Distributed Denial of Service or DDoS attacks are a relatively common occurrence in the file-sharing community and something that many sites are subjected to throughout the course of a year. They disrupt service and can often cost money to mitigate.
Those carrying out the attacks have a variety of motives, from extortion and blackmail to “the lulz“, and a dozen reasons in between. Often the reasons are never discovered.
During the past few days several sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps4 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, although all now appear to be back online.
A far more serious situation has played out at NYAA.se, however. The site is probably the largest public dedicated anime torrent index around and after being hit with an attack last weekend it remains offline today. The attack on NYAA had wider effects too.
NYAA and leading fan-subbing site HorribleSubs reportedly shared the same hosting infrastructure so the DDoS attack took down both sites. That’s significant, not least since at the end of August HorribleSubs reported that their titles had been downloaded half a billion times.
As the image above shows it now appears that HorribleSubs has recovered (and added torrent magnet links) but the same cannot be said about NYAA. The site’s extended downtime continues with no apparent end in sight. This has resulted in a backlash from the site’s fans and somewhat inevitably accusatory fingers are being pointed at potential DDoS suspects.
As far-fetched as it might sound, one of the early suspects was the Japanese government itself. The launch of a brand new anti-piracy campaign last month in partnership with 15 producers certainly provided a motive, but a nation carrying out this kind of assault seems unlikely in the extreme.
Quickly, however, an announcement from HorribleSubs turned attentions elsewhere.
“Chill down. It’s not just us. Every famous anime sites [are] getting DDoS attacks, but that doesn’t mean this is the end,” the site’s operator wrote on Facebook.
“We have located where DDoS are coming from. It’s from #Crunchyroll and #Funimation Employees.”
Update: HorribleSubs inform TF that the Facebook page listed is “in no way managed nor affiliated with HorribleSubs and as such all opinions and views expressed on that page does not reflect the views and opinions of the HorribleSubs management.”
Funimation is an US television and film production company best known for its distribution of anime while Crunchyroll is a website and community focused on, among other things, Asian anime and manga. While both could at least have a motive to carry out a DDoS, no evidence has been produced to back up the HorribleSubs claims. That said, HorribleSubs admits that its key motivation is to annoy Crunchyroll.
“We do not translate our own shows because we rip from Crunchyroll, FUNimation, Hulu, The Anime Network, Niconico, and Daisuki,” the site’s about page reads, adding: “We aren’t doing this
for e-penis but for the sole reason of pissing off Crunchyroll.”
Shortly after, attention turned to anti-piracy outfit Remove Your Media (RYM). The company works with anime companies Funimation and Viz Media, which includes the sending of millions of DMCA notices to Google. The spark came when the company published a tweet (now removed) which threatened to send “thousands” of warning letters to NYAA users once the site was back online.
This doesn’t seem like an idle threat. A few weeks ago the company posted a screenshot on Twitter containing an unredacted list of Comcast, Charter and CenturyLink IP addresses said to have been monitored infringing copyright. Due to the NYAA downtime, RYM later indicated it had switched to warning users of Kickass.to.
This involvement with anime companies combined with the warning notice statement led to DDoS accusations being directed at RYM. TorrentFreak spoke to the company’s Eric Green and asked if they knew anything about the attacks.
“The short answer is No. In fact we were waiting for [NYAA] to go back
online to begin monitoring illegal transfers again. Sorry to disappoint but we
had no involvement,” Green told TF.
Just a couple of hours ago RYM made a new announcement on Twitter, stating that the original tweet had been removed due to false accusations.
“Nyaa post deleted due to all the Ddos libel directed at this account. Infringement notices continue to ISPs, for piracy, regardless of tracker,” they conclude.
Although it’s impossible to say who is behind the attacks, it does seem improbable that an anti-piracy company getting paid to send notices would do something that is a) seriously illegal and b) counter-productive to getting paid for sending notices.
That said, it seems likely that someone who doesn’t appreciate unofficial anime sites operating smoothly is behind the attack. Who that might be will remain a mystery, at least for now.