Hackers Run Wild Spending BitTorrent Tracker’s Donations
Written by enigmax on December 29, 2007The SuperTorrents BitTorrent tracker has been the subject of a major security breach, with hackers gaining access to private accounts from which they donated all the site’s money to a religious group. The hackers even went as far as contacting the site’s host and canceled all of their seedboxes.
Earlier this year, the anti-piracy company MediaDefender was torn apart when its email system was compromised and hackers laid the company’s secrets bare for the world to see. Some months later, the SuperTorrents (ST) BitTorrent tracker has been the victim of hackers. According to a so-called ’scene notice’ circulating at the moment, the 35,000 member site was compromised when the hackers discovered that the admin of ST used the same password on a lot of other sites, as he does on other accounts - email etc. This is the same mistake that MediaDefender made.
The notice begins:
Now this is the story all about how Ersan’s life got flipped turned upside down and I’d like to take a minute and just sit right there and tell you how Ersan became the prince of a town called bel air. This weeks source of lulz is provided free of charge via a site called supertorrents.org and the nicest Administrator you’ve ever met, Ersan.
The hackers discovered that the same password secured the site’s PayPal donations account. They claimed that due to the admin of ST making derogatory comments about a religious group, they decided to donate all the site’s available donations - over $2000 - to an Internet portal dedicated to that same religion.
While the hackers said they had fun deleting and disabling some more minor accounts like the admins YouTube account, they had rather more malice in mind when they managed to get access to the admins Gmail account (same as MediaDefender again). They discovered the admin’s real name, address, age and even the car he drives. After having fun making a mess of the account, the hackers said: “At this point we just deleted his account, because maximum lulz were achieved.”
The hackers then accessed the site’s admin panel for communicating with their host: “we logged into his [hosts] account panel where he hosts the supertorrents seedboxes and canceled them.”
The hackers give an explanation of the way they compromised the site:
“This all began a few days ago. Me and some friends were scoping around supertorrents irc network, when we discovered that they had a public prechan. Upon discovering this moderate scene security problem some friends and I decided to check the security of said prebot, turns out it was not so secure. Upon rooting the box and grabbing the unsecure predb and some scripts to play with we then rainbow tabled’d his password hash”
The motives for hacking the site seem to be twofold. Many Scene members consider torrent sites to be to blame for compromising their security and there does seem to be indication that this provoked the hacking in part. Money is mentioned quite a lot, in that it seems the hackers are annoyed at the level of donations at SuperTorrents, even appealing to the members to consider where their money is going.
It’s also claimed that many torrent sites are getting their releases from the same place and there are suggestions that this supply to the BitTorrent community should be strangled.
No doubt the MPAA will be delighted to hear this.
Update: More information is coming through which suggests that Ersan feels that his address hasn’t been compromised and he doesn’t drive the car the hackers say he does. Ersan says that his host did not cancel the seedboxes and he further says that his Google email (far from being deleted) is actually recovered and the password has been reset. He continues: “From what I can tell, the server that they’re talking about was not rooted, but I’m going to reload the OS on it anyway. This has no effect on SuperTorrents in any way, it just screws with my personal email and finances for a few days. The worst part is not knowing the extent of the damages that have been done, if all that was done was what was stated above then I’ll be fine. If they downloaded all of my emails and chat logs or something then I have a real problem on my hands”
Update 2: The hackers seem to have responded: “Nice attempt at damage control. :/ We do have your real street address, among with a few others you were using. If we were just going to blank it out anyway, whats it matter? Shouldn’t you be happy we did that, I guess we could go with the unedited copies of your name and addresses for the third notice. You just made an order XXXXXXX.com (lol, nerd) would you like us to post the usps tracking number & address? (1) Your address is talked about many times in google chats, once again you’re lucky we dont post them here. You did buy a BRANDX(car), for $12,000. Heres some screenshots (2&3). We could always post more information about it, as we have your entire email box from a few weeks ago until now. Would you like us to? was it your father or brother that you got the carfax for, lol?”
In reponse to Ersan’s claim that the host did not cancel his servers: “Correct, [host] did not cancel your servers, they did however cancel your account. Oh well I guess we can’t win them all.”
The hackers then go on to deny that Ersan has recoverd his Gmail account and provide some sort of screenshot as proof. They also ask Ersan to stop sending ‘forgot my password’ to his own account as “it’s not helping.” They then go on to use Ersan’s real name and in what could be seen as a veiled threat say: “Be thankful Eric, that we didn’t give you the raging that was easily possible with all of the email and google chat logs we have. We PROBABLY won’t release those, but hey you never know! :)”
thanks r10t
Previously: Steal This Film 2 Goes Live
Next: Top 10 Most Popular Torrent Sites of 2007
247 Responses
Pages: « 1 2 3 [4] 5 6 7 8 9 10 » Show All
How about linking to the actual files somewhere so people can actually see the screenshots and original NFO for themselves instead of your crappy comments throughout it all.
Those hackers are so childish…bet they are under 15;)
Omg, these are just noob 18-year old script kiddies, who think they’re l33t or something just because they can use other ppl’s hax and exploit an admin who is obviously very badly rehearsed in internet security.
Well at least they act :/
I never knew that using rainbow tables was considered hacking!
OMG IM SUCH A HAX0R NOW!%!#%!@$@!
It’s more like this: Kids with nothing else to do that have some common sense, and one idiot with something to do without common sense.
[quote comment="251104"][quote comment="250993"]Honestly,im happy that this hapened,sites like these do nothin but ask for stupid donations all the time,even when content they have is not unique all the time,its so annoying.
Stuff should be free,if im supposed to pay to downlaod,i’ll just buy the damn thing,jezz.
Hack them again i say.
P.S :I know they dont force u but the situation is made as such ,that if u pay u get preference and all that,thats not cool.[/quote]
[quote comment="251045"]Fuck anyone who asks for money for torrenting - in ANY form (i.e. donations, subs, whatever.)
I pity the poor fool, but
(i) he duplicated his password across his accounts,
&
(ii) it seems he was targeted BECAUSE he’s a ‘pay-to-leech’ site.
Pretty much your own fault, dude…[/quote]
Ri-i-i-ght. So websites and servers should be bought, set up, and maintained and you a$$holes think someone else should pay for it all out of there pocket just so your cheapskate a$$ doesn’t have to contribute anything to the community. Why don’t you pinheads STFU and go leech off of some other community. Damn, there ought to be a minimum age to torrent. I’m so f’n sick of these whining juvenile crybabies who think they’re entitled to anything and everything and never give back Jack Squat.[/quote]
Want some cheese with that whine, knobchops? You’re the wanker doing all the whining.
I’m a fucking PIRATE, you twat; ergo, I don’t pay to download shit. I don’t pay the retailer & I CERTAINLY don’t pay other pirates for the privilege.
If you can’t afford to run a service, then FUCK OFF - don’t come begz0ring to me about monthly fees. I can find the downloads a thousand other places that cost fuck-all.
Now ETPOMSAD, dimbulb…
HTH HAND kthxbai
Silly wee boys! thats what i think! for anyone of them to do this to Ersan or any other Torrent site leader is a stab in the back to their own scene.
how dare these kiddies do this!
big shout out to all the Staff,mods& users at ST!
we shall, we shall not be moved!
fuck you teenie hackers :(
Damn script kiddies!!
those hackers are immature
seriously was that the first thing youve ever hacked?
calm down you sound like little kids.
admin is pretty stupid at the same time
um.. ??
Arn’t filesharers supposed to stick together?
WTF is this hacking other torrent site?
We’re under enough attack from the establishment and you go and attack your own?
I agree with Jellies.
By the way, as controversial as this situation is, a lot of you don’t seem to understand who did this. It was people with scene access, they did it because they have some type of grudge against the Super Torrents site admin and they believe that it’s a threat to scene security. It’s the scene that supplies us the torrents. Yes, this may have been a bit too harsh but that’s why you guys have to know what you’re getting into. Everyone thinks torrenting is just fun and games, ’sharing is caring’ right? Well, most of the stuff comes from the scene, that’s where the big kids play, and they don’t really like torrenting.
And cut the crap about all that hacker talk. ‘Omgz itz not haxing, h4xing is wen jooo r a reel programer, deez guyz are teh script kiddiez’. Although I agree that the word hacker has a negative connotation thanks to the media, arguing over what is and isn’t hacking is a futile attempt on the Internet. Everyone has their own views.
Peace Out
i think some of you cunts have missed the point of donations! you are not and never have been asked to give to
Super Torrents by any of the staff! it is simply a way of helping keep the site alive! so what are you all suggesting that these guys pay for all this themselves? they do enough in the rest of the work they do! i give them a few dollars every month and im proud to be a member and give them a hand in the costs!servers aint cheap,and afaik the uploaders pay for their own seedboxes not supertorrents
how many other trackers are giving every penny that comes their way to charity this month? cause we at ST are! $10.000 i believe so stfu all you hater tosspots
Soon all you hackers and thieves will have nowhere to steal your content, the adult industry is going to shut you all down! viva la gfy.com
hackers my ass.
Just a bunch of skinny losers who can’t get laid and try to take their frustrations on others…
Pathetic… And it gives a bad rep to real hackers. A shame really..
[quote comment="251017"]The actual .rars that were released:
Part1: http://uploaded.to/file/o0nn4d
Part2: http://rapidshare.com/files/79729242/SuperTorrents.Got.Owned.Ersan.Got.Raped.TOTALOWNAGE.READ.NFO.PART.2-CELLKILL.rar
Enjoy!![/quote]
Pictures where saved using paint…
true hackers indeed
[quote comment="251045"]Fuck anyone who asks for money for torrenting - in ANY form (i.e. donations, subs, whatever.)
I pity the poor fool, but
(i) he duplicated his password across his accounts,
&
(ii) it seems he was targeted BECAUSE he’s a ‘pay-to-leech’ site.
dude…[/quote]
Pretty much your own fault,
i am a member at ST and i want to correct you m8 ST is not pay to leech! anyways it is one of the fastest sites and you get very clean files,can you say that about other public and private trackers? no thought not and oi speak from experience as im a member of quite a few trackers of both types!
[quote comment="251284"][quote comment="251045"]Fuck anyone who asks for money for torrenting - in ANY form (i.e. donations, subs, whatever.)
I pity the poor fool, but
(i) he duplicated his password across his accounts,
&
(ii) it seems he was targeted BECAUSE he’s a ‘pay-to-leech’ site.
dude…[/quote]
i am a member at ST and i want to correct you m8 ST is not pay to leech! anyways it is one of the fastest sites and you get very clean files,can you say that about other public and private trackers? no thought not and oi speak from experience as im a member of quite a few trackers of both types![/quote]
“with hackers gaining access to private accounts from which the donated all the site’s money to a religious group.”
this is clearly a misleading tagline, as you clearly stated, 2000 dollars was taken, not ALL the site’s money.
To the people saying most of the stuff on P2P is from the scene: a lot, certainly - most of the pre-release stuff, but certainly not everything.
[quote=251246]
Want some cheese with that whine, knobchops? You’re the wanker doing all the whining.
I’m a fucking PIRATE, you twat; ergo, I don’t pay to download shit. I don’t pay the retailer & I CERTAINLY don’t pay other pirates for the privilege.
If you can’t afford to run a service, then FUCK OFF - don’t come begz0ring to me about monthly fees. I can find the downloads a thousand other places that cost fuck-all.
Now ETPOMSAD, dimbulb…
HTH HAND kthxbai[/quote]
Idiot. Your arguement might be more convincing if it wasn’t so full of shit. If it was compulsory to donate to use the site. It isn’t. Demonising sites that ask for donations doesn’t help, and whats more why dont u just try and find a torrent site that doesn’t have donations button. You wont find one that has any decent quality of service.
The only difference here is that you get something back if you choose to - something you don’t on a lot.
They lol to damn funny Supertorrents deserved this. For one there IRC is fckn rude the admin/mods are self centered this ade the rest of my year what a nice top off rolmfaoooooooo
1+ to the hackers ;)
SO THE SITE GOT HACKED BY SOME INDIANS???
I responded again, fyi… Apparently nobody read that one.
Once again, I do not have a lexus, I thought about buying one but there’s no way I can afford it, the VIN numbers I looked up were for my father, he works for the florida government in law enforcement and wanted to run title searches on the two cars I looked up - run your own history reports and you’ll see that there was no title transfer in the last several months. I drive a 1993 honda accord that I bought from my dad’s friend for $2500 and recently replaced the engine in, which is something I talked about on IRC quite a bit… (if any of that is important to you)
Softlayer did not cancel my account, and I currently have full access to it, the subaccount they had access to has been disabled.
The only thing I don’t have access to anymore is my e-mail.
Apparently google didn’t reset my password, it will ‘take up to 15 business days to investigate the issue’ and they probably do have my real address, but the one on softlayer is somewhere I haven’t lived in months… There’s nothing I can do about that, the only thing I can do is wait for google. I have no control over what these people do with my information - I do hope there’s no public release of my home address or I will be forced to move, my name is not so important. If anyone knows how to contact google directly please let me know, otherwise I have no more options but to wait for them to ‘investigate’…
Let me stress again that none of this affects supertorrents in any way, it only affects me personally, the passwords and e-mail addresses associated with ST are different than my personal ones - whether that was their intention or not is something I don’t know.
Additionally, the money was returned by paypal within 2 days and they have no control over the account, so this article’s title is misleading.
When i go to the store to get milk i dont pay for it anymore.. i donate and the store gives me soma milk as a thank you….
scene 1 p2p 0
absolutely bloody pointless. if the scene is to blame - fuck the scene. I can get my rips elsewhere and, hell, I can even live without cracks.
Pages: « 1 2 3 [4] 5 6 7 8 9 10 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.