14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users
Written by enigmax on November 12, 2007Users of OiNK-replacement What.cd, are receiving emails from what appears to be the RIAA. In it are threats that users must either stop their ‘criminal acts of piracy’ or have charges pressed against them. But is it the RIAA? Rival Waffles.fm? No, it’s a 14 yr old script kiddie out for revenge, says What.cd
Users of What.cd were in for more than a little shock today. Members of one of the OiNK replacement sites started receiving worrying emails from the music file-sharers arch nemesis - the mighty RIAA.
The email reads:
Date: 12 Nov 2007 11:35:46 +0100
Message-ID: <2007111XXXXXXX.XXXXX.qmail@bitient.org>
To: XXXXXXX
Subject: Music Piracy
From: piracy@riaa.org
Reply-To: piracy@riaa.org
X-Originating-IP: [76.74.24.143]
X-Originating-Email: [piracy@riaa.org]
X-Mailer: Internet Mail ServiceDear registered user of the site What.cd,
We have recently been investigating the activities of the users of the site http://www.what.cd/ and we have found that this site exists for the sole purpose of music piracy.
Pirating music is a criminal offence and we believe it should be obvious to you that the results outweigh the benefits - hard working artists won’t be rewarded for their work and will stop producing music, ultimately leading to a severely reduced selection of music both in the shops and for download.
The RIAA had hoped that the disabling by the police of the large illegal music site, Oink.cd, would stop a lot of people from engaging in piracy, as they don’t want to be seen as criminals. However, this appears to not be the case, as two large new sites have sprung up in its place.
This email is the final warning to all of you who were members of Oink.cd and are current members of What.cd. If we find you to be committing any more criminal acts of piracy then we will have to press charges against you, as representatives of the major record companies of
America.Yours Faithfully,
The RIAA
Worrying, especially as the IP address in the email seems to indicate it really is from the RIAA. Visitors to the What.cd site were then greeted with this message:
This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn’t get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that’s 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.
Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they’ve now met the hot burny side of the firewall).
What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren’t going to publicly speculate on who is behind the attacks - we’ll leave that to you guys.
Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren’t going to flush them down the drain just because some people don’t like what we’re doing. The first of our plans involves a very cool freeleech plan, but we’re going to wait until we’re sure the tracker’s relatively stable for
that. For the time being, we’re keeping freeleech on until further notice.
But what about the emails? Is the RIAA really sending them out? If not, then who is and how did they get the What.cd user database? What.cd think they have the answer in a post on their site, replicated on this Pastebin page.
Other sites are already publishing the information above and a quick Google search does indeed reveal some interesting details. Apparently, the person held responsible for the hacking and the RIAA email is only 14 year old and not as much as a threat some believed him to be. The alleged hacker’s date of birth, his hometown, hobbies and much more are detailed on Google.
Before today, he probably enjoyed telling the world about himself on social networking sites too.
He’s also mentioned on this Pastebin page full of haxor code - along with what.cd.
The youth of today….what’s the world coming to?
Update: It appears someone claiming to be ‘biscuit’ offered the database for sale and even threatened to send it to the RIAA. After deciding that he should keep it - for later ‘blackmail’ purposes he hopefully considered this link and realized it’s not worth it, deleted the database and forgot all about it.
Update: biscuit wrote that he’s not responsible for the hacking and claims that the bash log is doctored.
Previously: Hungary Shuts Down BitTorrent Sites, Pre-Empts US Action
Next: Mininova Enters List of 50 Most Popular Sites on the Internet
156 Responses
Pages: « 1 2 3 [4] 5 6 7 » Show All
I do hope whoever did it reads the comments here and everywhere that this is discussed and shits himself for good reason.
Being a badass on the internet no longer means you’re untouchable if your neighbor is an MP3 loving fileswapper with big enough muscles and temper to go with it.
I don’t condone all the threads and violence. But do realize that without the threat of sanctions no rule or law in society would ever have any effect.
The RIAA try to scare everyone out of sharing with one another - well, maybe the whacked out behavior and anger will scare everyone out of trying to side with the RIAA ;p
Connected to IRC using their real IP? Lawl :|
LOL, RIAA.ORG doesn’t even have an MX record, nor does RIAA use their own webserver as their mail service.
spike@darius:~> host -t MX riaa.com
riaa.com mail is handled by 100 riaa.com.s6a1.psmtp.com.
riaa.com mail is handled by 200 riaa.com.s6a2.psmtp.com.
riaa.com mail is handled by 300 riaa.com.s6b1.psmtp.com.
riaa.com mail is handled by 400 riaa.com.s6b2.psmtp.com.
spike@darius:~> host -t MX riaa.org
riaa.org has no MX record
Nice try.
They should make a movie, this is just comedy gold right here
Anyone who does believe biscuit’s little rebuttal, whatever, I personally don’t care. Anyone who thinks I doctored the logs, I don’t care.
I would never destroy a site I helped create. And I created what.cd to fill a missing spot in my heart that is usally filled by OiNK.
I left the site of my own accord. I was not kicked off the team, or anything. I left simply because I did not need all my information associated with a semi-illegal site (depending on what country you are in).
I do not know why biscuit assumes that I would try to sabotage my own site. But I know very well that I wouldn’t even dream of such a thing. The admins at What.cd have always been nice to me, and I respect them for their continuing efforts.
Just to point out a couple things in his little rebuttal that don’t quite fit in.
Firstly, MySQL moved off my server a couple weeks ago, maybe a few days after starting the site even. I helped move it over, and we never installed PHPMyAdmin. (This explains why the bash log shows him installing it). So MySQL and the site were on different servers.
Secondly, after I left, I forfeited all my accounts on what.cd and the servers. Not to mention the countless password changes the staff must have done throughout these attacks. The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever.
Thirdly, lets presume I did want to torture the site. Wouldn’t it have been far simpler for me to change the pass and put a meta redirect in the source? I wouldn’t have to jump through the loopholes shown in the logs. Which the hacker, who IS NOT me, had to go through
Fourthly, why in God’s holy name would I want to destroy something I helped make!
Fifthly, as http://pastebin.ca/770935 shows, biscuit does in fact have users emails. Sounds a tad controversial to me.
Sixthly, why would I want to frame someone I have known, and befriended?
I hate that the evidence points to him, but, not much I can do about it except tell the truth.
Sorry pals.
It twists and turns like epileptic candy raver. really was a interesting day, thanks to everybody who is participating. can’t wait for the movie.
Thanks lolinger. Should be out on DVD and BluRay within the coming months ;)
well, it really is a good story, but i guess it’s enough now.
Back to fighting the riaa not each other. :)
Thinking it was just some kid makes it easier, doesn’t it?
Anyone got a picture? Is it possible to have a picture of an imaginary person?
I love this.
what a lot of cheap publicity for a site that registrations have already closed because it is at full capacity. what a sorry cart of steaming BS. does 20,000 active members fill a twin cpu server before you must switch to LVS? and you started out on a shared server? your DDOS attack was traffic generated by TorrentFreak, fuktards
most likely what happened is the n00b admins could not handle the traffic generated by the TorrentFreak publicity and the whole sorry project fell in shame on the floor. ffs the site was on a shared server and any operator will tell you about the traffic Freak can generate …
the lady doth protest too much!
h33t, interesting, that the Quad Core 2.66GHz Xeon we have running the MySQL database is at 87% usage right now isn’t it?
We started out on a shared server because none of us had the money to put forward for our own dedicated. Once donations came in, we bought two new servers. One cheap one which we regret, and the QuadCore for the database, which is 200 Euro / month.
And it was a DDoS, I’ve seen our logs.
don’t let this little wannabe hacker discourage you on joining what.cd
the site is now secure, nothing to worry about now.
[quote comment="211398"]what.cd equals trouble, deleted my account today, everybody should.[/quote]
Just because you deleted your account doesn’t mean we all should follow as well. *rolls eyes*
Get over it.
[quote comment="211486"]I hope for this kids sake he doesnt try to act all cool and do some stupid shit with this databse. I live like a 10 min drive from him and i swear to god i will fucking burn his house down while he and his whole fucking family is sleeping. Seriously kid, do the right thing and delete the whole thing before you get hurt for real.[/quote]
Amen.
[quote comment="211582"]What.cd and Waffles.fm are a disgrace to the torrent community.[/quote]
Then don’t join them, it’s that easy.
[quote comment="211391"]A 14 year old hacked the website? Then you post his whereabouts so people can harass him.
Yeah, there goes my support of what.cd[/quote]
Meh, you know what they say about opinions? everyones got one. *rolls eyes*
Welcome to the wonderful world of running a tracker. :P
Yup, what I go through everyday dealing with the masses. Anyone who has ever touched the original TBSource knows what a nightmare it is. The code has had many ‘owners’, is poorly indented, if indented at all, and has so many redundant queries (I found a query inside a while loop running through the entire users table) it makes you want to hurl.
Anyone who thinks we don’t know what we are doing, keep your opinions to yourself.
OiNK didn’t just appear great, it took many years for it to develop into what it was. We will be the same, regardless of user expectations.
He’s 14 what do you expect ?
http://www.americanidolpixelmania.com/signup.php
the future is distributed and anonymous not this centralized/drama shit
What “Software” do you run to actually run the tracker and server anyways?
Is it custom every time or is there a software install that is available that sits behind the website?
We must stop the riaa/mpaa from killing sharing
That’s infringing on our rights
If they have total control you can bet that they’ll charge whatever price they like
They call it profits but we call it ripoff
Don’t be a slave fight for your freedom, they will us all kind of names from
pirates, thieves to criminal.
We call that racist or immoral.
What a surprise. The site has clearly been horridly insecure since it was founded (as bitient.org). Maybe these tidbits will make the nature of the “database compromise” a bit clearer:
http://pastebin.ca/771788
http://pastebin.ca/771787
Their MySQL server didn’t even have any access restrictions at the time — how stupid is that? This dump was made a few weeks before the what.cd transformation, but I think it’s safe to assume that there were other random people besides myself with database access.
I’m going to have to take more classes. A kid half my age can hack his way through protected servers… My parents thought my generation was super-smart, but these kids today are remniscent of Ender’s Game.
Not only does this fall under the category of “Man-drama”, it also falls under the category of “Nerd-drama” and thus makes it extremely lame…
Pages: « 1 2 3 [4] 5 6 7 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.