In recent weeks some of the largest torrent sites on the Internet have been targeted, with The Pirate Bay, isoHunt, 1337x, BitSnoop, Fenopy and others all hit with DDoS attacks.

What.cd, one of the largest private trackers was also hit, but they are not the only invite-only site to be hit this month. Although not DDoS-related, recently the long-established BitSoup tracker has been suffering woes of its own.

“As many members now know BitSoup has been under attack over the past 2 weeks. We have taken the steps to harden the site from future attacks best we can,” the site’s operators said in an announcement before the weekend.

The initial attack on BitSoup came in a quite unusual form but to understand that we first need to explain a little about how the site works.

Like most private trackers BitSoup operates a ratio system in which users are expected to upload the same amount of data as they take from the site. Failure to do so leads to a sharing ratio of less than 1.0. For example, a ratio of 0.7 means that uploaded data is only 70% of that downloaded.

When a user’s ratio drops below a certain amount they are at risk of being banned from the site. This situation can be fixed by either uploading more data or making a cash donation which results in a so-called “ratio credit” that brings the account above the banning limit.

What the hackers did initially was to modify site users’ accounts so it looked like they had uploaded more data than they actually had, the idea being to reduce the number of people donating to the site.

However, while some people do indeed donate to fix ratio, many users do so because they love the site and the community. There can be little doubt that BitSoup has a large and enthusiastic following that will donate no matter what.

In any event, BitSoup immediately took steps to nullify the attack by making a goodwill gesture of their own.

“On December 1st all members will get 800GB added to their accounts as a [birthday] gift from BitSoup to our great members,” the site’s operators announced.

But then, just when it appeared that the problems were over, this weekend brought more misery. The attackers, who claim to be from Anonymous (but of course anyone can do that), came back with a new assault.

After obtaining access to the site’s SMTP server the attackers sent emails to BitSoup members claiming that a recent effort by the site to raise funds for Hurricane Sandy victims was made in bad faith.

“Bitsoup, you have abused charity for your own gain. You have lead your members to believe they gave to help storm victims only to satisfy your own desires. You have abused the freedom of the internet, the good faith of your members and the dire needs of disaster victims to raise money for yourself,” the mail began.

The message goes on state that PayPal and law enforcement have been tipped off about the site and that the attackers now hold the site’s database. The mail was signed off by Anonymous but despite its length offered no evidence to back up the allegations of charity fund misappropriation.

Round about the same time the site’s forums and tracker were defaced, with threads created claiming that the fundraiser was fake and torrents renamed to offer a warning.

Many users reported not being able to access the site over the weekend by now things appear to be getting back to normal.

“The MPAA has never since the day we opened our doors been a threat to us for many reasons we will not get into. We know the wankers that attacked us are nothing but brats and no matter what they do we will always come back stronger,” the site’s operators said in a statement.

“Starting in January 2013 we will be under taking some major upgrades to the site adding features and tweaking others. We will also stop using bitsoup.org as our domain in the new year to make it harder for any goverment in USA to take our domain. Our new domain will be bitsoup.me.”

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

This morning many people will be celebrating as reports circulate that in the last few hours Comcast has been the subject of a hacking which defaced its homepage (mirror here).

The hackers appear to have changed the Comcast DNS/WHOIS records which were pointing at a non-Comcast address. Although back to normal now, for a while the records displayed this data:

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 28-May-2008 23:48:08 EDT.

Domain servers in listed order:

NS21.WORLDNIC.COM 205.178.190.11
NS22.WORLDNIC.COM 205.178.144.11

A Comcast employee said: “The servers are fine and are reachable if the DNS server you are using is pointing to the correct place. As far as we can tell, the hack was a one shot deal, not an ongoing event.”

There are reports that concerned users telephoning to inform Comcast were summarily disconnected, with a level of panic centered round the security of the Comcast email system with reports that the hackers were picking off Comcast user’s usernames and passwords. As yet, this is unconfirmed.

Others claim they were treated politely by Comcast and told to use a temporary site in the meantime, located at http://beta.comcast.net/a/. The Comcast forums also went down and then started diverting to http://www6.comcast.net/a/.

There are rumors circulating that the group responsible for the hack previously targeted Justin Timberlake and Hilary Duff.

More on this story as we get it.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The backup -seeded from a Harvard IP address (and others)- carries many files, passwords and what appears to be a full directory structure for the site. Three other major database files are mentioned specifically, details as follows:

1. joomla.sql – claims to be the database for the Harvard site

2. contacts.sql – claims to be a database of contacts

3. hgs.sql – stated as ‘other minor thing’

The .NFO file included with the release says in broken English: “Maybe you don’t like it but this is to demonstrate that persons like tgatton(admin of the server) in they don’t know how to secure a website.”

A file included with the release labeled password.txt carries a message:

Thomas gatton….stupid people, you don’t use a secure password

username: Password:

tgatton *removed by TF*

jmartinez *removed by TF*

This appears to be a reference to Thomas Gatton, Systems Administrator and User Support Specialist at Harvard.

This is not the first time Harvard has been hacked. In 2005, a man using the name ‘Brookbond’ helped applicants to several universities get access to admissions records on their websites, an action described by the school as a “serious breach of trust”.

These files certainly appear to be ‘the real deal’. More on this breaking news story as we get it.

Update: The website in question seems to be down now. They are most likely trying to fix the security breach.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.