Hackers Run Wild Spending BitTorrent Tracker’s Donations
Written by enigmax on December 29, 2007The SuperTorrents BitTorrent tracker has been the subject of a major security breach, with hackers gaining access to private accounts from which they donated all the site’s money to a religious group. The hackers even went as far as contacting the site’s host and canceled all of their seedboxes.
Earlier this year, the anti-piracy company MediaDefender was torn apart when its email system was compromised and hackers laid the company’s secrets bare for the world to see. Some months later, the SuperTorrents (ST) BitTorrent tracker has been the victim of hackers. According to a so-called ’scene notice’ circulating at the moment, the 35,000 member site was compromised when the hackers discovered that the admin of ST used the same password on a lot of other sites, as he does on other accounts - email etc. This is the same mistake that MediaDefender made.
The notice begins:
Now this is the story all about how Ersan’s life got flipped turned upside down and I’d like to take a minute and just sit right there and tell you how Ersan became the prince of a town called bel air. This weeks source of lulz is provided free of charge via a site called supertorrents.org and the nicest Administrator you’ve ever met, Ersan.
The hackers discovered that the same password secured the site’s PayPal donations account. They claimed that due to the admin of ST making derogatory comments about a religious group, they decided to donate all the site’s available donations - over $2000 - to an Internet portal dedicated to that same religion.
While the hackers said they had fun deleting and disabling some more minor accounts like the admins YouTube account, they had rather more malice in mind when they managed to get access to the admins Gmail account (same as MediaDefender again). They discovered the admin’s real name, address, age and even the car he drives. After having fun making a mess of the account, the hackers said: “At this point we just deleted his account, because maximum lulz were achieved.”
The hackers then accessed the site’s admin panel for communicating with their host: “we logged into his [hosts] account panel where he hosts the supertorrents seedboxes and canceled them.”
The hackers give an explanation of the way they compromised the site:
“This all began a few days ago. Me and some friends were scoping around supertorrents irc network, when we discovered that they had a public prechan. Upon discovering this moderate scene security problem some friends and I decided to check the security of said prebot, turns out it was not so secure. Upon rooting the box and grabbing the unsecure predb and some scripts to play with we then rainbow tabled’d his password hash”
The motives for hacking the site seem to be twofold. Many Scene members consider torrent sites to be to blame for compromising their security and there does seem to be indication that this provoked the hacking in part. Money is mentioned quite a lot, in that it seems the hackers are annoyed at the level of donations at SuperTorrents, even appealing to the members to consider where their money is going.
It’s also claimed that many torrent sites are getting their releases from the same place and there are suggestions that this supply to the BitTorrent community should be strangled.
No doubt the MPAA will be delighted to hear this.
Update: More information is coming through which suggests that Ersan feels that his address hasn’t been compromised and he doesn’t drive the car the hackers say he does. Ersan says that his host did not cancel the seedboxes and he further says that his Google email (far from being deleted) is actually recovered and the password has been reset. He continues: “From what I can tell, the server that they’re talking about was not rooted, but I’m going to reload the OS on it anyway. This has no effect on SuperTorrents in any way, it just screws with my personal email and finances for a few days. The worst part is not knowing the extent of the damages that have been done, if all that was done was what was stated above then I’ll be fine. If they downloaded all of my emails and chat logs or something then I have a real problem on my hands”
Update 2: The hackers seem to have responded: “Nice attempt at damage control. :/ We do have your real street address, among with a few others you were using. If we were just going to blank it out anyway, whats it matter? Shouldn’t you be happy we did that, I guess we could go with the unedited copies of your name and addresses for the third notice. You just made an order XXXXXXX.com (lol, nerd) would you like us to post the usps tracking number & address? (1) Your address is talked about many times in google chats, once again you’re lucky we dont post them here. You did buy a BRANDX(car), for $12,000. Heres some screenshots (2&3). We could always post more information about it, as we have your entire email box from a few weeks ago until now. Would you like us to? was it your father or brother that you got the carfax for, lol?”
In reponse to Ersan’s claim that the host did not cancel his servers: “Correct, [host] did not cancel your servers, they did however cancel your account. Oh well I guess we can’t win them all.”
The hackers then go on to deny that Ersan has recoverd his Gmail account and provide some sort of screenshot as proof. They also ask Ersan to stop sending ‘forgot my password’ to his own account as “it’s not helping.” They then go on to use Ersan’s real name and in what could be seen as a veiled threat say: “Be thankful Eric, that we didn’t give you the raging that was easily possible with all of the email and google chat logs we have. We PROBABLY won’t release those, but hey you never know! :)”
thanks r10t
Previously: Steal This Film 2 Goes Live
Next: Top 10 Most Popular Torrent Sites of 2007
247 Responses
Pages: « 1 2 3 4 5 6 7 [8] 9 10 » Show All
…DAMN YOU E/b/AUMS!!!!!!!
Suptertorrents is not a “pay-to-leech” site.
Supertorrents is an exclusive torrent site that takes donations. They’re exlusive because they offer the newest and best scene release files faster than just about every other site, and definitely faster than all public sites.
People are “paying” (the wrong term to use) for access to a private tracker that will get them that screener before any other site does.
Stop being butthurt just cause you feel excluded.
Supertorrents is a free site.
Supertorrents just had an open sign up on Dec. 23rd.
To all the whiners: You don’t know what you’re talking about. You merely heard somewhere somone’s claim that ST was “making people pay to leech files” so you got up in arms to support the anonymous borg/scenefags who chose to claim they were acting in the scenes interests.
And for the others stop being butthurt just because you can’t find an invite.
Supertorrents is free.
safer than public sites are they ?
i dont think so.
pay to leech site ?
again i dont think so.
did they deserve this ?
no!
even tho i detest private sites this is not good,all you ppl saying its a pay to leech site are either just jealous or are still waiting for your balls to drop and need something to aleveate the boredom!
funny i thought bittorrent was a community that stuck together(even tho some think private sites are the way to go. not!!)
bittorrent is for sharing with the world not just a few you allow in to your little corner of the world.
one day these ppl will understand this.
i have never used supertorrents or any other site that deprives the bittorrent community, and never will but what happened here is just pathetic!
hope you guys recover from this and sort your shit out.
…. and the idiocy continues.
Who wins with all this name-calling and other assorted lamery ?
Is it ever good to burn your bridges with others by letting your temper get the better of you ?
You guys that say your from the scene are in the minority here so have some respect for others doing their own thing, we dont come and laugh when you guys get hit by the feds so why come here to poke fun ?
Whilst I dont agree 90% of flicks and warez come via the scene as I know different, a large portion of fresh content does come from these guys and most folks are more than pleased to get the “overspill” from their plates, its not about money you people are getting sucked into some BS here thats a waste of your time, lets go back to our corners and leave this situation to those involved in it, some site guy and some children, united we stand ppl.
The bottom line here is simple, keep the security high and resist the urge to use the same password wherever you travel on the net, and the last rule I urge you to stick to is the simplest one, respect others until they are shown as unworthy of it.
@Everyone
The ST community was deserving of what they got. The scene gets so much unwanted attention, from idiots using p2p applications such as bittorrent. I hope these hackers continue to do the same with the rest of the garbage out there.
Anyone who rejoices in the fall of a fellow p2p site or app, for whatever reason, is ignorant. :) That’s all I have to say on the subject.
I can’t believe that people are actually supporting any of these hackers. It proves once again that there should be a 13 year age-limit on the internet. In such case we’d maybe get to see some proper capitalization and idiots like zarathustra would be somewhere else.
How cute, little channies at it again… This is what happens to spoiled kids with time, ready-made no-brainer technology and no aims in life, they pester people anonomously.
http://www.youtube.com/watch?v=9pyR_90RdOg
lulz, hackers on steoids. Video related.
This is a CRACKER not a hacker, -please- get it right people.
i-hacked.com
Kinda funny really
[quote comment="251834"]I can’t believe that people are actually supporting any of these hackers. It proves once again that there should be a 13 year age-limit on the internet. In such case we’d maybe get to see some proper capitalization and idiots like zarathustra would be somewhere else.[/quote]
I can’t believe you’re not a pimply-faced virgin. Show me where I haven’t used proper capitalisation, you Dubya-voting ‘merkin dumbfuck.
Can’t? Thought not, shit-for-brains.
Autolame Grade: D- ‘Cretin’
P.S. Perhaps not an age limit, but an IQ limit. That’d keep tards like you off the ‘net, & back on your V-Tech ‘Speak-n-Spell’…
Gees, what ASSholes!
Won’t someone change zarathustra’s diapers? :P
Since none of you seem to bother reading anything, here’s a picture…
http://i13.tinypic.com/82iiro3.gif
I got the money back in 2 days… This article is ridiculous, and apparently rephrasing ’scene notices’ (and I use that term loosely) passes for news on this site…
they deserve it, how does it feel to be on the other end of the stick
serves you guys right
Pathetic in both parties cases. The idiot that used the same password “Because its conviniant” and the “Hackers” that had nothing better to do then take over someones life.
With so much happening in the world and you choose to do something so pointless as this? Just keep in mind that their is always someone better.
&
Their is always someone watching.
people the amount of time someone has to put into running the site is a lot
if i was running a site like that i would want to make some money off of it for the amount of time i am putting on it
[quote comment="251946"]Won’t someone change zarathustra’s diapers? :P[/quote]
Fixated much? =]
[quote comment="251095"][…]
Your response is awaiting moderation.
^^^
i see the nazi are in control of this website as well[/quote]
I call Godwin’s Law
what a bunch of retards (the religion supporting hackers and the dumb admin)
WE WANT TOLERANCE FOR OUR RELIGION!
Now, you better begin to accept us as we completely screw with your life.
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
shills shills shills
bullshit and lies
[quote comment="251255"]um.. ??
Arn’t filesharers supposed to stick together?
WTF is this hacking other torrent site?
We’re under enough attack from the establishment and you go and attack your own?[/quote]
no scen hates the torrent sites .. its not torrent vs torrent its about
distrubter vs retailer.
Pages: « 1 2 3 4 5 6 7 [8] 9 10 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.