Hackers Run Wild Spending BitTorrent Tracker’s Donations
Written by enigmax on December 29, 2007The SuperTorrents BitTorrent tracker has been the subject of a major security breach, with hackers gaining access to private accounts from which they donated all the site’s money to a religious group. The hackers even went as far as contacting the site’s host and canceled all of their seedboxes.
Earlier this year, the anti-piracy company MediaDefender was torn apart when its email system was compromised and hackers laid the company’s secrets bare for the world to see. Some months later, the SuperTorrents (ST) BitTorrent tracker has been the victim of hackers. According to a so-called ’scene notice’ circulating at the moment, the 35,000 member site was compromised when the hackers discovered that the admin of ST used the same password on a lot of other sites, as he does on other accounts - email etc. This is the same mistake that MediaDefender made.
The notice begins:
Now this is the story all about how Ersan’s life got flipped turned upside down and I’d like to take a minute and just sit right there and tell you how Ersan became the prince of a town called bel air. This weeks source of lulz is provided free of charge via a site called supertorrents.org and the nicest Administrator you’ve ever met, Ersan.
The hackers discovered that the same password secured the site’s PayPal donations account. They claimed that due to the admin of ST making derogatory comments about a religious group, they decided to donate all the site’s available donations - over $2000 - to an Internet portal dedicated to that same religion.
While the hackers said they had fun deleting and disabling some more minor accounts like the admins YouTube account, they had rather more malice in mind when they managed to get access to the admins Gmail account (same as MediaDefender again). They discovered the admin’s real name, address, age and even the car he drives. After having fun making a mess of the account, the hackers said: “At this point we just deleted his account, because maximum lulz were achieved.”
The hackers then accessed the site’s admin panel for communicating with their host: “we logged into his [hosts] account panel where he hosts the supertorrents seedboxes and canceled them.”
The hackers give an explanation of the way they compromised the site:
“This all began a few days ago. Me and some friends were scoping around supertorrents irc network, when we discovered that they had a public prechan. Upon discovering this moderate scene security problem some friends and I decided to check the security of said prebot, turns out it was not so secure. Upon rooting the box and grabbing the unsecure predb and some scripts to play with we then rainbow tabled’d his password hash”
The motives for hacking the site seem to be twofold. Many Scene members consider torrent sites to be to blame for compromising their security and there does seem to be indication that this provoked the hacking in part. Money is mentioned quite a lot, in that it seems the hackers are annoyed at the level of donations at SuperTorrents, even appealing to the members to consider where their money is going.
It’s also claimed that many torrent sites are getting their releases from the same place and there are suggestions that this supply to the BitTorrent community should be strangled.
No doubt the MPAA will be delighted to hear this.
Update: More information is coming through which suggests that Ersan feels that his address hasn’t been compromised and he doesn’t drive the car the hackers say he does. Ersan says that his host did not cancel the seedboxes and he further says that his Google email (far from being deleted) is actually recovered and the password has been reset. He continues: “From what I can tell, the server that they’re talking about was not rooted, but I’m going to reload the OS on it anyway. This has no effect on SuperTorrents in any way, it just screws with my personal email and finances for a few days. The worst part is not knowing the extent of the damages that have been done, if all that was done was what was stated above then I’ll be fine. If they downloaded all of my emails and chat logs or something then I have a real problem on my hands”
Update 2: The hackers seem to have responded: “Nice attempt at damage control. :/ We do have your real street address, among with a few others you were using. If we were just going to blank it out anyway, whats it matter? Shouldn’t you be happy we did that, I guess we could go with the unedited copies of your name and addresses for the third notice. You just made an order XXXXXXX.com (lol, nerd) would you like us to post the usps tracking number & address? (1) Your address is talked about many times in google chats, once again you’re lucky we dont post them here. You did buy a BRANDX(car), for $12,000. Heres some screenshots (2&3). We could always post more information about it, as we have your entire email box from a few weeks ago until now. Would you like us to? was it your father or brother that you got the carfax for, lol?”
In reponse to Ersan’s claim that the host did not cancel his servers: “Correct, [host] did not cancel your servers, they did however cancel your account. Oh well I guess we can’t win them all.”
The hackers then go on to deny that Ersan has recoverd his Gmail account and provide some sort of screenshot as proof. They also ask Ersan to stop sending ‘forgot my password’ to his own account as “it’s not helping.” They then go on to use Ersan’s real name and in what could be seen as a veiled threat say: “Be thankful Eric, that we didn’t give you the raging that was easily possible with all of the email and google chat logs we have. We PROBABLY won’t release those, but hey you never know! :)”
thanks r10t
Previously: Steal This Film 2 Goes Live
Next: Top 10 Most Popular Torrent Sites of 2007
247 Responses
Pages: « 1 2 3 4 5 6 [7] 8 9 10 » Show All
this is funny
im going to trust my instinct and say this guy deserved it
“The SuperTorrents BitTorrent tracker has been the subject of a major security breach, with hackers gaining access to private accounts from which the donated all the site’s money to a religious group. The hackers even went as far as contacting _the_ site’s host and canceled all of their seedboxes.”
It should be they, not the.
#21 the first link is dead, care to repost?
thanks
just out of curiosity, what religion did they donate the stolen cash to?
I think these guys are hired. Goons man, I mean, sure if he’s spending his donations on a new lexus then maybe people should be told so they can stop donating. But server costs are a real consideration. These thugs are probably hired by the MPAA to do this kind of shit. Get real, hack shit that needs hacking. Otherwise, your just a fag with a piece.
working for the MPAA is worse than being a coke whore
Someone should do this to SCT, greedy fuckers.
@Free Pirate Allaince
They donated to the Sikh religion.
^ More specifically, waheguroo.com
[quote comment="251246"][quote comment="251104"][quote comment="250993"]Honestly,im happy that this hapened,sites like these do nothin but ask for stupid donations all the time,even when content they have is not unique all the time,its so annoying.
Stuff should be free,if im supposed to pay to downlaod,i’ll just buy the damn thing,jezz.
Hack them again i say.
P.S :I know they dont force u but the situation is made as such ,that if u pay u get preference and all that,thats not cool.[/quote]
[quote comment="251045"]Fuck anyone who asks for money for torrenting - in ANY form (i.e. donations, subs, whatever.)
I pity the poor fool, but
(i) he duplicated his password across his accounts,
&
(ii) it seems he was targeted BECAUSE he’s a ‘pay-to-leech’ site.
Pretty much your own fault, dude…[/quote]
Ri-i-i-ght. So websites and servers should be bought, set up, and maintained and you a$$holes think someone else should pay for it all out of there pocket just so your cheapskate a$$ doesn’t have to contribute anything to the community. Why don’t you pinheads STFU and go leech off of some other community. Damn, there ought to be a minimum age to torrent. I’m so f’n sick of these whining juvenile crybabies who think they’re entitled to anything and everything and never give back Jack Squat.[/quote]
Want some cheese with that whine, knobchops? You’re the wanker doing all the whining.
I’m a fucking PIRATE, you twat; ergo, I don’t pay to download shit. I don’t pay the retailer & I CERTAINLY don’t pay other pirates for the privilege.
If you can’t afford to run a service, then FUCK OFF - don’t come begz0ring to me about monthly fees. I can find the downloads a thousand other places that cost fuck-all.
Now excuse me, dimbulb…
I need to go wank myself to pictures of little boys[/quote]
“I’m a fucking PIRATE, you twat; ergo, I don’t pay to download shit.”
A pirate? ROTFLMAO! You’re not a pirate, you uneducated cunt. You’re just a fucking leech. But keep clicking your high heels together sweetheart and repeating “I am too a pirate, I really, really am!” Maybe Mommy will believe you.
“I can find the downloads a thousand other places that cost fuck-all.”
I have serious doubts that a girly knob-polisher like you could find her bum with both hands. And watch your language or Mommy spank. :P
Goddammit anonymous. Why don’t you go after somebody worth a lulzy damn *cough*nbcdateline*cough.
[quote comment="251519"]Goddammit anonymous. Why don’t you go after somebody worth a lulzy damn *cough*nbcdateline*cough.[/quote]
They’re not anon you fucking moron, they’re the same script kiddies who took down ‘ebaumsworld’ the last time, teamloosh and diditforthelulz. they’re not the real /i/insurgents.
Sounds like there’s a bunch of underaged faggots in this thread bawwing about how much it takes to get a torrent site running.
Well guess what? Before there was torrents, people were able to get files just fine. Torrents only make it so morons like you are able to get them and that makes the smart ones who used to be relatively under the radar more at risk. If you can’t afford to pay for a torrent site without begging for donations then you shouldn’t be running one. The worst are sites like this that are pay to leech.
Long live Ebaums, I hope you hack some more of these shitty torrent sites in the future.
I leech and so what? My current ratio on the only private site I’m registered to is .002. If it wasn’t for leechers, you faggots wouldn’t be able to stroke your e-penis by bragging about how high your ratio is.
Suck a dick, faggots.
ok, so basically they “hacked” ST because they didn’t get an account/invitation or they didn’t want to donate money… whoa.
>for the lulz
>the lulz
>lulz
facepalm.jpg
[quote comment="251100"]By the way the amount of donations he was recieving are FAR more than the server maintenance costs. Who says he was donating all the money to charity? Where is the evidence of that? The only expense I see is a new Lexus.[/quote]
…yes…a twelve thousand dollar ($12,000) Lexus…remind me to get one of those.
[quote comment="251154"]first he uses the same passwords everywhere. Then he tells the world his dad works for the government in law enforcement ? Not the brightest kid, I hope his dad forgives him if his son ever gets arrested and the media has a field day with that fact that its a son of a top law enforcement agent. That sounds like something that would ruin his career.
Oh well, hopefully nothing else bad happens because of all of this.[/quote]
“Top Law Enforcement Agent”.
Either that, or he’s a cop, and his son asked him to double check some VINs to make sure he’s making a legal purchase. w/e.
[quote comment="251219"][quote comment="251186"]I f-ing hate people who fudge with other peoples business. Do you think your providing some sort of justice? I mean come on you not only scare the shit out of all ST users and you make the admins life miserable. Shame on you for hurting people you don’t even know. I don’t care if he’s using the money for a car or whatever, as long as the site stays online and satisfies the latest torrent releases what does it matter.
Oh look I have mad hacking skillz I can use the same password that i stole on all these other sites. - Lame, you should rot in hell loser[/quote]
Ersan has been known over the years to make enemies very fast and he has screwed over many people over the years. Basically what goes around comes around. I agree it’s fucked up to put someones info out like that…but if you dont go around fucking with other people then you yourself won’t be fucked with.
BTW is it not unfair that ST users donate their hard earned money and then the site owner uses that money to buy a lexus? I mean comon, im sure the users donate money to keep the site running. Not so some teenager can roll around in a lexus.[/quote]
If you could specify how the admin was making enemies / abusing his privileges, that’d be great.
People donating money to his site expected him to use it FOR the site… yes, that does make sense.
But once he’s got the site covered, I think its legit that he spend the remains on himself; personally I have no problem with him putting in the time and money to make the site optimal, then keeping the remainder.
Really, its like tipping a waiter, or patting a bud on the back after he’s finished a big project; “don’t muzzle the ox that’s doing the threshing for you” or whatever.
Anyway, this guy pulled a couple of lame stunts, okay; I don’t know him at all. Anybody care to clarify _what_ lame stunts he pulled?
[quote comment="251287"][quote comment="251284"][quote comment="251045"]Fuck anyone who asks for money for torrenting - in ANY form (i.e. donations, subs, whatever.)
I pity the poor fool, but
(i) he duplicated his password across his accounts,
&
(ii) it seems he was targeted BECAUSE he’s a ‘pay-to-leech’ site.
dude…[/quote]
i am a member at ST and i want to correct you m8 ST is not pay to leech! anyways it is one of the fastest sites and you get very clean files,can you say that about other public and private trackers? no thought not and oi speak from experience as im a member of quite a few trackers of both types![/quote][/quote]
if it weren’t for the scene there wouldn’t be anything to torrent.
scene owns p2p
[quote comment="251329"]absolutely bloody pointless. if the scene is to blame - fuck the scene. I can get my rips elsewhere and, hell, I can even live without cracks.[/quote]
Yes, erm, good luck getting your rips elsewhere :)
rips are children of the scene >_>
Guys Supertorrents is still one of the best private trackers in the world. They have all the best scene releases the earliest.
I never donated, and I don’t think Eric’s a douche. He may have fucked up with his passwords and creating the security problem with the prechan but whatev.
You gotta let the donation thing go it doesn’t mean shit.
Srsly, think about how much shit we’ve all gotten for free. If someone dumped 20 bucks for membership to ST for access to the best new scene release shit (and this is all ST is good for) then so be it. I never paid for my membership but I mean I’d happily dump that much for fast access to good new releases. It’s kind of hard to whine about donations when we already get all our shit free. ST users (who donated for memberships) simply get it faster than most, which is why they chose to donate.
Fuck ‘SCENE’
Pages: « 1 2 3 4 5 6 [7] 8 9 10 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.