14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users
Written by enigmax on November 12, 2007Users of OiNK-replacement What.cd, are receiving emails from what appears to be the RIAA. In it are threats that users must either stop their ‘criminal acts of piracy’ or have charges pressed against them. But is it the RIAA? Rival Waffles.fm? No, it’s a 14 yr old script kiddie out for revenge, says What.cd
Users of What.cd were in for more than a little shock today. Members of one of the OiNK replacement sites started receiving worrying emails from the music file-sharers arch nemesis - the mighty RIAA.
The email reads:
Date: 12 Nov 2007 11:35:46 +0100
Message-ID: <2007111XXXXXXX.XXXXX.qmail@bitient.org>
To: XXXXXXX
Subject: Music Piracy
From: piracy@riaa.org
Reply-To: piracy@riaa.org
X-Originating-IP: [76.74.24.143]
X-Originating-Email: [piracy@riaa.org]
X-Mailer: Internet Mail ServiceDear registered user of the site What.cd,
We have recently been investigating the activities of the users of the site http://www.what.cd/ and we have found that this site exists for the sole purpose of music piracy.
Pirating music is a criminal offence and we believe it should be obvious to you that the results outweigh the benefits - hard working artists won’t be rewarded for their work and will stop producing music, ultimately leading to a severely reduced selection of music both in the shops and for download.
The RIAA had hoped that the disabling by the police of the large illegal music site, Oink.cd, would stop a lot of people from engaging in piracy, as they don’t want to be seen as criminals. However, this appears to not be the case, as two large new sites have sprung up in its place.
This email is the final warning to all of you who were members of Oink.cd and are current members of What.cd. If we find you to be committing any more criminal acts of piracy then we will have to press charges against you, as representatives of the major record companies of
America.Yours Faithfully,
The RIAA
Worrying, especially as the IP address in the email seems to indicate it really is from the RIAA. Visitors to the What.cd site were then greeted with this message:
This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn’t get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that’s 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.
Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they’ve now met the hot burny side of the firewall).
What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren’t going to publicly speculate on who is behind the attacks - we’ll leave that to you guys.
Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren’t going to flush them down the drain just because some people don’t like what we’re doing. The first of our plans involves a very cool freeleech plan, but we’re going to wait until we’re sure the tracker’s relatively stable for
that. For the time being, we’re keeping freeleech on until further notice.
But what about the emails? Is the RIAA really sending them out? If not, then who is and how did they get the What.cd user database? What.cd think they have the answer in a post on their site, replicated on this Pastebin page.
Other sites are already publishing the information above and a quick Google search does indeed reveal some interesting details. Apparently, the person held responsible for the hacking and the RIAA email is only 14 year old and not as much as a threat some believed him to be. The alleged hacker’s date of birth, his hometown, hobbies and much more are detailed on Google.
Before today, he probably enjoyed telling the world about himself on social networking sites too.
He’s also mentioned on this Pastebin page full of haxor code - along with what.cd.
The youth of today….what’s the world coming to?
Update: It appears someone claiming to be ‘biscuit’ offered the database for sale and even threatened to send it to the RIAA. After deciding that he should keep it - for later ‘blackmail’ purposes he hopefully considered this link and realized it’s not worth it, deleted the database and forgot all about it.
Update: biscuit wrote that he’s not responsible for the hacking and claims that the bash log is doctored.
Previously: Hungary Shuts Down BitTorrent Sites, Pre-Empts US Action
Next: Mininova Enters List of 50 Most Popular Sites on the Internet
155 Responses
Pages: « 1 [2] 3 4 5 6 7 » Show All
Great investigation!
Those little bastards!!!
Congrats!
one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…
here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?
Wow, he’s gonna have to go to home scool and then isolate himself in his house for 20 years now.
Accidentily, just after what.cd started there were already jokes about it being in posession of a 14 year old. Probably a coincidence, but who knows…
Not sure about all the stuff going on with both waffles and what.cd they both don’t really come across as being a good “replacement”. I guess the old rule that you shouldn’t rejoin any projects of (members of) trackers that have been taken down is still true, alhough I hope they all come up with some good things in the end.
I can pretty much guess that the MPAA & RIAA have probably ‘hired out’ professional help to hit P2P sites, in order to bring them down. If they cannot do it legally they will do it ‘cloak and dagger’ style! They got the money, they are better oraganized, and P2P is a threat to their continued existence. We have numbers, software that keeps evolving to help us keep P2P going. They can’t possibly kill or put us all in jail. To these USA Corporations we are nothing more than a virus to be wiped out.
tard.
You all know almost absolutely nothing about this, and most of you go by what you hear, not by what you know. Both sites are fine, both sites are good replacements. What.cd is not ran by little kiddies and the old server was the main problem. Thats all you get, feel free to continue to speculate what you don’t know.
I’m so happy I’m part of a music site that DOES have everything secure and didn’t rush into it head-first. *cough*STMusic*cough*
that’s not haxxor code, it’s the BIND configuration file, for the DNS server…
I hope the server admin will change his control access key, even if it’s only available from the localhost…
hopefully he will also boot these idiots off his server
[quote]here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Obviously, Sweden has amazingly fast internet connection speeds. You should move to… Any country in the world that’s not Sweden, Japan, Korea, or a few others and see how much fun you have waiting for things to download :|
(edit: no need to post addresses here)
[quote comment="211406"][quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]
i am thinking about doing the same. if a 14 year old kid has access to the database, it makes me wonder how old the rest of the staff is…[/quote]
The people running this site are complete IDIOTS! If a 14 year old can hack their site they are looosers with a CAPITAL “L”. AS well organized as the OINK site was the Admin is begging donations for his legal defense right now as I write this…
So after lambasting thereg for being “confused” about encryption, we have TF confusing a regular BIND config for “haxor” code?
Come on guys, it says right at the top there what it is.
// $Id: named.conf,v 1.1.1.1 2001/10/15 07:44:36 kap Exp $
//
// Refer to the named(8) man page for details.
What the guy did wasn’t what you’d call hacking. He’s a script kiddy using known exploits discovered by others. “hacking” tbsource sites can be taught to anyone in a couple of minutes. Any of these brand new sites not having security flaws would be a real suprise.
I hope for this kids sake he doesnt try to act all cool and do some stupid shit with this databse. I live like a 10 min drive from him and i swear to god i will fucking burn his house down while he and his whole fucking family is sleeping. Seriously kid, do the right thing and delete the whole thing before you get hurt for real.
fucking nerds.
TF, this was a pretty lame story, unworthy of your news. pass on them next time.
This kid better surrender and destory his PC. There are some crazy fucks out there that I’m sure could break into his house and fuck him up.
I feel bad for his family.
35. That’s only because nearly ±90% of the population are downloading :P
Some ISPs also have tests on their websites to help customers to know what speed you need. Most tests has questions like how many mp3 tracks are you downloading each month and so on.
[quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]
yeah, when i saw the RIAA email, even though i knew it had to be fake, i knew i’d be deleting my account soon. it’s just too unprofessional and too many problems to deal with right now, maybe i’ll join back later. but for now, no thanks.
I sense 14 year old littlefags on TF.
Teach this guy a lesson.
Someone find him, set an example of what we should do to people like him.
I don’t see anything wrong with this post at all. Lifes lessons script kiddies. I know if someone wanted to make my life a living hell they could, all that info is out hanging in cyberspace. Don’t do something to piss other people off, especially if those people tend to be computer savvy.
Dumb move kid.
i wish to find this kid and kick his ass am also 14 :)
http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=5+Tenterfield+Rise&sll=53.805517,-1.411743&sspn=0.841774,3.010254&ie=UTF8&ll=53.73147,-1.829964&spn=0.003294,0.011759&t=h&z=17&om=1
[quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…
here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.
[quote comment="211524"]http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=5+Tenterfield+Rise&sll=53.805517,-1.411743&sspn=0.841774,3.010254&ie=UTF8&ll=53.73147,-1.829964&spn=0.003294,0.011759&t=h&z=17&om=1[/quote]
Wtf is he living in, a shack?
Pages: « 1 [2] 3 4 5 6 7 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.