Last year, Bulgarian authorities carried out several sting operations to take down key players in the IPTV piracy ecosystem. It also provided key assistance in the police action against Xtream Codes.
The country’s increased efforts to protect copyright holders haven’t gone unnoticed in the United States. The U.S. Trade Representative (USTR) previously removed Bulgaria from their ‘Special 301 Watch List’ and the country hopes to keep it that way.
This week, TorrentFreak obtained a transcript from the most recent hearing on the 2020 Special 301 review. The Government of Bulgaria also sent a representative to the meeting, Ivo Konstantinov, who informed the USTR about the country’s continued progress.
In addition to mentioning IPTV sting operations and legislative developments, Konstantinov stressed that more work has to be done. Specifically, Bulgaria is working on shutting down several major torrent sites with help from U.S. law enforcement.
“Most important of all, the elephant in our room are two of the largest torrent tracking servers that are operating in our country, whose servers are outside of the country,” Bulgaria’s representative said.
“[O]ur National Police and Combat Organized Crime Unit is preparing requests for legal assistance from the U.S. side to deface them and take them down from their host services, which are here in the United States.”
Konstantinov informed the USTR that “this is coming.” No concrete dates were given but the authorities are also working on indictments, which suggests that criminal prosecutions may follow as well.
During the hearing, no websites were mentioned. However, we managed to track down several USTR filings from earlier this year which identify the two trackers as Zamunda.net and ArenaBG. Both sites are among the top 25 most-visited websites in Bulgaria.
In one document the Bulgarian Government states that it intends to “terminate the activities of the Zamunda and Arena.bg torrent trackers,” adding that “5 pre-trial proceedings were opened” for “intellectual property and tax crimes.”
Bulgaria states that U.S. assistance is required as the sites in question use American services. This includes their domain names. Zamunda currently has a .net domain and ArenaBG operates from a .com domain, for example. Both are maintained by Verisign, which is based in the US.
The domains can also be targeted by going to ICANN, which oversees the entire domain name ecosystem. This route is also covered, as the Bulgarian Prosecutor’s Office and the Organized Crime Unit will request ICANN to withdraw the associated domain names.
Yet more pieces of the puzzle fell into place when we stumbled upon another document the Bulgarian Government sent to the USTR. This shows that the U.S. Department of Justice is already actively involved and that more sites are being targeted.
The document references a business trip Bulgarian representatives made to the US last October. These officials met with US law enforcement and businesses, discussing potential anti-piracy actions.
These actions include domain seizures relating to four websites. The aforementioned Zamunda.net and ArenaBG.com, but also Zelka.org and RarBG.to. The latter is a major target, as it’s one of the most-used torrent sites worldwide.
During the trip, Matthew Lamberti from the US Department of Justice agreed to help, under the mutual legal assistance treaty, to seize the associated domain names.
“During the meeting with Mat Lamberti an agreement was reached that an MLAT will be sent by our country, regarding initiated pre-trials concerning four torrent trackers – with the aim of seizing domains, registered in the USA,” the document reads.
If all goes well, Bulgaria will also enlist assistance from other countries to seize any other associated domain names, including mirrors.
“If the planned procedure is successful and the domains are seized, our country intends to send the MPP to the other countries where the mirror domains of the above are registered.”
Bulgaria also mentioned that Cloudflare, a US-based company, is used by most of the top torrent sites in the world. The sites use the CDN provider to “conceal the actual location” of these “criminalized Internet resources.”
During the USTR meeting in Washington, Konstantinov mentioned that Cloudflare is cooperative as it helps to identify the sites’ true hosting locations. It’s now up to Bulgaria and the US to get the paperwork sorted, so domain names and possibly servers can be seized and shut down, he added.
The documents are remarkable, as they lay out in detail how Bulgaria and the US are working together to try and take down several top torrent sites. All the quotes and references, while not easy to find, have been made public by the USTR itself.
In some instances, the paperwork refers to ‘Arena.bg’ and ‘Rar.bg’ instead of ArenaBG.com and RarBG.to. While that’s confusing, the latter two are the largest sites by far and likely the main targets.
Finally, it’s interesting to note that, in this case, Bulgaria needs assistance from the US to shut target popular pirate sites. Especially, when taking into account that the US frequently points to lacking enforcement actions in other countries.
All in all, we can say that the documents clearly lay out the playbook to target the four torrent sites, but thus far, all targets are still operating as usual.
The transcript from the USTR hearing is available here (pdf) and the additional documents that were sent to the USTR can be found here (pdf) and here (pdf).