CyberInsecure.com

Archive for the ‘BitTorrent’ Category

Hadopi, the French agency charged with handling file-sharers’ copyright digressions, has once again been shamed by a copyright-related blunder. The agency which mandates that all citizens secure their networks to keep out freeloading pirates, has a surprisingly insecure site itself. Ironically enough, the vulnerability allowed outsiders to change the search engine of the Hadopi site into that of The Pirate Bay.

Hadopi has had its fair share of troubles since it came into effect last year. One of the most shameful missteps occurred when the agency unveiled its logo to the public, as it turned out that they had forgotten to secure a proper license to actually use the font type.

In what could easily be an April fools joke, but isn’t, the President of the French Pirate Party Paul Da Silva has revealed an interesting exploit he discovered on the Hadopi site. To assist the public in finding authorized sources to download movies and music on the Internet, the Hadopi agency launched a new search engine on its site earlier this week. A useful feature, but also one that turned out to be very easy to exploit, Da Silva told TorrentFreak. It took the Pirate Party President just 10 minutes to find an XSS vulnerability that replaced the Hadopi search engine with that of The Pirate Bay. As can be seen in the picture below the Hadopi site even featured Pirate Bay’s logo, the most recognizable pirate icon on the Internet.

“For a while now we have been telling Members of Parliament and Hadopi employees that what they request from every French citizen is just impossible (securing their Internet connection). It would require them to be experts, and even if all of them were, we would still be facing the problem of IP spoofing,” Da Silva told TorrentFreak.

Although the vulnerability was fixed after a few hours, the Pirate Party President managed to make his point, and many French publications picked up the shameful error. The big question is whether it will change the antics of the Hadopi agency, whose threats thus far have had little effect on the piracy habits of the French public.

Credit: TorrentFreak.com

Scammers are posing as law firms and are sending fake copyright infringement notification emails to Internet users in an attempt to scare them into paying settlement fees.

According to TorrentFreak, which reported this new type of scam, the fake emails bear a subject of “Investigation Against You” and purport to be sent by a legit German law firm called Rechtsanwalt Florian Giese.

The from field is spoofed and the sender email address can vary. Some of the addresses observed so far are: giese@ra-giese.info, zahlung@ra-giese.info, giese@lawyer-giese.info and zahlung@rechtsanwalt-giese.info.

The messages claim that the law firm is acting on behalf of Videorama GmbH, a German film production and distribution company dating back to 1993.

“The subject of our assignment is that your Internet connection was used on a so-called peer-to-peer network and committed copyright infringement on works held by our clients,” the scammers claim in the fake emails.

They go on to list the IP address allegedly used by the recipient when committing the offense and the number of files involved.

The emails also cite German laws and mention a real case when a German court imposed a significant penalty against a man for illegaly downloading music.

“As you may have already noticed from the media, today copyright infringement cases in court usually lead to a large fine and court costs,” the scammers write, in an attempt to scare users.

Eventually, people are told that everything can be settled out of court if they agree to send 100 euros via Ukash or Paysafecard.

Unfortunately, such scam emails have a high chance of success, because the sending of copyright infringement pre-settlement letters is common in many countries.

“Rechtsanwalt Florian Giese is not responsible for the fraudulent e-mails with the subject ‘investigation against you’. These are spam emails from fraudsters,” a spokesperson for the law firm told TorrentFreak.

Credit: Softpedia.com News

Members of the Anonymous collective have hacked copyprotected.com, a website run by the Motion Picture Association of America (MPAA) to provide information about the copy protection awareness icon.

The “Copy Protection Awareness Icon” was launched by the MPAA back in 2005 and according to the association “is used on certain DVD and Blu-ray discs to remind consumers that their purchased disc contain copy control technologies that prevent unauthorized copying of content.”

The copyprotected.com website normally serves as an information portal, but earlier today it began displaying the logo of The Pirate Bay (TPB) with the caption “Operation: Payback”, which is a name used by a notorious group of hacktivists called Anonymous, for its ongoing distributed denial of service (DDoS) campaign against the recording and film industries.

In addition, the hacked copyprotected.com website displays the group’s Operation Payback manifesto, originally published on tieve.tk. After a few seconds the page redirects visitors to thepiratebay.org. However, the torrent site’s administrators have previously denied involvement in Anonymous activities.

The group uses TPB’s logo and name, because Operation Payback is a response to DDoS attacks launched against torrent trackers by Aiplex Software, a company working for film studios.

Anonymous claims be a spontaneous movement with no leaders, but there is a core group of people in charge of choosing targets and organizing the attacks.

It’s not clear whether this defacement was sanctioned by these senior members or was the result of others acting on their own, especially since the method is different than the group’s modus operandi so far.

Operation Payback has been running for almost a month and consisted of daily DDoS attacks against numerous websites belonging to organizations involved in anti-piracy efforts.

“You are forcing our hand by ignoring the voice of the people. In doing so, you bring the destruction of your iron grip on information ever closer. You have ignored the people, attacked the people and lied to the people. For this, you will be held accountable before the people, and you will be punished by them,” the Anonymous manifesto reads.

Credit: Softpedia.com News

The Distributed Denial of Service (DDoS) attack launched by Anonymous against the Australian Federation Against Copyright Theft (AFACT) yesterday, has ended up affecting almost 8,000 unrelated websites.

Operation Payback, the DDoS campaign led by Anonymous against anti-piracy groups and entertainment industry associations is now over a week old.

Since September 18th, when the coordinated attacks started, the group has hit websites belonging to the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), the International Federation of the Phonographic Industry (IFPI), the British Phonographic Industry (BPI) and the Dutch Bescherming Rechten Entertainment Industrie Nederland (BREIN).

Two UK-based law firms and an Indian company called Aiplex Software involved in anti-piracy efforts have also been attacked. In fact, the actions of Aiplex, which openly admitted to DDoSing torrent sites on behalf of film studios, is what triggered this retaliation from Anonymous in the first place.

Yesterday, the group has turned its weapons against the Australian Federation Against Copyright Theft (AFACT), who’s website went offline under the flood of requests pretty fast.

However, the attack also affected AFACT’s hoster, a company called Netregistry, which offers similar services to many Australian businesses and government agencies. “A DDoS attack began to take place at approximately 8:30AM AEST, with a group of hackers attacking the firewall by flooding it with connections attempting to take down all servers.

“They had achieved success in disabling all access to some of the client facing services behind the firewall,” an announcement posted on the company’s website, reads.

The hosting provider summed up the damage by saying that “Websites running on the Zeus cluster (PHP clients not utilising Apache) experienced timeouts, webmail connections experienced timeouts and some other errors [and] access to TheConsole [control panel] was slow to none.”

According to Panda Security, which monitored most attacks since Operation Payback started, afact.org.au suffered three separate service interruptions and a total downtime of 4 hours and 27 minutes.

Credit: Softpedia.com News

Members of the Anonymous group, who have recently attacked the ACS:Law website, have now published a database containing the company’s emails on the Internet.

Anonymous is currently leading a Distributed Denial of Service (DDoS) campaign dubbed “Operation Payback” against film and recording industry organizations, as well as other associated outfits. The DDoS campaign was started by members of the 4chan image board in retaliation to the actions of an Indian company paid by film studios to harass torrent sites.

The first attack was launched against mpaa.org, the website of the Motion Picture Association of America, but after almost 24 hours of downtime, the target was switched to riaa.com (the Recording Industry Association of America). IFPI.org (the International Federation of the Phonographic Industry) was also hit and taken offline at about the same time, but this might have been caused by individuals acting on their own.

A similar attack was scheduled against bpi.co.uk (the British Phonographic Industry), but failed after the IRC channel used by the attackers to coordinate was hacked.

The latest targets are ACS:Law and Davenport Lyons, two UK-based law firms, that sent letters to thousands of alleged file sharers asking for money to avoid legal action.

Following an attack against ACS:Law’s website on Tuesday, the firm’s head Andrew Crossley, told The Register: “Big whoop. It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish.”

Several security experts warned afterwards that it’s not wise to mock Anonymous, a very determined group, which doesn’t hold back from using illegal means to harass organizations. And it looks like they were right.

A torrent uploaded yesterday evening on The Pirate Bay is called “ACS-Law leaked emails” and contains a 365 MB .rar archive with what seems to be a backup of all of the company’s mailboxes.

“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” Anonymous leaders are quoted as saying by Panda Security.

Today will mark one week of continuous Anonymous-coordinated DDoS attacks, which so far affected the websites of the Motion Picture Association of America (MPAA), Recording Industry Association of America (RIAA), the International Federation of the Phonographic Industry (IFPI), the British Phonographic Industry (BPI) and the Dutch Bescherming Rechten Entertainment Industrie Nederland (BREIN).

It all started after an Indian company called Aiplex Software, paid by local and international film studios to take links of copyrighted material off the Internet, openly admitted to DDoSing torrent sites.

Credit: Softpedia.com News

The Pirate Bay has been compromised by an Argentinean hacker who made off with usernames, email and internet addresses of more than four million people signed up to the BitTorrent tracker site.

KrebsOnSecurity.com reported yesterday that Ch Russo broke into TPB’s system and grabbed the info from the notorious website, which might amuse some pro-copyright groups.

Russo had considered selling the private data, but in the end decided to go public about TPB’s shaky security credentials. He accessed the information via the site’s user database by exploiting its weakness to SQL injections.

“We wanted to tell people that their information may not be so well protected,” Russo said.

Meanwhile, it may be a coincidence, but The Pirate Bay is currently out of action and carried the following message:

“Upgrading some stuff, database is in use for backups, soon back again.. Btw, it’s nice weather outside I think.”

At this moment the website appears to be offline.

Credit: The Register

A sneaky new Trojan attempts to extort money from BitTorrent users under the guise of a fictitious copyright infringement lawsuit. Malicious pop-up messages generated by the malware, which is being spread via fake files offered up for download through BitTorrent, seeks to bully victims into agreeing to pay out for a “pre-trial settlement” of $400 in order to avoid possible prosecution over supposed copyright piracy violations.

Both the Antipiracy foundation scanners that supposedly identified pirated content on the PCs of targeted individuals and ICPP Foundation “law firm” are fakes.

Infected users receive warnings every time they reboot their system, warns net security firm F-Secure. The scammers have sought to lend credibility to the ruse by setting up an official-looking but bogus website at icpp-online.com, which was taken offline on Monday afternoon.

The domain was registered to “Shoen Overns”, using an email address previously associated in the registration of domains associated with the Zeus information-stealing Trojan and Koobface scams.

Credit: The Register, F-Secure

Over the years would-be game pirates have been targeted in a number of ways such as through draconian DRM schemes and even viruses. Now it appears that file-sharers who thought they were going to download a high-profile interactive erotic novel have been instead treated to a security and privacy breach of epic proportions.

Cross Days, am erotic visual novel game from developer 0verflow, was released just a few days ago. Not everyone would acquire the game through the official channels and many turned to file-sharing networks for their erotic gaming fix. Some, who were not particularly careful about the item they were downloading, were in for a pretty big shock.

Alongside the pirated versions of Cross Days can be found some software which claims to be the installer for the game, but is actually a piece of pretty vicious malware which appears to try to punish would-be pirates. When run, the installer pretends to be the game but using personal information gathered from the victim’s computer (including IP address), it presents a survey which asks for more personal information – including their email address and password.

Once completed, the information is uploaded to a website for all the Internet to see – accompanied by a screenshot of the victim’s desktop. Samples of the information uploaded by the trojan can be viewed here and although much of it is in Japanese, there’s enough pictures and English text to entertain most readers.

Adding insult to injury, according to a report the installer’s terms of service agreement actually states that all these things happen, but as we all know, hardly anyone reads them.

Although it is possible to have the would-be pirate’s personal information taken down from the website, first the user has to effectively apologize for having tried to illegally download Cross Days.

Adding to the confusion, developer 0verflow are reporting that users of Avast! anti-virus software receive a false-positive warning (Win32: Trojan-gen) when installing the real game.

This isn’t the first time Japanese file-sharers have been targeted by malware writers. In 2007 a bizarre virus was released which threatened to kill people who illegally download using P2P.

Credit: TorrentFreak.com

Websense Security Labs has detected that Torrentreactor, one of the oldest and most reliable torrent search engines on the Web, has been compromised and injected with malicious code. The site has been injected with an IFrame leading to a site laden with exploits. The exploits on the payload site include Internet Explorer (MDAC) and Microsoft Office Snapshot Viewer, as well as Adobe Acrobat Reader and Adobe Shockwave.

According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims’ machines. If the user’s browser is successfully exploited, a malicious file is downloaded and run from the exploit site. The file is a Trojan Downloader and connects to a Bot C&C server at IP 78.109.29.116. After connecting to the IP, the file downloads a Rootkit installer from the same IP. This IP address has ties to the Russian Business Network.

This isn’t the first time that security researchers have reported Torrentreactor is foisting malware on its users. In March 2008, the site suffered a similar iframe attack, according to Dancho Danchev.

Credit: The Register
Credit: Websense Security Labs

Cross-site scripting flaw on the web sites of the Motion Picture Association of America (MPAA) has been abused to inject listings from controversial torrent links site The Pirate Bay.

Vektor, a member of the Team Elite group of hackers, smuggled links culled from the The Pirate Bay into content served up when surfers visited the MPAA’s recommended list of sites. The MPAA’s legal action against The Pirate makes the supposed endorsement ironic and embarrassing, if not completely unexpected.

Cross-site scripting (XSS) security flaws on websites are all too commonplace and the MPAA is a high-profile target, especially after the four defendants in The Pirate Bay trial were found guilty in a recent high-profile trial. So it was only really a question of time until hackers managed to find a chink in its armor to exploit.

Earlier denial of service attacks against entertainment industry websites scored limited successes in the aftermath of The Pirate Bay verdict on 17 April.

According to Vektor, the Recording Industry Association of America (RIAA) website is vulnerable to similar flaws as those he exploited to embarrass the MPAA earlier this week, Softpedia reports. Vektor used this flaw to inject a listings from Mininova, another well known torrent tracker, into pop-up windows displayed when users visited portions of the RIAA website.

Although the MPAA has reportedly addressed the flaws on its main website following the attack, other MPAA-controlled websites involved in movie ratings remain vulnerable to much the same type of exploit.

The vulnerabilities create a means for rogue iFrames from third-party servers to be presented to surfers as if they came from the site they are visiting, when in reality they come from locations determined by hackers.

XSS flaws on both the MPAA and RIAA websites have cropped up from time to time in the past, a quick search of security website XSSed reveals. Security suppliers, such as application security firm Fortify, said that Vector’s attacks against the RIAA and MPAA were each effectively accidents waiting to happen.

“That such sites are open to XSS-driven incursions and alterations comes as no surprise, given the fact that so many sites are poorly programmed and therefore open to such attacks,” said Richard Kirk, a director at Fortify. “The MPAA is lucky that Vektor’s attack was a proof-of-concept one, and intended as something of a joke. The next time they – and other organizations whose sites are vulnerable to XSS-driven attacks, may not be so lucky,” he added.

Credit: The Register
Credit: Softpedia