14 Year Old BitTorrent Hacker Threatens to Sue What.cd Users
Written by enigmax on November 12, 2007Users of OiNK-replacement What.cd, are receiving emails from what appears to be the RIAA. In it are threats that users must either stop their ‘criminal acts of piracy’ or have charges pressed against them. But is it the RIAA? Rival Waffles.fm? No, it’s a 14 yr old script kiddie out for revenge, says What.cd
Users of What.cd were in for more than a little shock today. Members of one of the OiNK replacement sites started receiving worrying emails from the music file-sharers arch nemesis - the mighty RIAA.
The email reads:
Date: 12 Nov 2007 11:35:46 +0100
Message-ID: <2007111XXXXXXX.XXXXX.qmail@bitient.org>
To: XXXXXXX
Subject: Music Piracy
From: piracy@riaa.org
Reply-To: piracy@riaa.org
X-Originating-IP: [76.74.24.143]
X-Originating-Email: [piracy@riaa.org]
X-Mailer: Internet Mail ServiceDear registered user of the site What.cd,
We have recently been investigating the activities of the users of the site http://www.what.cd/ and we have found that this site exists for the sole purpose of music piracy.
Pirating music is a criminal offence and we believe it should be obvious to you that the results outweigh the benefits - hard working artists won’t be rewarded for their work and will stop producing music, ultimately leading to a severely reduced selection of music both in the shops and for download.
The RIAA had hoped that the disabling by the police of the large illegal music site, Oink.cd, would stop a lot of people from engaging in piracy, as they don’t want to be seen as criminals. However, this appears to not be the case, as two large new sites have sprung up in its place.
This email is the final warning to all of you who were members of Oink.cd and are current members of What.cd. If we find you to be committing any more criminal acts of piracy then we will have to press charges against you, as representatives of the major record companies of
America.Yours Faithfully,
The RIAA
Worrying, especially as the IP address in the email seems to indicate it really is from the RIAA. Visitors to the What.cd site were then greeted with this message:
This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn’t get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that’s 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.
Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they’ve now met the hot burny side of the firewall).
What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren’t going to publicly speculate on who is behind the attacks - we’ll leave that to you guys.
Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren’t going to flush them down the drain just because some people don’t like what we’re doing. The first of our plans involves a very cool freeleech plan, but we’re going to wait until we’re sure the tracker’s relatively stable for
that. For the time being, we’re keeping freeleech on until further notice.
But what about the emails? Is the RIAA really sending them out? If not, then who is and how did they get the What.cd user database? What.cd think they have the answer in a post on their site, replicated on this Pastebin page.
Other sites are already publishing the information above and a quick Google search does indeed reveal some interesting details. Apparently, the person held responsible for the hacking and the RIAA email is only 14 year old and not as much as a threat some believed him to be. The alleged hacker’s date of birth, his hometown, hobbies and much more are detailed on Google.
Before today, he probably enjoyed telling the world about himself on social networking sites too.
He’s also mentioned on this Pastebin page full of haxor code - along with what.cd.
The youth of today….what’s the world coming to?
Update: It appears someone claiming to be ‘biscuit’ offered the database for sale and even threatened to send it to the RIAA. After deciding that he should keep it - for later ‘blackmail’ purposes he hopefully considered this link and realized it’s not worth it, deleted the database and forgot all about it.
Update: biscuit wrote that he’s not responsible for the hacking and claims that the bash log is doctored.
Previously: Hungary Shuts Down BitTorrent Sites, Pre-Empts US Action
Next: Mininova Enters List of 50 Most Popular Sites on the Internet
155 Responses
Pages: « 1 2 3 4 [5] 6 7 » Show All
It’s really too bad that 99% of the PHP code out there is complete crap. If anyone that took on developing this kind of thing had a clue, we wouldn’t have noob admins running into issues like this.
In a modern world, SQL injection should *never* be an issue, because people that know what they’re doing build the queries with parameterized execution on the DB side.
Rant aside, someone really needs to scrap TBsource completely and develop something new that is actually intelligently designed. Until that happens we’re going to keep seeing noob admins get owned by lame exploits.
Unless you do it yourself, it’s probably going to be crap. Especially when it comes to PHP, which seems to attract clueless devs like flies.
So, uh, who wants to start a new tracker codebase?
Peter Peter pumpkin eater
Knew a chick, but couldn’t meet her
Saw her brother one fine day
Sucked his cock and now he’s gay
[quote comment="211703"]Anyone who does believe biscuit’s little rebuttal, whatever, I personally don’t care. Anyone who thinks I doctored the logs, I don’t care.
I would never destroy a site I helped create. And I created what.cd to fill a missing spot in my heart that is usally filled by OiNK.
I left the site of my own accord. I was not kicked off the team, or anything. I left simply because I did not need all my information associated with a semi-illegal site (depending on what country you are in).
I do not know why biscuit assumes that I would try to sabotage my own site. But I know very well that I wouldn’t even dream of such a thing. The admins at What.cd have always been nice to me, and I respect them for their continuing efforts.
Just to point out a couple things in his little rebuttal that don’t quite fit in.
Firstly, MySQL moved off my server a couple weeks ago, maybe a few days after starting the site even. I helped move it over, and we never installed PHPMyAdmin. (This explains why the bash log shows him installing it). So MySQL and the site were on different servers.
Secondly, after I left, I forfeited all my accounts on what.cd and the servers. Not to mention the countless password changes the staff must have done throughout these attacks. The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever.
Thirdly, lets presume I did want to torture the site. Wouldn’t it have been far simpler for me to change the pass and put a meta redirect in the source? I wouldn’t have to jump through the loopholes shown in the logs. Which the hacker, who IS NOT me, had to go through
Fourthly, why in God’s holy name would I want to destroy something I helped make!
Fifthly, as http://pastebin.ca/770935 shows, biscuit does in fact have users emails. Sounds a tad controversial to me.
Sixthly, why would I want to frame someone I have known, and befriended?
I hate that the evidence points to him, but, not much I can do about it except tell the truth.
Sorry pals.[/quote]
Sorry, but that statement was full of lies. You did not leave the site. You and Sylar are the same person.
“I left the site of my own accord. I was not kicked off the team, or anything.”
A lie - you didn’t leave at all.
“Secondly, after I left, I forfeited all my accounts on what.cd and the servers.”
That’s a lie, you just changed your name to Sylar.
“The only access I could have had to the site was the code on the html server, since I ran that server. I had no access to the database whatsoever”
That is a complete lie too, as Sylar had and still has access to the database.
I’m not saying you hacked the site, or blaming you for anything, i’m just pointing out that you’re a lying beggar. Thanks.
Ach, only thing I have to say is why couldn’t it have happened to the RIAA site or CRIA or anything just not a torrent site!!
And I don’t personally support vigilantes but - anyone in the Yorkshire area?
look guyz
if your site can’t handle a multi-gbit ddos then you have multiple problems.
1. your servers suck
2. your host sucks
3. probably your coding sucks
just apologize to the poor guy - obviously someone pissed him off - and biscuit if your happening to read this [i doubt it] cut the homies a break lol.. [no im not a member there..]
So.. is P3T3R in the back of someone trunk yet lol.
these admins aren’t noobs. tbsource code is horrid, and has to be used in order to run these sites.
if they were given enough time to fix up the billion issues in the source then they probably would’ve, but the fact is… time = quality users. the more you wait to clean out your source code before launching, the more likely it is for someone else to start up a semi-fucntioning site and soak up the hordes of quality oink refugees.
therefore, these sites had to launch on tight schedules to stay ahead of the curve. the by-product of which is of course poor reliability and plenty of down time.
time will fix this and pretty soon we’ll have a few decent functioning oink replacements.
when i was 14 i discovered girls
yes, because the RIAA would actually sign there emails “The RIAA”
fucking load of nonsense.
Why would Torrentfreak even report anything of this small a magnitude, fucking poor news reporting
oh and someone has my email address? big fucking deal, what they gonna do… email me?
Hi, I have 250 GB of music too share, I had a nice share ratio at OiNK!
Please invite me for waffles or what. Thanks!
the2ndmail AT gmail DOT com
Serves them right for making the site invite only from the get go… they deserve everything coming to them, I hope they get shut down. Of course my opinion would be different if they had actually allowed us Oink Refugees to sign up when they first opened but being invite only from the start? To h*ll with them.
p3t3r hangs out at #macheist on irc.macnn.com. He’s there as I type this.
[quote comment="212085"]look guyz
if your site can’t handle a multi-gbit ddos then you have multiple problems.
1. your servers suck
2. your host sucks
3. probably your coding sucks
just apologize to the poor guy - obviously someone pissed him off - and biscuit if your happening to read this [i doubt it] cut the homies a break lol.. [no im not a member there..][/quote]
You sir, are an idiot. A well crafted ddos can take any system down to its knees.
ffs people hes only a kid. what he did is obviously wrong but everyone has done stupid things when they were 14.
At least I know I have, though none of them involved hacking ,but they were nonetheless stupid and I regret doing them and I pissed quite a few people off.
So give him a spank and a warning but quit saying stuff like Ill burn down his house and hang his family because thats crap.
alright if anyones going to read this i looked at a few things and:
the myspace registered to that email is:
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=45208667
last login was december 2006, so he hasnt changed it since then. He has one friend and this is:
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=34407333
perhaps his only friend is the biscuit they keep speaking about? :)
In a way, this might be a good thing. It sends a message to What.cd that their site is not secure enough, and reminds us all that we have to adress the threat of riaa lawsuits very seriously.
However, with the hacker’s age in mind, I bet he just did it for atention… that douchebag.
what.cd is trouble.
I was an oink user, how can I get an invite for Waffles?
you people are total fucking losers, internet tough guys and idiots.
nobody in the real world cares about your retarded bit torrent problems. you look like faggots crying all the time telling off companies that can bury you when they feel like it and do all the time as proof. you guys try to incite violence on 14 yr old kids! if thats not a sign of being a fucking loser im not sure what is.
i was a member of oink and demonoid but im GLAD you assholes that cant get into waffles or what.cd cant because your all a bunch of faggot wanna be tough guy pussies!
have fun with that!
peter and his 14 loser brother owned the entire tracker and now you are all crying….so funny. he is still owning you tards…
[quote comment="212382"]you people are total fucking losers, internet tough guys and idiots.
nobody in the real world cares about your retarded bit torrent problems. you look like faggots crying all the time telling off companies that can bury you when they feel like it and do all the time as proof. you guys try to incite violence on 14 yr old kids! if thats not a sign of being a fucking loser im not sure what is.
i was a member of oink and demonoid but im GLAD you assholes that cant get into waffles or what.cd cant because your all a bunch of faggot wanna be tough guy pussies!
have fun with that!
peter and his 14 loser brother owned the entire tracker and now you are all crying….so funny. he is still owning you tards…[/quote]
Your post is a prime example of how a “internet tough guy” post would look. You need to swear to get your point across..
[quote comment="212115"]these admins aren’t noobs. tbsource code is horrid, and has to be used in order to run these sites.
if they were given enough time to fix up the billion issues in the source then they probably would’ve[/quote]
It doesn’t have to be used. There are alternatives out there, and for the non-noobs you claim the admins to be, there’s the option of coding it yourself.
Even while using tbs, the entire thing can be secured against XSS and sql injection in under 2 days (I know from experience).
Not that 2 days is needed any longer. I personally have contributed a quick and dirty XSS prevention hack to tbdev forums, others have done the same to tackle sql injection.
A lot of what I’m reading from this whole matter is just plain BS. The post supposedly by noah above claims no access to the database server, only the “html” server. That’s funny as hell. Anyone with access to the php automatically has access to the database unless there’s some magic trick to allow only pre-approved php scripts to connect.
The claims by admins that they secured sql are blatantly false given that email addresses were stolen. Someone had access to their sql server, so they were not secure.
This whole sorry mess is what happens when noob admins with no experience set up using a poorly coded base. Users would be well advised to avoid anything new that isn’t at least backed by established names.
Nope, stuff the kid. He deserves everything he gets. He should be set as an example , just like the RIAA tried to set an example of jammie thomas.
Find this kid.
hahah stupid kid
New article today says that the RIAA met with Bin Laden in weeks before 9/11 attacks.
dam i got one
Peter Peter pupkin eater
Whacked off in the movie theater
Sprayed his load across the screen
And ruined Titanic’s final scene
Pages: « 1 2 3 4 [5] 6 7 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.