Using the name ‘Afghanis’ he uploaded a torrent file to The Pirate Bay. It pointed to just 675K of data but today the effects are being strongly felt around the private BitTorrent scene.

“From Civilized Afghan Society, of course we do have stupid Talibans also but we do have very well educated people living in beautiful Kabul City,” a text file with the release reads.

“RevTT is hacked by Afghanistan Hackers !!!”

RevTT is short for RevolutionTT, a private BitTorrent tracker that was founded around 6 years ago with a reputation for indexing a wide range of content. It is unclear exactly how many users are on the site since its operators appear to hide stats from regular user view. However, all the indications suggest that there are at least 40,000 and very probably tens of thousands more.

While the ‘hackers’ claim to have the entire RevTT database along with 50,000 user/pass combinations, the text file uploaded by Afghanis actually contains around 40,000 27,000 19,000 pairs. (see update below)

After they were uploaded to The Pirate Bay last evening the free-for-all began.

Very quickly people who had downloaded the torrent started logging into RevTT using not only regular accounts but those of so-called VIPs who have access to exclusive sections of the site.

While some undoubtedly decided to grab whatever content they could, others carried out other activities including sending out invitations to people who aren’t already members. Worse still, all details of the compromised accounts were available to the intruders including email addresses, statistics and all activity associated with the accounts.

Needless to say, if users maintained the same username and password on other sites their accounts elsewhere immediately became vulnerable. Judging by the number of users who used the word “password” as their password, the chances of major screw ups seems high.

After trying to alert site staff, TorrentFreak watched as panicked users learned of the breach and posted their concerns in the forums, begging site staff for information. Site staff responded by quickly removing all discussion of the breach, banning the accounts of people posting in the threads, and eventually posting the notice seen below.

Of course, people are now wondering how on earth this happened and the answer is far from clear. There are many theories being circulated, including that this wasn’t a ‘hack’ as such but a leak of a database backup, possibly due to a historical admin dispute.

What is clear however is that according to several reports from users on the site who had their details leaked, the data within the torrent isn’t particularly fresh and could date back some time. Users know this because their user/pass combinations are ones they used previously but have since been changed. There is a lesson to be learned here about changing passwords frequently.

Now, some 9 hours after the leak, RevTT appears to have been locked down, but the mess this will leave behind is bound to be significant and could even get worse. The ‘hackers’ say that in 1 to 2 weeks they will release more data, what exactly that will be remains to be seen.

Update: Due to duplicates and other issues the number of leaked accounts actually appears to be less than the 50,000 claimed by the hackers. As time progresses people are looking more closely at the huge list so we’ll revise this figure when more accurate information becomes available.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The researchers found a way to call Skype users without them noticing. This means that a hacker can call someone and obtain their IP-address, all without being noticed. This IP-address can then be linked to a geographical location and even specific BitTorrent users.

The exploit works on a massive scale and the researchers were able to schedule hourly calls to tens of thousands of Skype users. What makes things even worse is that Skype’s privacy settings are unable to block these attacks. Attackers can contact whoever they want, whether they are listed in their contact list or not.

The researchers conducted an experiment where they tied 400 Skype users to specific downloads on BitTorrent by using publicly availably data scraped from the BitTorrent DHT network. Many of these users shared their full contact details including their full name, city and country. This combination of information can then be used for all sorts of nefarious purposes.

“We believe this could be used by various people to stalk, blackmail, or defraud Internet users in general and P2P filesharing users in particular,” Keith Ross of the Polytechnic Institute of New York University said in a comment.“These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services.”

“A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

The researchers were very careful to protect the privacy of the people they targeted, but others may not be so considerate. One would expect that, because of the immense privacy implications, Skype would be eager to fix this issue but this is not the case.

“We contacted Skype almost one year ago but the attack is still effective,” researcher Stevens Le Blond told TorrentFreak. Aside from Skype some of the flaws uncovered by the researchers also affect other real-time P2P communication systems such as Google Talk and MSN Messenger.

The authors of the paper, Stevens Le Blond of the Max Planck Institute for Software Systems, Chao Zhang and Keith Ross of NYU-Poly, and Arnaud Legout and Walid Dabbous of the French research institute INRIA offer several recommendations on how the security issues can be addressed. These and other findings will be presented at the Internet Measurement Conference in Berlin next month.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.