OiNK Database Didn’t ‘Self Destruct’, Wasn’t Encrypted But Users Safe?
Written by enigmax on October 25, 2007Following the raid at OiNK, many of the 180,000 members are very concerned about what’s happening with their details. The rumor: The OiNK database was encrypted and self-destructed. The truth: It wasn’t and it didn’t but ex-users still might be safe. In the meantime, OiNK got fired from his job.
Yesterday, in the wake of the OiNK takedown, we made a report about possible action against Norwegian BitTorrent trackers. In it we revealed that a tipoff suggested that the OiNK database had been equipped with a ’self-destruct’ mechanism and was also encrypted.
‘OiNK’ himself participated in a short Q&A and the truth is that this is not the case. Here is a rundown of the salient points:
The raid was completely unexpected and came with no warning at all but steps had already been taken to protect the users. Although there was no ’self-destruct’ or encryption according to OiNK, “the logs we store aren’t enough to incriminate users.” This will come as a huge relief to ex-members of OiNK.
A Cleveland Police spokesman told The Telegraph: “It is too early to tell if we will go after individuals, it all depends on what we find.”
OiNK is accused of conspiracy to defraud and copyright infringements with police questioning OiNK for hours after which he was eventually released. It became apparent that the police had limited technical knowledge which, according to OiNK “made the interview quite amusing.”
OiNK’s father - who was also dragged into this, is fine - although the police took his laptop.
There was an implication that a backup of the site may exist, although this is unconfirmed and there is no news yet that the forums will be restored for the purposes of music discussion. Additionally, it’s unclear if OiNK remains the owner of the OiNK.CD domain.
Sites have been cropping up claiming to collect donations for legal defense but according to OiNK there aren’t any that potential donators should feel comfortable donating to right now.
Certain changes had been made to the OiNK site and IRC channel in recent weeks security-wise and there was a suggestion that this may have been because a raid was expected. OiNK has denied this and confirmed these changes were a coincidence.
In echoes of what happened to Alexander Hanff (admin of the BitTorrent tracker DVDR-Core) Alan Ellis aka OiNK has been fired from his IT Consultant job following the raid but has refused to elaborate on what grounds his employer - Virgin Media in Stockton-on-Tees - chose to dismiss him.
It’s hugely commendable that OiNK has taken the time to come out and give the community timely facts. Alan told The Daily Telegraph: “I haven’t done anything wrong. I don’t believe my website breaks the law. They don’t understand how it works.”
Stay Tuned
Update: Seems like someone involved in the takedown left an administrative message on the OiNK site (thanks for the tips DaanRiver and R10T):
Previously: University Raids Graduate Student Office for Using BitTorrent
Next: The Pirate Bay To Bring Back OiNK
172 Responses (Add yours or TrackBack)
Pages: [1] 2 3 4 5 6 7 » Show All
I can imagine what the interview was like.
Police: “Is it true you’ve been downloading music on to your website?”
OiNK: **Chuckles**
Does this mean all private tracker sites dont hold enough user information to incriminate them?!
wow thats good info thanks homie
‘pedro’: flacinhell in action again
I feel a bit safer now- it’s a bit unnerving knowing someone else is trying to track you down!
I wish all the best to Oink, I’m sure he will prevail and go on to better things.
since the feds now have access to oink’s paypal account, they can easily go after all the oink doners based on paypal transaction id #s.
any doners try to close their paypal account yet?
[quote comment="195332"]Does this mean all private tracker sites dont hold enough user information to incriminate them?![/quote]
The evidence sitting in databases and log files is purely circumstantial. It gives figures for how much you *might* have uploaded and downloaded, but is not evidence that you have ever up/downloaded any copyrighted material.
As to the self destruct and encryption claims, I explained elsewhere (FST) why they were BS. It’s easy enough to see right through those claims if you have even the slightest experience.
since the feds now have access to oink’s paypal account, they can easily go after all the oink doners based on paypal transaction id #s.
any doners try to close their paypal account yet?
again they cannot go after paypal accounts those wher DONATIONS
OiNk simple was giving the opportunity to share your music with people around the world. thats the main point. why is it illegal? yes maybe some guys are, seeders, but there wasnt anything wrong with laws concerning OiNK.
Why can they use his domain? It is so retarded. I hope there is a inquiry into this. Did they hack it or did the host allow them to change it?
well im glad its safe to say the logs didnt have enough evidence to incriminate the users
Are oink and tmt 2 different persons?
Thanks for giving us an update OiNK, good luck
[quote comment="195379"]Why can they use his domain? It is so retarded. I hope there is a inquiry into this. Did they hack it or did the host allow them to change it?[/quote]
im sure that once they found the servers where he was hosting the site, they took the servers and left some linux box to broadcast the little ifpi message
[quote comment="195345"]since the feds now have access to oink’s paypal account, they can easily go after all the oink doners based on paypal transaction id #s.
any doners try to close their paypal account yet?[/quote]
On what grounds?
The people that say they know about computers. I can’t believe how much alot of them actually DON’T know. When I read the article hinting at a ’self destruct’ and database encrypting, I immediately thought ‘ah ha…NO!’
Although they sound really cool and very useful, there is a high probability that those mechanisms wouldn’t of been in place for obvious reasons.
The auto self destruct while possibly very sneaky wouldn’t of been used because of the very high possibility that something could of gone wrong and the entire DB would of been lost. For example the ISP could of had unforseen network downtime for a few hours. A piece of hardware could of failed. Simple common things such as this could of easily stopped the server from receiving it’s “do not destroy” messages and would of easily resulted in loss of the entire DB.
Full DB encryption…You wish…First of all encryption hampers performance and slows things down. This may be ok for a small site, but for the number of users that OiNK had this would of cut severly into their servers’ resources. Secondly for a website that has information that can change and needs to also be retrieved from the database and displayed in a human readable form, means that the data needs to be able to be decrypted. So not only would you be wasting resources encrypting the data, you’d also spend the same amount of time decrypting it. If you did need to decrypt data then you’d need to know what the formula and key is that was used in the first place. The formula or key has to be stored somewhere in a readable manner. Thus making the whole thing useless once the key is found out.
Some things such as usernames, passwords, or even IPs (for tracking ratio data etc) for indivisual user account can be encrypted using 1 way encryption, as you don’t need to know display these things to a human. The moment information needs to become readable you need to either be able to decrypt it with a known key or not encrypt it in the first place.
While private trackers may be harder to join, the moment the “bad” people get in, your only hope is that the private tracker doesn’t keep track of anything. In which case, this usually doesn’t happen because they’re trying to enforce share ratios. A lot of private trackers record not only your share ratio and IP, but each torrent you ever downloaded/uploaded. At the moment the safest private tracker is one that only records your share ratio and nothing else. The next safest private tracker is one that records nothing identifiable, and at the moment I have yet to see this. Doing this also sort of defeats the purpose of being a private tracker, unless you want a private community that doesn’t care about share ratios
they should setup servers in areas that are rigged with explosives. any one enters the server room without disarming the explosives, BOOM!
yes, i am a twisted fuck. but i think it would serve those who break the law right. by break the law, i mean the raiders, not the server hosts.
just thinking about something… I know they can’t get at me for donating to OiNK, but couldn’t they find out my name, realise that I’ve been using OiNK, come to my house, seize my computers and find out that I have indeed uploaded music illegaly to other people?
i’m thinking about selling my 2 computers i’ve used to download and get me 2 new ones…
OiNK,
You are a god!
I don’t care what anyone else says,
You have made me buy more Cds then in the limewire days and before that.
The users have shown me some great bands that have changed my life, as sad as it sounds, I am so into some many different types of music right now that it as opened up a whole new life for me.
As sad as it all sounds, its true =P
In OiNK we trust!
There are short circuits that you can setup in a db. Granted they can only be as good as the programmer/implementer that designed them. Anyone who has coded to a decent degree knows that you can obfuscate to no end to make things more difficult to take apart. Regardless, oink knew this day would come sooner or later and sounds like he had good plans in place. Thanks oink.
“Criminal investigation by IFPI [...]“?? This is usually only done by the police, and only the police, not by an organization representing the artists.
Investigation should always be done by the (neutral) police, and not by an organization with huge interest in a conviction, who collect evidence based on this and say to the media that the accused is guilty.
[quote comment="195341"]‘pedro’: flacinhell in action again[/quote]
Dude…I forgot about that asshole. What a prick. Not surprised he would stoop so low.
How long will ppl keep asking these stupid questions!?
This is why p2p has such a bad reputation - a lot of the users know virtually nothing about what they’re doing but still feel so l33t because you joined some site.
All you idiots (and I’m NOT talking about every member here) do not deserve to get anything for free… just go and buy your crap!!!
And YES! You will have to burn all your computers cancel all your internet subscriptions and never come back… the net will be a better place without you.
oinkybank seems to be getting a lot of donations
looks like oink will be able to afford OJ’s lawyer soon.
oh wait, he’s dead.
damn
[quote comment="195396"]The people that say they know about computers. I can’t believe how much alot of them actually DON’T know. When I read the article hinting at a ’self destruct’ and database encrypting, I immediately thought ‘ah ha…NO!’
Although they sound really cool and very useful, there is a high probability that those mechanisms wouldn’t of been in place for obvious reasons.
The auto self destruct while possibly very sneaky wouldn’t of been used because of the very high possibility that something could of gone wrong and the entire DB would of been lost. For example the ISP could of had unforseen network downtime for a few hours. A piece of hardware could of failed. Simple common things such as this could of easily stopped the server from receiving it’s “do not destroy” messages and would of easily resulted in loss of the entire DB.
Full DB encryption…You wish…First of all encryption hampers performance and slows things down. This may be ok for a small site, but for the number of users that OiNK had this would of cut severly into their servers’ resources. Secondly for a website that has information that can change and needs to also be retrieved from the database and displayed in a human readable form, means that the data needs to be able to be decrypted. So not only would you be wasting resources encrypting the data, you’d also spend the same amount of time decrypting it. If you did need to decrypt data then you’d need to know what the formula and key is that was used in the first place. The formula or key has to be stored somewhere in a readable manner. Thus making the whole thing useless once the key is found out.
Some things such as usernames, passwords, or even IPs (for tracking ratio data etc) for indivisual user account can be encrypted using 1 way encryption, as you don’t need to know display these things to a human. The moment information needs to become readable you need to either be able to decrypt it with a known key or not encrypt it in the first place.
While private trackers may be harder to join, the moment the “bad” people get in, your only hope is that the private tracker doesn’t keep track of anything. In which case, this usually doesn’t happen because they’re trying to enforce share ratios. A lot of private trackers record not only your share ratio and IP, but each torrent you ever downloaded/uploaded. At the moment the safest private tracker is one that only records your share ratio and nothing else. The next safest private tracker is one that records nothing identifiable, and at the moment I have yet to see this. Doing this also sort of defeats the purpose of being a private tracker, unless you want a private community that doesn’t care about share ratios[/quote]
It wouldn’t be that hard to create encrypted environment for a tracker. Even basic Debian installer offers encrypted LVM partitions and the performance hit is only few per cents of CPU time and if that is a concern you can always create temporary disk in memory and use the critical parts of the database from there and sync periodically to physical disk. Even better option is to buy faster processor because hardware is cheap compared to what you might have to pay once you are caught by the police.
Pages: [1] 2 3 4 5 6 7 » Show All
Add your response