Over the years several BitTorrent admins have been the victims of extortion attempts which threaten that unless a particular course of action is taken or even payments made, bad things will happen. Of course, due to the nature of their operations site admins have very few places to turn if the going gets rough, which makes them almost perfect victims.

In some cases the threats are hollow and thankfully come to nothing, but at times they are real and when admins refuse to comply they can lose use of their sites following Distributed Denial of Service attacks. On other occasions sites are attacked on a whim or simply for “fun”.

During the past 24 hours four private BitTorrent trackers including What.cd, IPTorrents, HDBits.org and SceneAccess have all been hit with these kinds of attacks. The latter pair appear to be recovering but the two really big ones are still suffering.

IPTorrents is a huge private tracker with traffic levels approaching those currently being enjoyed by Kim Dotcom’s Mega.co.nz. Canada-based What.cd needs little introduction as the world’s largest music tracker, a title it inherited from the now-defunct OiNK.

The attacks against the sites are being launched by an old adversary of What.cd. The individual, who calls himself Zeiko Anonymous, is a character that entered the news in November 2012 when a spat he had with What.cd staff spilled over into a public dispute.

What.cd refused to give into Zeiko’s demands and in return the mystery individual DDoSd the site, but Zeiko didn’t stop there. During the days that followed other sites were also attacked including The Pirate Bay, isoHunt, 1337x, BitSnoop, Fenopy, TorrentPortal, BroadcastTheNet, PassThePopcorn and HDBits. Breaking the torrent site theme, Zeiko also went after RLSlog.

This time around there is no sign of any fresh dispute with the sites being attacked although last week Zeiko welcomed 2013 on his Twitter account with the announcement “LETS KILL PIRACY!!”

The question now is whether these latest attacks are an isolated incident or a prelude to something bigger. That question remains unanswered, at least for now.

So apart from internal tweaks, what can sites do to mitigate DDoS attacks? Some choose to use the services of a company like CloudFlare who claim to be able to handle even the most aggressive of attacks. However, using CloudFlare on torrent sites isn’t quite as straightforward as one might expect.

Last year TorrentFreak obtained emails sent by CloudFlare to the owner of a Pirate Bay proxy site which contained complaints from rightsholders claiming that the site supported by CloudFlare was offering access to infringing content.

There’s not much new there of course except that in addition to offering DDoS protection, CloudFlare is often used to shield the true location of a website from prying eyes. However, when a complaint is received from rightsholders CloudFlare tells its customers this:

We’ve provided the name of the web hosting provider which hosts your server as we are required to do by law.

So while DDoS protection might be available, privacy is undone in an instant. Despite several attempts, CloudFlare ignored TorrentFreak’s request for comment.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

A person using the nickname Zeiko is claiming responsibility for the DDoS action, which was initially intended to force What.cd staff into giving out an invite.

Zeiko joined IRC (Internet Relay Chat) to convince site staff that he already had an account, but when the admins couldn’t find any record of it in the database Zeiko turned his anger on the site.

“What.cd is now being under DDoS attack until I get my invite,” he wrote in What.cd’s IRC channel.

While these kinds of threats are not uncommon, this one proved to be serious when What.cd became unreachable.

Later the same user started a Twitter account using the handle “Zeiko Anonymous” announcing the “Piracy DDoSes” with What.cd as the first target.

But it didn’t stop there. After a few hours Zeiko was looking to inflict more damage, asking whether PassThePopcorn.me (PTP) or Broadcasthe.net (BTN) should be next.

The disgruntled user settled for the latter and announced BTN as Piracy DDoS Project #2. The TV-tracker has been in maintenance mode ever since.

During the day four more attacks were launched against IPTorrents, HDBits, The Vault and SceneAccess.

At the time of writing What.cd, BroadcastTheNet and SceneAccess remain inaccessible. The other sites can be reached but were offline earlier today.

From the looks of it Zeiko (who now hates torrents) is indeed responsible for the downtime at these popular private BitTorrent trackers, but thus far we haven’t been able to get this confirmed by any of the site staff.

One thing’s for certain though, torrent invites are serious business.

Update: The BTN site and tracker are back.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

All they have to do is add the target website URL as a “tracker” for the torrents and magnet links they serve. People who download these files will then try to connect to the site in question, bringing it to its knees within minutes due to the sheer volume of requests.

Luckily most torrent sites don’t have such evil intentions, but this week the potential for abuse and the vulnerability of the system is apparent.

On a smaller scale the DDoS issue can also cause problems when torrent uploaders mistakenly add website URLs as trackers. Instead of using real and working trackers, they add bittorrent.com or thepiratebay.org.

One of the site owners who currently suffers from a major BitTorrent DDoS is software developer Dirk Engling, better known as Erdgeist. He is the creator of the OpenTracker software which is used to run popular trackers such as OpenBitTorrent and PublicBitTorrent.

While the OpenTracker project page only hosts the software and does not run a tracker itself, some novice BitTorrent uploaders think it does. As a result his website is being hit with millions of requests per hour.

“Some simple-minded but good willing BitTorrent users started to use the website as tracker URIs. Of course, no tracker runs at this location, this is just the OpenTracker software project page served by some poor Apache httpd,” Erdgeist told TorrentFreak.

“This was a mere annoyance scrolling through my web server logs, but recently people started using the ‘tracker’ URL in popular torrents, leading to around 1000 hits per second and rising,” he adds.

While it’s unclear what exactly caused the spike in traffic, it doesn’t appear come from individual uploaders. There are currently more than a million torrents that point to the erdgeist.org “tracker,” suggesting that it was added automatically by a fairly large BitTorrent site.

Erdgeist has thus far managed to keep his domain online with the help of Nginx, but the site’s traffic and load are still extremely high.

The good news for Erdgeist and other victims (including The Pirate Bay) is that a solution has been worked out. As reported earlier, BitTorrent’s developers and Pirate Bay founder Fredrik Neij drafted a protocol enhancement that allows website operators to prevent clients from connecting by adding a DNS entry.

The bad news is that the implementation of this enhancement in BitTorrent clients is progressing very slowly. But, progress is being made. Yesterday, Vuze became the first BitTorrent client to roll out the feature in a stable release.

Erdgeist, on whose work millions of BitTorrent users rely every day, hopes that other BitTorrent client developers will soon follow suit.

“For years the BitTorrent community has relied on trackers paid for by individuals from their own pockets, written in their spare time. Now it’s time for the community to show some consideration,” Erdgeist told TorrentFreak.

A real difference can be made when Transmission and BitTorrent Inc’s uTorrent and BitTorrent clients join Vuze. BitTorrent Inc, who helped to come up with the solution, have implemented the DNS preferences in the latest Alpha release of uTorrent and promised that the stable release will follow in the future.

In the meantime, BitTorrent uploaders (and site owners) may want to educate themselves on which URLs actually point to a BitTorrent tracker, and which ones do not.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

At the time of writing The Pirate Bay has been inaccessible to most of the world for nearly 24 hours and our ‘inbox’ is suffering. But it appears to be the timing of the downtime that has caused more people than usual to panic.

The root lies in the recent court-ordered censorship of The Pirate Bay in the UK. The country’s leading ISPs are required to block the site so millions of people were already expecting to have trouble accessing the domain. What they didn’t anticipate was the failure of the many published workarounds to resupply access to the site.

For those to work the site itself has to be working properly and currently it is not. While TPB is used to being censored by courts and ISPs, it is a little less used to being blacked-out by other means. TorrentFreak is informed by a Pirate Bay insider that the site is currently being subjected to a DDoS attack rendering it unavailable in many parts of the world.

Now, while we’re informed that the problem might be mitigated during the next few hours, the timing of this attack against the site is either ironic, ‘interesting’ or at the very least coincidental, depending on your viewpoint.

Just last week, The Pirate Bay openly criticized elements of the ‘Anonymous’ collective for carrying out a DDoS attack on Virgin Media, the first UK ISP to block access to The Pirate Bay.

“We do NOT encourage these actions. We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us,” said TPB in response to the DDoS attack against Virgin.

“So don’t fight them using their ugly methods. DDOS and blocks are both forms of censorship.”

Right now, whoever is attacking The Pirate Bay has achieved what no copyright or governmental authority anywhere in the world has – an almost complete disruption of the site’s operations on a global basis with no court order required.

But despite the DDoS there are still ways for people to access the site. A handful of the proxies set up to circumvent the ISP blockades still appear to work and, when all else fails, the crazy methods still work too.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

“When we detect a website offering a link or a download, we contact the server hosts and intimate them about the illegal activity. They issue a notice to the site owner,” said AiPlex’s Girish Kumar in an interview with DNA.

The above is nothing out of the ordinary, but where other content protection companies stop, AiPlex takes it up a notch. Uncooperative sites are not ignored but can expect to be taken offline by force.

“The problem is with torrent sites, which usually do not oblige. In such cases, we flood the website with requests, which results in database error, causing denial of service as each server has a fixed bandwidth capacity.”

“At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating,” Kumar said.

In other words, AiPlex admitted to breaking the law by DDoSing several websites. This confession wasn’t received well by sympathizers of torrent sites, and under the name “Operation Payback” Anonymous took out the company’s website for several weeks.

Today, a year later, AiPlex is still claiming to be hurt by the unusual openness of their boss. In an attempt to make it all go away, they are trying to rewrite history by asking people who reported on the news to pull their posts. Several site owners forwarded us the same request, which is posted in full below.

“We kindly request you to deactivate the link as the article is defaming the company’s image & its prospects. It was mis-interpreted by the news agency which was blown out of proportion by some of the pirates across the globe,” the email starts.

It further notes that the company is still suffering immense losses due to threats and continuous attacks from pirates.

As we’ve seen before, the email from AiPlex also claims that the words of their boss have been misinterpreted. But this seems unlikely. The verbatim quotes can only be interpreted in one way and several torrent site owners told TorrentFreak that they were indeed threatened and attacked by AiPlex in the past.

Interestingly, AiPlex has yet to contact TorrentFreak with a takedown request. This is odd since we are the source of all the articles that AiPlex is desperately trying to pull offline. Also, the original DNA article on which we based our report still remains online, completely unedited.

The irony of it all is that Aiplex’s attempt to rewrite history have only resulted in attracting more attention for the mistakes they made in the past. For a tech company they seem to understand very little about how the Internet works, and they definitely have never heard of the Streisand effect.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Every day millions of people are downloading files via BitTorrent, and in some instances more than 100,000 people are sharing the same file at the same time. These large ‘swarms’ of peers are great for sharing, but they also pose a threat as became apparent at the Chaos Communications Congress (CCC) recently.

In a talk titled “Lying To The Neighbours” it was shown that the DHT technology which powers “trackerless torrents” can be abused to let BitTorrent downloaders effectively DDoS a webserver of choice. DHT’s normal function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker. This ensures that downloads can continue even when the central tracker goes offline.

According to the presenter who goes by the name ‘Astro’, Kademlia based DHT can be exploited by a malicious peer to carry out a DDoS attack. If there are enough peers downloading the same file, this could easily take down medium to large websites. The worrying part is that the downloaders who are participating in the DDoS will not be aware of what’s going on.

“The core problem are the random NodeIDs. The address hashing and verification scheme works for scenarios like the old Internet, but becomes almost useless in the big address space of IPv6,” Astro told TorrentFreak in a comment. As a result, any BitTorrent swarm can be abused to target specific websites and potentially take them down.

This and other DHT vulnerabilities are not entirely new concepts for BitTorrent developers. They have been discussed in various places already, but no agreement on how they should be dealt with has yet been reached.

Over the last months DDoS attacks have been in the news regularly, mostly carried out under the flag of Anonymous’ Operation Payback. Initially anti-piracy targets such as the MPAA and RIAA were taken offline, and last month the focus switched to organizations that acted against Wikileaks, including Mastercard and Paypal.

While these attacks required hundreds of people to actively participate and fire up their LOIC application at the same time, the BitTorrent DDoS could take down the same sites from a single computer, using BitTorrent downloads as a ‘botnet’. But, where there’s a problem there’s a solution, and Astro has some pointers for BitTorrent developers.

“Not connecting to privileged ports (< 1024) where most critical services reside," is one ad-hoc solution, but Astro says that since it's a design error, the protocol has to be redefined eventually.

The idea of using BitTorrent as a DDoS tool is not entirely new. In fact, researchers have previously shown that adding a webserver’s IP address as a BitTorrent tracker could result in a similar DDoS. The downside of this method is, however, that it requires a torrent file to become popular, while the DHT method can simply exploit existing torrents that are already being downloaded by thousands of people.

It will be interesting to see if BitTorrent developers are going to act upon the DHT vulnerability in the coming months and come up with a solution to prevent this kind of abuse.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

After having attacked the RIAA, MPAA, IFPI, BSA, ACS:LAW and many others, attention shifted towards the US law firm Dunlap, Grubb & Weaver this week. The firm, which started thousands of lawsuits against BitTorrent users under the name US Copyright Group (USCG) this year, is best known for pursuing alleged downloaders of the Oscar-winning movie The Hurt Locker.

Two days ago a group of Anonymous/4chan users called for a DDoS attack on the website of the law firm under the flag of ‘Operation Payback’. Minutes later it was taken down together with their email server. Although the site slowly recovered after a few hours, the trouble for the Leesburg-based law firm were far from over.

Thursday afternoon an email containing a bomb threat was sent to the law firm, whose employees contacted the police. In a swift response from the local police, members from the Loudoun County Sheriff’s Office and the Loudoun County Fire Marshall’s Office evacuated the building.

Several dogs trained in detecting explosives were brought in, but after a thorough sweep of the office no explosive devices were found. After the building was cleared detectives remained on the scene and the police said they will investigate the threat further.

Police spokesman Chris Jones said that the content of the bomb threat email was vague and that no specific reasons for targeting the law firm were given. However, considering the previous DDoS attack on the firm and the prank calls other anti-piracy outfits received, the sender of the email could conceivably be connected to (or inspired by) Operation Payback.

Earlier this week TorrentFreak spoke to one of the people connected to the (DDoS) operation to find out why Dunlap, Grubb & Weaver was included as a target. “They’re all anti-piracy lawyers,” was the non-disguising answer we got. “Think of Dunlap, Grubb & Weaver as of ACS:Law, but in the USA,” Anonymous commented, linking the Leesburg firm to the UK lawyers whose emails ended up on the streets after a DDoS attack.

According to the police report, no direct link between Dunlap, Grubb & Weaver’s anti-piracy efforts and the bomb threat has been made yet. Leesburg Police Department is offering a cash reward to anyone who can help solve the case. People are encouraged to report leads to the police by calling (703) 771-4500. Anonymous calls can be placed at (703) 443-TIPS.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

In February, when the Pirate Bay trial was in full swing, a group of hackers managed to deface the Swedish IFPI site. Today, the international IFPI site is the new target and is suffering from a DDoS attack. At the time of writing the website is completely inaccessible.

The attacks are part of Operation Baylout which also encourages people to send black faxes to the MPAA’s anti-piracy office and movie industry lawyer Monique Wadsted. Thus far, we have no confirmation that any fax machines have been taken down.

The Pirate Bay’s Peter Sunde told TorrentFreak in a comment: “I feel peoples’ frustration. I hope they do something more permanent instead, like making sure the idiots that give power to the media industry lose their own power. We need to cut out the companies abusing copyright at the expense of society’s well-being. But this is not a permanent fix so it’s just pointless.”

Pointless or not, according to the Reg, some 250 hackers are gathering in AnonNet’s IRC channels to discuss their battle strategies and future plans.

Mooncup, one of the root administrators at AnonNet confirmed this and told TorrentFreak: “They seem to be doing it to demonstrate to the record industry that the Internet is our domain and they can keep the fuck out of our business or face the consequences,” he explained.

“They [IFPI] represent most of the record companies, therefore attacking them represents an attack on all of the people who try to stop websites like The Pirate Bay without really understanding what they are really about,” Mooncus added, noting that AnonNet itself is by no means involved in the attacks.

IFPI was contacted for a response, but we haven’t heard back from them at the time of publication.

Update: IFPI.se is also down.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Mininova co-founder Niek confirmed to TorrentFreak that they have been suffering from a DDoS attack over the past few days. The site is currently being pounded by a botnet of hundreds of computers which is slowing the site down significantly and at times making it completely inaccessible.

Niek said that he has no idea who’s behind the attack or why they chose to target Mininova. This is not the first time the site has had to deal with a Denial of Service attack, but they haven’t witnessed one of this magnitude before.

It started on Thursday originating from three different continents, but seemed to wear off in the hours that followed. Today it’s back in full force. Mininova is used to serving millions of visitors a day, but even they are not equipped to handle an attack like this.

Today’s attack originates from Germany and Argentina and is 2 Gbit strong. The DDoS attack is maxing out the entire uplink and is hard to filter since it uses UDP connections.

Niek told TorrentFreak that they are working on a solution at the moment, and he hopes things will be back to normal soon.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

“We will continue our efforts to bring down Scientology, but we need the help and support of another Freedom fighting community, the pirates.” one of Anonymous’ members told TorrentFreak, and the group gave us the opportunity to ask a couple of more questions.

TorrentFreak: Can you briefly describe what “Project Chanology” is?

Anonymous: Project Chanology is the project to bring down Scientology. Nothing more, nothing less. Why that name? Well, we’re working from IRC ‘Channels’ against ‘Scientology’. Mix those words together and add the project in front, and you have it.

TorrentFreak: How did Anonymous start? and how many people take part in it?

Anonymous: Anonymous is an old group of friends. I don’t exactly know the date, but it has been raised by some friends who wanted to test out their hacking skills. Since then, they created Anonymous, and let it be open for anyone who wants to join. That made it into a new kind of hackers-group. It consists of two spheres. The outer sphere is for new people. They mostly are low-skilled and are “scriptkiddies”. Since they have a very good contact with the inner sphere (we’re all friends fast and easily), anyone is allowed to join the inner sphere of high-level hackers. This is a loose representation since it doesn’t fit always. But, this made it for sure into a group of scriptkiddies with the right tools and high-level hackers with the right skills.

TorrentFreak: What is your main motivation to ban Scientology from the Internet?

Anonymous: Scientology is a malicious organization. Here’s a YouTube clip that proves more. Also, they’re frequently taking off content from the Internet. Like a clip in which Cruise promotes Scientology too much, criticizing health science, etc… it would have brought Scientology in a bad situation. So they took it off all sites with an army of lawyers. This is censoring. This is bad. This is against Net Neutrality. This is taking away our freedom and our right to fight for that freedom.

TorrentFreak: Don’t you think your actions violate the freedom of speech?

Anonymous: It does violate the freedom of speech. Of course, we know that. But there should be a refinement. Anonymous fights for freedom of speech in a way they have always used, but a little bit rougher however. For a greater sake.

TorrentFreak: Do you see any parallels between your fight against Scientology and the conflicts between pirates and the entertainment industry?

Anonymous: Yes. Most of us are pirates too. We have no big money to start lawsuits. But the enemy, the MAFIAA and Scientology are both big companies. They misguide the law, they change the law. Scientology members have infiltrated in many governments. Just like the MAFIAA.

TorrentFreak: What is your ultimate goal for “Operation Chanology”?

Anonymous: Our ultimate goal is to let Scientology say in public that they are misleading many people. And that they are destroying the futures of many people.

TorrentFreak: How do you plan to accomplish this goal, apart from the DDoS attacks?

Anonymous: We have IRL raids in planning stage, we have real life protests and demonstrations coming up. We are infiltrating their networks with zip bombs. We are sentencing them.

TorrentFreak: You told us that you wanted the pirates to help you to free the Internet, how can people help?

Anonymous: People can help Anonymous by joining the IRC, get one of the DDoS tools and start firing the DoS. IRC is at irc.partyvan.org. Channels are #Target , #Lazer and #Xenu. There are also many local channels. They can also help us by joining protests, by telling other people about this, by telling their media, etc… The force of humanity will save many lives.

…

Update: As many already argued, it turns out that the person interviewed here is an Anonymous member from the “outer sphere”, who is not as informed as he appeared to be. Sorry.

“I know that I’m not as informed as the inner sphere. However, I had a source which I thought was from there, providing me many answers. He faked his status.
But we do not have one spokesperson. We do not have a leader.
We unite as one, divided by none.
Together, we will bring them down in their glory.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.”

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.