But his plan failed in the biggest way imaginable. HideMyAss (HMA) keep logs and as a UK company when given a court order to cough up information, they do so. After matching timestamps to IP addresses, in the blink of an eye Luzlsec member ‘Recursion’ became 23-year-old Cody Kretsinger from Phoenix. The FBI had their man.

While the outrage from the public has been well reported – many pro-privacy activists accused HideMyAss of becoming SellMyAss – what has not yet been documented is how elements of the VPN industry have reacted to the news.

VPN Council is probably best described as a trade organization for some, but not all, VPN providers. A document obtained by TorrentFreak which was penned by their Chief Information Officer and sent on September 25th, shows they are very concerned by recent events.

“There has been a lot of controversy, especially on Twitter that the actions taken by HMA were the wrong ones to take. I disagree with their consensus and I believe its time to implement tougher security reviews on new clients signing up for any VPN service,” the memo begins.

“Earlier this year several companies in our industry had discussed ideas about a shared fraud database between VPN providers. I believe in light of this incident that a renewed call for this would be a good idea and I’d like to re-open discussions on this because if we all sit back and do nothing and continue on with normal business like nothing happened, these same folks will go around popping off more VPN companies and causing more havoc than we’ve ever seen before,” the memo continues.

“I’m in favor of strengthening our respective industry and protecting it as well. We all share the same responsibility of protecting our legitimate clients and the industry as a whole and I’d be in favor of listening to you folks and seeing what additional ideas you guys have in this endeavor.”

In the days that followed, discussions between the VPN providers went ahead and reached consensus on the foundations of an “anti-fraud database” that would be shared among them.

In a second document titled ‘PROTECTING VPN INDUSTRY: FRAUD DB’ and dated September 28th, the problem of high profile hackers such as those from Lulzsec using VPN services is framed as a “direct threat to business survival.”

The document goes on to suggest a framework for the creation of a centralized fraud database which will enable VPN providers to “assess the quality of orders” for their services.

Items suggested for inclusion in the database (along with the supplied descriptions as provided in the memo) are listed as follows:

Fraud Data (hashed): This is a hashed piece of information that can be used to flag an order as fraud. This information could be: IPs, emails, user names (any other data susceptible of indicating fraud can be added).

Fraud Type: Identifier of the fraud type. We need to agree on fraud types list.

Hits: Number of hits (submissions from different VPN providers) this data has had. This will give more latitude to providers to decide to act on a given database result.

Submitter id: Identification of the VPN provider that has submitted the record.

An API will be created to interact with the database and integrate into payment processing systems.

Action points for the future are noted as decisions on database structure, hashing to be employed, parameters on what activities should be considered fraud and a decision on which VPN providers can access the database and who can update it. It is suggested that a single VPN provider should have responsibility for the entire list and others should have to pay their share of its maintenance costs.

What is clear from the above is that the included VPN providers will begin sharing information they hold on their customers with each other (albeit in hashed form), ostensibly to combat fraud. However, the alleged activities of the Lulzsec member in question aren’t easily described as fraud, and it is far from clear how a database of this nature would have prevented, for example, Sony being hacked.

TorrentFreak contacted the VPN Council and enquired on the depth of their definition of ‘fraud’ since confusingly hacking seems to come under that banner and indeed sparked the apparent need for this database. For instance, would copyright infringement come under that heading too?

“Copyright infringement is not factored into our plans,” VPN Council CIO Jared Twler told us. “This is more about financial payment fraud and network abusers/hackers. This is more to the tune of preventing federal disasters happening on VPN provider networks.”

But of course, when copyright infringement is considered serious enough by the US government it can become a big criminal issue, recent ICE and FBI activity against sites and certain file-sharers and release groups show that.

Clearly the activities of malicious hackers cannot be condoned by the VPN providers and combating fraud is a requirement in many online businesses. But what we see here and in the Lulzsec/HideMyAss fiasco is a clash of ideals that could prove catastrophic.

Most VPN providers sell their services on the notion that by using them the subscriber becomes anonymous. It became crystal clear in September that, given the right pressure, what certain VPN providers are really interested in is upholding the law and thereby saving their own asses from ending up in court. Why this should come as a surprise to anyone is a mystery.

What does come as a surprise is how many VPN providers are allowing themselves to get into this conflict of interests in the first instance. In the HideMyAss case the company clearly held enough information for a 3rd party to match a HMA external IP address and a timestamp to a HMA user account and subsequently a real-life identity.

So, for the purposes of illustration, let’s dismiss the notion that the service was used to attack Sony. Let’s pretend it was a dissident, or a government whistleblower, or some other equally vulnerable individual relying on the service to provide anonymity, as advertised. Let’s be absolutely clear – thanks to the myriad of logs kept by HMA, when someone really needs to count on the service, there is no anonymity that a court order can’t destroy.

Many VPN companies argue that they don’t log the sites visited but some logs are necessary to make sure that ‘criminals’ can’t abuse their services. But logs don’t discriminate. Quite simply, criminal or not, if a VPN provider logs the external IP addresses they hand out to a user along with a timestamp, subscribers are not anonymous.

But while all VPN providers have a duty to uphold the law and be accountable to the government in the country where they are based, not all of them are required by law to carry logs – so they don’t. But who are they?

If you’re a VPN provider and take privacy seriously, contact us immediately to be included in tomorrow’s VPN anonymity report. We’ll ask you two very simple but crucial questions.

Source: VPN Providers Mull ‘Fraudster’ Database In Wake of Lulzec Fiasco

The raids, which involved 250 police and other authorities tackling 42 locations in Germany, Spain, France and the Netherlands, followed an intensive investigation carried out by the Hollywood-backed anti-piracy group GVU.

The main suspect is said to have been detained in Leipzig and another arrestee in Spain. One individual is still at large (possibly the admin of cyberlocker service, unconfirmed) and another has since been released. As of Thursday evening, reports suggested the rest remained in custody.

As we are aware, Kino.to hosted no illegal content, but indexed material and provided links to movies and TV shows stored on file-hosters and other streaming services.

Crucially, those links have to be put there by someone and that task fell to Kino.to’s loose-knit team of link uploaders. In the wake of the site’s demise, one of them has just broken ranks and given an interesting interview on how parts of the site operated.

Speaking under the assumed name John Sandy, the uploader said that he regularly supplied Kino.to with links to documentaries and US TV shows, the most-viewed content on the site.

The links offered by Sandy were submitted to a hidden area of the site and were subsequently moderated, probably for duplicates and quality. Whether this process was carried out by man or machine, Sandy isn’t sure. Successful links went on to make it to the site’s public facing webpage for regular users to access.

Sandy says that he had no contact with the site’s operators and there was no direct financial reward for uploading TV show links to Kino.to. However, Sandy said that there is money in uploading content to file-hosters and he had made around $1,000 per month by generating traffic to these sites.

“I don’t see myself as a criminal,” Sandy explained. “If America can watch these series episodes for free and legally, why should this be not allowed in Germany?”

While GVU and Hollywood won’t be pleased that US TV shows were available via links on Kino.to, it’s fair to say that the addition of hundreds, maybe thousands of movies proved even less popular. The sheer size of the site and its prominence meant that it was just a matter of time before it became a target.

However, while all of the publicity has been focused on the takedown of Kino.to, either by design or huge coincidence at least four German-hosted storage sites – Duckload.com, Frog Movz, Karamba Vidz and Loombo – all suddenly disappeared after the raid.

TorrentFreak is informed that the admin of Duckload was one of the individuals sought by the police and that their operation – which is believed to be around 500 servers – was completely shutdown. Initially the feeling was that Duckload would come back online but the seriousness of the situation appears to be hitting home and now a return seems unlikely, at least at this stage.

Several other hosters in a range of locations are also down. They include archiv.to, quickload.to, tubeload.to and loaded.it. Whether not they were connected to Kino.to, or the indeed the raids, remains to be seen. Another cyberlocker – Freeload.to – was definitely connected since it’s now displaying the same shutdown notice as Kino.to.

But these sites aren’t the only ones connected to the operation which had their services disrupted this week. The website of GVU, the anti-piracy brains behind the Kino.to takedown, was also taken offline following a DDoS attack carried out by Anonymous.

German members of the group put up a video on YouTube describing the attack and according to a translation by Janko Roettgers, they declared the following:

“We believe that running a search engine for videos isn’t illegal… That’s why we immediately reacted by taking down the GVU website… Knowledge is free, and streaming is, too.”

The DDoS attack itself had limited effect and the GVU site is now fully operational, which is more than can be said for Kino.to and several file-hosting services. Nevertheless, rumors of a Kino.to resurrection from an old site backup are circulating. Stranger things have happened but that would be a particularly brave move, especially in Europe.

Source: Kino.to Uploader Speaks Out, Cyberlockers Down, Anon DDoS

The operation started initially as ‘payback’ against outfits that tried to stop the BitTorrent site The Pirate Bay, and DDoS attacks were organized to strike back. A few days ago, the operation changed course and instead began to go after organizations that displayed opposition towards Wikileaks.

Over the last days several high profile companies and institutions were taken offline temporarily by DDoS attacks including Mastercard, Visa and Paypal. Conversely, Operation Payback’s operation was also obstructed with the deletion of their Twitter and Facebook accounts after the news hit the mainstream media.

Yesterday, this was followed by the arrest (Dutch) of an alleged ‘member’ of Operation Payback in The Netherlands. The local police announced that a 16 year old boy was arrested, suspected of being involved in the DDoS attacks on Wikileaks related targets.

The boy, whose identity was not released, will be heard in court today and has reportedly confessed to his involvement.

According to several sources the arrestee is known online under the nickname Jeroenz0r. The authorities have not yet confirmed this, but the person using this nickname has been ‘missing’ online for the past 24 hours, and has been involved with Operation Payback for quite a while. Jeroenz0r was also an IRC operator at thefailship.net, where one of the former IRC channels of Operation Payback was hosted.

“Jeroenz0r and his server became delinked Thursday night at around midnight UTC time,” a source told TorrentFreak, confirming that the teenager lives in The Hague, where the arrest was made.

“Some of his friends tried calling him yesterday but the phone lead to voicemail. When calling his home number, his dad refused to comment on the situation. Furthermore, his local town newspaper also reported that a local 16 year old boy was arrested.”

Another source, who acts as an Operation Payback spokesman, confirmed that Jeroenz0r has been unreachable since the time of the arrest.

How the police became aware of Jeroenz0r is unknown, but we were told that he didn’t cover his tracks too well.

“Others on the network who know him a bit better knew that he was sloppy and often left traces from his actions online. Also, the Google results on him are quite impressive and indicate that he has been quite active in the torrent scene.”

In a possible response to the arrest, the Dutch Prosecution Office now seems to be under a DDoS attack. Previously the Dutch police stated that they will not go after people who ‘make their computers available” for these attacks, but that they will target people who are more heavily involved.

Update: The Failship IRC team released the following message.

Dear OM [Dutch Prosecution Office],

The remarkably swift arrest of Jeroenz0r, a 16 year old Dutch student, has been all over the international media since the event took place. While the Kremlin takes a dig at the U.S. over Assange’s arrest, while Facebook and Twitter delete the accounts of cyber activists, while over 9,000 ‘hacktivists’ are believed to be behind electronic onslaught, the Dutch authorities arrest a 16-year-old boy
suspected of involvement with Operation Payback.

The whole world reports about WikiLeaks and Operation Payback. How could an underage boy be held responsible for making the world wide news? How could the Dutch authorities hold a 16 year old boy responsible for the world being in a state of digital war?

Is it in the haste of getting something done, that the Dutch government labeled him as a scapegoat and a terrorist, just so they could say: “We have done our part about the cyber terrorists”? Is the detention and possible conviction of Jeroenz0r an act by law,
or is it –as we suspect– a political statement? Is Jeroenz0r being used to scare the
hell out of everybody who would think that they could do something about censorship and the forces our governments (ab)use?

If this would be a fair trial, what evidence would there be? He may have been a user, or even host for an IRC server, still, this may hopefully not be the primary reason? Even if he had an active role in coordinating the attacks on MasterCard and Visa, which is still improbable, Anonymous is not a personal army and will not be commanded like one. How then, would that incriminate him if everybody is responsible for his/her own deeds? One student would never be powerful enough to take down corporations like MasterCard, Visa or Paypal.

Could we accept that in todays’ society, big corporations are using children as a means of manipulating people for their own gain and benefit? What could have happened if the government had decided to stick out for freedom of expression and free speech, and refused to bend under the demands of MasterCard and Visa? It could have turned out to be a turning point in the war between big corporations and the people who get caught in the gears of the system and have no means of making their way out from the mess.

Eventually, even the government will have to decide, either to be the puppet in the hands of global corporations, or be the one who paved way for rebellion against oppressive corporations and corruption of our society.

We would like Jeroenz0r to know that Anonymous will not be giving up on him. One for all, all for one. Divided by zero.

Signed:
10.12.2010
Failship IRC team
Anonboots, Bnon, (Jeroenz0r), Kris, Paws, Zeekill

Source: Anonymous’ Operation Payback IRC Operator Arrested

Initially DDoS assaults were started against the MPAA, RIAA and anti-piracy company AiPlex Software because these outfits had targeted The Pirate Bay. Those DDoS attacks were later replicated against many other targets that have spoken out against piracy or for copyright, resulting in widespread media coverage.

Even law enforcement agencies showed interest in the operation recently. Last week CNET reported that an FBI probe is underway, and TorrentFreak personally knows of at least one court case against a person that was associated with the operation.

Besides covering the results of the DDoS attacks and website hacks, very little is known about the people who are part of the operation. Who are they? What do they want, and what are their future plans? In this article we hope to solve a few pieces of the puzzle.

After numerous talks with people who are actively involved in Operation Payback, we learned that there are huge differences between the personal beliefs of members.

We can safely conclude that this Anonymous group doesn’t have a broad shared set of ideals. Instead, it is bound together by anger, frustration and the desire to be heard. Their actions are a direct response to the anti-piracy efforts of pro-copyright groups.

Aside from shared frustration, the people affiliated with the operation have something else in common. They are nearly all self-described geeks, avid file-sharers and many also have programming skills.

When Operation Payback started most players were not looking to participate in the copyright debate in a constructive way, they simply wanted to pay back the outfits that dared to target something they loved: file-sharing.

Many of the first participants who set the DDoS actions in motion either came from or were recruited on the message board 4Chan. But as the operation developed the 4Chan connection slowly disappeared. What’s left today are around a dozen members who are actively involved in planning the operation’s future, and several dozen more who help to execute the DDoS attacks.

An Anonymous spokesperson, from whose hand most of the manifestos originated, described the structure of the different groups to us.

“The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack. Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets.”

Occasionally new people are invited to join the command to coordinate a specific attack, but a small group of people remains. The command group is also the place where new targets are picked, where future plans are discussed, and where manifestos are drafted. This self-appointed group makes most of the decisions, but often acts upon suggestions from bypassers in the main IRC channel.

Now let’s rewind a little and go back to the first attacks that started off the operation in September.

The operation’s command was ‘pleasantly’ surprised by the overwhelming media coverage and attention, but wondered where to go from there. They became the center of attention but really had no plan going forward. Eventually they decided to continue down the road that brought them there in the first place – more DDoS attacks.

What started as a retaliation against groups that wanted to take out The Pirate Bay slowly transformed into an attack against anyone involved in anti-piracy efforts. From trade groups, to lawyers, to dissenting artists. Since not all members were actively following the copyright debate, command often acted on suggestions from the public in the main IRC channel.

What followed was an avalanche of DDoS attacks that were picked up by several media outlets. This motivated the group to continue their strategy. Anonymous’ spokesperson admitted to TorrentFreak that the media attention was indeed part of what fuelled the operation to go forward. But not without some strategic mistakes.

As the operation continued more trivial targets were introduced and the group started to lose sympathy from parts of the public. While targeting the company that admittedly DDoSed The Pirate Bay could be seen as payback by some, trying to take out Government bodies such as the United States Copyright Office and UK’s Intellectual Property Office made less sense. In part, these targets were chosen by anarchistic influences in the operation.

“I fight with anonops because I believe that the current political system failed, and that a system based on anarchy is the only viable system,” one member told TorrentFreak. “I encouraged them to go after political targets just because I like Anarchy.”

The Anonymous spokesperson admitted to TorrentFreak that mistakes were made, and command also realized that something had to change. The targets were running out and the attacks weren’t gaining as much attention as they did in the beginning. It was a great way to gather attention, but not sustainable. In fact, even from within the operation not everyone was convinced that DDoS attacks were the best ‘solution’.

“I personally don’t like the concept of violence and attacking, but violence itself does raise attention,” Anonymous’ spokesperson told TorrentFreak.

“Attacking sites is one side of the story, but this operation would finally have to serve a purpose, otherwise it wouldn’t exist. We all agree that the way things [abuse of copyright] are currently done, is not the right way.”

Last week command decided to slow the DDoS attacks down and choose another strategy, mainly to regain the focus of attention. It was decided that they would make a list of demands for governments worldwide. In a move opposed to the desires of the anarchic influences, command decided to get involved in the political discussion.

Copyright/patent laws have to change, they argued, and from the bat they were willing to negotiate. They called for scrapping censorship, anti-piracy lawsuits and limiting copyright and patent terms, but not getting rid of copyright entirely. Interestingly, there is also no word in the demands about legalizing file-sharing.

To some this new and more gentle position taken by Anonymous came as a complete surprise. We asked the spokesman of the group about this confusing message and he said that there are actually several political parties that already adopt a similar position, like the Pirate parties and the Greens in Europe.

However, according to the spokesman (who wrote the latest manifesto with other members in Piratepad) they consciously chose this set of demands. “Some of us have the vision of actually getting rid of copyright/patents entirely, but we are at least trying to stay slightly realistic.”

“What we are now trying to do, is to straighten out ideals, and trying to make them both heard and accepted. Nobody would listen to us if we said piracy should be legal, but when we ask for copyright lifespan to be reduced to ‘fair’ lengths, that would sound a lot more reasonable,” the spokesman told TorrentFreak.

The demands have been published on the Operation Payback site for nearly a week, but thus far the media coverage hasn’t been as great as when they launched their first DDoS. Some have wondered whether this is the right path to continue in the first place, as it may get in the way of groups and political parties that have fought for similar ‘ideals’ for years already.

The spokesman disagreed and said that Operation Payback has “momentum” now.

So here we are nearly two months after Anonymous started Operation Payback. The initial anger and frustration seems to have been replaced by a more friendly form of activism for the time being. The group wanted to have their voice heard and they succeeded in that. However, being listened to by politicians and entertainment industry bosses might take more than that.

Source: Behind The Scenes at Anonymous’ Operation Payback

The operation began during the third week of September with DDoS assaults against the MPAA, RIAA and anti-piracy company AiPlex Software. The latter was chosen as the first target because the outfit openly admitted to DDoSing several torrent sites including The Pirate Bay.

Those DDoS attacks were later replicated against lawfirms engaging in ‘pay-up-or-else’ schemes, which indirectly led to the email leak at ACS:Law. After that followed many more targets, most of which we didn’t cover here. Earlier this week, the MPAA was shamed again by Anonymous when their DRM website got hacked.

Yesterday, another high profile attack was launched, aimed to take down a website belonging to a government body this time. The people involved in Operation Payback had selected the UK’s Intellectual Property Office as their victim and announced that the DDoS would start at 5PM GMT. And so it happened.

At the time of writing, 18 hours into the DDoS, ipo.gov.uk is still unresponsive.

The Intellectual Property Office is “Perpetuating the system that is allowing the exploitative usage of copyright and intellectual property” according to the Anonymous DDoSers, who opened up a new can of targets with this attack.

As a Government body the UK Intellectual Property Office has been heavily involved in copyright issues and prospective laws. Earlier this year the Office spoke out against criminalizing illicit file-sharing as proposed in the ACTA treaty.

Instead of creating new laws to combat online piracy, it said the focus should be on providing “a framework to better enforce existing laws.”

Targeting government offices is certainly a step up for Anonymous. Time will tell what they dream up next but this one will probably turn a few heads.

Source: Anonymous Takes Out UK Intellectual Property Office Website

Operation Payback began during the third week of September with DDoS assaults against the MPAA, RIAA and anti-piracy company AiPlex Software. Those attacks were later replicated against lawfirms engaging in ‘pay-up-or-else’ schemes.

While the DDoS attacks have been largely effective – most notably against the Ministry of Sound and the knock-on effects of the email leak at ACS:Law – they came so quickly that after a while most of the press found it hard to keep up, perhaps a little jaded by their frequency.

Today, however, the group – which does have some ringleaders and decision makers – have taken a slightly different track to further their protests. While earlier action has consisted largely of overwhelming force to swamp websites with traffic, their latest effort is a little more delicate.

CopyProtected.com is a site owned by the MPAA and was set up to promote DRM on DVD and Blu-ray discs. It is hosted on a server containing a large number of other MPAA-linked sites and until a few hours ago looked like this:

It now looks like this:

“Site got haxed,” one of the Anonymous ring-leaders told TorrentFreak in an email. Indeed, instead of its pages promoting the ‘Copy Protection Awareness Icon’, it now displays a message from those behind Operation Payback. The page long missive accompanying the now-familiar logo seen above concludes:

“What must the people do to be heard? To what lengths must they go to have their pleads taken seriously? Must they to take to the streets with noose and handgun before those in power take notice?

“You are forcing our hand by ignoring the voice of the people. In doing so, you bring the destruction of your iron grip of information ever closer. You have ignored the people, attacked the people and lied to the people. For this, you will be held accountable before the people, and you will be punished by them.”

Adding insult to injury, just a few seconds after the page loads it redirects visitors to the homepage of The Pirate Bay.

Earlier this week a new DDoS attack was launched against KISS frontman Gene Simmons in response to some of his recent anti-filesharing comments. Interestingly, this attack caused some dispute within Anonymous, with the main group distancing themselves from the assault with a declaration that artists should not become a target, regardless of their opinions.

While an anarchic structure is desirable for these attacks to work, clearly the lack of a distinct hierarchy can sometimes have its drawbacks and that was illustrated perfectly here. No one can control all of the people, all of the time, and that seems to apply to pirates and anti-pirates alike.

No one seems to know when Operation Payback will end, but it seems certain that in order to keep capturing the imaginations of the mainstream media and those they wish to influence, a certain creativity may be required. Judging by the ‘chatter’ in the IRC channel, they may provide just that.

Update: The MPAA took notice and redirected the hacked site to the MPAA homepage.

Source: MPAA Copy-Protected DRM Site Hacked By Anonymous

The hearing, Ministry of Sound Recordings Ltd v Plusnet Plc, went ahead at 2:30pm in London before judge Chief Master Winegarten (CMW). Other ISPs detailed were BT, Sky and O2/Be Unlimited.

Gallant Macmillan’s legal team expected a walk in the park that day, and why shouldn’t they? Plusnet, a subsidiary of telecoms giant BT, had already agreed that they would not contest the application. The judge, however, had other ideas.

The judge voiced concerns about the amount of mail he had received from Internet subscribers who had been previously wrongly accused. “There wouldn’t be this hue and cry unless you were pursuing people who were innocent,” he told the applicants.

Instead of going ahead and ordering Plusnet to hand over the information to Gallant Macmilan, the judge explained that he had received by letter “concerns from the public” that must first be addressed. The applicant (MoS) was ordered to respond to those concerns by 27th September and the hearing itself was adjourned to be concluded 4th October 2010 – this coming Monday.

Then last weekend, all hell broke loose. While recovering from a DDoS attack, ACS:Law gave a very clear demonstration of how securely they had been holding onto highly personal and sensitive data by publishing their email backups to the public. Not only were the internal workings of the company put on show, but thousands of ISP subscriber identities (Plusnet customers included) were spilled onto the Internet, many of them linked to pornographic content.

Only after these events did the authorities in the UK sit up and listen and ISPs other than TalkTalk and Virgin Media air concerns about these law firms and their actions.

Nevertheless, while Andrew Crossley of ACS:Law sees his company and quite possibly his career in ruins before him, Gallant Macmillan remain undeterred. They will go to the High Court on Monday as planned and demand subscriber identities from Plusnet armed with a case as weak as that presented by ACS:Law, with evidence acknowledged by experts as incapable of identifying an infringer, and employing equally untested data handling, processing and security procedures.

After initially giving ACS:Law and Gallant Macmillan an easy ride, Plusnet now say they will resist applications to hand over customer details to them in future. TorrentFreak has been speaking with Plusnet throughout the week and have asked them on a number of occasions if they will send a proper lawyer to the High Court on Monday prepared to fight the application, but up to now they haven’t been able to give us reassurances that will happen. They have confirmed, however, that they will ask for an adjournment of the hearing to assess the position.

Sadly that may well be too little, too late, and the judge may have no other option but to grant Gallant Macmillan’s application if Plusnet don’t go equipped with a proper lawyer to defend. If they don’t (and end up handing over more details as a result) it will be a PR disaster for the company and the whole speculative invoicing model will be back on track in the UK.

Gallant will write to hundreds of people, scaring the living daylights out of many of them, with letters containing barely understandable legal jargon and veiled threats which to the layman suggest that ruination is round the corner, unless they pay up a few hundred pounds to make it all go away.

It is exactly this sort of behavior and (ab)uses of the legal system which have caused the Anonymous masses and their growing numbers of sympathizers to become absolutely incandescent with rage.

“Gallant Macmillan’s actions are likely to attract the ire of users of 4chan, who are currently targeting firms involved in combating online piracy,” wrote the BBC yesterday. TorrentFreak can confirm that the BBC are correct (pic) in that assumption.

At 2pm EST (7pm GMT) Sunday October 3rd (tomorrow), the website of Gallant Macmillan will become the next target of a DDoS attack, coordinated from the Operation Payback homepage.

“We as Anonymous are asserting the basic right of a free society – that authorities exist to serve people, not to terrify and cow them,” a leader of the operation told TorrentFreak in a statement. “We are reminding these firms who use fear on us that they should instead fear us. We ask everyone that ever receives a letter from them not to pay up, and not to give in.”

Interestingly, the site that Gallant Macmillan has been using for its speculative invoicing scheme, Pay to Play, has been taken down.

Update:Anonymous: Their site is now producing an “Invalid Hostname” error. This suggests that an administrator has manually pulled the website off the server, although the domain is still pointing to the same server. There is not yet any evidence that this was the result of an early DDoS attack, however it could be because the administrator wanted to avoid the planned DDoS attack and thus pulled the site offline on purpose.

Source: Anti-Piracy Lawyers Face DDoS Before Pivotal Court Decision

These findings are the result of the Cyber Norms sociological research project carried out by a group of Swedish researchers. The researchers conducted a survey among Swedes aged between 15 and 25 and found that 10 percent of this group is currently taking measures against increasing online surveillance.

Måns Svensson, PhD in Sociology of Law in Lund, estimates the percentage of all Swedes who are hidden on the Internet to be as high as 6 or 7 percent. If this figure is accurate, it means that there are more than half a million Swedes who already use a service to hide their identity.

The researchers note that file-sharing is not the only reason for people to anonymize their connection, but the results of the survey clearly show that avid file-sharers would rather hide their identities than stop downloading. And indeed, over the past months we’ve seen that more and more BitTorrent users are seeking ways to protect their privacy online, rendering all the newly proposed anti-piracy laws useless.

Contrary to what the anti-piracy lobby had hoped for, file-sharers are not an easy catch. Their calls for harsher copyright legislation are only driving ‘pirates’ underground. According to the Cyber Norms survey, more than half of all respondents said they would take measures to protect their identities if anti-piracy laws in Sweden are toughened, as is currently happening in the UK and France.

Currently, the most common and widely used privacy services are VPNs. These services allow a user to connect to the Internet while hiding their own IP-address. Millions of file-sharers around the world use services like this to prevent being tracked by anti-piracy companies, and this number is increasing rapidly.

The recently launched Itshidden service is one of the few that offer a free service in addition to premium subscriptions. Due to its increased popularity the owners recently had to disable new registrations in order to keep the service running smoothly. In just a few months Itshidden signed up over 100,000 members. Other VPN services report an increase in signups too.

The anti-piracy laws currently being mulled have created a flourishing multi-million dollar ‘online privacy’ industry. In recent months these services have seen a massive increase in customers, with most of them paying around $10 per month to prevent third parties from logging their download behavior.

Perhaps the entertainment industry should invest some time and money in creating legal and attractive alternatives to piracy. Apparently most file-sharers are willing to pay $120 a year for unlimited and unhindered access.

Source: Millions of File-Sharers Hide Their Identities Online

With denial-of-service attacks against Scientology various websites and viral YouTube videos they’ve made it very clear that they are determined to dismantle the Church. As of today they are announcing a new round of “attacks” that will be pirate themed, with pirate support.

In true Pirate style The Pirate Bay has decided to back the operation with a banner linking to Anonymous’ latest campaign “Operation Sea Arrrgh 2″ on their home page. New protests on and offline are will be executed soon, staring this weekend.

“Our next protests are all pirate themed. Our flyers and other material will mostly be about their ship the Freewinds and the many abuses that have taken place on there, and then of course the rest of the scams and atrocities they have committed and continue to perpetrate,” Anonymous told TorrentFreak.

Operation Sea Aarrrgh 2: Cruise Control is the latest in a ongoing series of protests Anonymous has organized against the Church of Scientology in its continuing mission to educate the public about the criminal behavior and unethical tactics of the cult’s management.

“We appeal to our fellow pirates because this is and has always been a battle of the Internets, and we believe many of the filesharing pirates out there share our ideology of an open society, where information can be free,” Anonymous said.

So pirates, set sail towards Seaarrgh to find out more about Operation Sea Aarrrgh 2 and find out about protests near you at the forums. Arrrr!

Source: The Pirate Bay Joins Anonymous’ Fight Against Scientology

Born out of the VPNTunnel Project, the TorrentFreedom ‘manifesto’ is an interesting document, particularly if you’ve ever worried about being tracked, traffic shaped, blocked or censored on the Internet. With a suitably clandestine feel, the manifesto states:

“Today, there is a nexus of Schumpeterian creative destruction to be found at the asymptotic fringe of intellectual property law and networking technology. Everyone says there is an ‘arms race’ between the unwashed filesharing masses and the forces of Big Brother – we like to think of ourselves as the suitcase nuke for the little guys.”

TorrentFreak got in touch with ‘Faust’ of TorrentFreedom to find out what on earth they’re talking about.

TF: Tell us about this ‘creative destruction’ and what inspired you to create TorrentFreedom.

Faust: It’s all but trite to point out nowadays that we’ve undergone a revolution in how human knowledge is created, stored, and shared. And, much as Schumpeter himself had predicted, the creativity unleashed has more than made up for the detritus of old forms of information transmission that now scatter the landscape like broken, forgotten toys. This is as it should be. The backlash from the praxis of stasis threatens to drown the organic reinvigoration that innovation technology has always brought forth – there would be no 95 theses without Gutenburg, remember.

So our inspiration comes from a deeper, historical appreciation for the transformative role of new technologies in human social organization. Nobody knows where creativity, academia, and knowledge creation will evolve as our tools allow for more and deeper interconnection between physically disparate peoples – but we do know that hampering that process isn’t part of making a better world for all beings. We’d like to see people keep sharing, keep learning, keep exploring. . . and they can’t do that if there’s roadblocks and threats of censorship every step of the way. Make it easy and make it work, that’s our approach – then the creative destruction can continue apace.

TF: There are number of evils you appear to tackle head on with this service, such as traffic shaping, packet raping, blocking, censorship etc. I expect lots of Comcast customers will be interested as you specifically mention the ‘Sandvining’ technique they employ. How does your system work and how will it benefit each type of problem?

Faust: Metaphorically, the system is quite simple: think of the difference between sending postcards in the postal mail, versus sending sealed envelopes. A postcard can easily be read by anyone along the way, and if they don’t like what it says (or who it is addressed to), they could just throw it out – oops! A sealed letter isn’t vulnerable like that – the contents aren’t readable whilst in transit. Even more than that, our system protects the address (sender and receiver) on the envelope as well – so nobody can block the message just because they don’t like where it’s headed (or where it’s come from).

At a deeper level, our server farm is based in the Netherlands. Everything passes in and out of these machines, and all IP addresses are associated with them. The activities of our customers – once their sessions decrypt and leave our server farm – are fully and unambiguously decoupled from their RL info (including local/physical IP address). Big Brother isn’t going to show up at their doorstep with a fishing-expedition summons or subpoena. We took it a step further, however – we’ve broken the link between RL info and public IP for our customers inside our systems as well – once an account is set up, it is methodologically impossible for anyone to back-connect a given external TF IP address to a customers’ specific account, ever.

TF: You’re called TorrentFreedom so it’s fairly clear which crowd you’re aiming your product act. What sort of dedicated optimizations can BitTorrent users look forward to when using your service?

Faust: We’ve tested the service extensively with just about every BT client out there. They all work seamlessly. We also don’t penalize our customers for running lots of network traffic over TorrentFreedom – there are no monthly caps, and no drama if someone uses a lot of gigs with us. That’s cool – it’s why we built the system!

OpenVPN, in its rawest form, will work with BT traffic – but getting it to do so consistently and smoothly is nontrivial. We’ve done all that work, so our customers don’t need to become experts in subnet addressing, MTU window sizing, and the 100 other little tweaks one needs to do to really make BT over a VPN sing. We also hand out real, public IP addresses – so no port forwarding garbage, just fast connectivity.

TF: Please give us a brief rundown on how your system works.

Faust: On a technical level, it’s an implementation of the TLS-based OpenVPN project’s codebase (which itself implements various OpenSSL crypto algorithms). Starting from there, we’ve created a Java-based client that handles all the encryption and coordinates OpenVPN’s handshake tasks, to ensure that every packet coming and going from our customers’ PCs is tightly encrypted (including DNS queries, unlike pptp). The really cool stuff comes in the firewall-busting tricks that our client has up its sleeve – there’s very few local network configurations that we can’t tunnel through. . . with no customer tweaking of the software needed. We’ve also implemented a rather clever port 443 wrapper so that, unlike many VPN instantiations, the TorrentFreedom service can’t be blocked unless the entire HTTPS capacity is also shut down – unlikely.

We’ve built most everything with open code, and we’re pushing further in that direction (with perhaps full distribution of the source for our client extensions in the works). “Just trust us” crypto isn’t worth anything – if it’s not open, it’s not reliable. We run 2048 keylength RSA algorithms so, to the local ISP or anyone else “listening in” to our customers’ packets, the data all looks like a stream of secure web traffic, back and forth. This is true for ALL IP traffic coming off a machine, all protocols and all applications. So there’s no need to tweak individual applications to get them to “work” with TorrentFreedom – just set up the client, connect, and everything is encrypted all the time.

TF: There are other well known VPN services that say they are strong on anonymity and hide your IP address, yet all of them will give up your personal details at some point. How is TorrentFreedom going to live up to the claim in the manifesto that BitTorrent users using your service will be “just about as traceable as dusty footprints in a windswept street. You can’t subpoena what doesn’t exist” ?

Faust: Ok this is where the rubber really meets the road. An “anonymizing” service that keeps detailed records of their customers’ activities is just a problem waiting to happen. There’s no point in hiding an IP address only to keep records that connect that IP address to the one that’s used to cover for it! And, reality is that there is no place in the world that isn’t subject to some form of legal jurisdiction – just saying “we won’t turn over records” is silly. When the authorities show up – with court orders or guns – and people start talking about jail time and contempt, those records are going to get coughed up, period. Despite our respect for the company overall, Hushmail’s admission that it provides “secure” email information to certain government authorities demonstrates all too well that even a good team will fold if the pressure gets too high – and if they have information to provide in the first place!

We built the system from day one so that there’s no correlation between an IP+timestamp and a username – this means we can’t hand over logs of “who was on what IP at what time”, and therefore the user can’t be tracked back from their online activity. Our payment system is fully abstracted from the operational environment – billing events are passed to the VPN engine via temporary “tokens” that are one-way-factors – there’s no link between the VPN account and the details of the billing transaction, ever.

We keep a little bit of data on file to make sure we can monitor the performance of the system overall, but we don’t have “server logs” like everyone else does. They don’t exist. So, we can be forced to turn over those logs – but they don’t link back to anything. Not to mention all of our operational VMs run in fully-encrypted partitions, etc. Someone seizing any of our servers has nothing but an expensive doorjam for their troubles. Even someone with full access to every machine we have cannot link people to their past network traffic through TorrentFreedom. It’s structural anonymity, at the most fundamental level.

Now, there’s lots of other VPN services out there and some of them are sorta ok. Most, let’s be honest, are based on pptp – it’s really insecure with several known weaknesses. Plus, it’s closed-source/proprietary, so who knows if it has backdoors or not? The reason people use it is because it’s easy to set up – Windows machines come with it pre-installed. Well, we did the hard work of getting a real VPN implementation (OpenVPN) to work just as easily as pptp – but without the security problems.

Some of the stuff we did is a little complex, behind the scenes, but the end result is a service that’s really easy to set up and use. We’ve got clients for Windows, Macs, and Linux. We don’t limit bandwidth, and we’ve got some very fast servers backing it all up. It’s all done right.

TF: Any final thoughts?

Faust: Using TorrentFreedom for online security is like bringing a machine-gun to a knife fight. . . it might not be ‘fair,’ but the outcome isn’t going to be in question either.

TF: lol ;)

Update: the free invites are gone.

Alternatives: (not free)

Relakks
Smarhide
VPNtunnel

Source: TorrentFreedom Offers 100% Anonymous and Unrestricted BitTorrent

“We will continue our efforts to bring down Scientology, but we need the help and support of another Freedom fighting community, the pirates.” one of Anonymous’ members told TorrentFreak, and the group gave us the opportunity to ask a couple of more questions.

TorrentFreak: Can you briefly describe what “Project Chanology” is?

Anonymous: Project Chanology is the project to bring down Scientology. Nothing more, nothing less. Why that name? Well, we’re working from IRC ‘Channels’ against ‘Scientology’. Mix those words together and add the project in front, and you have it.

TorrentFreak: How did Anonymous start? and how many people take part in it?

Anonymous: Anonymous is an old group of friends. I don’t exactly know the date, but it has been raised by some friends who wanted to test out their hacking skills. Since then, they created Anonymous, and let it be open for anyone who wants to join. That made it into a new kind of hackers-group. It consists of two spheres. The outer sphere is for new people. They mostly are low-skilled and are “scriptkiddies”. Since they have a very good contact with the inner sphere (we’re all friends fast and easily), anyone is allowed to join the inner sphere of high-level hackers. This is a loose representation since it doesn’t fit always. But, this made it for sure into a group of scriptkiddies with the right tools and high-level hackers with the right skills.

TorrentFreak: What is your main motivation to ban Scientology from the Internet?

Anonymous: Scientology is a malicious organization. Here’s a YouTube clip that proves more. Also, they’re frequently taking off content from the Internet. Like a clip in which Cruise promotes Scientology too much, criticizing health science, etc… it would have brought Scientology in a bad situation. So they took it off all sites with an army of lawyers. This is censoring. This is bad. This is against Net Neutrality. This is taking away our freedom and our right to fight for that freedom.

TorrentFreak: Don’t you think your actions violate the freedom of speech?

Anonymous: It does violate the freedom of speech. Of course, we know that. But there should be a refinement. Anonymous fights for freedom of speech in a way they have always used, but a little bit rougher however. For a greater sake.

TorrentFreak: Do you see any parallels between your fight against Scientology and the conflicts between pirates and the entertainment industry?

Anonymous: Yes. Most of us are pirates too. We have no big money to start lawsuits. But the enemy, the MAFIAA and Scientology are both big companies. They misguide the law, they change the law. Scientology members have infiltrated in many governments. Just like the MAFIAA.

TorrentFreak: What is your ultimate goal for “Operation Chanology”?

Anonymous: Our ultimate goal is to let Scientology say in public that they are misleading many people. And that they are destroying the futures of many people.

TorrentFreak: How do you plan to accomplish this goal, apart from the DDoS attacks?

Anonymous: We have IRL raids in planning stage, we have real life protests and demonstrations coming up. We are infiltrating their networks with zip bombs. We are sentencing them.

TorrentFreak: You told us that you wanted the pirates to help you to free the Internet, how can people help?

Anonymous: People can help Anonymous by joining the IRC, get one of the DDoS tools and start firing the DoS. IRC is at irc.partyvan.org. Channels are #Target , #Lazer and #Xenu. There are also many local channels. They can also help us by joining protests, by telling other people about this, by telling their media, etc… The force of humanity will save many lives.

…

Update: As many already argued, it turns out that the person interviewed here is an Anonymous member from the “outer sphere”, who is not as informed as he appeared to be. Sorry.

“I know that I’m not as informed as the inner sphere. However, I had a source which I thought was from there, providing me many answers. He faked his status.
But we do not have one spokesperson. We do not have a leader.
We unite as one, divided by none.
Together, we will bring them down in their glory.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.”

Source: Scientology Hackers Ask Pirates To Join Their War

Millions of people around the globe share files and most do so without a second thought for privacy issues. A lot don’t know that it’s possible for people to monitor their online activities and equally, many will know that they can be monitored but chance their hand that they are one in millions and will probably slip under the radar.

For an increasing number of net users, privacy and a level of anonymity is becoming a requirement, especially for those in locales where ridiculous fines and prison sentences are becoming more prevalent. Those faced with the menace of P2P meddling ISPs or those hassled by the nuisance of sites being blocked can solve all of these problems with a VPN – a Virtual Private Network service.

Anyone looking for a Relakks alternative (who doesn’t wish to read my rantings!) should scroll to the section below marked: “Relakks Alternatives”

The Rise and Fall of Relakks

When Relakks burst on to the scene in late 2006 it was heralded as the “world’s first commercial darknet”, promising to hide your online identity in exchange for a small fee. As a big privacy fan (some might say ‘obsessive’), I immediately signed up for this service and have been a customer ever since. Sadly, I’ve had enough.

Although great for web browsing and running one or two torrents at a time, ask it to handle more than a handful of torrents and the whole connection simply stops responding. I’ve seen many other Relakks users with this same problem and to come home from many hours out, eager to sample what you downloaded today only to find a dead connection, it’s an annoyance. When you were supposed to be seeding a friend’s Hip-Hop album all night and it died after 6mb uploaded and no-one got anything, it’s a major hassle and time to complain to Relakks. Again.

Relaxed Customer Service

Any member of Relakks will tell you – their customer support is VERY ‘relaxed’. Send them a complaint or a query – it takes at least 3 days to get a response. My multiple questions about the ‘dropped connection’ issue always resulted in ‘you have a firewall issue’ response and this is a standard response to people complaining about this. The Relakks ‘News/Status‘ page is never updated, it’s useless.

There have been many, many days where service has been sporadic at best but recently the entire Relakks network was down from Friday to Monday so I ran out of patience and complained in my capacity as TorrentFreak writer – surely this would be enough? I wrote a highly detailed email looking for some definitive answers and the great response from support@relakks.com after multiple attempts at different times was: ‘Undeliverable’

Relakks you have lost me – not on price but customer service. I have you emailed you many, many times over the months, you have never solved my problems. Your service is cheap but when I pay for a premium service I expect support – I get better support from free BitTorrent sites. Time to protest by spending elsewhere – if only I hadn’t paid you 12 months in advance.

Relakks Alternatives

VPNOut kindly got in touch to let us sample their service but due to issues with the host PC (it wasn’t VPNOut’s fault) that trial never really got off the ground but already, responses and customer service levels were way above what i’d experienced with Relakks.

Moving on, I came across VPNTunnel and I thought I’d give it a try. Sadly I had the same installation issues as I did with VPNOut but it was at this point where you really appreciate a company who not only wants your business, but is prepared to bend over backwards to get it. With nearly 20 years in sales, I know good service when I see it and VPNTunnel’s blew me away.

After complaining I couldn’t install VPNTunnel’s software (my PC’s fault, not theirs) a customer support guy got in touch within minutes and over the course of the next 24 hours and number of emails later resulted in me receiving a custom version of their software, tailored to my exact requirements! I was back in business and loving the contrast in customer service levels. Now for a trial run.

After loading 3 torrents and allowing each to connect to a minimum of 10 peers, more torrents were loaded, totaling 15. The connection remained stable with a total speed of around 5mbit, which compares to Relakks. Stability remained for all transfers even after simultaneous downloads were initiated on both IRC and Usenet. More speed would be nice but given the choice, I’ll take reliability instead. A generous 50gig monthly limit is more than enough for me.

Relakks (Sweden) do not reveal what information they hold on their customers but say they won’t give it up unless ordered to in a criminal case carrying a penalty of 2 years in jail. VPNTunnel (based in Scotland) obviously keep your payment data but only carry log in information (your real IP address) for 30 days and there are signs this may decrease further to 21 days. Any potential legal action would need to move at an unprecedented speed to have even a small chance of identifying someone.

File-sharers are notoriously difficult to please – they get everything for free and still expect customer service from torrent sites and the like. So when a file-sharer actually puts his hand in his pocket to pay for a service, he expects to be treated well. I think deep down I’m more angry with myself than Relakks. I’ve promoted Relakks for 12 months to thousands of people and then in the end, couldn’t take my own advice.

You weren’t all bad Relakks, you just took me for granted and although I’ll end up paying more with VPNTunnel, it’s worth it, if only to get stability and that ‘wanted’ feeling.

Here ends my first ever Tor-Rant. Deep breaths….in……out….

Source: Getting Stressed Out With Anonymous BitTorrent