Hacker Takes Over Torrentz, Sort Of…
Written by Ernesto on November 16, 2008A hacker has successfully changed the nameservers of the popular BitTorrent meta-search engine Torrentz.com. For a few hours the site was replaced with an Adbrite ad, and a link to a warez forum. To top it off, the hacker then contacted the Torrentz admin to brag about his hacking abilities.
Last week we reported that Torrentz was facing a hostile domain takeover. With a forged driver’s license, the impostor attempted to change the domain Whois. Yesterday, the nameservers to Torrentz were indeed changed, giving the ‘hacker’ control over the Torrentz domain.
Flippy, the admin of Torrentz told us that he noticed some worrying changes when he checked his website late last night. There were banners from Adbrite at the top and bottom of the site, banners that didn’t belong there. It turns out that “the hacker” we mentioned before, managed to change the nameservers of the torrentz.com domain. In the middle of the new page torrentz.eu was now loading in a frame, so the site was usable apart from the extra ads.
When Flippy added some Javascript to the torrentz.eu site to prevent it from loading inside the frame, the .com domain suddenly linked to some fresh warez forum and an image hosting site. The warez forum, warez2share.com, was apparently hosted on a shared hosting account, and it didn’t take long before the account was suspended because of the traffic overload.
The hacker didn’t stop there of course, and he soon changed the page to a single Adbrite banner. And as if that wasn’t enough, he decided to email Flippy, to tell him how good of a hacker he is. “So, I emailed him back, and informed him that I have a lawyer who will subpoena Adbrite first thing in the morning, to get the account’s details,” Flippy told us.
After some emails back and forth, the hacker suddenly changed his tone. After Flippy reminded him that forging a US driver’s license is a serious crime, he suddenly became surprisingly cooperative. Instead of bragging about his hacker skills, he was suddenly willing to change the nameservers back. At the time of publication, the domain details have indeed been reverted, and until the changes clear, torrentz.com is being redirected to the backup domain, torrentz.eu.
It is not over yet though, as Flippy told us that he will do everything he can to find out the identity of the ‘hacker’, so stay tuned.
Update: The hacker is from California and forged a CA drivers license, which he can be put in jail for. Flippy, however, decided not to go after him, since it would be very costly to do from Poland, and it’s not worth it for 4 hours downtime.
Previously: The Pirate Bay Sees Traffic and Peers Surge
Next: TorrentFreak TV Episode 3
84 Responses
yay! go torrentz.com !
seems to be fine now btw
lol owned hacker.
ROFL. This hacker erm… script kiddie … sounds like a fool. Although, dont forget: we are only hearing one side – the owner of torrentz of course. Who likes to look stupid? He may well be embellishing and or making up stuff regarding this situation.
Maybe or maybe not. It just strikes me a little odd that the attacker suddenly capitulated, but who knows eh?
The term “hacker” doesn’t apply here.
Can you say owned?
Looks like a small kid who needs appreciation for his abilities this hacker.
…and this is why The Pirate Bay truly sucks dogs balls!
Who mentioned TPB?
lulzy
The script kiddie idiot who just wanted to brag forgot about the law. I hope that their identity is revealed and that proper felony charges are pressed.
TPB SUCKS YOU DUMB IDIOT STUPID SHITBIRD. ALL TPB USERS SCREW THEIR OWN FAMILIES!
Someone has got a cock up their ass.
As was said before, who mentioned TPB dickneck?
LOL, that is hilarious! Hackers Rule!
jess
http://www.privacy.cz.tc
Looks like some kid who just foolishly wanted to gain some ego over it. Hopefully, this person could eventually grow up and become a useful part of society… or something like that.
@4
Well, perhaps the attacker just wasn’t thinking, and suddenly realized that it was actually illegal, and a serious crime at that.
@5
Indeed, I find the term “domain hijacker” more appropriate here.
@8, 11
What’s anything got to do with TPB here?
Roze
http://www.10ch.org/
Well if this “hacker” was indeed a “script kiddie” then why the hell was he able to pull the hack off? If n00b hackers can do this much damage, it worries me what a real hacker could do if he hated a bittorrent site for some reason o.o
VIVA LA TORRENTZ!!!
He must know flippy if the hacker forged his Drivers License
I dont want this kid to go to jail I just want him to understand what BitTorrent stands for and the pirat’ byran
He can join the good side
How come I didnt get credited in these stories? :(
I brought this to the attention of TF staff
the guy didn’t hack anything sounds like he just used some social engineering. probably told them it had finally happened and someone took over the domain and he would like to have it back + fake ID as proof -> awesome domain hack °°
owned.
epic fail.. what what a moron.
A) kid gets banned for whatever reason
B) kid screws site
C) stupid kid
Thinking about it a little, I think it might be positive if a stunt like this was done to the RIAA and MPAA websites – of course, not for ego, but out of principle.
@17
This term, “social engineering,” seems awfully strange. Last time I have heard, the term “deception” and “intrigue” were used. Perhaps we need a special term for everything on the world wide web.
Roze
I hope Flippy gets there identify
Hacker is the correct word – you’re all just thinking of purely digital hackers. He hacked the system set up to prove who he is.
@21
I think you meant:
1. kid gets b&
2. kid screws site
3. ???
4. Prophit!
torrents are for r3tarded ppl.
instead of using time to identify the “hacker” shouldn’t he use his time securing his dns servers?
@ 26
You do realize what website you are on, right?
truely he had an ability.
punishing the hacker by attacking him back and crashing his entire home net work would be great and shit.
on the other had bringing the pigs in this won’t make justice. not in our world. when you get hacked the appropieate thing to do is to hack back not call 911 like a bitch. hence, i believe the correct justice is to use our abilitites “hacking” to get the guy back. i say flippy talks to this bitch and hacks the shit out of him.
p.s. it kind of seems like this idiot hacked from home since he had over 5 hours of work put into it, plus direct contact with flippy, and i doubt this foo is that smart to have thought about where he was.
Get em. but then again…give him some props. kudos mr. “hacker.”
come on guys we all hacked at one point in our lives. maybe not like this much of a dick, but not to far from it. :p
@28
i realize that you realize that i realize that you realize i don’t know where the hell i am. where am i?
one side of the story though,with admin
trying to look impressive,and making me
feel the so called hacker is a script
kiddie and a fuckin coward.
hmmmmmmmmmmmmmm.
i wounder how the script kiddie will relate his part of the story.
and to the admins of torrentz,i really do get some good staffs from your illustrious site so please, for heavens sake get yourselves some decent network admins,
mi dont want to hear stories when i get myself ready to leech.
until then
peace
I want someone to hack the RIAA and place “free MP3 files for download” because there’s been a “change of policy” like that groups did before. THis time also do the same to the MPAA website with some Blu-Ray rips.
ROFLMAO…
Actualy he is not a hacker, he is …. a pirate, a real digital pirate.
If the “hacker” really is a kid, Flippy will not get his/her identity and no charges will be brought! Thus, “hacker” wins. ;)
Epic win for flippy. hope he finds the identity lol.
Not the least biased article I have ever read. No mention of the fact that this Flippy, who takes such a high moral ground, has been bullying all the indexing sites for far too long. Do as he says, or become delisted overnight.
This is of course a curious legal stance from someone who is himself resident in the USA without a green card or any permit to remain, more an illegal immigrant than a pirate. No liklihood at all of his being able to take anyone to court, given that he uses a false name and is trying to evade deportation.
Good for this kid weho hacked him. If he wants a job, then an email to yljohiuo@trashmail.net and he’s got himself one.
I doubt this posting will stay on T/F for long, it’s well known that Flippy hosts the site!
I dont think hes a script kiddie or a hacker, but in all fairness he is pritty cleaver to convince the registar that he owns such a large domain. He is a drain on socity tho ! so credit where credits due he was kinda cleaver but then became very dumb and torrentz.com didnt deserve it, why not the riaas site?
@36
Where is the source for that? If you have no source to verify its veracity, then it might as well all be made-up.
Roze
hahahah TPB Sucks t3h big ball sack.
P2p is for pedophiles only.
you shold all be sent to jail for stealing
etc etc.
goddamn it people/bots grow up.
@29
I agree completly. We all pirate just about everyday, and we’d be pretty pissed if someone reported us. Do we report people who post up torrents full of viruses? Well yes, but not to the pop-pop. Why? Its just not right man. Hack his ass off and then be even. He won, now get some revenge and then everyone is square.
Fuck that. We at the MPAA will do whatever we have to. Even employ people to post bad things on forums. Deal with it.
@29 … “bringing the pigs in this won’t make justice. not in our world. when you get hacked the appropieate thing to do is to hack back not call 911 like a bitch.”
But we’re not all tryhard criminals trying to be “gangster” or whatever the fu_ck your failing at. Another thing that makes this comment of your more idiotic is as far as I can tell the hacker is unknown at the moment. Next you’ll be telling us that if someone you knew got murdered you would go out and murder the person who did it.
“hence, i believe the correct justice is to use our abilitites “hacking” to get the guy back. i say flippy talks to this bitch and hacks the shit out of him.”
People who live in the real world, and don’t have an attitude problem whilst living with their parents still, prefer to use the authorities to work for them – that’s what we pay taxes for. People with your attitude will get jacksh!t done and waste a whole lot of their own time and energy.
“p.s. it kind of seems like this idiot hacked from home since he had over 5 hours of work put into it, plus direct contact with flippy,”
Neither of those reasons give any indication of where he was and hacking 101 says use a proxy of some type.
“and i doubt this foo is that smart to have thought about where he was.”
Oh no – because people conducting illegal activities never think about that…
“Get em. but then again…give him some props. kudos mr. “hacker.”
Only the truly retarded would see hacking a website that they own as something to give “some props” over like it’s some tryhard street thug’s
party where everyon’s saying “yo” and giving “mad respect”.
“come on guys we all hacked at one point in our lives. maybe not like this much of a dick, but not to far from it. :p”
Most people haven’t a clue about hacking fullstop. Apparently you think it’s really cool to pretend your a hacker which says some things about you. Young, insecure, looking to forge an identity by pretending to be really cool in blog comments.
@40 “…We all pirate just about everyday, and we’d be pretty pissed if someone reported us. Do we report people who post up torrents full of viruses? Well yes, but not to the pop-pop. Why? Its just not right man. Hack his ass off and then be even. He won, now get some revenge and then everyone is square.”
Ditto young, insecure, trying to be gangster etc. You’re even more moronic with your daft “I would’nt get authorities on his ass because I wouldn’t like that” line and your vigilante attitude which again fails to take into account that the hacker is so far unidentified (hackers usually are) and the use of the word po-po (you spelt it wrong) which clearly tags you as an insecure r3tard using gangster talk and talking like your a petty criminal.
Both of you come out of this looking really pathet!c
man its satisfying when retards get their come-uppance
I wonder how much he made off those few hours. Must’ve made at least 100 or nearly a thousand with those kind of views
Tryhard Wigger Geek: “People who live in the real world, and don’t have an attitude problem whilst living with their parents still, prefer to use the authorities to work for them – that’s what we pay taxes for.”
Hahaha.
You know, I can’t help but picture you typing that from your parent’s basement. Irony FTW.
relax guys, fortunately no porn deleted.
@24
Well, is not most every structure of society a “system”?
Roze
Hey, you guys really believe that this was done by script kiddie? No way! If script kiddie can do this than imagine what the real “hacker” could do. It was cool but stupid, much more like stupid but i appreciate the effort.
Uhm.
Hacking is assuming control of or gaining access to any computer you do not own. The two most common ways to do this are brute forcing stuff (I KraKt Y0uR Pa55) and Social Engineering (I BurIBeD Y0uR Fw3Ndz).
In this case the whole scenario was social engineering: Get Flippy’s IRL pic, name and Lic. #, photoshop it onto a driver’s license, tell the domain host that the password needed reset.
The major felonies here are hacking an unauthorized computer, identity theft, and forging a government issued ID, which altogether bring hefty fines and jail time.
The biggest problem with egotistical script kiddies is that they have to get recognition for their deeds. If he had gone to a public library, ditched the ads and forum, and neglected to gloat, he would have gotten away with it. But alas, a huge number of the hackers out there today are exactly this kind of demented prick.
@16
Exactly.
Peace,
Nez
@22
“social engineer” is just a wanky term used to make people sound more interesting and accomplished than they are.
It’s just a web 2.0 euphemism for “con man” or “confidence trickster.”
The only difference is the l33t ego.
i bet half the people callin him a script kiddie couldn’t even dl a torrent
@50
Nice.
LOL, that is hilarious! Hackers Rule!
dan
http://apps.jooopa.net
thepiratebay rocks !!!
@44 : “Tryhard Wigger Geek: “People who live in the real world, and don’t have an attitude problem whilst living with their parents still, prefer to use the authorities to work for them – that’s what we pay taxes for.”
Hahaha.
You know, I can’t help but picture you typing that from your parent’s basement. Irony FTW.” ”
Irony indeed – and for all you know I may be doing just that. However I’m not spouting shit about “po-po” and suggesting that “police aint justice in my world” and making asperions to “bitches” and “snitches” like I’m some hoed-out street niggah claiming “reee – spect” from the “strizzeeets” though am I, so even if I was it’s still less pathetic than that moronic attempt at communicating to others about beefed up and gangster and tough they are (without realising it’s as apparent to all reading that they’re just insecure little scumbags with a low self-image that feel a compulsive need to prove themselves to others by imitating their “hardest” role models they can find of course. Bet my life savings they’re 12-16 year old middle-class white kids who are pussy’s in RL)
Mmmmmmm, now why would a hacker hack a torrent site. Kind of defeats the object of what they stand for really
http://www.aquariumfish.me
Bit worrying how easy the site was hijacked if we’re right in assuming its just a script kiddie.
There is a really evil malware attack vector going around now. One of the symptoms is a dns poison that uses adbrite and 2009 Virusprotect.
One of the vectors that it has been using with torrents is a video feature, or DRM or decryption execution. The script doesn’t contain a virus, it executes a vbs script to download the virus and malware in section to escape detection.
The dns attack prevents the use of most security sites (by assigning a different IP to significant names. go.google.com which is the redirect vector for google points to something else entirely.
oh yes, all these changes are also in the registry which has been altered so that administrators or equivalent classes can not alter the registry. Anything that uses dll’s that have been redirected and no longer exist (altered registry) will generate a blue screen with a post-reboot dos level commands.
This hacker group is very smart. I doubt if a single hacker could compromise as many servers as are being used as resources in these attacks. Mininova has been the delivery vector for many of these new approaches to malware, virus and general system disruption
Search results seem to have gone down!
TEE HEE HEE!
@NubCakes
What do you mean?
Please read it agian! and don’t say ANYTHING about TPB’s family or I F****** kill you!
Not hacking, social engineering.
Come on Flippy …
Give us the details and we wll find out who it was. We have a high reputation in bringing the facts up.
Lol. those people posting about immigration… if you are not one of them then STFU by all means possible. i don’t understand why the so called “unbiassed media” protraits everyone of them as mostly wasteful for resources, extra unecessary population, ETC. Its just sickening to see the obvious negativity, though this is somewhat beside the point. @41: Good, the riaa can probably stop money from going to iraq by exploying retards who will only make us turn to more anonymizers and different kinds of file sharing. The riaa/mpaa do not need that much money anyway, and it is truely visible that the artists are there just to keep on feeding you. I doubt any compensation to the artists has actually taking place. Where does all the money you presumably charge for infringements go? Sure, to buying more legit pr0n copies and other stuff we would not like to know. But the artists? screw them, right? And file sharing? Oh, believe me, it hasn’t stopped at all. Maybe It is time to promote rather than impair inovation through technology since it appears to be the only form of religion at least in these 50 (plus some kind of land far away, plus an Island) “united?” states. tHe story was kinda interesting, though I never used the site, only sticking up to the pirate bay–where it looks like its the only place with a form of actual “democracy”.
@58 : Indeed, you are right.
“Mininova has been the delivery vector for many of these new approaches to malware, virus and general system disruption”
The Pirate Bay and Mininova are the single biggest sources for PPI malware. The most sophisticated attackers bundle a PPI malware .exe into an application and encrypt it using LuLz Cryptor or Redemptions File Binder V2 which both use a unique encryption key for every single time they bundle/encrypt a file – this renders them Fully Undetectable (FUD) to all virus/malware scanners when they are scanned. Because the bundled PPI .EXE is updated everyday in many cases (depending on vendor) virus/malware scanners cannot detect them at execution time either because theyre not updated fast enough.
The ultimate form of this attack is to bundle a downloader into the target application (and encrypt it etc. still). Once this has been installed the PPI executable is downloaded onto the target machine on a regular basis (daily or hourly).
The Pirate Bay and Mininova are THE PREMIER targets for these attackers – another reason why it’s a bad idea to use public trackers. THink I’m making this up? See the newbie guide on how to infect users with a PPI executable here:
http://www.pay-per-install.org/pay-per-install/380-guide-getting-started-ppi-start-2-finish.html
That’s the complete amateur, newbie guide (it’s very easy) – when you add encryption to the bundling process and make innocent looking torrewnt uploads good luck – it will be a long time until thats taken down. Read some more from this wonderful forum if you dont believe me on this.
Don’t be stupid enough to think that you can spot the files bundled with malware – the way they are bundled means often it’s impossible for users to pinpoint where the malware came from.
Ford F-Series
Ford Focus
Too many kiddies on the internet :(
go private tracker, end up like brandon
That’s so fucked up, fucking Torrentz.com is awesome and that hacker shoulda hacked fuckin RIAA’s website
I love how only like two of you are even on topic or getting the point of the article. Kudos.
-Nez
@70 ” I love how only like two of you are even on topic or getting the point of the article. Kudos.
-Nez
”
And yet another person posts an off-topic post and makes no reference to the articles content.
Oh wait, that’s what ur complaining about.
Nez is a stupid sounding name. Is that what they call you at the psych institute?
@71
Actually Mr. Anonymous I’ve already mad the only meaningful post I plan to make in this thread. It’s on page 2. As for the name, It’s short for Mennez. Google it.
This entire fiasco is a joke though, the kid didn’t hack much, and he’s not a script kiddie. He’s a con-man with some network knowledge.
And in response to the post a ways back that said social engineering wasn’t the proper term, I’m sorry. The English Language has things called “Synonyms” where two words or terms mean exactly the same thing. Like “Fish” and “Aquatic Invertebrate”. “Social Engineering” is just a more technical way of saying he pulled a “Confidence Job”.
Other than that, I pretty much said everything I wanted to say in my first post.
-Nez
stupid kid better luck next time…
Come on everyone. Flippy makes himself a target by adopting the high moral ground over popups when all he has been doing is promoting those he is involved in doing business with.
He who sleeps with hyenas etc….
@25
…
torrentz.com sucks.
so nothing wrong with that …
should have put that kid in jail
What the heck? Script kiddies. They really need to get a life.
The Pirate Bay however is a better site to find torrents. Not so easily exploitable, lol
http://www.tepiratebay.com
@65, good point about saftey by public trackers. I too recently have had infiltrations (3 times this year so far) where the AV software was useless and I had to re-format. Although I don’t remember what it is exactly I did to cause it as these problems usually crop up long afterwords..
If a person simply keeps to AVI, MPG, MP3 files, the chances of infection are reduced, but applications and games sincerely do have chances of taking out your computer. Then again, I often wonder if Microsoft updates uses this same technology to enable back doors so they have the future ability to take control / spy on your computer. Much of what goes on is certainly unseen.
I still think he should have pressed charges, or at least made a friendly phone call to CA police. I hate script kiddies as much as anyone else, and frankly I think they should be beaten until disciplined.
script kiddies wil be script kiddies.
this really isnt much of a hack since your just bs'ing the dns
Flippy's in Poland? WOOT! POLAND!
i wonder why he displayed ads :D
2 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.