14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users
Written by enigmax on November 12, 2007Users of OiNK-replacement What.cd, are receiving emails from what appears to be the RIAA. In it are threats that users must either stop their ‘criminal acts of piracy’ or have charges pressed against them. But is it the RIAA? Rival Waffles.fm? No, it’s a 14 yr old script kiddie out for revenge, says What.cd
Users of What.cd were in for more than a little shock today. Members of one of the OiNK replacement sites started receiving worrying emails from the music file-sharers arch nemesis - the mighty RIAA.
The email reads:
Date: 12 Nov 2007 11:35:46 +0100
Message-ID: <2007111XXXXXXX.XXXXX.qmail@bitient.org>
To: XXXXXXX
Subject: Music Piracy
From: piracy@riaa.org
Reply-To: piracy@riaa.org
X-Originating-IP: [76.74.24.143]
X-Originating-Email: [piracy@riaa.org]
X-Mailer: Internet Mail ServiceDear registered user of the site What.cd,
We have recently been investigating the activities of the users of the site http://www.what.cd/ and we have found that this site exists for the sole purpose of music piracy.
Pirating music is a criminal offence and we believe it should be obvious to you that the results outweigh the benefits - hard working artists won’t be rewarded for their work and will stop producing music, ultimately leading to a severely reduced selection of music both in the shops and for download.
The RIAA had hoped that the disabling by the police of the large illegal music site, Oink.cd, would stop a lot of people from engaging in piracy, as they don’t want to be seen as criminals. However, this appears to not be the case, as two large new sites have sprung up in its place.
This email is the final warning to all of you who were members of Oink.cd and are current members of What.cd. If we find you to be committing any more criminal acts of piracy then we will have to press charges against you, as representatives of the major record companies of
America.Yours Faithfully,
The RIAA
Worrying, especially as the IP address in the email seems to indicate it really is from the RIAA. Visitors to the What.cd site were then greeted with this message:
This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn’t get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that’s 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.
Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they’ve now met the hot burny side of the firewall).
What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren’t going to publicly speculate on who is behind the attacks - we’ll leave that to you guys.
Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren’t going to flush them down the drain just because some people don’t like what we’re doing. The first of our plans involves a very cool freeleech plan, but we’re going to wait until we’re sure the tracker’s relatively stable for
that. For the time being, we’re keeping freeleech on until further notice.
But what about the emails? Is the RIAA really sending them out? If not, then who is and how did they get the What.cd user database? What.cd think they have the answer in a post on their site, replicated on this Pastebin page.
Other sites are already publishing the information above and a quick Google search does indeed reveal some interesting details. Apparently, the person held responsible for the hacking and the RIAA email is only 14 year old and not as much as a threat some believed him to be. The alleged hacker’s date of birth, his hometown, hobbies and much more are detailed on Google.
Before today, he probably enjoyed telling the world about himself on social networking sites too.
He’s also mentioned on this Pastebin page full of haxor code - along with what.cd.
The youth of today….what’s the world coming to?
Update: It appears someone claiming to be ‘biscuit’ offered the database for sale and even threatened to send it to the RIAA. After deciding that he should keep it - for later ‘blackmail’ purposes he hopefully considered this link and realized it’s not worth it, deleted the database and forgot all about it.
Update: biscuit wrote that he’s not responsible for the hacking and claims that the bash log is doctored.
Previously: Hungary Shuts Down BitTorrent Sites, Pre-Empts US Action
Next: Mininova Enters List of 50 Most Popular Sites on the Internet
155 Responses
Pages: « 1 2 [3] 4 5 6 7 » Show All
What.cd and Waffles.fm are such halfwit, dipshit trackers. Allowing some idiots to thrash the site like that. And waffles don’t need anyone to ruin their tracker. They’re doing it quite well themselves. Fuck them both.
God, how I miss my sweet Oink.
I don’t think either site is fairing too badly given the small amount of time they have had to lay down the groundwork before the floodgates of users opened. Im a waffles user mainly now though.
^^^
Looks like he’s been found. :)
I’m not normally one to condone violence, but somebody should really break P3T3R’s fingers, and Biscuit’s, too – anything to prevent them from using a computer to plot more shenanigans.
[quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…
here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.[/quote]
The site was apparently brought down by an 80megabits/s DDoS attack. It’s nothing to do with bits and bites though, it’s about how a DDoS works and about how one person with a 100Mb/s connection can’t get a site to send them 80Mb of data per second.
this story shouldn’t be on digg
@shutr
You can give them all the time you want, but that won’t change the fact that both sites are run by fuckwits relying on scripts. I bet they never made a single line of code in their short, miserable lives. Fuck them and their so called “trackers”. Trackers my ass. How come that this shit we’ve seen on what and waffles don’t happen on other 100 private trackers I have in my bookmarks?
[quote comment="211552"]^^^
Looks like he’s been found. :)
I’m not normally one to condone violence, but somebody should really break P3T3R’s fingers, and Biscuit’s, too – anything to prevent them from using a computer to plot more shenanigans.[/quote]
What the fuck? Are you retarded, or something? Now I’m going to make such a nasty SQL injection attack on both those idiotic sites, and I’m going to post an OINK screenshot all over them, out of sheer spite. Just because I can.
[quote comment="211538"][quote comment="211422"]one thing i react to is that what.cd was brought down by a DDos attack of an awesome 80 Mb/s and how pro the hacker must be to be able to bring that kind of force to bear at them…
here in sweden i (a orinary private person) could easily get a 100 Mb/s connection for about 240 kronor (40 us$) a month so what so impressive about a 80 Mb/s attack? ore are we swedes just realy spoiled with our brodband, am i missing something or is it a typo or semething?[/quote]
Megabites not bits… big difference I guess.[/quote]
both i and the news post wrote Mb (Megabits)so whats your point…?
and btw bits bites are two different spellings for the same thing (bits right, bites wrong) i think you are thinking of bits and Bytes (MeagaBytes MB <- note capital B)
Loser.
hahaha peter is one dickwit,
if anyone wants his mumz fone number just email him @
azy_149_dizzy@hotmail.co.uk
FUCKIN BALSSNIFFA
its amazing what kidz can do these days…. -.- bwahahah
What.cd and Waffles.fm are a disgrace to the torrent community.
These assumptions made by quite a few are just that… assumptions, and incorrect ones, at that.
What.cd is just fine, and so is waffles.fm. It’s quite easy to look at both and see that they pale in comparison to OiNK, but can any (music) torrent tracker compare? It’s awfully early to make assumptions about the fate of these two sites.
Much like Windows Vista, what and waffles are on the right path, but may have jumped the gun a wee bit. That doesn’t mean that one or both of the sites are a waste of time. Losing faith in these torrent trackers so quickly doesn’t give anybody any hope. Stick with it, and things will work out.
heh he got owned lol
biscuit rebuttal
http://de.pastebin.ca/771272
from the pastebin above
“Then WhatMan, one of What.cd’s admins somehow deduced that it was P3T3R, my brother, in conjuction with me. He’s been outspoken against What.cd from the start, thinking they were ‘invading the server’, as he has an account on Noah’s server too, and that all the admins were retards. So somehow it’s all over the internet that a ‘14 year old hacker’ took down What.cd. Which is complete bollocks. Especially since P3T3R is 13.”
no he’s 14, this is when he was born
http://www.i-am-bored.com/show_profile.asp?handle=petercole14
4/25/1993 (14 Years Old)
I don’t think this is the real story. The rebutal post makes more sense, that it’s one of the what.cd owners whose also a kid framing this Peter kid. The mail and sql injections don’t jive with the story. Either way it’s an internal problem and people’s information shouldn’t be posted like that.
[quote comment="211561"]What the fuck? Are you retarded, or something? Now I’m going to make such a nasty SQL injection attack on both those idiotic sites, and I’m going to post an OINK screenshot all over them, out of sheer spite. Just because I can.[/quote]
And just because you can’t get laid and must show teh worldz your 1337 h4xxor skills, yeah?
biscuit:
Richard Cole
http://www.iscuit.co.uk
b.iscuit.co.uk
the real truth
http://pastebin.ca/771416
Ignore #70, it’s a juvenile edit of biscuit’s rebuttal at http://pastebin.ca/771272
I hope this blows over. It’s unfortunate that the personal info was publicized.
I don’t wanna get too involved in this, but from that rebuttal by biscuit:
“Then after having a powercut for 3 hours at home I came back on IRC. I did a CTCP on the #what.cd channel, as being a curious guy, I wanted to find out what IRC clients everyone was using.”
That seems really unconvincing to me. Sending a version request to an entire channel is pretty uncommon, and will probably get bad reactions anywhere. I’m not buying that excuse, personally.
“‘What’ posts on the frontpage of What.cd: ‘Sending version requests to everyone in a channel is the sort of thing script kiddies looking for someone to hack would do.’
…
“That’s funny, because I’ve never heard of any modern IRC clients having vulnerabilities in the CTCP protocol that could be exploited. And even if they could, the What.cd IRCd hides users’ IP addresses, so I’d have had no way of trying to exploit them.”
Seems like more misdirection. The obvious reason to send a version request isn’t to immediately crash the client, but to find out what version they’re using so you can look up exploits for that version. I googled ‘mirc vulnerability’ and the second result is this exploit, affecting versions 6.11 and earlier of the mIRC client. This exploit works purely over IRC and does not require knowing the victim’s IP address: http://www.securiteam.com/exploits/6J00D158KO.html
I only looked this up to confirm what was obvious to me — and probably biscuit too — which is that such exploits do exist.
The rest of that rebuttal is somewhat believable, but this far-fetched and misleading talk about CTCP VERSION makes me seriously doubt it.
biscuit:
thebiscuitguy@googlemail.com
http://www.atthefinish.co.uk
.__ .__
_______| | _____| | ____ ____
\_ __ \ | / ___/ | / _ \ / ___\
| | \/ |__\___ \| |_( ) /_/ >
|__| |____/____ >____/\____/\___ /
\/ /_____/
______________________
\__ ___/\_ _____/
| | | __)
| | | \
|____| \___ /
\/
P3T3R:
http://bebo.com/Profile.jsp?MemberId=4957663591
Pages: « 1 2 [3] 4 5 6 7 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.