrent community.[/quote]

Then don’t join them, it’s that easy.
pyromaniac

[quote comment="211391"]A 14 year old hacked the website? Then you post his whereabouts so people can harass him.

Yeah, there goes my support of what.cd[/quote]

Meh, you know what they say about opinions? everyones got one. *rolls eyes*
heh

Welcome to the wonderful world of running a tracker. :P
Sylar

Yup, what I go through everyday dealing with the masses. Anyone who has ever touched the original TBSource knows what a nightmare it is. The code has had many ‘owners’, is poorly indented, if indented at all, and has so many redundant queries (I found a query inside a while loop running through the entire users table) it makes you want to hurl.

Anyone who thinks we don’t know what we are doing, keep your opinions to yourself.

OiNK didn’t just appear great, it took many years for it to develop into what it was. We will be the same, regardless of user expectations.
Luxx

He’s 14 what do you expect ?

http://www.americanidolpixelmania.com/signup.php
c

the future is distributed and anonymous not this centralized/drama shit
Anonymous

What “Software” do you run to actually run the tracker and server anyways?

Is it custom every time or is there a software install that is available that sits behind the website?
comcrap

We must stop the riaa/mpaa from killing sharing
That’s infringing on our rights
If they have total control you can bet that they’ll charge whatever price they like
They call it profits but we call it ripoff
Don’t be a slave fight for your freedom, they will us all kind of names from
pirates, thieves to criminal.
We call that racist or immoral.
Anonymous

What a surprise. The site has clearly been horridly insecure since it was founded (as bitient.org). Maybe these tidbits will make the nature of the “database compromise” a bit clearer:

http://pastebin.ca/771788
http://pastebin.ca/771787

Their MySQL server didn’t even have any access restrictions at the time — how stupid is that? This dump was made a few weeks before the what.cd transformation, but I think it’s safe to assume that there were other random people besides myself with database access.
Ed

I’m going to have to take more classes. A kid half my age can hack his way through protected servers… My parents thought my generation was super-smart, but these kids today are remniscent of Ender’s Game.
o_O

Not only does this fall under the category of “Man-drama”, it also falls under the category of “Nerd-drama” and thus makes it extremely lame…
Anonymous CS guy

It’s really too bad that 99% of the PHP code out there is complete crap. If anyone that took on developing this kind of thing had a clue, we wouldn’t have noob admins running into issues like this.

In a modern world, SQL injection should *never* be an issue, because people that know what they’re doing build the queries with parameterized execution on the DB side.

Rant aside, someone really needs to scrap TBsource completely and develop something new that is actually intelligently designed. Until that happens we’re going to keep seeing noob admins get owned by lame exploits.

Unless you do it yourself, it’s probably going to be crap. Especially when it comes to PHP, which seems to attract clueless devs like flies.

So, uh, who wants to start a new tracker codebase?
Shithouse Poet

Peter Peter pumpkin eater
Knew a chick, but couldn’t meet her
Saw her brother one fine day
Sucked his cock and now he’s gay
P3T3R

[quote comment="211703"]Anyone who does believe biscuit’s little rebuttal, whatever, I personally don’t care. Anyone who thinks I doctored the logs, I don’t care.

I would never destroy a site I helped create. And I created what.cd to fill a missing spot in my heart that is usally filled by OiNK.

I left the site of my own accord. I was not kicked off the team, or anything. I left simply because I did not need all my information associated with a semi-illegal site (depending on what country you are in).

I do not know why biscuit assumes that I would try to sabotage my own site. But I know very well that I wouldn’t even dream of such a thing. The admins at What.cd have always been nice to me, and I respect them for their continuing efforts.

Just to point out a couple things in his little rebuttal that don’t quite fit in.

Firstly, MySQL moved off my server a couple weeks ago, maybe a few days after starting the site even. I helped move it over, and we never installed PHPMyAdmin. (This explains why the bash log shows him installing it). So MySQL and the site were on different servers.

Secondly, after I left, I forfeited all my accounts on what.cd and the servers. Not to mention the countless password changes the staff must have done throughout these attacks. The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever.

Thirdly, lets presume I did want to torture the site. Wouldn’t it have been far simpler for me to change the pass and put a meta redirect in the source? I wouldn’t have to jump through the loopholes shown in the logs. Which the hacker, who IS NOT me, had to go through

Fourthly, why in God’s holy name would I want to destroy something I helped make!

Fifthly, as http://pastebin.ca/770935 shows, biscuit does in fact have users emails. Sounds a tad controversial to me.

Sixthly, why would I want to frame someone I have known, and befriended?

I hate that the evidence points to him, but, not much I can do about it except tell the truth.

Sorry pals.[/quote]

Sorry, but that statement was full of lies. You did not leave the site. You and Sylar are the same person.

“I left the site of my own accord. I was not kicked off the team, or anything.”
A lie – you didn’t leave at all.

“Secondly, after I left, I forfeited all my accounts on what.cd and the servers.”
That’s a lie, you just changed your name to Sylar.

“The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever”

That is a complete lie too, as Sylar had and still has access to the database.

I’m not saying you hacked the site, or blaming you for anything, i’m just pointing out that you’re a lying beggar. Thanks.
CMG

Ach, only thing I have to say is why couldn’t it have happened to the RIAA site or CRIA or anything just not a torrent site!!

And I don’t personally support vigilantes but – anyone in the Yorkshire area?
neko

look guyz
if your site can’t handle a multi-gbit ddos then you have multiple problems.
1. your servers suck
2. your host sucks
3. probably your coding sucks
just apologize to the poor guy – obviously someone pissed him off – and biscuit if your happening to read this [i doubt it] cut the homies a break lol.. [no im not a member there..]
Ike

So.. is P3T3R in the back of someone trunk yet lol.
ronin_cave

these admins aren’t noobs. tbsource code is horrid, and has to be used in order to run these sites.

if they were given enough time to fix up the billion issues in the source then they probably would’ve, but the fact is… time = quality users. the more you wait to clean out your source code before launching, the more likely it is for someone else to start up a semi-fucntioning site and soak up the hordes of quality oink refugees.

therefore, these sites had to launch on tight schedules to stay ahead of the curve. the by-product of which is of course poor reliability and plenty of down time.

time will fix this and pretty soon we’ll have a few decent functioning oink replacements.
hoodlum

when i was 14 i discovered girls
Jo Mo

yes, because the RIAA would actually sign there emails “The RIAA”

fucking load of nonsense.

Why would Torrentfreak even report anything of this small a magnitude, fucking poor news reporting

oh and someone has my email address? big fucking deal, what they gonna do… email me?
the2ndone

Hi, I have 250 GB of music too share, I had a nice share ratio at OiNK!
Please invite me for waffles or what. Thanks!

the2ndmail AT gmail DOT com
Oink Refugee

Serves them right for making the site invite only from the get go… they deserve everything coming to them, I hope they get shut down. Of course my opinion would be different if they had actually allowed us Oink Refugees to sign up when they first opened but being invite only from the start? To h*ll with them.
jimbo

p3t3r hangs out at #macheist on irc.macnn.com. He’s there as I type this.
sigh

[quote comment="212085"]look guyz
if your site can’t handle a multi-gbit ddos then you have multiple problems.
1. your servers suck
2. your host sucks
3. probably your coding sucks
just apologize to the poor guy – obviously someone pissed him off – and biscuit if your happening to read this [i doubt it] cut the homies a break lol.. [no im not a member there..][/quote]

You sir, are an idiot. A well crafted ddos can take any system down to its knees.
faxanadu

ffs people hes only a kid. what he did is obviously wrong but everyone has done stupid things when they were 14.

At least I know I have, though none of them involved hacking ,but they were nonetheless stupid and I regret doing them and I pissed quite a few people off.

So give him a spank and a warning but quit saying stuff like Ill burn down his house and hang his family because thats crap.
dom the bomb

alright if anyones going to read this i looked at a few things and:

the myspace registered to that email is:

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=45208667

last login was december 2006, so he hasnt changed it since then. He has one friend and this is:

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=34407333

perhaps his only friend is the biscuit they keep speaking about? :)
Norm Loman

In a way, this might be a good thing. It sends a message to What.cd that their site is not secure enough, and reminds us all that we have to adress the threat of riaa lawsuits very seriously.

However, with the hacker’s age in mind, I bet he just did it for atention… that douchebag.
Anonymous

what.cd is trouble.
I was an oink user, how can I get an invite for Waffles?
p3t3r is a hero

you people are total fucking losers, internet tough guys and idiots.

nobody in the real world cares about your retarded bit torrent problems. you look like faggots crying all the time telling off companies that can bury you when they feel like it and do all the time as proof. you guys try to incite violence on 14 yr old kids! if thats not a sign of being a fucking loser im not sure what is.

i was a member of oink and demonoid but im GLAD you assholes that cant get into waffles or what.cd cant because your all a bunch of faggot wanna be tough guy pussies!

have fun with that!

peter and his 14 loser brother owned the entire tracker and now you are all crying….so funny. he is still owning you tards…
heh

[quote comment="212382"]you people are total fucking losers, internet tough guys and idiots.

nobody in the real world cares about your retarded bit torrent problems. you look like faggots crying all the time telling off companies that can bury you when they feel like it and do all the time as proof. you guys try to incite violence on 14 yr old kids! if thats not a sign of being a fucking loser im not sure what is.

i was a member of oink and demonoid but im GLAD you assholes that cant get into waffles or what.cd cant because your all a bunch of faggot wanna be tough guy pussies!

have fun with that!

peter and his 14 loser brother owned the entire tracker and now you are all crying….so funny. he is still owning you tards…[/quote]

Your post is a prime example of how a “internet tough guy” post would look. You need to swear to get your point across..
system

[quote comment="212115"]these admins aren’t noobs. tbsource code is horrid, and has to be used in order to run these sites.
if they were given enough time to fix up the billion issues in the source then they probably would’ve[/quote]

It doesn’t have to be used. There are alternatives out there, and for the non-noobs you claim the admins to be, there’s the option of coding it yourself.
Even while using tbs, the entire thing can be secured against XSS and sql injection in under 2 days (I know from experience).

Not that 2 days is needed any longer. I personally have contributed a quick and dirty XSS prevention hack to tbdev forums, others have done the same to tackle sql injection.

A lot of what I’m reading from this whole matter is just plain BS. The post supposedly by noah above claims no access to the database server, only the “html” server. That’s funny as hell. Anyone with access to the php automatically has access to the database unless there’s some magic trick to allow only pre-approved php scripts to connect.
The claims by admins that they secured sql are blatantly false given that email addresses were stolen. Someone had access to their sql server, so they were not secure.

This whole sorry mess is what happens when noob admins with no experience set up using a poorly coded base. Users would be well advised to avoid anything new that isn’t at least backed by established names.
Larry

Nope, stuff the kid. He deserves everything he gets. He should be set as an example , just like the RIAA tried to set an example of jammie thomas.

Find this kid.
ross

hahah stupid kid
nibbles the clown

New article today says that the RIAA met with Bin Laden in weeks before 9/11 attacks.
billywilliam

dam i got one
Shithouse Poet

Peter Peter pupkin eater
Whacked off in the movie theater
Sprayed his load across the screen
And ruined Titanic’s final scene
Shithouse Poet

Mary knew a little man whose prick was very thin
Every time he fucked her, she would ask him “Is it in?”
Zeb

The hacker is in the UK? Why not pass the details onto the police? We’ve got STRICT laws here on this sort of thing and know of one person who lost their internet for a very loooong time for being stupid.
Geoff

What a fucking douchebag. I hate immature teenagers who do this shit and hurt the community.

I am 15, and me and a couple of my friends are very responsible torrent users, digg users, small-time coders and all-around geeks. It sucks when idiots like this come and give young geeks a bad name!
Kalin

He’s also mentioned on this Pastebin page full of “haxor code” – along with what.cd.

haxor code? That’s NS records :P
pyromaniac

Guys, he did’t just hack what.cd
he fucked with all of us, members, and when a punk starts doing that shit harassing us via emails and threatening to send out our info to the RIAA, we fuck em back. It’s one thing to screw around with a sites security holes, and another thing what he did to us, which makes him a fucktard branded on the online world as a snitch troll. Those who think he’s a cool guy because he threatened thousands of onliners with a database to the RIAA, you’re just retards. We’re not just members on the site, I’m sure some real good hackers are also members on the site and don’t take lightly to retarded pranks and lame threats in their inboxes.
whoami

Invite list for you guys, please don’t register all the invites.. don’t be greedy. give a chance to others! Ok?

http://rapidshare.com/files/69734079/waffles.fm-what.cd-etc-invitelist.txt
anon

nubs
Solidus

Maybe he just wants some attention… :-/
nkhlsrf

[quote comment="213487"]Invite list for you guys, please don’t register all the invites.. don’t be greedy. give a chance to others! Ok?

http://rapidshare.com/files/69734079/waffles.fm-what.cd-etc-invitelist.txt/qu

hey wat is dis..
only d account is n password is given..
how do i sign up…
nod flenders

[quote comment="213487"]Invite list for you guys, please don’t register all the invites.. don’t be greedy. give a chance to others! Ok?

http://rapidshare.com/files/69734079/waffles.fm-what.cd-etc-invitelist.txt/quote

obvious noob is obvious
What.cd

Free invites on what.cd
http://tracker-invites.org/index.php?referredby=2724
LudoTheGreat

This kid didn’t “hack” anything. He was given access to the stuff. There was a number of people that where given access to the stuff on a server, bad move by what.cd, but this sl/hacker was the only idiot stupid enough to do anything with it.

7h!$ k!d h4$ m4d $k!11$ ju$7 1!k3 n30 y0u n008$!
Sam

You’s are fucking losers.

It is obviously what.cd’s fault, for having an unsecure database, they got owned badly, lmao fucking cunts are bagging a 14 y.o kid, fucking piss weak.

what.cd got pwn3d

i’m still laughing at you piss weak cunts that are baggin a 14 y.o kid, fucking weak.

lmao.
Crimson

These fake emails that get sent out and scare some people are often very easy to detect as fakes simply by small spelling or grammatical errors in them. This one had a few that indicated immediately it was not from the RIAA.

One very simple one is the fact that in the US the word is “store” not “shop”, as in the email. A very small thing, but a very telling one. As soon as I read that email I knew it came from the UK, not the RIAA, and that has been proven true.

That one was pretty well done, but not well enough to be from a professional organization.
gt3

I think we should appreciate the talent by this 14yr old guy and hire him as an ethical hacker.

he’s just 14, kids make mistakes, he should nt be threatened. one guy even said – burn down his house with his family still in it… are you fuking evil? you sorry SOB.

just warn him and give him a 2nd chance. An I hold the website what.cd responsible, they could nt afford able admins/coders? or it was an inside job? in both cases…

cheers to the 14yr kid’s talent (coz i’m dumb to be a hacker so i appreciate others with talents i dont have) and sorry that he pissed ppl off and now his real info is out :(
gt333no

I think we should appreciate the talent by this 14yr old guy and hire him as an ethical hacker.S@

he’s just 14, kids make mistakes, he should nt be threatened. one guy even said – burn down his house with his family still in it… are you fuking evil? you sorry SOB.

just warn him and give him a 2nd chance. An I hold the website what.cd responsible, they could nt afford able admins/coders? or it was an inside job? in both cases…

cheers to the 14yr kid’s talent (coz i’m dumb to be a hacker so i appreciate others with talents i dont have) and sorry that he pissed ppl off and now his real info is out :(
stabmaster

yours faithfully?

Give me a break.

Yours faithfully,

A lamp post shoved in your ars
reurigoobby

I’d prefer reading in my native language, because my knowledge of your languange is no so well. But it was interesting!
absolutely health care

tensest!blanketer.playroom franks penetratingly …
click

mews relegate nonidempotent reregister cycle,imagination bankrupting
reurigoobby

I’d prefer reading in my native language, because my knowledge of your languange is no so well. But it was interesting! Look for some my links:
Bryan2009

Can i just start with saying that i dont agree whit the posting of these kids details on here, or anywhere for that matter (dont mean to sould like i’m moaning)… but, how about if it was your son who hacked someone.. next thing you know half the country is at YOUR door, calling YOUR phone, attacking YOUR internet connection. Aslo, Children in the uk are the most looked after children on face of this earth (or close as damn it), all that needs to happen is for these kids to show the police this posting and family/minor protection unit will make sure its game over for those involved.

Now on to what i think you all should do.. these kids are clearly very clever.. so why not everyone make friends with them and send them after the RIAA’s servers?
Liz

He’s not 14 he’s 13, we don’t live in Northowram, you’re all idiots with no sense of humour, it appears. I’m impressed with my two little brothers and wouldn’t condone the burning down of his house with his family still in it..
tips

eluded exploiter flagpole acidly Hellenizes?… Thanks!!!
Anonymous

dram unmatched,shovel braining negligible refreshment grimly jug
Pingback: conneticutt general life ins
ichihollow

“Now on to what i think you all should do.. these kids are clearly very clever.. so why not everyone make friends with them and send them after the RIAA’s servers?”

personally not involved with what.cd or oink.whatever, but just reading the email sent to the users its easy to see its not a legally typed email, there are a bunch of little things in the email that point to PRANK, and not US Company. second, the above idea is a great idea. how about just pointing the kids in the direction of the riaa servers, while just copying their email database and sending phony emails wont do anything serious, reconfiguring their firewalls, inserting droppers(which would probably be killed instantly and would serve only the purpose of making people freak out), and tampering with individual terminals attached to the servers would be an entertaining move. Since any serious company is going to have at least 1 or 2 redundant system back ups, no real damage will be done, but a lot of people will get to go home for a day or two if you start deleting system files, plus guys like me will get phone calls, from guys with hundred doller bills, to come and fix it. so go on little kiddies, god knows i dont like the RIAA.
gniusthemaster

hey theres routers that are immune to ddos atacks. i wont say the name because that might be a good link for some retards to try the default router number.. hey, im pretty sure they cant touch you if you get a router with an ip scrambler.. e.g. detects an atack.. scrambles ip , boldly goes forth ;) geniusthemaster strikes again. fuck riaa somebody figure out what proxy number they love to use, monitor it, then shov a firecrakcer up their ass next time they use it , theres a proxy address that somebody was foolish enough to leave visible ;)
hur man spelar craps

cop abutter hampered donated extends proselytizing!
multispelaer slots

Simonson foreigns chaired workingman?sociability plower surrendered
Pingback: Blogging|Social Media » Google Hacking: Hacker using fake Blogs and Google Trends to hack
Xxxxx

I say good on the 14 year old kid. Trying to get into What.cd is like trying to break into a F***ing fortress. When will the day come when they will take registrations. I think the folk at what.cd are selfish monkeys. Maybe they should share like the pirate bay, and if they don’t well I hope RIAA shut them down, quicker then god can strike any greedy git with lightening.

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

The Pirate Bay Moves to .SX as Prosecutor Files Motion to Seize Domains

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed