The Mysterious And Scary BitTorrent Monitoring Site

enigmax
April 27, 2010
323
Meningrey
Print

A worrying site which claims to allow users to search BitTorrent networks for IP addresses being used to share torrents has appeared in recent days. The site, which has a very paranoid feel, also contains numerous security-related documents from ISPs and other sources. An apparently related video being mailed to studios is even more creepy. But is all as it seems?

MIG While many BitTorrent users operate their clients without a second thought, many are well aware that everything they can do has the potential to be monitored by someone, somewhere. The data available in BitTorrent swarms is necessarily public – if it wasn’t, no-one would be able to share anything with anyone.

The open nature of this amazing file-sharing system certainly has its benefits, but for many its greatest strength is also its greatest weakness. Organizations like the IFPI, RIAA, MPAA and others have spent a great deal of money over the years monitoring BitTorrent and other file-sharing networks. But what if that same feature was available to anyone right now via any browser?

That appears to be one of the functions behind a new and slightly unsettling website. After clicking past the title page, one is confronted by a message about the user’s IP address and location which is derived from a standard traceroute (we used a commercially available VPN for tests) but it is the note at the bottom that provokes the most interest.

View report

“View Complete Report” ? – Here goes….

Recorded BitTorrent downloads

Gulp. Apparently this interface provides the ability to monitor BitTorrent swarms (we don’t know and couldn’t find out which ones) for the IP addresses on the subnet of the accessing user’s IP address and show torrents that have been shared at some point.

After jumping onto a few legal torrents tracked by public trackers, we used the interface to try and find our test IP address in the reports but failed to locate it. There could conceivably be some sort of time delay but we were simply unable to confirm the exact mechanism of operation or, indeed, if the results are ‘real’ at all.

However, if the results are real (and they do look very convincing), then there is an even more worrying feature. Not only is it possible to search for torrents being shared on the user’s IP address, but also any IP address of the user’s choosing by simply reforming the end of the tracking URL to include /?host=X.X.X.X.

But it doesn’t stop there. At the bottom of one the pages is a link for the ‘Auditor Console’…

Auditor Console

This CLI-type affair accepts a few common commands. Typing ‘ls’ brings up a list of available directories, while the ‘cd [directory name here]‘ command allows access to them.

One of the folders provides monitoring of a few select IRC channels while others appear to be non-functioning. Others contain lots of documents about monitoring and surveillance including wire-tapping requests for certain ISPs.

Having looked around this site and done quite a bit of research trying to find out who is behind it, TorrentFreak found some rather interesting links back to several individuals which leads us to go “Hmmmmm……”. We won’t reveal them here right now, but instead show you this very creepy video we found while digging around.

But enough of the chit-chat, you should try this for yourselves. We’d also like to see if you find what we found (hint: it’s not as scary at it looks). Have fun, and feel free to email us at tips@torrentfreak.com with anything interesting you may find, or go ahead and write about your discoveries in the comments.

Previous Post | Next Post

Follow @torrentfreak

God

I am first and i will try that out.
Robert

I haven’t really checked the site, but does the “Remote console” look like it’s powered by the same fakey CLI used for the XKCD April Fools prank?
Anonymous

The triangle symbol used by this company looks at bit like the all seeing eye…
Anonymous

heh, their whois seems to struggle in finding the location of my VPN
Anonymous

It didn’t find anything from my computer (though it did find a single torrent on the same subnet). I use private trackers so apparently it’s public swarms only.
111

that video is giving me a nightmares, plz tell me this is a joke
Kmaid

Painfully i can see how this could be technically possible.

Wireless networks are not secure in any way. HTTPS and VPNs are nothing but obstacles offering no real protection.

As a computer enthusiast its quite scary and makes me question my reliance and trust in them.
William Kent

excellent video, torrentsqirm.

: )
111

following hosts in your subnetwork (ip range 76.31.128.*)
exchanged data payloads using bittorrent protocol:

internet ID payload meta last seen
76.31.128.13 Clash Of The Titans 2010 TS http://www.IWANNADOWNLOAD.com 1272294458
76.31.128.13 The Crazies (2010) R5 DVDRip XviD-MAXSPEED 1272290771
76.31.128.213 Just.Cause.2.RELOADED 1272171116
76.31.128.76 Avatar[2009]DvDrip[Eng]-FXG 1271901535
76.31.128.77 Alice In Wonderland 2010 TS XViD – IMAGiNE 1271978096
76.31.128.77 The Bounty Hunter.2010.R5.LiNE.Xvid {1337x}-Noir

umm this is just made up data ?
i never watched alice in wonderland
wtf is this looks like a parody/joke site
MagicMike

This is a known fact and actualy very easy to accomplish.
Technically its nothing more than a modified webseed writen in php.
No rocket science!
Bahbel

Aahhaah

Check out localhost xD

http://meningrey.net/bt_watch/?host=127.0.0.1 :D
aliz

Terminal commands: http://meningrey.net///home/mig/cli/mig_cli.js

with an interesting link to http://github.com/chromakode/migfools in the license.txt section.
Anonymous

@9
It does say *subnetwork*, so unless you have your own block of IPs, its not impossible that others on that subnetwork have downloaded them.
Of course, that’s if these are even real
Chris

I tried it and the bit torrent activity was all wrong… plus it didn’t find my country… all the other numbers I don’t know what they r, so cannot verify any of it…
Zlo

does work actually… didn’t find anything I’ve downloaded, cause I never use public trackers. but i’ve tried it on a couple of my friends and it found stuff they’ve downloaded.
Anonymous

These aren’t real. At all. I’m currently seeding hundreds of torrents, none of which are South Park episodes. And yet, that’s exactly what this website reports me as sharing.

I knew this was fake as soon as I saw the regularity in capitalization and episode-naming in the screenshot. No public tracker I know of is that organized. :)

Stop the fear-mongering, TorrentFreak.
111

@13 dunno everyone on the list seemed jus fakeish – dunno who in this neighborhood would dl that stuff plus it lists the wrong city too , dunno jus seems made up to me, a random list put there,
anan

This is fake.
Bahbel

Might want to check 192.168.1.1 too!

REturning all network activyt there! :P
B

Information I’ve got shows that it’s a server in NL a shared server with over 10 other websites being hosted on the same server. This has to be a joke but the scary part is how real it could be.
pagon

I clicked on authenticate twice and it gave me the file directories. Anyone else find this too? A lot of the files are forbidden, but some of them are open to view.
2

lol this cant be real

http://meningrey.net/bt_watch/?host=192.168.1.1

also

“observation of the collected evidence by civilian personnel is highly inadvisable”

y would something say that but have no login …fake but interesting
1

is anyone gettin the DVD avatar on alot of ip s , i tink its fake , jus lists avatar dvd alot everywhere, like they know the most dled torrent should jus be there on everyones
wanker

“observation of the collected evidence by civilian personnel is highly inadvisable”
Lol, I wonder why? ;D

Not found any bittorrent traffic from my ip, wierd since I have shared Zeitgeist movies and Ubuntu images for over year by now.
123342

this just mite be a “non working” prototype to show ISPs the “concept” so they can ship this software/site to many companies ard the world so they can monitior there workers/students at anytime.
@@@@
Anonymous

http://meningrey.net/bt_watch/?host=127.0.0.1
LAWL

anyways, when i used my real IP it did show ONE torrent that ive been seeding for 10 days. which is strange since i have over 600 active torrents. you think they would see at least another one.
madtown

I would suggest staying off of iwannadownload.com at any rate. :)
123342

127.0.0.1 New.Moon.DVDRip.XviD-NeDiVx

now i know this fake
inviteforumfag

it’s fake
mnml

It’s not fake, it displays the torrents I’m downloading at the moment…
wtf

that’s not my localhost and not even one of the torrents that I downloaded is there most are just avatar I didn’t even downloaded that.
its a fake

I download a shitload of stuff and ran my ip and it doesnt show anything and then I looked at the subnet and it lists 3 torrents none of which are anything I have gotten. I use TPB mostly.
regular joe

@7 (Kmaid)

“Wireless networks are not secure in any way. HTTPS and VPNs are nothing but obstacles offering no real protection.”

Your full of it, TLS (HTTPS) offers sufficient protection if you can trust your Certificate Authority (if not, sign your own and gate your users to whitelist it) and PPTP (VPN) is definitely sufficient to prevent mass monitoring (at the ISP/country level) due to the resources you would need (hint: too many).

It sounds like your full of it to me, but you know enough to make yourself sound scary.

even assuming every security measure has a counter measure bittorent users making use of VPN’s would still be ‘safe’ as its the _LAW_ (of other countries) thats protecting them
dffff

it shows AVATAR alot on alot of pc’s it jus displays random most used torrents ,dont tink this is real , some people tink its working , thats cuz the mostly used random torrent names jus concidently matches wat ur dling rite now ,

the names i gettin from any ip i type is jus showing the biggest name torrents american idol , big name movies, and big name release groups

seems fake
BinaryNewsHowTo

Just another reason to use newsgroups with SSL. Faster than bit torrent and no prying eyes. Learn how to download from newsgroups at http://binarynewshowto.com
omg

@34 agreeed most that’s come out on the report are just the most downloaded stuff on the internet. I’m seeding 50 torrents right now all are anime not even one of them showed up on the report and my recently downloaded stronghold crusader also didn’t showed up.
ben

Hahaha, oh wow. I didn’t know April 1st has been moved back by four weeks this year.
crap

1)change ur IP(reconnect router) and
2)try same after deleting cookies
…it shows a different set of torrents for the SAME SUBNET.

…i.e. the torrents names are randomly generated whenever somebody goes to their site.

i.e. this is april fool
Brian

Typing in “fuck” in the command window opens up http://www.riaa.com/physicalpiracy.php?content_selector=piracy_online_the_law in a frame
Lt.Fury

I have never downloaded the “Back-Up” but apparently I have only downloaded that movie…twice…nothing else.
mrpants

Its BS, shows only 2 torrents I have never downloaded, and Im seeding a hundred.
Lt.Fury

*PLAN
DEADKEYWAT

I’m seeding around 700 torrents and nothing showed up :)
Kickban

http://meningrey.net/bt_watch/?host=0.0.0.0

Now that’s a proof it’s a fake :) Or someone stole the 0.0.0.* block ^^
Fake Obviously!

I agree with MRPants…..it showed I downloaded Fringe and LOST , neither of which I’d EVER downloaded in my entire downloading carreer
Kmaid

@33

My apologies i have been rereading on man in the middle attacks. Perhaps i misrepresented. I just don’t see when you can see both parties of the authentication why it would be difficult. I would edit the comment if i could.
Kickban

and just for more fun.

http://meningrey.net/bt_watch/?host=255.255.255.255
Paul in SF

I love the video. Those 2 guys remind me so much of the 2 brothers in “Breaking Bad”.
acslaw are scum

It’s fake people.
Dream1025

This has a particular ARG feel to me. I’ve been playing around with the console and going through their files some of the information is kind of weird. I researched a phone number which seems to be real and some of the documents seem to have some really personal information of the people they are talking about, if it’s real information. I am not really sure how to check it but the site has my attention for now.
Mike Cane

I echo comment 14. The identifying info for me was all wrong, including city and state. And I am not masking my info (I am also using my real name here in this Comment). In addition, it listed torrents for the “other” (not my) ID. And for the record, I have not used a torrent in months, so even if this worked, if it could ID me specifically, it could not have shown anything because there was nothing to show.
Zlo

i have tried the same IP on two different PC. it has shown me the same list of torrents.
Gh.((@76

Bwahahahaha, funny site, funny article!

Don’t be scared folks, they aren’t to get you :p
greengiant

Obviously a fake. You might want to try the Konami code on that terminal 4 times.
Nils

remote@mig:/$ whoami
You are an officer of the Men In Grey.
Tetrahexahedron

Sites gone down. Has someone possibly hit it with a DDOS?
TT

hmm….right after I went to the site, my firewall warned me of NMap Null Scan and NMap Xmas scan from 60.223.250.23. That ip is from china. /shrugs
oops

http://www.meningrey.net///home/officer156/

is a file that has:

cRyhfsEwr5332Fxx

ideas?
FalleStar

Talk about poor security, I accidently got to their Linux root directory when an error popped up from going to %5C

http://img121.imageshack.us/img121/3918/meningreydirectorytrave.png
Ginge

Try logging on as a user… The site crashed for me and I got access to the root…
Anonymous

This is a “serious joke”. It is made up by some apparently Hamburg, Germany based organization which wants to scare you about to think about how much information you are revealing / could be revealed. A police network / tool would never be this easy to access naturally.
Aman

Crap!! It is FAKE

Seeding about 100s but nothing showed up

Check out Intranet IPs

http://meningrey.net/bt_watch/?host=127.0.0.1

http://meningrey.net/bt_watch/?host=192.168.1.2
(My Router’s Configuration Server)

http://meningrey.net/bt_watch/?host=192.168.1.1

They are just showing torrents to everyone that are popular these days
oops

Cute script:

http://www.meningrey.net///home/mig/cli/mig_cli.js
Anonymous

http://meningrey.net/bt_watch/?host=192.168.1.0

You thought 127.0.0.1 was funny?
Anonymous

and this…

http://meningrey.net/bt_watch/?host=0.0.0.0
Kickban

in the /tmp directory, there is a copy of 56 pages of the ACTA treaty from Jan. 2010. There are also pictures of a group of singers in (military?) grey uniforms.

I guess this is the final point of the website. It is setup as a data searching engine for law enforcement and use a scary logo (the all-seeing-eye). Obviously, it is a mock-up website, as the engine find downloads on ip ranges as 0.0.0.* and 255.255.255.*.
It is setup to inform people of what would happen if ACTA is signed, as you have to go trought a lot of hops to find the agrement along with pictures of the people who made the website (the men in grey).

Cheers
oops-anon

terminal crashes on a lot of commands:

next
random
previous
first
last

Try these:
look
go
light
sleep
Kickban

@65, try
look
go west
go east
light lamp
go south

This really remind me of the false terminal in XKCD.
Sean

I had a look and it said this:

Battlefield.Bad.Company.2-

But i have never used this software or have i ever downloaded it!
i,m just a film guy not a game player
Anonymous

It is most obviously a copy of the XKCD terminal. Not very original.
Anonymous

That website is obviously fake.

Although that video was clearly fake too, what those two guys were doing – intercepting data passing through a network – is very easy to accomplish (though I imagine those briefcases would have been a pain to make).

Theres plenty of freely available software that can record any data passing through a network, provided it has access to said network. As the networks used in the video were presumably all open wifi, all they’d need to do, in theory, is simply connect to the wifi themselves, and run the software.

To do the things in the video (identify chat messages from specifc people and print them in order, redirect packets to a different ip, etc), they’d need something more advanced, and have someone actively manipulating the results, but it is perfectly possible.
joe

yeah, obviously fake. but i’m still interested to see what it’s all about. must be advertising for something….
Anonymous

Try typing f*ck in to the console with out the asterisk.
Daffy Duck

I got eaten by a grue. :(

Exits: north, south

You are eaten by a grue.

You’re dead!
remote@mig:/$
Matheus Svensson

The site is a computer ‘art installation’ by Danja Vasiliev.

I’m going with the most obvious here and assume that I’ve not been the victim of a sophisticated double bluff.

Although Russian, Vasiliev lives and works within the European Union. Because of this, his Men In Grey website needs to state prominently that it is a work of art, to comply with EU data and privacy directives.
Kickban

Rahhh, some of my comments are not appearing for whatever reason. Just going to summaries it here.

On the website, it is possible to find pictures of a vocal band called The Grey Men. The pictures are taken directly from their facebook page.

Along with the picture, there is a copy of ACTA.

So I guess the goal of the website is double. First it is a security awareness mock up of what could happen if ACTA was signed, and also, it is a self promotion for the band.
Kickban

Sorry, my previous comment should read ‘The Men In Grey’, not the ‘Grey Men’ (The name of the band).
politux

It is funny how everyone who mentions numbers in these comments claims to be seeding hundreds of torrents. If I were the MPAA I’d start a torrent blog and wait for people to brag. ;)
Mr.Afghanistan

it’s F**ked up site.
any ip you enter will say is a p2p user :P
Roastedpot

apparently i download Gorillaz albums :-(
ANDY

IMPORTANT***

the people who say the site is showing stuff they never downloaded,

THAT IS THE POINT

the site is set up to show what would happen if ACTA is signed,

THEY MAKES MISTAKES

so practically you could be prosecuted for something u diddnt do, i think thats their point
silversurfer

Registrant:
Direct Privacy ID 36D03
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Domain Name: MENINGREY.NET

Administrative Contact:
Direct Privacy ID 36D03, Direct Privacy LTD
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Technical Contact:
Direct Privacy ID 36D03, Direct Privacy LTD
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Record last updated 11-19-2009 11:36:19 AM
Record expires on 11-19-2010
Record created on 11-19-2009

Domain servers in listed order:
NS0.DIRECTNIC.COM 74.117.217.20
NS1.DIRECTNIC.COM 74.117.222.20
Barry

Clearly a pet shop boys lover.

Type “go west” into the CLI
BlanK

It’s pretty fail, can’t even get my web browser right.
lol

it seems that everyone on my sub domain is downloading sherlock holmes dvdrip
Anonymous

@73 Also what I found. If under the flag of some art group, it might even be a project (indirectly) subsidized by Dutch government and/or could conveivably end up in a TEDx thing.
anon

some kind of viral adversing?
Security

Brilliant work. Very creative. :)
Matheus Svensson

@74 Apr 27, 2010 at 18:23 by Kickban:

I know the feeling. I’ve even had a moan about it myself in these comments. However, more recently, I’ve found that all my comments have turned up… eventually. Sometimes, it’s been a long time after I’ve submitting them.

Ernesto, enigmax or someone else must be going through TorrentFreak’s spam-trap folder and pulling out all the genuine comments.

That’s no small feet. TorrentFreak allows comments from all-comers. There’s no CAPTCHA that prevents automated submissions, and there appears to be no IP address blacklist. This site could easily attract hundreds, if not thousands, of spam comments each and every day.
john

Look at the sites hosted on the same server with mig. It’s just a prank from moddr_. Some psychedelic shit.
http://www.bing.com/search?q=ip:89.207.128.8&first=1&FORM=PERE
JustMe

The site is no longer claiming I have bit torrent activity on my network and the host isn’t working either..anyone else have this?
xBert

Looking at the javascript on the homapage for the login box.

Username:officer
Password:DENIED
CapnS

Use: officer156
Pass: cRyhfsEwr5332Fxx

Doesn’t allow you to access much but you can still navigate through their linux root folders…
Kickban

@89
you can also just go to
http://www.meningrey.net/success.htm

It is a forward to some random RFCs hosted on the file system.
krackers

the sys folders dont look legit, some of them i suspect are html spoofs, as they have redirections code that keeps sending me from directory -> text file to text file.
Ninja

I can see MAFIAA clowns using that as evidence… LOL

It’s totally fake.
Kickban

@92

The whole file system doesn’t look legit. Just check the /bin directory. There isn’t enough files there. The whole file system is just a spoof, but I think you should check the /tmp directory ;)
cx

It does accurately show one film out of the dozen or so I downloaded last month and then … American Idol.

I think I’m more upset about being linked with downloading that than the movie it actually had correct.
djnforce9

What would be an even bigger joke is if the music or movie industry officials tried to use the data on that site as evidence.
B3ar

now the idea of such a site exists it might not take long before a real version of this site appears
krackers

Can somebody read the Exif from the jpegs in the temp folder.

Could alude to something.
133t

Visitor ISP location: Country: (Unknown Country?) (XX) City: (Unknown City?) IP: xx.xx.xx.xx

am toooo 133t :P
Menthix

The has been this scam fraud going around pretending to be an official organization who caught you in the act of illegal filesharing, asking you to pay money for a settlement or threatening to take you to court. Perhaps this site is connected to one of those things?

Or it is just created be someone/people wanting to create public awareness on what technically is possible.

Either way the results are pretty bogus, just try reserved and local IP blocks.
Anonymous

remote@mig:/$ who

This is not IRC. Persist with your task Officer.

That one just makes me laugh!
Raven

Lmfao
That site is a complete joke.
It showed my info as sharing the following movie. Which is a complete joke. I saw it in the theatre and wouldnt waste my money on it if I knew how horrid it was going to be to begin with, nor would I waste .01k of bandwidth on it let alone want to watch it another time even for free.

xxx.xxx.xxx.xxx Shutter Island (2010) R5 DVDRip XviD-MAXSPEED 1272139156
Surys

BOGON addresses cannot be sharing anything, it’s literally impossible as they are reserved IP spaces.

Yet with this fake app, BOGON ranges are sharing Avatar, American Idol, etc.

Whatever the purpose of this is, it’s returning a ridiculous amount of false positives on impossible IP addresses…. what a crock!! LOL :D
Whatever

@passwords and root folders & commands.

There is NO CLI, folders or commands. It’s fake like the popup virus scanners showing your C: drive. It is just some script/code to make it look like a filesystem. This also explains why there are so many things “forbidden”. Otherwise the creator would need to make content for every little detail and possibility. It would also be the first time i heard of a unix/linux cli just popup in a web browser (disclaimer: technically anything is possible but i assume things like telnet, putty, smtp, http and so on are still used)

-conspiracymode on-
However it might be collecting IP adresses from curious TF readers who are worried getting caught.
-cospiracy mode off-

Let’s reset TF now: sys 64738
Cujo

total records: 5956511

busy vpn lol
Anonymous

It is fake.

I went there without vpn or onion router or any other trick that I know to hide my IP and still he got my IP and my city wrong.

Something got blocked by my security software though.
anon

Registrant:
Direct Privacy ID 36D03
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Domain Name: MENINGREY.NET

Administrative Contact:
Direct Privacy ID 36D03, Direct Privacy LTD meningrey.net@directnicprivacy.com
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Domain servers in listed order:
NS0.DIRECTNIC.COM 74.117.217.20
NS1.DIRECTNIC.COM 74.117.222.20
Anonymous

Oh! and I forgot!

It says that BT activity was detected while no BT activity was actually going on within my home network.
prawncommander

reminiscent of eon8 back in 2007-ish

Nice to see the hidden commands, some what a homage to the classic zork’s adventure CLI dungeon.
Anonymous

This is fake. All the information display is hard-coded into a plain HTML.

May be this is a way to say that anyone can present any “forensic BS evidence on internet.

This of course has been done a lot by the RIAA and the MPAA pack of liars.
Anonymous

a shortcut to the CLI is the classic konami code.

Also from a bit of probing through the docs, authorization
User: officer156
password: cRyhfsEwr5332Fxx
L

What hasn’t been mentioned in the comments yet (to my knowledge) is that all of the files that show up here are only movies; So best to keep that in mind when figuring who’s at this.

I never download any movies (I stream them) and the information that shows up here when it “scans” my system is totally false, certain movies listed are so bad I wouldn’t go near them.

For some people it’s false, for others it’s true? Lets figure this out already.
noob

can somebody help me find the 15 episodes of “Lost” that this site says I downladed?
L

I take that back! ^^^ I just connected to my VPN and tried and I see some albums (only famous ones like Lady Gaga crap); and some high traffic video games – It’s mostly movies though.

Weird
Unauthorized Content Consumer

I guess I better delete all of my content and torrents and start buying Cds and DVDs….pronto!!!! xD
ZIOS

fake. i went in the tmp and it was full of pictures of antennas and circuitry diagrams. cd to monitor closes the terminal and puts up some thing about internet relay surveillance that looks like bs.

in the torrents list a bunch of stuff ive never even heard of or care about like for one i would not be caught dead downloading vampire diaries :/ *pukes on the floor*

but i will take your cool logo as my own thanks bye
Anonymous

Yeah, this can’t be right. It claims I’m seeding AMIABLE’s x264 release of Avatar. I’ve never seen Avatar, or thought about downloading Avatar, so I guess they’re wrong.
Anonymous

never mind this crap … demonoid is down .. crap
http://downforeveryoneorjustme.com/demonoid.com
lol

@Enigmax
Have you also tried with your bittorrent client with forced encryption with no exceptions?
roeles

And the real wtf is:
torrentfreak is more or less monitoring bittorrent like this… but for real.
TinLizzy

The site only displays 1 torrent: Avatar DVDRip which I never downloaded. The loads of other stuff, however, that I DID download is not listed, even though some of it was from public sites….

:D
Surys

@All

The site claims it’s a Fedora box.

But SSH says it’s Linux Kernel 2.6 on Ubuntu Linux 8.04.

Any explanation for that? ;)
an0nym0us

“look
go west
go east
light lamp
go south”

Colossal Cave FTW!

Nice little site.

But it’s all too possible to do for real, even the briefcases bit.

I suspect that the MAFIAA already have similar private applications (to the one on the site, not the video) for monitoring and keeping records of BT traffic. The briefcases are far more advanced, but certainly not beyond readily-available technology.
jumping ship

Interesting stuff

Worst case is that this is a prototype; a proof of concept (though nothing has been proven)

Some hillbilly content provider might look at it and say; right here’s x dollars, go forth and build that for me.

Either way, I’m going VPN if and/or when I receive my first letter.
Surys

@All

And the /www folder on the real file system should contain an entry for k0a1a.net’s site, yet that’s missing.

Cute, weird, mysterious, inaccurate but also lacking in credibility for a multitude of reasons.

Pretty funny really. ;)
iT’S YOU

It told me I downloaded Lost (I have never seen that show), Battlefield Bad Company (my computer is a Pentium IV 1.6 with 512Mb RAm…) and Avatar (I already have Pocahontas on DVD, why would I download Avatar?)

This page is total B.S.

I just hope there were no viruses (viri?) attached.
Surys

“But it’s all too possible to do for real, even the briefcases bit.”

For a start the CLI mentions 802.11, so we’re talking wireless here. The contents of your desktop, unless you are running VNC server, etc. are not even trasmitted via this and so hacking wireless would not yield results such as that.

This is utter nonsense, but technology is a complex thing, I’d call people naive but simply they don’t have the full knowledge to see how obviously fake this is.
an0nym0us

Did everyone miss this?

“75 Apr 27, 2010 at 18:23 by Matheus Svensson

The site is a computer ‘art installation’ by Danja Vasiliev.”

You can take your tinfoil hats off now.
PirateAnon

http://k0a1a.net/rebuntu/ was funny actually
jumping ship

course it’s fake.. but it raises interesting questions nonetheless.
KBKarma

It got my country right, and then went and got the wrong IP. And lists stuff no-one in my house watches, as well as stuff that they stream rather than bittorrent.

Fake. Possibly an ARG, or, as someone mentioned, an art thingy.
an0nym0us

129 has obviously never heard of MITM attacks and silent drive-by malware installations. It is completely possible with existing technology. Not easy perhaps, but I’m sure that there are some organisations that can manage it.

Obviously that site is a fake, but it is perhaps a glimpse of what’s to come.
blast.k0a1a.net

@75 is right http://www.http.uk.net/residencies/danja.shtml scroll to the bottom and see the logo
SableSlayer

The data is fake.
Ummm…

Pass for video?
SableSlayer

Network Working Group Edwin W. Meyer, Jr.
Request for Comments #82 MIT Project MAC
Network Information Center #5619 December9, 1970
-
:P
AnalyzeThis

When analyzing the Logo, it is obvious that it has no symmetry. Some of the elements (The Eye) have not been centered correctly. If this was/is real, it has been made by someone with basic illustrator skills, not by a professional graphics/logo designer. Also the title “meningray” seems to be too amateurish.

Also another company that pops up when searching for M.I.G, is a marketing company.

The movie on the site looks more like a typical commercial, so it is possibly an attempt to try and scare off bittorrent users.
concerned

unfortunately it seems quite real. it obviously doesn’t show everything but you have to make sure you are only looking at the ip address that belongs to you not the entire subnet. i only had one thing out of like 20 i was getting but what it showed was accurate. i’m guessing it has a way to monitor certain trackers because that file was the only one that was on the common list of trackers all the rest of mine were dht and none of them showed up.
rantingme

If its real then im very proud of my fellow comhem users in Sweden who must also be using VPNs because it only lists 6 torrents within the subnetwork, common sense would say this can not be true for any subnetwork block in Sweden.
Kickban

@140

The site is fake. Try to get the downloads for ips such as 0.0.0.0 or 255.255.255.255. Or you can also read the 100+ comments before yours with proof it is a fake.
Read before posting.
CONSERNED

THIS IS REAL SITE PEOPLE!1!111

YOU SHOULD BE VERY WORRIED ABOUT THIS. IT SHOWS YOUR PERSONAL TORRENT TRAFFIC, SEEMS ACCURATE AND SENDS LOGS TO SEVERAL SERVERS(RIIA,MPAA,FBI!!1)
DO NOT USE THIS SITE AND CHANGE YOUR IPS IMMEDIATELY!!
J

LOL!

It says I downloaded Lady Gaga…

No doubt it’s a fake. :D
Anonymous

What’s the password for the video?
root

when i connect to server with pitty i enter root as user nage and get this:
login as: root
_ _ _ _
(_) | |__ | | __ _ ___| |_ _ _ ___ _ _
| | | ‘_ | |/ _` / __| __| | | | |/ _ | | | |
| | | |_) | | (_| __ |_ | |_| | (_) | |_| |
|_| |_.__/|_| __,_|___/ __| __, | ___/ __,_|
blast.k0a1a.net |___/

root@blast.k0a1a.net‘s password:
Me

I just found this one:

http://www.meningrey.net///home/mig/video/
Anti-MafiAA

I gotta say they got a sense of humour.

TerminalShell.fallback = function(terminal, cmd) {
oneliners = {
‘pwd’: ‘/root/watchtower/audits/civ/pending/by_addr/’,
‘lpr’: ‘The buffer has been printed.\nRetrieve on return to your bureau of service.’,
‘date’: ‘April 7, 1969′,
‘hello’: ‘This is not Internet Relay Chat.\nPersist with your task Officer.’,
‘who’: ‘This is not IRC. Persist with your task Officer.’,
‘su’: ‘Remote privilege elevation is denied.’,
‘whoami’: ‘You are an officer of the Men In Grey.’,
‘hi’:'Hi.’,
‘bash’: ‘\n’,
‘ssh’: ‘sshh’,
‘uname’: ’2.7.42-1-686-bigmem’,
‘finger’: ‘Fingers are for typing commands.\nPersist with your task Officer.’,
‘kill’: ‘Remote termination of processes is denied.’,
‘ed’: ‘You are not a diety.’
};
oneliners['emacs'] = ‘I think you mean vim.’;
oneliners['vi'] = oneliners['vim'] = ‘Use of text editors by remote agents is prohibited.\n Lookup and auditing only.’;
Anti-MafiAA

TerminalShell.commands['man'] = function(terminal, what) {
pages = {
‘last’: ‘Man, last night was AWESOME.’,
‘help’: ‘Man, help me out here.’,
‘next’: ‘Request confirmed; you will be reincarnated as a man next.’,
‘cat’: ‘You are now riding a half-man half-cat.’
};
if (!oneLiner(terminal, what, pages)) {
terminal.print(‘Oh, I\’m sure you can figure it out.’);
}

lol :)
Anti-MafiAA

TerminalShell.commands['locate'] = function(terminal, what) {
keywords = {
‘ninja’: ‘Ninja can not be found!’,
‘keys’: ‘Have you checked your coat pocket?’,
‘joke’: ‘Joke found on user.’,
‘problem’: ‘Problem exists between keyboard and chair.’,
‘raptor’: ‘BEHIND YOU!!!’
};
if (!oneLiner(terminal, what, keywords)) {
terminal.print(‘Locate what?’);
}
};
concerned

it only shows one thing for my ip address, multiple for the subnet but what it shows for me is very specific and very true, it is what i am getting. i don’t care what idiots posted before me this actually shows what i am downloading.
concerned also

I just had a look for a laugh. It got me bang on (and torrents also).
I’m guessing its using the info BT clients upload to the trackers (dunno which, but the torrents I was downloading were tracked by opentorrent and piratebay). This also explains loads of 127.0.0.1 entries.
I’ve changed my IP
April in Paris

April 27th is the new April 1st
JoeSchmoe

The FBI has been logging all ip addresses of pirates and will eventually track everyone down. The laws will soon change with the ability to go after pirates retroactively according to the FBI database. Pirates will be finished soon.
Surys

@134… Of course I’ve heard of MITM (man in the middle attacks) but that still wouldn’t result in the suitcase scenario as shown in the video. Any malware doing this would need to be able to act like VPN/Remote Desktop software.

The victims would still need to be infected too and to do so they would need to visit an infected site.

I have personal experience of diagnosing and removing drive-by malware where a web developer got infected and their local HTML/PHP/etc pages had hidden IFRAMEs inserted into them pointing to another site that was hosting the payload… so when they uploaded pages, people visiting them would potentially get infected too.

Anyway, thanks for the laugh…. but the case is solved. :)
Careful!

@121: “Have you also tried with your bittorrent client with forced encryption with no exceptions?”

Protocol encryption does NOT hide your IP address, it just makes it a little harder for your ISP to tell that you’re using BT. Your IP address, and what you’re downloading, are still FULLY VISIBLE to anyone you’re connected to.
Eh?

Learn about dynamic IP addresses, people. No mention of that in the last 154 comments.
saffronr

another vote for fake
Apparently I’m sharing 5 files and two of them are exactly the same (last week’s episode of lost). I’m also apparently sharing The Back-Up Plan – ha, like I’d waste bandwidth on something like that. None of the 5 were correct.
just a dude

Well here is some info for you to ponder…

Source:
http://cqcounter.com/whois/domain/meningrey.net.html
======================

MENINGREY.NET – Domain Informationnew
Domain MENINGREY.NET [ Site Info Traceroute RBL/DNSBL lookup ]
Registrar DIRECTNIC, LTD
Registrar URL http://www.directnic.com
Whois server whois.directnic.com
Created 19-Nov-2009
Updated 22-Apr-2010
Expires 19-Nov-2010
Time Left 205 days 3 hours 35 minutes
Status clientDeleteProhibited clientTransferProhibited clientUpdateProhibited
DNS servers NS0.DIRECTNIC.COM 69.46.233.245
NS1.DIRECTNIC.COM 69.46.234.245
MENINGREY.NET – Geo Information
IP Address 89.207.128.8
Host meningrey.net
Location NL NL, Netherlands
City Rotterdam, 11 -
Organization REDUNIX Colocated Servers
ISP Panther IT Services
AS Number AS43560 Panther IT Services
Latitude 51°91’67″ North
Longitude 4°50’00″ East
Distance 1742.89 km (1082.98 miles)
Eh?

And the site does seem fake. And is it me or is that video there password protected?
yoshi

internet ID payload meta last seen
none detection failed n/a

Well looks like they cant get any data from me…presuming this is even real lol. seeding a lot too. I call bullshit on this one. Additionally, it’s a pretty illegal and intrusive method of hypothetically gathering data for potential law enforcement intervention.
Anonymous
wergwefsadfc

*sigh*

dadamachinima.net(primary)
k0a1a.net(primary)
lowstandart.net(primary)
moddr.net(primary)
suicidemachine.org(primary)
yugo.at(primary)

that is all
Just no.

It’s fake. Right now it has my IP listed for 2 movies that I have never watched or even care about. (The Men Who Stare at Goats and Alice in Wonderland). Since I’m the only one who uses the connection, I don’t think I’d of wasted bandwidth on shitty movies.

It serves as a good example of how things can be though.
lol

@156
“Protocol encryption does NOT hide your IP address, it just makes it a little harder for your ISP to tell that you’re using BT. Your IP address, and what you’re downloading, are still FULLY VISIBLE to anyone you’re connected to.”

Yes, but your ISP can’t see what you’re downloading when using protocol encryption, so wether or not the site shows what your downloading gives insight to what techniques they may use.
PeeOnMii

Didn’t find anything on me. I have downloaded C.a 10 TERRA-BYTE of data.
So this is just fake, and to scare you as much as possible.
Chrono

There was shit on there I DIDN’T torrent. Plausible deniability.
Scheiss

Lol apparently it’s fake; I haven’t even touched the downloads it suggested.
Surys

So Ernesto, did you make the connection to k0a1a.net and figure it out from there like the rest of us? :D

Just wondering ;)
Unauthorized Content Consumer

I think the RIAA/MPAA closed down demonoid. I better put on my tin foil hat.
Anonymous

Total fake.
LOL-Artard

I love the passwords people been trying!
LOL:DONGS
bear:wolf
l33t:password
your mother:hubba hubba
heywood:jablowme
Jesus:zomgomg

Just to name a few!
LOL-Artard

One page had this in the html code.

“we are the direct manifestation of a citizen’s network anxiety” :)
Choms

I think is not a fake, but a ARG (Alternate Reality Game).
This remember me the argument of Junko Junsui, and “Men In Grey” sounds like “Men of taste” from junko ARG.
So lets think it’s true and it will be more funny :D
no-one

Fake!

My IP shows a whole load of crappy TV shows that i’d never watch… far less download!
ThatsGold

@166

You notice you contradicted yourself?

in the first paragraph you say protocol encryption doesn’t hide your what you’re downloading

In the second paragraph you say protocol encryption does hide what you’re downloading…
lol

@177
The first paragraph is a quote from #156..
Lovein it

I must say a nice piece “modern” art.

And I can see the crowd just loves it too :)
hey!

The password for the video is?
Cordelia

Well he’s overdoing it just a tad; but as computer art it’s pretty cool. And he thought of everything.

If you enter from a proxy host (I am paranoid and surf through proxy) then you get message:

Authentication from Country: (Unknown Country?) (XX) City: (Unknown City?) IP: 92.48.96.121 is UNAUTHORISED.
Officers authenticating from an unauthorised IP will be subject to internal
audit under Clause 6b, Section 33, H1607 Officer Protocol.

HAHAHAHA!
Haha

I think its funny that it only takes typing Admin for user and admin as password to look at their directory..
Surys

After running some tests, although much of the site IS fake or deceptive… the torrents part is NOT completely bullshit…

It appears, An IP address related to the site is occasionally connecting to tracker.openbittorrent.com, retrieving the list of IPs of sharers, but it seems restricted mainly to the more popular torrents.

This will explain why some people are shocked by the site, but because of it’s selective and occasional nature, many are seeing their torrents not appear… it just depends if meningrey.net is lucky enough to hit the tracker while you’re downloading/seeding the torrent they’re scanning (retrieving the list of IPs from the tracker) at the time.

I’m still at a loss for why BOGON/reserved ranges would show torrents though.

** IMPORTANT **

The video is nothing but meningrey.net IS monitoring traffic on SOME torrents… the good news is that it doesn’t declare that you are actually seeding/uploading… so don’t crap your pants just yet!! :D
krazed1

is a load of bs. found about 50 torrents of which none i have downloaded
bastetx

I would have to agree: someones Idea of a “Funny” Joke on looking further into the site, I would question the reality of the so called torrents myself.
NoOneInSpecial

Hehe,
really funny site.
Thx TF for sharing with us :-)
Strugart

Lost.S06E13.PROPER.720p.HDTV.X264-DIMENSION.mkv –>> wrong entry,never download this. Clearly insert wrong data (i download very few things from this ip, rest are true).
Also password protected video…pass?
lol

Looking at the IRC scripts you can tell someone was on to him that “officer104″ was publicly logging the IRC… then he gets k-lined, well look at the hostname it is “~officer104@blast.k0ala.net” :)
poiso

lawl! thru both VPN’s and 2 separate computers with diff IP addresses they got the info wrong..

Would rather shoot myself then download avatar or effing blue moon
poiso

lawl! thru both VPN’s and 2 separate computers with diff IP addresses they got the info wrong..

Would rather shoot myself then download avatar or effing new moon
Glitch Cleaning Committee

Ya know, someone should probably make a real version of a site like this anyway. Run a spider on dynamic IP, have it cycle periodically to randomise address, then offer up a public interface to the information it collects as MIG demonstrate here. Then sit back and watch the arse fall out of millions as they realise they’re listed for real, and they know it’s accessible to anyone. All very easy to do.

I reckon that should cause people to think a bit more about how safe they are using BitTorrent (and the net in general, if one were to expand the data source further). People should know that they’re often lacking in the security necessary to protect their privacy, and so ripe for exploitation.
What the what what

This can’t be real. Only two things I got where these.

internet ID payload meta last seen
71.xxx.xxx.xx Chloe.LIMITED.DVDSCR.XviD-ViDA 1272183196
71.xxx.xxx.xx Clash Of The Titans 2010 TS http://www.IWANNADOWNLOAD.com 1272248924

Never even heard of Chloe, plus I already got suckered in and lost $15 from Clash of the Titans, no way in hell I would download that shit.
KBKarma

@175

I agree with you. Not familiar with the ARG, but this smells like an ARG. Odd sense of humour, easily-locatable passwords, and now the video’s been locked up.

I think we’ve found something we weren’t supposed to. If we’re not PCs, we’re NPCs, so let’s act like it.

With any luck, a few PCs will come through and mention OoC what it is.

… Eep, my geekiness is showing. :P
YK

http://meningrey.net///home/mig/www/passwd lists all passwords that have been tried on the auth page
Kickban

The password for the video is the password of officer156.
Good luck :)
Whats the PASSWORD

Anyone? I am seeding and use piratebay but mostly private trackers It shows nothing for me
Kickban

@196
It is a fake ! Read before posting…
Anonymous

@195

That password didn’t work
Surys

@196… Unless you’re in the first 30 peers returned on a popular torrent from: http://tracker.openbittorent.com/announce …

You’re not likely to have any torrents associated with your IP address.

The “CLI”, the fake root, the fake claim of Fedora are all nonsense though.
NewEraCracker

Another fake to scare us :lol:

If it was for real, do you think it would be revealed publicly. No, it would be leaked.

rolf @ m.i.g
Windoze

Hahahahaha this is a joke!! It shows about 50 movies and I only download and SEED Microsoft stuff!!

hahahaha
LOL

that video is retarded.
thearm

If it’s a real site, it’s scary because it’s incorrect information. I entered in the IP I’ve had for over four years and movies came up I have never downloaded. So it’s BS.
JAQUEBAUER

I have been through their server and found interesting things. Many of the files are not protected, so I was able to dnload some files to analyze later.
Here is a link to pictures
http://www.meningrey.net///home/mig/images/tmp/

I got into the server quite by accident, as this error popped up:
Warning: include(.///./../…./) [function.include]: failed to open stream: Permission denied in /home/mig/www/index.php on line 2592

From there I was in.
Dan

I suspect it’s fake, I’m downloading some torrents right now, but it didn’t list any of them in my IP range. It seems convincing, but the video seems too much like an intentional mindfuck to be an actual data collection website.

PS: it says in my ip range that clash of the titans is being downloaded twice. Why doesn’t everybody know that the movie was shit?
DeathStalker

Video (at least now) requires a password.

Also, Demonoid is STILL down – how about some investigation on that?!
Techy

It’s very arthouse lol
Skatz23

This is dumb. Completely false. I happen to hate the movie Avatar but it’s all over my supposed downloads. Why would i download a movie i dont like? Stupid
Techy

I love the password list /home/mig/www/passwd. Has every attempted username/password combo that has been tried on the site.
Anonymous

“THIS IS REAL SITE PEOPLE!1!111

YOU SHOULD BE VERY WORRIED ABOUT THIS. IT SHOWS YOUR PERSONAL TORRENT TRAFFIC, SEEMS ACCURATE AND SENDS LOGS TO SEVERAL SERVERS(RIIA,MPAA,FBI!!1)
DO NOT USE THIS SITE AND CHANGE YOUR IPS IMMEDIATELY!!”

HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
breath! breath!
HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
breath! breath!
HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!

This is the evil web site from Hell!

My laptop just run away! I have to get him back! See you later!

Ha!

He is hiding under the bed!
Josh4721

definetaly fake but should I download what it says i did too keep it honest? lol
pumpkinfilms

so fake. didn’t download anything in that list.
Anonymous

well, it did find 2 things i dloaded in past few days. And One of them was not just some random popular guess. So think it does work.
just fake

The video password is cRyhfsEwr5332Fxx

The site has some rubbish, but also some unerving stuff. There’s a tiny bit of UFO, a fair bit on telecommunications, gaining access to private info, personal user data request forms for things like Yahoo, Facebook etc which are supposed only for law enforcement. The thing is made to look like a NetBSD LiveCD distro. You can even download the binaries for commands off it. You can hack the real /etc/passwd and /etc/master.passwd list. If you know how to delve deeper theres some weird shit in there
This is BS

No I am not downloading Avatar (or ever have), sorry.
dont look at me, Im not here

NNNOOOOOOOOO!!!!!!!!! MY PRECIOUS DEMONOID!!!!!!! FUCK THIS LAME SITE. GIVE US NEWS ON DEMONOID!
Doink

@ 116 Apr 27, 2010 at 20:21 by noob

“can somebody help me find the 15 episodes of “Lost” that this site says I downladed?”

We are sorry but the 15 episodes of “Lost” that you downloaded seem to be lost.
funny

look into /etc/hosts:

192.168.0.1 livecd.jibbed.org livecd

And also: master.passwd is a html file containing:

403 Forbidden

Forbidden
You don’t have permission to access /\/etc/master.passwd
on this server.

Very creative joke/hoax :))
blacklotus

this is interesting,

http://meningrey.net/bt_watch/?host=213.167.96.196

just change the host to what ever :) but if you do this address you can see what lyse tele is up to :)
Anonymous

analyzing ip: 24.18.MASKED.MASKED (log = true)
following hosts in your subnetwork (ip range 24.18.MASKED.*)
exchanged data payloads using bittorrent protocol:
internet ID payload meta last seen
24.18.MASKED.MASKED Shutter Island (2010) R5 DVDRip XviD-MAXSPEED 1272156634
24.18.MASKED.234 Avatar 2009 1080p BluRay X264-AMIABLE 1272149918
24.18.MASKED.MASKED Battlefield.Bad.Company.2-RELOADED 1272322746
24.18.MASKED.MASKED Stargate.Universe.S01E14.720p.HDTV.x264-SiTV.mkv 1272200946

If this is true, they arent very accurate… Only one torrent per IP? Tho it DOES have the exact hash of my BF:BC2 download I finished yesterday with the exact timestamp…
Fuzzypig

Odd thing is it only seemed to pull out movies when I scanned my local subnet, I have pulled other stuff down and none of that was shown.
TPBGirl

ooops! make that febuary of 2009. Dates in the SPY pdf index link I posted above.
Fuzzypig

“observation of the collected evidence by civilian personnel is highly inadvisable”

LOL! What the flick is this all about? LOL!
Chud_Eruption

Fake…its only giving my one result and it was a “Kick Ass” cam…I don’t download cams I wait for the dvd rips.
Anonymous

I’m mirroring the site right now. Gonna put it into Apache and see what I can do with the code.
acce

Two films I never Downloaded. One .torrent file I’ve downloaded but never executed. I doubt it’s legit.
Peter

It’s all garbage data. Stuff reported on my I.P i’ve never watched nor downloaded.

The site owners should be sued for false information or misleading content and or false accusations.
xFyrios

uh… anyone have the password to the video? :/
L

Geiler Kurzfilm
Fake

More Fake
iBattlefield.Bad.Company.2-RELOADED 1272189809

Great because… I played the 360 demo and thats it. (Extent of my PC gaming stops at WoW.)
xFyrios

Nvm, thanks to just fake for it :)
The password for the video is: cRyhfsEwr5332Fxx
CDXX

It’s got everything I’ve downloaded in the past 2 weeks, and even the stuff my roommate downloaded on his laptop… Creepy.
dffff

———–
230 comments? beginning to think someone made this site just for exposure on some other site or a test of some sort….

twilight zone ? of torrents
TerribleTony

@78: So what if the MPAA or whoever set up a blog site that was pretending to be “pro-piracy” (lol), and then await for commenters to “brag” as you put it.

I’m sorry, but do you even live on the same planet as the rest of us? I can say I downloaded 3000 films yesterday, and what would that prove? Nothing. Nothing at all.

Certainly, it wouldn’t stand up in court of law (non-banana republics only).
Chemical

It’s bullocks. Just adding my voice to the chorus.
Seth Bodine

Not sure if anyone has noticed but you can just malform the url and browse the Server

e.g. http://www.meningrey.net/\/
Alex

It’s fake, end. Unless anyone at my work has downloaded American Dad, How I met your mother & Fringe, then it is, I only work with 15 other people, and no-one uses P2P.
AdePt

hohohohohoho…
cheK ouT 198.81.129.125….
They DO dowNload a LoooooT…
.
.
.
cia.gov…..
!-)
anon

By far the best P2P scare tactic ever!

Very creative stuff. I’m mirroring this shit for sure.
R

Since the site’s down right now (think it’s slashdotted), I thought I’d turn the tables on them. Below is the WHOIS info on their site:

Domain Name: MENINGREY.NET
Registrar: DIRECTNIC, LTD
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS0.DIRECTNIC.COM
Name Server: NS1.DIRECTNIC.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 22-apr-2010
Creation Date: 19-nov-2009
Expiration Date: 19-nov-2010

Registrant:
Direct Privacy ID 36D03
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Domain Name: MENINGREY.NET

Administrative Contact:
Direct Privacy ID 36D03, Direct Privacy LTD meningrey.net@directnicprivacy.com
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Technical Contact:
Direct Privacy ID 36D03, Direct Privacy LTD meningrey.net@directnicprivacy.com
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Record last updated 11-19-2009 11:36:19 AM
Record expires on 11-19-2010
Record created on 11-19-2009
Sokrates

I’m glad to see I’m monitored, I never have to feel left alone again! Thx.
The DON

I think the data it provides for your one IP address is accurate – it was for me, though it only showed a more popular torrent, not any of the other 2 or 3 less popular ones.

Ignore the IP addresses from your subnet, they are not anything to do with your connection.

Very enlightening on the ease of detecting torrent usage.

I think it is a very good art installation in that it causes us to think more about our online security.

BTW, for those who missed it earlier, the password for the video is:
cRyhfsEwr5332Fxx
me

Have torrents running and nothing showed. However, it showed someone downloading New Moon which I wouldn’t waste my time or bandwidth on.
Anonymous

It seems genuine. I can cofirm that it is tracking one or more of the following trackers….

http://tracker.openbittorrent.com:80/announce
udp://tracker.openbittorrent.com:80/announce
http://tracker.publicbt.com:80/announce
udp://tracker.publicbt.com:80/announce
http://tracker.istole.it:80/announce
udp://tracker.istole.it:80/announce
http://tracker.hexagon.cc:2710/announce

Short of removing the trackers from the torrent 1 by 1 I cant isolate which. Anyone able to convert the time into a real one? Is it some sort of TimeInMillis?
Surys

I dismissed it at first, same as everyone else… please CTRL+F and read through my posts…

After researching this, I can tell you that it DOES track SOME activity, but it seems very hit-and-miss.

The announce page on trackers usually only returns 30 peers and I suspect it’s just systematically returning these first 30 peers on popular torrents on a cycle and adding them to a DB.

I’ve tested this thoroughly (and was the first to call BS on the fake kernal ID and the first to mention k0a1a.net in this thread) – so I do know what I’m talking about.

As I said previously though, no need to panic, it does not differentiate between seeders and leechers.

And doing this is really simple…

For example, you go to http://tracker.openbittorrent.com/announce/?info_hash=%8F%4C%15%C5%59%25%C3%DF%9E%E9%AC%D7%B1%B7%8F%A9%A1%0B%14%67

and it will return (among other things) a list of peers in binary format in sets of 6 bytes (4 bytes IP, 2 bytes port)

So really, a bit of page scraping on thepiratebay.org followed by hitting the announce URLs is all it takes to build up a DB like this.

I was as confident as most were that the whole thing was BS, but there is some (albeit very limited) real detection of peers on some torrents amongst all the other nonsense.
Lucky

Movie was filmed in Berlin btw
36484

FAKE
piratepal

Load of cobblers, here is what I get:

A big host of unknowns – using a simple VPN as well. LOL

Authentication from Country: (Unknown Country?) (XX)
City: (Unknown City?)
IP: 93.94.244.133

Officers authenticating from an unauthorised IP will be subject to internal audit under Clause 6b, Section 33
anyone_else

You can get the video here btw, too.
http://www.meningrey.net/\/home/mig/video/17701500-web.ogv
Surys

If I was openbittorent or publicbt, I would intentionally send a list of fake peers whenever 89.207.128.8 visits their announce page, just to ensure the ‘evidence’ collected is compromised and becomes completely worthless.
me

took quite a while to nmap it.. http://pastie.org/939004

Direct Privacy has also registered jennymovies.com and gaytube.com ;)
Surys

The majority of files detected seem to be similar to those at http://www.torrentz.com/tracker_252991242240
an0nym0us

All you paranoid freaks should set a grip and take off your tinfoil hats already!

> IT’S. NOT. REAL <
Surys

@me … I did a full Nessus scan (from another country so as not to break the law in my own country) and found much the same as you, also, no vulnerabilities really – just some crap about TCP timestamps being enabled, etc.

I’ve seeded a torrent from torrentz.com’s URL (I posted in my last comment) for the purpose of testing this.

Initially there was nothing attributed to my IP address.

After seeding one torrent for about 30 minutes, sure enough, it identified it.

Maybe Danja Vasiliev is demonstrating that it is easy to track some torrents whilst also adding some junk data (which would explain the results found on reserved IP ranges, etc.) so that it cannot be used as evidence.

That’s my best guess for now based on my research so far.
xentar

Ha! Didn’t even get my country right…
random

You can tell it’s fake because none of the links have any porn downloads. Highly implausible that no one on any of the random subnets people are pulling up has any porn in their recent download.
dncholas

Looks like BS to me regardless of those claiming it picks up some of their torrents. It’s going to show some torrents because they list every decent to good torrent people are downloading. Even if the site was completely legit anti piracy groups can already jump into any swarm and log every IP and send out notices automatically so what’s new? Why would this stupid website make any difference? Use a VPN and chill out.
Obeleh

I tried using the ip adress of whitehouse.gov to see if that came up with some torrents but it didn’t. Did anyone else manage to find an other false positive
RIDDL3R

Here’s something interesting

http://www.meningrey.com/

http://meningrey.org/

Both .com and .org are also taken, and NOT rerouting you to http://meningrey.net

Someone went through great pains to do this.
Surys

@random… it’s only checking the most popular torrents, if it’s not in the URL I posted in a previous comment (~#250), it’s not very likely to be tracked.

dncholas(~#255) is right though, it is ridiculously easy to get a list of IPs as I’ve explained in another previous post (~#243)… by default trackers only return 30 peers though, but using the “numwant” variable in your querystring some trackers will give you much more.
RDX

Faulty results when you have dynamic IP.
I have dynamic IP and when I visited the site, it showed me a list of 4 torrents which I’ve never downloaded.
qbit

looks fake-ish
Digi

Some pretty good stuff here. http://www.meningrey.net///home/mig/documents/legal/
Pingback: Web-based BitTorrent monitoring site — scarily real, or fantastically fake? « MobileTrends.info
mdfgrtios

nice piece of shit article
Pete D

haha, http://www.meningrey.net///home/mig/www/passwd

The list of passwords people have tried
Anon

Some good trolling there.
Gossamer Axe

it’s faker than an 11 dollar bill.

I’m at work, and it says someone on the network is sharing Avatar. Well, our corporate office monitors for illegal activity and blocks a lot of ports, including IRC, Bittorrent etc.,

I would have figured to see this on 4-1 but not this late in the month.
Get your april fools day jokes done on the proper day ;~)
oldfag

FAKE
Pingback: Scary BitTorrent Monitoring Site
Anonymous

It’s fake, the way it works is it randomly picks popular torrents and lists them as ones you’ve downloaded, then eventually someone will go to the site and get a correct list of things they have downloaded, then thinking its real they tell people about it and eventually it becomes a viral site.
Beat it

Haha, try entering ‘Fuck you’ into the CLI page. It directs you to a frame with the RIAA website in it.

This is so much fun, I can’t wait to meet a man in grey.
Anonymous

Clearly fake.
Still,

# iptables -I INPUT -s 89.207.128.8 -j DROP
Digital_Pirate

Apparently when you attempt to login via SSH you get the following logon message “I Blast You” blast.k0a1a.net (in ASCII).

and go to blast.k0a1a.net you get:

“blast htdocs root.

add a directory to the URL in case you want to get anywhere.
this is a private machine running several services.
it is unlikely that you got here by following a link.
all suspicious connections a logged and backtracked.
have fun!”

and now go to k0a1a.net

Obviously a joke. :P
another idiot who tried out of curiosity

Fake….
I dont have any torrents running, still said i’m downloading Bounty Hunter … The site is good for one thing.

It lists the latest movies available out there in torrents :P

Again, it’s just common sense… FAKE
hmmmm

one out of six that i have ACTUALLY downloaded.+ the site looks fake,lol!!
result: BIG FAKE.
nice try TF…;)
Pingback: Web-based BitTorrent monitoring site — scarily real, or fantastically fake? » Shai Perednik.com
kynapse

Try the Konami Code on the console.
Michi

Warning: include(.///./../…./) [function.include]: failed to open stream: Permission denied in /home/mig/www/index.php on line 2592

Warning: include() [function.include]: Permission override ‘/’ for inclusion (include_path=’.:/root:/usr/bin:/bin:/sbin’) in /home/mig/www/index.php on line 1

Aaaand root. lol.
kynapse

or just view the source and find the username to be Officer and the password to be DENIED.
Simon

http://meningrey.net/bt_watch/?host=127.0.0.1

They have some explaining to do…
OR IT’S A FAKE LOLOLOLOLLOL
Totally Fake

You know how I can tell at a glance it is fake? No porn torrents at all. Zero. Dead giveaway.
anon

http://meningrey.net:8000

Why should they run icecast?
josh

If anyone wants to pay for the previous 5 WHOIS records, or already has a membership, please feel free to share the previous registrants with us:

http://domain-history.domaintools.com/?q=meningrey.net&page=results

Though the current whois is privacy-masked, the record changes were made on:

2009-11-21
2010-01-13
2010-03-13
2010-04-26
2010-04-27
AC

Torrents uploaded by this Uploader XoLWoX have trackers ending in dot php and torrents are being tracked!
esoteric

In the video, the IP address listed on the screen in the cafe points to a TOR exit router. As mentioned this is obviously an art display regarding privacy and the internet.
Anonymous

What is in the video?
cystic

that is awesome. Great job and hats off. A true modern day picasso. Bravo and ENCORE!
C0RR0SIVE

It actually hit some of my torrents head on, but, there are some files on my IP, that was never downloaded that showed :-p
Question

Very FUNNY fake site!
So Hollywoodish!
It just missed the “beep beep” sounds all movies and series put in!

lol

From the registrant’s name “Direct Privacy ID 36D03″ it seems that it’s just some company trying to make a pre-campaign for its Internet anonymizer product.

By the way, the “cRyhfsEwr5332Fxx” password doesn’t work anymore. What did the video show?
neoavalith

internet ID payload meta last seen
127.0.0.1 Avatar 2009 1080p BluRay X264-AMIABLE 1272524916
127.0.0.1 Avatar 720p Bluray x264-CBGB 1272526361
127.0.0.1 New.Moon.DVDRip.XviD-NeDiVx 1272527017
127.0.0.1 The.Pacific.Pt.I.HDTV.XviD-SYS.avi 1271867094

lol’d hard
Anon

following hosts in your subnetwork (ip range 127.0.0.*)
exchanged data payloads using bittorrent protocol:
internet ID payload meta last seen
127.0.0.1 Avatar 2009 1080p BluRay X264-AMIABLE 1272529609
127.0.0.1 Avatar 720p Bluray x264-CBGB 1272526361
127.0.0.1 New.Moon.DVDRip.XviD-NeDiVx 1272528516
127.0.0.1 The.Pacific.Pt.I.HDTV.XviD-SYS.avi 1271867094
A. Nonnimouse

Fake! It’s either an ARG, online art or, just possibly a, viral for a forthcoming film or book.

There certainly doesn’t seem to be anything behind it that couldn’t be, or rather appear to be, cracked in over an hour as proved by the apparent error messages

Warning: include(.///./../…./) [function.include]: failed to open stream: Permission denied in /home/mig/www/index.php on line 2592

Warning: include() [function.include]: Permission override ‘/’ for inclusion (include_path=’.:/root:/usr/bin:/bin:/sbin’) in /home/mig/www/index.php on line 1

appearing after only a few minutes usage.
XL

Nobody cracked anything, the phony file system and OS identity are both fake, as Surys and a few others have pointed out.
Anonymous

the CLI is a copy/paste of xkcd’s fakey command line interface they had on april fools day
type in ‘man cat’
also, the konami code
up up down down left right left right b a while on the command line
Pingback: PC Blog » Blog Archive » «???? ? ?????» ??????????? ????????????? ??????????
Mike K

Current video password is “DENIED”.

The old documentary clips come from “Computer Networks – The Heralds of Resource Sharing” (1972). It interviews the guys who invented the internet when it was still a research project. It can legally be downloaded for free here:

http://www.archive.org/details/ComputerNetworks_TheHeraldsOfResourceSharing
Nathan

The btwatch is legit for a a given subnet. It’s not going to pick up porn torrents because only a few swarms are being monitored.
NightOwl

it didn’t find any torrents on my computer (i use private trackers) but all of my housemates’ activity shows up….
NightOwl

oh wait… it’s fake… but the pranksters have the same taste in shows as my housemates hahaha
House

Its real!
http://www-sop.inria.fr/members/Arnaud.Legout/Projects/bluebear.html
an0n

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: MENINGREY.NET
Registrar: DIRECTNIC, LTD
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS0.DIRECTNIC.COM
Name Server: NS1.DIRECTNIC.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 22-apr-2010
Creation Date: 19-nov-2009
Expiration Date: 19-nov-2010

>>> Last update of whois database: Fri, 30 Apr 2010 17:25:46 UTC <<<

Registrant:
Direct Privacy ID 36D03
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Domain Name: MENINGREY.NET

Administrative Contact:
Direct Privacy ID 36D03, Direct Privacy LTD meningrey.net@directnicprivacy.com
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Technical Contact:
Direct Privacy ID 36D03, Direct Privacy LTD meningrey.net@directnicprivacy.com
PO Box 12068
George Town, Grand Cayman KY1-1010
KY
1-345-745-6022

Record last updated 11-19-2009 11:36:19 AM
Record expires on 11-19-2010
Record created on 11-19-2009

Domain servers in listed order:
NS0.DIRECTNIC.COM 74.117.217.20
NS1.DIRECTNIC.COM 74.117.222.20
Surys

Also…

Showing his level of technical intrigue… it would be suicide to have the account details such as “root:Charlie” visible to ANY service like Apache, etc.

Anyone thinking they’ve discovered something they shouldn’t have access to… is just naive.

Danja(?) would have to screw stuff up on several levels to have so many security holes, one of which would be to use the most retarded permission settings in the history of Linux. :D
plausible

I’m not saying it is real, but the torrents on bogons and 127.0.0.1 are not proof that it is fake.

It could just be reading the list of peers from the tracker. The torrent client can pass any IP to the trackers, and some trackers will accept that IP even if it differs from the IP used connect to the tracker. Essentially, some trackers allow you to add any IP to their peerlist. This could explain LAN and localhost IPs as the torrent client failing to obtain the proper external IP.

Search “Why My Printer Received a DMCA Takedown Notice” for a good paper on this.

I have been unable to prove that the data on this site is real, but I can’t disprove it either. So far I have failed to get a new IP listed, but the choice of accused IPs on the site seem better than random. Search a range with a Tor exit node, and you will notice a large amount of torrents from that node. IP ranges of home ISPs tend to turn up torrents, while IPs of websites and other unlikely torrent hosts turn up nothing.
John

Really enjoyed that video; People need to be made aware of they are doing.
Anonymous

I can’t see the video. It wants a password.

You can also see Windows 7 appear twice in the screenshot.

“when i used my real IP it did show ONE torrent that ive been seeding for 10 days. which is strange since i have over 600 active torrents”

Anybody could probably guess one of them. D’uh.
Pingback: Tus descargas por torrent vigiladas por los hombres de negro [ENG]
Anonymous

Wow… I download dozens of pirated films, but the only two on record weren’t downloaded by me! rofl
This is kinda weird.

So i made up a random user name and auth. Mcdickinhand/80087355 and it said denied entry and its got at the bottom a directory.
One section called Pending has lists of things that seem like data but probably nothing more than random numbers and Twitter account names that could be authentic but they all contain numbers in the names and times of day labeled 00:00:00.
Im leaning on saying this is false.
but if anything. Looking at this site, it feels like a massive place holder, that is trying to say “Check out my Cock shadow, wanna see the real thing?”
Pingback: BitTorrent Monitoring As a Work of Art | We R Pirates
Pingback: P2PTalk » BitTorrent Monitoring As a Work of Art
Pingback: BitTorrent Monitoring As a Work of Art | InstantIdiocy
Pingback: BitTorrent Monitoring As a Work of Art @ blog.idtorrent.org
SYN/ACK

Hi TF readers.

This should clear things up:

http://meningrey.net/faq.txt
Tutsumi

Surprisingly, it did catch on to some downloads I did use last week and even one that I’m currently in the process of downloading (Iron Man 2) including the exact copy of the name that I have downloaded.

It isn’t fake, you just have to look for YOUR IP address since it gives a range.

Mine
xx.xx.xxx.xx Avatar 2009 DVDScr H264 AAC-SecretMyth (Kingdom-Release) 1272371506

xx.xx.xxx.xx Dark Lurking 2010 DVDRip Xvid LKRG 1272369476

xx.xx.xxx.xx Iron Man 2 CamRip Xvid LKRG 1273245697

xx.xx.xxx.xx The Hangover (2009) DVDSCR-MAXSPEED 1272379903

Other people’s own who were on the range
xx.xx.xxx.xxx Avatar[2009]DvDrip[Eng]-FXG 1272989115

xx.xx.xxx.xxx Clash Of The Titans 2010 TS http://www.IWANNADOWNLOAD.com 1272723431

xx.xx.xxx.164 Family.Guy.S08E17.PDTV.XviD-LOL.avi 1272971067
Pingback: BitTorrent Monitoring As a Work of Art
Pingback: Bloodstudios.com » Blog Archive » BitTorrent Monitoring As a Work of Art
Pingback: Web-based BitTorrent monitoring site — scarily real, or fantastically fake?
tas

fake.
tas

fake

the report hit i got first was already stored on the server. was able to locate it on the server, with date of creations.
tas

fake

the report hit i got first was already stored on the server. was able to locate it on the server, with date of creation.
Pingback: BitTorrent Monitoring As a Work of Art « BloodStudios.com
Pingback: BitTorrent Monitoring As a Work of Art « DancingMidgets.info

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

The Mysterious And Scary BitTorrent Monitoring Site

View report

Recorded BitTorrent downloads

Auditor Console

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed

The place where breaking news, BitTorrent and copyright collide

Search TorrentFreak

View report

Recorded BitTorrent downloads

Auditor Console

Related Posts

NewsBits

MostDiscussed

CopyQuote

PopularArticles