Posts tagged ‘anonymous’

Errata Security: What they miss about Uber/Lyft pay

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

In this story, writer Timothy B. Lee (@binarybits) becomes a Lyft driver for a week. He focuses on the political questions, such as the controversially low pay. He makes the same mistakes that everyone else makes.

Lyft (and Uber) pay can be low for the same reason McDonalds is open at midnight. In absolute terms, McDonalds loses money staying open late. But, when you take into account all the sunk costs for operating during the day, they would lose even more money by not remaining open late. In other words, staying open late is marginally better.

The same is true of Lyft/Uber drivers. I take Uber/UberX on a regular basis and always interview the drivers. Without exception, it’s a side business.

This one time, my UberX driver was a college student. He spent his time between pickups studying. When calculating wait-time plus drive-time, he may have been earning minimum wage. However, when calculating just drive-time, he was earning a great wage for a student — better than other jobs open to students.

Without exception, all the Uber black-car drivers have their own business. They have fixed contracts with companies to drive employees/clients. Or, they have more personal relationships with rich executives, driving them to/from work on a daily basis. They just use Uber to fill in the gaps. They already in invest in the care and maintenance of the black car, and would be sitting around waiting anyway, so anything they earn from Uber is gravy on the top.

I always ask drivers if they derive 100% of their income from Uber/UberX, and (with the exception of the student) they’ve all said “no”. The same is likely true for Lee. It’s unlikely he was just sitting in his car staring out into space while waiting for the next pickup. It’s more likely that he writing his next Vox piece, or researching his next Bitcoin/Anonymous book.

Some drivers do earn 100% of their incoming from Lyft/UberX — right now. Drivers tell me of their friends who are only driving temporarily, while hunting for a new job. In other words, while they are working full time at UberX at the moment, it’s only a few months out of the year while between other jobs. They’ve already invested in buying a car and insurance — rather than these being difficult costs during a period of unemployment, they are benefits.

Leftists wanting to ban unregulated innovation focus on “wages”, but that’s nonsense. If wages were as bad as claimed, drivers wouldn’t be doing it. If drivers had a better alternative, they’d be doing it. Indeed, as I mentioned above, that’s what some were doing: driving while looking for better jobs. Thus, the argument that drivers don’t earn enough wages is false on its face.

Instead, what’s going on is that the “sharing” economy is really the “marginal” economy. You can’t report on its as if it’s a replacement for a full time job — you have to report on it as it fits within other jobs or lifestyle. Great marginal wages may suck when compared against full time wages, but that completely misses the point of this innovation.

TorrentFreak: The Pirate Bay’s Facebook Page Is Shut Down Too

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tpbfacebookMore than a week has passed since The Pirate Bay’s servers were pulled offline, and now the same is happening to the site’s official Facebook page.

With more than 470,000 likes TPB’s Facebook page had quite a reach, although the last status update dates back to last year. Since then the page was mostly used by ‘fans’ to share TPB related news stories, and most recently links to Pirate Bay alternatives.

Those who try to access the page today are out of luck though, as Facebook informs them that “the page isn’t available” and that it “may have been removed.”

It’s unclear what the reason behind the removal is. It could have been initiated by The Pirate Bay crew itself but it’s also possible that Facebook was asked to shut it down for alleged links to copyright infringing material.

tpb-facebook

If The Pirate Bay crew deleted the page the motivation may have been to cover its tracks. Swedish authorities have confirmed that there’s a new criminal investigation ongoing into the site’s operators, which may have prompted some to cut their ties.

That said, TPB’s official Twitter profile, which hasn’t been updated since December last year, remains online.

The Pirate Bay crew have remained pretty much silent over the past few days. Earlier this week a message was relayed through “Mr 10100100000″ who suggested that no decision has yet been made on a potential return.

“Will we reboot? We don’t know yet. But if and when we do, it’ll be with a bang,” Mr 10100100000 said.

Meanwhile, most of the site’s users are flocking to the Pirate Bay copies that are floating around, or one of the other popular torrent sites. This mass migration caused trouble at ExtraTorrent yesterday, who were briefly offline due to a “sudden increase in user traffic.”

At the same time, groups using the “Anonymous” moniker claimed to have hacked both the Swedish Government and the New Zealand police in a retaliatory move, while a better known “Anonymous” group distanced itself from The Pirate Bay.

“We do not support the return of The Pirate Bay itself. We used to be the activist arm behind this website and what it stood for, but we feel like The Pirate Bay doesn’t represent our message anymore,” the latter group said.

And so the storm continues.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Icefilms Downtime Causes Concern, But Site Will Return

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Without doubt the past seven days have shaken the file-sharing world to its core. Last Tuesday the Internet’s most famous file-sharing site, invincible according to many accounts, fell following a raid by Swedish police.

That kind of surprise can lead people to panic when other similar sites have downtime at the same time. For the past 24 hours concern has been growing over Icefilms, a movie and streaming portal with a strong online following.

Sometime yesterday morning, Icefilms disappeared offline. Visitors to the site reported various issues, from no page loading to redirections to another domain. Most, however, were confronted with the image shown below.

icefilms

While much preferable to a law enforcement notice, the image itself has been causing concern among Icefilms users due to it being hosted on Amazon rather than the site’s own server.

But despite the worries a source familiar with the situation informs TF that there is nothing to be concerned about. Icefilms currently has hosting issues to overcome, hence placing the image on another server. The site itself should be back to its full glory within days.

Even when the Pirate Bay raid is disregarded, it’s easy to see why Icefilms users have been panicking. Firstly, the first few pages of Google are almost useless when it comes to getting information about the site. In fact, Icefilms itself is completely absent from Google search results.

However, if one turns to Bing then results are restored to their former glory. In fact, Bing even provides a convenient Icefilms search engine as the first result.

icesearch

Only adding to the confusion is Icefilms’ inclusion in a recent blocking order. Last month the UK High Court ordered ISPs to block 32 domains following an application by the Motion Picture Association. In recent weeks the leading service providers responded by blocking access to Icefilms.info.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Swedish ISP Refuses to Block The Pirate Bay

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

pirate bayIn many countries around the world The Pirate Bay has become a focal point for rightsholders seeking website blocking injunctions. Portrayed as the worst-of-the-worst, the site has been named in many ISP liability lawsuits.

But while the site disappeared last week, pending legal action concerning it has not. The most recent lawsuit was filed in November by Universal Music, Sony Music, Warner Music, Nordisk Film and the Swedish Film Industry against Swedish service provider Bredbandsbolaget.

In papers filed at the Stockholm District Court, the plaintiffs attempt to hold Bredbandsbolaget liable for the copyright-infringing actions of its pirating subscribers. The entertainment companies say that in order to put itself in the clear the ISP should block its customers from accessing The Pirate Bay and popular streaming portal Swefilmer.

Just over a month later and Bredbandsbolaget (Broadband Company) has now submitted its response to the Court. The ISP completely opposes the entertainment companies’ demand to block content and services.

“Bredbandsbolaget’s role is to provide its subscribers with access to the Internet, thereby contributing to the free flow of information and the ability for people to reach each other and communicate,” the company said in a statement.

Bredbandsbolaget says that its job is to deliver a broadband service to its customers, not control or block specified content or services. Noting that the company will not monitor the communications of its subscribers, the ISP says that it’s a fundamental principle of the “Open Internet” that carriers can not be held responsible for the traffic carried on their networks.

“Bredbandsbolaget does not block content or services based on individual organizations’ requests. There is no legal obligation for operators to block either The Pirate Bay or Swefilmer,” the company explains.

“There are other legal means to stop infringement of rights, but there is no provision in Swedish law that forces an Internet provider to block its subscribers’ access to services and content.”

While the motivation behind the lawsuit is to obtain a ruling that will ease blocking of additional sites in future, stopping Swedish users from accessing sharing services could prove more difficult than in other territories. The country has a long history of sharing files and services such as The Pirate Bay have become embedded in its Internet culture.

It’s also worth noting that at least for now The Pirate Bay doesn’t even exist so blocking it would be futile. Whether the entertainment companies will proceed with their case as planned if TPB stays down remains to be seen, but it’s certainly possible they might seek to include the many copycat sites that have appeared following the site’s demise.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay Shutdown Doesn’t Stop People From Sharing

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

download-keyboardThere is no denying that The Pirate Bay played a central role in the torrent ecosystem.

As one of the few well-moderated sites it was the source for dozens, if not hundreds of other torrent sites. And with millions of visitors per day the site also had the largest user-base.

With an event like this, one could expect that BitTorrent usage would have been severely impacted, but it appears that people have found their way to one of the many alternatives.

TF reached out to the operator of Demonii, the tracker that was used for all Pirate Bay torrents, and it appears that the Pirate Bay raid isn’t affecting its traffic much.

“Not much is happening differently on our side due to the TPB downtime. I cannot see any anomalies or differences,” the Demonii operator told us.

“Since all the torrents are pretty much mirrored by KickassTorrents and Torrentz, it seems that the downtime hasn’t stopped people from downloading or uploading at all,” he adds.

The connections per minute to the Demonii tracker remain relatively stable, hovering around the 25 million mark, with a peak during the weekends. The graph below shows the pattern for the past week with the Pirate Bay raid (last Tuesday) included.

Demonii weekly stats
tracker-peer-week

The monthly graph suggests that traffic over the past several days has been a fraction lower than the weeks before, but the impact is relatively low.

“In terms of connections we are looking at roughly 2,880,000 connections per minute at peak hours and about 2,160,000 connections per minute at the lowest,” Demonii’s operator says.

Demonii month stats
tracker-peer-month

If The Pirate Bay remains down for a longer period of time problems may arise on a different level though. TPB has traditionally been one of the best moderated sites, which helped to prevent malware and other scams from spreading.

In theory others could take over this role, but if more sites topple the quality element may become an issue. For now, however, most people seem to be sharing as much as usual.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay Suspect Released After Raid Arrest

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayA week ago The Pirate Bay was pulled offline with a single raid at the Nacka station, a nuclear-proof data center built into a mountain complex.

Despite the rise of various TPB copycats and rumors of reincarnations, the Pirate Bay crew hasn’t made its mind up about a possible comeback.

“Will we reboot? We don’t know yet. But if and when we do, it’ll be with a bang,” Pirate Bay’s Mr 10100100000 told TF yesterday.

In addition to police seizing some of Pirate Bay’s crucial infrastructure, last Tuesday authorities also arrested one individual with alleged ties to the notorious torrent site.

After being held in custody for nearly a week, the Pirate Bay suspect was released from custody yesterday, pending an ongoing investigation.

The suspect is believed to be one of the moderators of the site, but this hasn’t been confirmed by the police. Expert file-sharing case prosecutor Fredrik Ingblad did state that the man was suspected of copyright violations.

“The suspicions relate to a violation of copyright law. Everything is being analyzed now and new hearings may possibly be held,” Ingblad said.

The prosecutor’s comments also make it clear that there’s a new investigation into the people behind The Pirate Bay.

The data seized in the raid will first be examined by the authorities. Paul Pintér, National coordinator for intellectual property crimes, told NyTeknik that there is a lot of information to go through, so it may take some time before the investigation completes.

In recent days TF has received evidence that Fredrik Neij, who is currently serving a 10 month sentence from the previous trial, remains a Pirate Bay suspect. Neij was arrested by Thai immigration authorities last month when he tried to cross the border from Laos.

How many people the police are investigating in the new case and whether there will be a fresh trial is unknown at this point.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Swedish Supreme Court Determines Movie Piracy Fines

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

nopiracyWhile headlines may suggest otherwise, the vast majority of online file-sharers go about their business without ever falling foul of the law. Like hundreds of millions of speeding motorists every day, most breaches go unnoticed or unpunished.

Nevertheless, that’s not to say people can forget about the risks. Breaches of copyright law can result in hefty fines in most developed countries, if rightsholders feel strongly enough about prosecuting the case.

One such case began in Sweden four years ago when police investigating another incident stumbled across content being shared on a man’s computer. The discovery, which involved material obtained from The Pirate Bay, was reported to both copyright holders and the prosecutor.

After moving through an initial case and an appeal, the prosecutor’s office was disappointed when the file-sharer was issued with just a fine. With ambitions for a scary legal precedent, those sharing files habitually should be sent to jail, the prosecutor argued.

The case went all the way to the Supreme Court but it didn’t work out as planned. The Court agreed that the defendant (known as JS) had damaged the interests of copyright holders with his actions but noted that in the majority of cases (57 out of the 60 movies) his subsequent sharing with others had been brief.

Also in the man’s favor was how the Court viewed his activities. No commercial motivation was found, with the Court noting that his file-sharing had been for personal use, despite its scale.

“Such use of the current networks and services should not be considered as an aggravating factor when assessing the penalty amount,” the judgment reads.

Sweden operates an income-calibrated system of fines known as “day fines” which are equal to the amount the defendant could have earned in a day. The Court ruled that for each movie download with a short upload, the man would be sentenced to 50 day fines.

While that sounds like the fine could increase to a huge amount, in Sweden when people are convicted of several offenses at the same time the penalty is gradually reduced for each subsequent offense. In any event the maximum punishment is 200 day fines.

In this case the man was sentenced to 180 day fines, up from the 160 handed down by the lower court. Anti-piracy group Rights Alliance who assisted with the case welcomed the judgment, but there can be little doubt that a custodial sentence (even a suspended one) was the target here.

Nevertheless, it appears that the judgment could have drawn a line in the sand.

“This is a borderline case where the sentence is located on the edge of going over to prison. If you’re looking to see what is necessary for a prison sentence, it’s not much more than this,” Supreme Court Judge Svante O. Johansson concluded.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay Responds to The Raid, Copies and The Future

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

phoenix-bayFor more than a decade The Pirate Bay’s been the bastion of uncensored information. Until the raid on some of its critical infrastructure last week, the site never had more than three days of downtime.

The big remaining question on everyone’s minds right now is whether the site will make a comeback, and if so, how long this will take.

The TPB crew have remained awfully quiet and haven’t commented on the raid in public, but today “Mr 10100100000″ breaks the silence in order to get a message out to the world.

“We were not that surprised by the raid. That is something that is a part of this game. We couldn’t care less really,” Mr 10100100000 informed TF through an encrypted channel.

“We have however taken this opportunity to give ourselves a break. How long are we supposed to keep going? To what end? We were a bit curious to see how the public would react.”

Without hearing about the exact issues, we get the feeling that a comeback may be more complicated than most people assume. It seems unlikely that the site will return within the next few days, but if it does eventually come back online people will surely notice.

“Will we reboot? We don’t know yet. But if and when we do, it’ll be with a bang,” Mr 10100100000 says.

Obviously there are discussions ongoing behind the scenes on how to proceed. The entire team including the moderators comprises a few dozen people who all have their own opinions on the matter.

“The people behind TPB are like one big collective mind. There are no leaders nor any one in charge. About 30-50 people from all over the world pitch their ideas against each other and whatever comes out of that is what will be the fate of TPB.”

In recent days many “copies” of The Pirate Bay appeared online and many of these have now started to add new content as well. According to the TPB crew this is a positive development, although people should be wary of scams.

“Copycats are to be seen as a higher form of the proxies. If [Pirate Bay’s] code wouldn’t be so shitty we would make it public for everyone to use, so that everyone could start their own bay.”

“Of course there is a problem if sites like [thepiratebay].ee try to scam people. But overall, we’d love to see a thousand Pirate Bays,” Mr 10100100000 adds.

The Pirate Bay doesn’t really have a preference when it comes to the best Pirate Bay alternative and says the “swarm” has to decide which one is best. In any case, people should keep the Kopimi spirit alive as TPB is much more than some hardware stored in a dusty datacenter.

“We’ve always lived by Kopimi. We love being cloned. It would be amazing if, like in the classic movie Spartacus, everyone could stand up and say “I am The Pirate Bay,” Mr 10100100000 says.

To be continued.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Fake Pirate Bay Lies to Press and Fakes User Uploads

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

fakeThe Pirate Bay was without doubt the most iconic BitTorrent site in history before it was abruptly shutdown last week following a raid on a Swedish datacenter.

Even today it seems strange talking about The Pirate Bay in the past tense. Many believe it’s simply a question of time before the site reappears but for others any amount of time is too long to wait.

Within days, many replicas of The Pirate Bay appeared online, each trying to recreate the look and feel of the old site. While some, such as the isoHunt.to domain oldpiratebay.org, made it clear that they’re a copy of the iconic site, others are flat-out lying by pretending to be the real deal.

The worst offender by far is ThePirateBay.cr. Thanks to several mainstream news outlets posting uninformed articles in the days following the raid, millions of people now believe that this site is the real deal. Admittedly, that’s not the site’s fault, but that traction is adding weight to their current campaign which involves impersonating Pirate Bay operators and lying to the media.

In an email sent to out to the mainstream press, ThePirateBay.cr identify themselves as “winstonbay”, a name that has been used by genuine Pirate Bay staff in the past. By carefully weaving some fact into their press release (thanks to Emil Protalinski for the copy), their aim is to mislead.

“Most of our cloud servers including load balancer are shut down except one in NZ. TPB is back and already running at thepiratebay.cr which used to be an official proxy previously,” the release reads.

Referencing an earlier article on TF in which we pointed out that .CR was redirecting to another domain charging users for access, the release again blends truth and lies.

“Redirection to .ee – scam site running from long time was due to technical fault while DNS propagation which was cached by server. Comments & normal user login (VIP users allowed access) are disabled currently due to excessive load.”

Enter your TPB VIP username and password here – at your perilcr-login

The fact the site brings up user registrations is interesting since their existence offers a straightforward test to determine whether a site is a clone of The Pirate Bay or not. Quite simply, clone sites do not have the millions of user accounts The Pirate Bay used to have, neither do they have associated user comments under torrents.

While ThePirateBay.cr tries to explain this away by saying accounts have been disabled due to server load, they also have another trick up their sleeve. New torrents being added to the site now show names of popular uploaders. However, as pointed out by ExtraTorrent.cc, these are not being uploaded by the people in question.

“None of the torrents are actually uploaded by ETTV of ExtraTorrent and we didn’t log in or sign up to that site,” ExtraTorrent told TF.

Fake user accounts on ThePirateBay.crfake-cr

“This is them making their own bot to grab our torrents but the funny thing is that they made accounts [in our names] and are fooling members that we are uploading there. They are trying to make it look more legit so users go there.”

Other user accounts recreated on the site include SaM and Juggs of ETRG, YIFY, EZTV, scene4all and BOZX, previously one of The Pirate Bay’s most popular uploaders.

While people might argue that having as many Pirate Bay’s as possible is a great thing, sites like this are problematic. There have been attempts to mislead right from the very start and the recent mails to the press just make matters worse. It’s now impossible to determine the nature of their intentions but the lies aren’t a good start.

Add to that the very real possibility that former TPB users (VIPs no less) might enter their usernames and passwords into this site and there’s a very real possibility of account hijacks should the original site come back online. If they use the same username and passwords elsewhere, things will go bad a lot sooner.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Top 10 Most Pirated Movies of The Week – 12/15/14

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

equalizer1This week we have four newcomers in our chart.

The Equalizer is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are BD/DVDrips unless stated otherwise.

RSS feed for the weekly movie download chart.

Ranking (last week) Movie IMDb Rating / Trailer
torrentfreak.com
1 (…) The Equalizer 7.4 / trailer
2 (1) The Maze Runner 7.1 / trailer
3 (…) Horrible Bosses 2 6.9 / trailer
4 (4) Guardians of the Galaxy 8.5 / trailer
5 (…) Gone Girl 8.4 / trailer
6 (3) Teenage Mutant Ninja Turtles 6.1 / trailer
7 (2) Nightcrawler (DVDscr) 8.2 / trailer
8 (5) This Is Where I Leave You 6.7 / trailer
9 (6) Fury (DVDscr) 8.0 / trailer
10 (…) The Good Lie 7.1 / trailer

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: “How To Learn Absolutely Nothing In Fifteen Years,” By The Copyright Industry

This post was syndicated from: TorrentFreak and was written by: Rick Falkvinge. Original post: at TorrentFreak

pirate bayIn 1999, Napster was a one-time opportunity for the copyright industry to come out on top of the Internet. Napster was the center of attention for people sharing music. (Hard drives weren’t big enough to share movies yet.)

Everybody knew that the copyright industry at the time had two options – they could embrace and extend Napster, in which case they would be the center of culture going forward, or they could try to crush Napster, in which case they would lose the Internet forever as there would not be another centralized point like it.

The copyright industry, having a strong and persistent tradition of trying to obliterate every new technology for the past century, moved to crush Napster. It vanished. DirectConnect, LimeWire, and Kazaa — slightly more decentralized sharing mechanisms – popped up almost immediately, and BitTorrent a year or so later.

This was about as predictable as the behavior of a grandfather clock: the cat wasn’t just out of the bag, but had boarded a random train and travelled halfway cross-country already. People had smelled the scent of sharing, and there was no going back. However, people wouldn’t repeat the mistakes of Napster and have a single point of failure. For the next couple of years, sharing decentralized rapidly to become more impervious and resilient to the onslaught of an obsoleted distribution industry.

It is not a coincidence that The Pirate Bay rose about 2003. That time period was the apex of the post-Napster generation of sharing technologies. With the advent of the first generation of torrent sites, sharing slowly started to re-centralize to focus on these sharing sites. For a few years, DirectConnect hubs were popular, before people transitioned completely to the faster and more decentralized BitTorrent technology.

This week, The Pirate Bay was taken offline in a police raid in Sweden. It may only have been the front-end load balancer that got captured, but it was still a critical box for the overall setup, even if all the other servers are running in random, hidden locations.

Sure, The Pirate Bay was old and venerable, and quite far from up to date with today’s expectations on a website. That tells you so much more, when you consider it was consistently in the top 50 websites globally: if such a… badly maintained site can get to such a ranking, how abysmal mustn’t the copyright industry be?

The copyright industry is so abysmal it hasn’t learned anything in the past 15 years.

In the mere week following the downing of The Pirate Bay, there has been a flurry of innovation. People are doing exactly what they did fifteen years ago, after Napster: everybody is saying “never again”, and going to town inventing more resilience, more decentralization, and more sharing efficiency. The community who are manufacturing our own copies of knowledge and culture had gotten complacent with the rather badly-maintained website and more or less stopped innovating – The Pirate Bay had been good enough for several years, even when its age was showing.

I’ve seen signals from every continent in the past week that the past decade of decentralization technologies is getting pooled into new sharing initiatives. A lot of them seem really hot. Some are just hitting the ball out of the park if they get realized: everything from TOR to blockchain technology to distributed computing – components that weren’t there when BitTorrent first surfaced ten years ago. If realized, they should surface over the next few years, like BitTorrent surfaced three to four years after Napster with a bunch of other technologies in between. As a side bonus, these new initiatives will also protect privacy and free speech, which are both incompatible with enforcement of the copyright monopoly.

So in a way, this was welcome. We need that innovation. We need to not grow complacent. We all need to stay ahead of the crumbling monopolies – a dying tiger is dangerous, even when it’s obviously insane. But The Pirate Bay’s legacy will never die, just like Napster’s legacy won’t.

In the meantime, the copyright industry is a case study in how to really insist on not learning a damn thing from your own monumental mistakes in fifteen full years.

About The Author

Rick Falkvinge is a regular columnist on TorrentFreak, sharing his thoughts every other week. He is the founder of the Swedish and first Pirate Party, a whisky aficionado, and a low-altitude motorcycle pilot. His blog at falkvinge.net focuses on information policy.

Book Falkvinge as speaker?

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Morgan Freeman: Movie Pirates Have Tiny, Useless Penises

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

downloadcarYou wouldn’t steal a car. You wouldn’t steal a handbag. You wouldn’t steal a television. You wouldn’t steal a movie.

Today there can be few of us unaware of the origins of those lines since for nearly ten years the anti-piracy PSA in question has been subjected to online ridicule.

Educating people on piracy matters, especially those aged between 15 and 35, is notoriously difficult. It’s all too easy to patronize those of a more mature age with amped up drama and needless scaremongering but that’s easily eclipsed by the chances of appearing terribly “uncool” to the cutting-edge youth.

None of these pitfalls appear to have fazed Creative Future, the huge coalition of entertainment industry companies with a mission to suck profit out of piracy and educate the masses.

When they’re not taking a shot at BitTorrent Inc., the organization supports groups such as iKeepSafe who in turn aim to keep the younger generation safe (and pirate-free) online.

And next year, if all goes to plan, we’ll get the chance to view Creative Future’s anti-piracy PSAs. TorrentFreak obtained a copy of the concepts and scripts and they range from mildly annoying and stereotypical to outrageously daring and hilarious.

Torrent – The Slightly Smug, BitTorrent Veteran Douchebag

One of the campaigns involves a character called “Torrent”. This intriguing fellow, set to played by a young male actor in his late 20s or early 30s, appears to be a bit of a file-sharing veteran since he has “all the answers” when it comes to justifying his piracy.

“Confident and unapologetic”, Torrent isn’t ashamed of what he does because he believes he’s right, in fact he’s so sure of his moral compass “he speaks the opinions of the BitTorrent community word for word.”

However, while Torrent is living up to his billing as a “slightly smug douchebag” with a mantra of “if it’s online, it’s mine”, his actions are affecting people who create content.

“I support art but I don’t pay big corporations for entertainment,” Torrent says, his words overlaying images of production assistants packing vans at 3am and games coders working through the night.

But while the campaign outlined above plays to a specific file-sharing sterotype, there are more exciting plans ahead.

Don’t Be An Asshole

Another PSA campaign, surprisingly titled “Don’t Be An Asshole”, features big name stars filmed on the sets of big movies. We’ve read all the early scripts (featuring everyone from Sandra Bullock to Morgan Freeman) and not only are they pretty funny but they might even turn into a campaign people won’t actually hate. Better than that, they’re a parody goldmine.

The premise is simple – if you download movies illegally, you’re an asshole. While the title of the campaign gives that away, the content of the scripts is nothing short of a huge surprise.

One PSA, set to be filmed on the set of Ted 2, features Mark Wahlberg and Ted (Seth MacFarlane) sitting together chatting on a couch.

—————————-

MARK: “Hey, buddy. Have you ever done anything, like, illegal. You
know…illegal illegal?”

TED: “Oh, ya man. Tons of stuff.”

MARK: “Like what?”

TED: “Alright, uh, top of my head…I once paid two prostitutes to have a boob
fight. Does that count?”

MARK: “That sounds awesome. One time I pooped in the deep fryer at a Doug’s Sr.”

TED: “I kicked a nine year old in the nuts. No reason. And not when I was
younger either, this was like, Tuesday.”

MARK: “One time I punched a blind guy in the face, cause I knew he couldn’t
identify me.”

TED: “I had sex with a Grifford the Dog doll…that was not consensual”

MARK: “I’m guilty of that one, too.”

TED: “I posted those naked pictures of your ex without her permission.”

MARK: “I took ‘em without her permission.”

TED: “Wow. We’ve both done some pretty messed up things.”

– The laughter dies down, but Mark has one last question.

MARK: “Ya. Hey, have you ever illegally downloaded a movie?”

- The tone in the room shifts immediately. Ted is clearly upset by this.

TED: “What? No. I’m not an asshole.”

TITLES: DON’T BE AN ASSHOLE

—————————-

As made clear by the above, this is no ordinary anti-piracy campaign and the scripts we’ve seen reveal there are plenty more surprises where these came from.

We won’t spoil the fun but I for one simply cannot wait to see Morgan Freeman captured on film reciting the lines set down for him in one script….

MORGAN: “If you illegally download movies off of the Internet, you have a tiny, useless penis, and you should be embarrassed to be alive.”

No, really……

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Former ‘Pirate’ Site Dropped From UK Blocklist

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

filestube-newLast week the popular media search engine FilesTube transformed itself into a licensed video aggregator.

The site, which was once branded one of the top pirate sites by the entertainment industry, hopes that the move will bring in new revenue opportunities.

First, however, the site had to get rid of various remnants from its “pirate” history. The site is still blocked in the UK, for example, as the High Court previously declared that FilesTube infringed music rights.

Earlier, FilesTube informed TF that it planned to challenge the blockade at the High Court, but it turns out that this is no longer needed. Music industry group BPI, who were the driving force behind FilesTube’s blockade, followed recent developments and decided to unblock the site.

This is the first time that the list of blocked pirate sites in the UK has become shorter, although it may not be for long.

The BPI believes that FilesTube is a good example of how High Court orders can motivate websites to go legit and hopes that others will follow the example.

“We are pleased that the block has encouraged FilesTube to change its business model so that it no longer appears to infringe music rights,” BPI’s General Counsel Kiaron Whitehead tells TF.

“Accordingly, we have agreed to un-block the site, which the ISPs will implement over the next few weeks. We hope that other sites which are subject to blocking orders will follow suit and help to support the development of legal digital entertainment.”

TF also spoke with FilesTube, who are happy with BPI’s swift response. Since the music group can amend the blocklists without a court order, this saves the trouble of going through court.

“We used to be a media search engine for content on cyberlocker sites. Now we operate as a free VOD aggregator with licensed content only. We are grateful to BPI for agreeing to lift the blocks and we look forward to the growth of the new FilesTube,” a spokesperson informed TF.

In addition to the lifted blockade, FilesTube’s Facebook page was also unblocked recently. The page was taken down by the movie industry FACT, but is now accessible again.

Meanwhile, many of FilesTube’s former users are disappointed with the change. Apparently “going legit” also has its downsides, but the site hopes to rebuild a new community during the months to come.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Sony Planned to Flood Torrent Sites With “Promo” Torrents

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

Copyright holders have a wide range of options they can employ to counter online piracy. Takedown notices are best known and sent out in their millions every day. However, the people at Sony Pictures’ TV network AXN thought that uploading content to torrent sites could help their business.

Sony’s AXN in Central Europe developed an ad campaign for the show “Hannibal” which proposed posting torrents of the first minute of the show on popular torrent sites such as Pirate Bay and KickassTorrents.

The revelations are part of the Sony Pictures leaks which contain a discussion on the plan, framing it as a “brilliant anti­piracy social campaign.” The AXN employee describes the idea as follows.

“The idea is simple. We made a promo dedicated to Hannibal which is convincing people in very creative and no­invasive way to watch Hannibal legally on AXN instead downloading it from torrents.

“[T]his promo is supposed to be downloaded on the torrents sites, imitating the first episode of Hannibal season 2 but in reality would be only a 60 sec promo. The torrents sites are exactly the place where people just after [the] US premier would be searching for the first episode of season 2. So the success of this project is more than 100% sure.”

Unfortunately for the AXN Central Europe team the advertising campaign wasn’t well received at Sony Pictures’ headquarters in Los Angeles. The Hollywood execs showed great concern about the sites where these promos would end up, a view that wasn’t widely shared by the team in Europe.

“From the legal point of view in many CE countries the torrents sites itself are legal. Only sharing and downloading the illegal stuff there is not. This project is to support anti­piracy strategy not against,” the AXN employee writes.

“From my perspective this would be something really unconventional, something to be shared and presented in case studies presentations. Great story for be presented at the panel discussions. This could really help us to show AXN CE is actively fighting against piracy.”

Part of the promo email
sony-promo

The discussion eventually landed on the desk of a Sony Pictures Executive Vice President, who emphasized that it was a no go. Populating torrent sites with promos could risk current efforts to disrupt those same websites.

“I called [XXX] and restated that this is simply a long road to ‘no’ because it so severely undercuts our efforts not only in CE, but all we have accomplished elsewhere.

“Forget about a site blocking strategy if we start putting legitimate PSAs or promos on sites we’ve flagged to governments as having no legitimate purpose other than theft… PSAs being for public good, etc…”

And so it never happened…

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay Holdout Still Holds 40 “Illegal Sites”, Lawyer Says

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

smashedserverThis whole week has felt like a crazy rollercoaster of a dream foretelling an impossible future. Has the world’s most resilient torrent site really gone for good?

At this point in time it’s hard to say for sure, but optimism is pretty low. The Pirate Bay was hit hard on Tuesday by Swedish police and currently not a shred of evidence suggests that a recovery is on the cards.

The action against TPB, which took place in a cave-built datacenter in Nacka, Sweden, affected several other sites too including Zoink, Torrage, the Istole tracker, Suprbay.org, Bayimg.com and Pastebay.net. EZTV was also taken down, but is currently working its way back online.

However, according to one of the key figures behind the complaint and subsequent police raid of The Pirate Bay, the sites taken down this week are just the tip of a pretty large Swedish iceberg.

Henrik Pontén is a lawyer with Rights Alliance, the anti-piracy group previously known as Antipiratbyrån. He informs TorrentFreak that there are dozens of other ‘pirate’ sites operating in the very same datacenter that previously housed parts of The Pirate Bay.

“At the hosting provider that the police raided [this week] there are still around 40 illegal sites still up and running,” Pontén explains.

Quite why those sites didn’t go down too isn’t clear, but according to the lawyer some big ones remain operational including torrent site 1337x.to and streaming movie portal Solarmovie.is.

Perhaps even more of a surprise is Pontén’s allegation that movie release group SPARKS is operating a topsite there. TorrentFreak has no way of verifying the claim and the fact we were given the information is in itself curious, but the Rights Alliance lawyer seems pretty convinced.

The big question is whether the anti-piracy group intends to do anything about the sites. We weren’t told anything specific but received a general warning.

“Rights Alliance acts wherever a crime has been committed against our rightsholders. The guilty persons will be prosecuted and damages will be required,” Pontén said.

In the meantime and in the wake of the The Pirate Bay’s untimely disappearance there’s no shortage of sites stepping up to try and take its place. As previously mentioned certain impostors have directed people to malware and have even tried to charge for access.

Right now this misdirection only looks set to get worse – unless there’s a miraculous rebirth this Christmas.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Leak Exposes Hollywood’s Global Anti-Piracy Strategy

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mpaa-logoThe Sony Pictures leak has caused major damage to the Hollywood movie studio, but the fallout doesn’t end there.

Contained in one of the leaked data batches is a complete overview of the MPAA’s global anti-piracy strategy for the years to come.

In an email sent to top executives at the major Hollywood studios earlier this year, one of the MPAA’s top executives shared a complete overview of Hollywood’s anti-piracy priorities.

The email reveals key areas of focus for the coming years, divided into high, medium and low priority categories, as shown below.

piracy-strategy-page

The plan put forward by the MPAA is the ideal strategy. Which elements are to be carried out will mostly depend on the funds made available by the studios.

High priority

For cyberlockers and video streaming sites the MPAA plans to reach out to hosting providers, payment processing companies and advertising networks. These companies are urged not to work with so-called rogue sites.

Part of the plan is to create “legal precedent to shape and expand the law on cyberlockers and their hosting providers,” with planned lawsuits in the UK, Germany and Canada.

Cyberlocker strategy
mpaa-cyberlocker

Other top priorities are:

Apps: Making sure that pirate apps are taken down from various App stores. Google’s removal of various Pirate Bay apps may be part of this. In addition, the MPAA wants to make apps “unstable” by removing the pirated files they link to.

Payment processors: The MPAA wants to use government influence to put pressure on payment processors, urging them to ban pirate sites. In addition they will approach major players with “specific asks and proposed best practices” to deter piracy.

Site blocking: Expand site blocking efforts in the UK and other countries where it’s supported by law. In other countries, including the U.S., the MPAA will investigate whether blockades are an option through existing principles of law.

Domain seizures: The MPAA is slowly moving toward domain seizures of pirate sites. This strategy is being carefully tested against sites selling counterfeit products using trademark arguments.

Site scoring services: Developing a trustworthy site scoring system for pirate sites. This can be used by advertisers to ban rogue sites. In the future this can be expanded to payment processors, domain name registrars, hosting providers and search engines, possibly with help from the government.

Copyright Notices: The MPAA intends to proceed with the development of the UK Copyright Alert System, and double the number of notices for the U.S. version. In addition, the MPAA wants to evaluate whether the U.S. Copyright Alert System can expand to mobile carriers.

Mid and low priority

BitTorrent is categorized as a medium priority. The MPAA wants to emphasize the role of BitTorrent in piracy related apps, such as Popcorn Time. In addition, illegal torrent sites will be subject to site blocking and advertising bans.

BitTorrent strategy
mpaa-bittorrent-strategy

Other medium and low priorities are:

Search: Keep putting pressure on search engines and continue periodic research into its role in facilitating piracy. In addition, the MPAA will support third-party lawsuits against search engines.

Hosting: The MPAA sees Cloudflare as a problem and is developing a strategy of how to deal with the popular hosting provider. Lawsuits against hosting providers are also in the agenda.

Link sites: Apart from potential civil lawsuits in Latin America, linking sites will only be targeted if they become “particularly problematic.”

In the email the MPAA’s top executive does not consider the above strategies to be “final” or “set in stone”. How much the MPAA will be able to carry out with its partners depends on funds being availble, which appears to be a subtle reminder that the studios should keep their payments coming.

“…the attached represents priorities and activities presuming online CP is adequately resourced. Your teams understand that, depending upon how the budget process plays out, we may need to lower priorities and activities for many sources of piracy and/or antipiracy initiatives,” the email reads.

The leaked strategy offers a unique insight into Hollywood’s strategy against various forms of online infringement.

It exposes several key priorities that were previously unknown. The MPAA’s strong focus on domain name seizures for example, or the plans to target cyberlockers with lawsuits in the UK, Germany and Canada.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay ‘Copycats’ Flourish After Raid

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayThe torrent community is still shaken up by the abrupt raid on the Pirate Bay this week.

With millions of visitors a day TPB was one of the largest websites on the Internet and despite the police action its users remain hungry for fresh content.

We previously reported that other large torrent sites have noticed a significant uptick in traffic in recent days. However, many of TPB’s users are eagerly waiting for the original site to return.

Thus far it’s still unclear whether the site will return in the near future, if at all. Our queries to find out more remain unanswered for now.

Meanwhile there’s a ‘worrying’ development that Pirate Bay “copies” are gaining a lot of momentum. While none of these sites are associated with The Pirate Bay they are happy to welcome the extra visitors.

First a word of caution. None of the sites below are related to the “official” site and visitors should beware of scams and malware.

In recent days we have received more than a hundred tips from readers who announced that TPB has returned on the thepiratebay.cr. While this site does look familiar, it’s by no means an official incarnation.

In fact, as we highlighted earlier, the .cr domain used to be one of the many Pirate Bay proxy/mirror sites. It has no upload functionality nor can visitors sign up to add torrents. Interestingly enough (and adding to the confusion) the site’s operators started to populate the site with new content themselves a few hours ago.

The .cr domain, which was incorrectly promoted by several news media sites as an official comeback, previously redirected to thepiratebay.ee, a site that used to charge people for access to torrents.

The .ee domain is another mirror site that’s getting a lot of new visitors. While the site removed its paygate shortly after the Pirate Bay raid, potential visitors should keep this history in mind.

As is true for most mirrors and copies, the .ee site mimics Pirate Bay’s appearance but doesn’t allow people to upload new files. Other mirror sites, some of which have added fresh content and convenient chat boxes, include thepiratebay.hk and thepiratebay.org.es.

These sites, like the ones above, are not connected to the original site. In fact, The Pirate Bay still has access to its .se domain name so there would be no reason to change that for a potential comeback.

Finally, there are also “copies” that make it clear that they’re not the new Pirate Bay. OldPirateBay.org, for example, was launched by the people behind Isohunt.to. The operators told TF that their main motivation is to keep the torrents accessible, not to cause confusion.

“We saw a lot of topics where people are looking for something like this. For sure it has some bugs and glitches but we are going to improve it. The tool is for the users’ convenience till TPB comes alive again,” we were told.

If The Pirate Bay does indeed come back we will be the first to report it here. Until then, caution is warranted.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: ‘Security by Antiquity’ Bricks Payment Terminals

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing a blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves.

Hypercom L4250 payment terminal.

Hypercom L4250 payment terminal.

On Dec. 7, 2014, certain older model payment terminals made by Hypercom stopped working due to the expiration of a cryptographic certificate used in the devices, according to Scottsdale, Ariz.-based Equinox Payments, the company that owns the Hypercom brand.

“The security mechanism was triggered by the rollover of the date and not by any attack on or breach of the terminal,” said Stuart Taylor, vice president of payment solutions at Equinox. “The certificate was created in 2004 with a 10 year expiry date.”

Taylor said Equinox is now working with customers, distributors and channel partners to replace the certificate to return terminals to an operational state. The company is pointing affected customers who still need assistance to this certificate expiry help page.

“Many of these terminals have been successfully updated in the field,” Taylor said. “Unfortunately, a subset of them can’t be fixed in the field which means they’ll need to be sent to our repair facility.  We are working with our customers and distribution partners to track down where these terminals are and will provide whatever assistance we can to minimize any disruption as a result of this matter.”

According to two different merchants impacted by the breach that reached out to KrebsOnSecurity, the bricking of these payment terminals occurs only after the affected devices (in the 4x version of the terminals) are power-cycled or rebooted, which some merchants do daily.

Michael Rochette, vice president at Spencer Technologies, a Northborough, Mass.-based technology installation and support company, said his firm heard last week from an East Coast supermarket chain that opened for business on Monday morning only to find all of their payment terminals unresponsive. Rochette said that the supermarket chain and other retailers impacted by the incident across the country were immediately worried that the incident was part of a hacker attack on their payment infrastructure.

“Not all stores power cycle overnight, but for those that do, they came up all blank and inoperative,” Rochette said. “If that’s something that a retail chain does as a matter of policy across a whole chain of stores, that can be pretty damaging.”

One retailer that contacted KrebsOnSecurity but asked to remain anonymous said technicians at its locations had spent three days trying without success to restore the devices.

“I use two different generations of their terminals and have spent the last three days trying to understand completely why I had zero impact,” a reader from the retailer said. “Mass extinction of my POS devices at the manufacturer level was never on my list of scenarios that would wreck my day at retail.  It is now.”

While designing your products so that they fail after 10 years seems like a less than brilliant idea, this incident is a reminder of just how much of the payments infrastructure in the United States relies on rapidly aging technology.

According to Rochette, at least one of the affected Hypercom devices is no longer allowed to be used in retail installations after 2014, per sunset provisions set out by the PCI Council, an industry group that sets security standards for payment systems. Other Hypercom models affected by this incident are perfectly acceptable to use for years to come.

As for why Equinox failed to warn its customers of the impending meltdown of these payment terminals? Rochette posits that it might have something to do with Hypercom’s rocky corporate history.

“I’ve never seen this before where a particular product all crashed on the same day, and as far as I can tell there was no advance warning about this from Equinox,” Rochette said. “Over the last few years, they were Hypercom, then part of Equinox, then part of Verifone for a while, so I suspect there’s been a lot of turnover in personnel there, and frankly they just lost sight of the fact that they had a pretty important expiration date coming.”

TorrentFreak: Furious Google Ended MPAA Anti-Piracy Cooperation

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Each week Google removes millions of ‘infringing’ links from search engine results at rightsholders’ request, 9.1m during the last documented week alone. In the main Google removes these links within hours of receiving a complaint, a record few other large sites can match.

But no matter what Google does, no matter how it tweaks its search algorithms, it’s never been enough for the MPAA. For years the movie group has been piling on the pressure and whenever Google announces a new change, the MPAA (and often RIAA) tell the press that more can be done.

By most standards, this October Google really pulled out the stops. Responding to years of criticism and endless complaints that it’s one of the world’s largest facilitators of pirate content, Google came up with the goods.

“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites,” said Katherine Oyama, Google’s Copyright Policy Counsel.

“Sites with high numbers of removal notices may appear lower in search results. This ranking change helps users find legitimate, quality sources of content more easily.”

Google’s claims were spot on. Within days it became clear that torrent sites had been hit hard. Was this the tweak the MPAA had been waiting for?

Google seemed confident, in fact so confident that according to an email made public due to the recent Sony hack attack, the company contacted MPAA chief Senator Chris Dodd the day before to give him the headsup.

But if Google was hoping for a congratulatory public statement, they would need to look elsewhere. Instead of a warm reception the MPAA chose to suggest that Google knew it have been involved in wrongdoing.

“Everyone shares a responsibility to help curb unlawful conduct online, and we are glad to see Google acknowledging its role in facilitating access to stolen content via search,” the MPAA’s press release began.

The leaked emails reveal that Google responded furiously to the perceived slur.

“At the highest levels [Google are] extremely unhappy with our statement,” an email from the MPAA to the studios reads.

“[Google] conveyed that they feel as if they went above and beyond what the law requires; that they bent over backwards to give us a heads up and in return we put out a ‘snarky’ statement that gave them no credit for the positive direction.”

In response to the snub, Google pressed the ‘ignore’ button. A top executive at Google’s policy department told the MPAA that his company would no longer “speak or do business” with the movie group.

In future Google would speak with the studios directly, since “at least three” had already informed the search engine that they “were very happy about the new features.”

While the MPAA and Google will probably patch things up in future, the emails also suggest reasons why the MPAA might have given Google a frosty reception.

First up, the MPAA had no time to assess the changes Google had put in place, so had no idea whether they would work. Welcoming changes that fail to perform in future is clearly something the MPAA would want to avoid.

But intriguingly the emails suggest that the MPAA were trying not to affect another external matter from progressing.

“We were also sensitive to the fact that Mississippi [Attorney General] Hood is expected to issue a [Civil Investigative Demand] to Google sometime this week; we did not want an unduly favorable statement by us to discourage AG Hood from moving forward,” the MPAA email reads.

In conclusion the MPAA felt that Google overreacted to their October press release and that the problems will eventually blow over. It’s certainly possible that relations have improved since the emails were written in October.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: You Can Bank On It

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Last week, security journalist Brian Krebs reported on a U.S. Treasury Department finding. The Treasury found that TOR nodes account for a large percent of online banking fraud.

I found this report to be startling. I wasn’t surprised that TOR was being used for fraud. Rather, I was stunned that, after all these years, the banking industry was not filtering out logins from TOR nodes!

Don’t look at me!

Let’s back up a moment… The purpose of TOR (the onion router) is to mix up the network pathway so that users can be anonymous online. The purpose of logging into anything — a bank, Google, Facebook, or any other online service — is to identify yourself. These are diametrically opposed concepts. You cannot be anonymous and identify yourself at the same time!

There may be some online services where you don’t care about the account and you want to be anonymous. A good example would be a free Yahoo Mail account that some anti-government Chinese citizen wants to access. They are anonymous but also identified for logging into the account. However, online banking is different.

With online banking, it is not a “free account”. The account manages tangable assets (money) and is directly associated with a person (or company). Customers want the bank to know it is them doing legitimate business and not someone else doing fraud.

The only time a user might want to be anonymous when accessing a bank is if the account is for doing something illegal (like money laundering). This way, the bank won’t be able to trace the account to an individual. But then again, no FDIC Insured bank wants that kind of customer. (Let’s leave the fraud to non-insured PayPal accounts.)

Seriously: I cannot think of any legitimate reason to do anonymous online banking. I see no legitimate reason to access your bank account using TOR.

Safe Web Access

The other thing to remember is that TOR is not a safe online system. Sure, nobody can trace the network connection from the web client to the web server, but that doesn’t mean it is safe. Specifically, you (the TOR user) do not know who owns each TOR exit node and you have no idea what they are doing to your data.

Last October, some researchers discovered that a few TOR exit nodes were maliciously modifying files. You may think you are downloading a program, but the TOR node was inserting malware instead.

Hostile TOR nodes have also been used to track users and even record logins and passwords.

In effect, if you use TOR then you should assume that (1) nobody knows it is you, and (2) someone is watching and recording what you do. Logging into your bank, or anywhere else, is really a bad idea for TOR users. Knowing this, it strikes me that banks are being intentionally ignorant to permit logins from TOR nodes. This majority of banking fraud should have been stopped years ago.

Filtering by Network

I have previously written about various ways to detect proxies. There are two fast and easy ways to detect proxy users: network and application filtering.

The first way focuses on the network address. The folks at the Tor Project actually have an FAQ entry for online services that want to block TOR. They even provide the list of known TOR nodes! At this point, the web server can look at every login request and check if the client’s network address is the same as a known TOR node. If it is, then they can block the request. (And if the login was valid, the bank can even block all login access to the account since the account has been compromised.)

Keep in mind: TOR is not the only proxy network out there. There are dozens of free lists of open proxies. (And even more fee-based lists.) There are also a couple of DNS-blacklist systems that identify known proxy addresses. And then there are network-based geo-location databases — most have some subnets identified as known proxy networks. Banks could even use the geo-location information to identify likely fraud. For example, if I last logged in from Colorado and then, minutes or hours later, appear to come from Europe, then my account has likely been compromised.

If banks really wanted to be proactive, then they would also identify Starbucks, McDonalds, Holiday Inn, and other major free-Internet providers and add them to the “no login” list. Users should never check their bank accounts from a free Internet service.

Filtering by Application

While network filtering will identify known addresses that denote proxy systems, there are always other proxies that are not found on any list.

Beyond looking at network addresses, services can detect proxies by looking at the web traffic’s HTTP header. Many proxy systems add in their own HTTP headers that denote a network relay. If any of these proxy headers exist, then the server should reject the login.

The biggest problem with HTTP headers is that there is no consistent method to identify a web proxy. Some relays add in an HTTP “VIA” header. Others may use “FORWARDED”, “FORWARDED-FOR”, “HTTP_CLIENT_IP”, “X-PROXY-ID” or similar header fields. My own FotoForensics system currently looks for over a dozen different HTTP headers that denote some kind of proxy network connection. While some of these proxy networks may be acceptable for online banking (e.g., “X-BlueCoat-Via” or “Client-IP”), others should probably be blacklisted.

Being proactive is not a crime

There are many viable uses for proxy networks. However, there are also times when using a proxy is a really bad idea. Banks should be utilizing all of these proxy detection methods. They should be ensuring that the network address is not part of a known proxy system. And they should be proactively trying to identify and reduce fraud.

Of course, some people may tell you that online banking through TOR is safe if you use HTTPS. However, that really isn’t true. Anyone who has seen the Defcon Wall of Sheep knows that HTTPS is easy to compromise if you control the network. Remember: SSL is a security placebo and not an actual security solution.

Before I began focusing on forensic tool development, I did a lot of forensic analysis for corporations. I always thought it was ironic when the corporate lawyers would give me very specific directions, like: “We want to know exactly what happened on this computer. Who did what and when. And whatever happens, we do not want you to look at that computer over there!” With corporate attorneys, if they know about something then they must act on it. But if they don’t explicitly know, then they don’t have to do anything about it. By not looking at the problem, they could always claim ignorance.

This entire “TOR used for bank fraud” situation has a similar feel. It is as if the banks want to claim ignorance rather than addressing the problem. But in this case, the entire industry has known for years that TOR is commonly used for online criminal activity. And we have long known that easy banking access facilitates fraud. In this case, not blocking TOR users really looks to me like intentional criminal negligence.

Schneier on Security: Comments on the Sony Hack

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

I don’t have a lot to say about the Sony hack, which seems to still be ongoing. I want to highlight a few points, though.

  1. At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it’s not an insider, either.) That we live in the world where we aren’t sure if any given cyberattack is the work of a foreign government or a couple of guys should be scary to us all.

  2. Sony is a company that hackers have loved to hate for years now. (Remember their rootkit from 2005?) We’ve learned previously that putting yourself in this position can be disastrous. (Remember HBGary.) We’re learning that again.
  3. I don’t see how Sony launching a DDoS attack against the attackers is going to help at all.
  4. The most sensitive information that’s being leaked as a result of this attack isn’t the unreleased movies, the executive emails, or the celebrity gossip. It’s the minutia from random employees:
  5. The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It’s an email about trying to get pregnant. It’s shit-talking coworkers behind their backs, and people’s credit card log-ins. It’s literally thousands of Social Security numbers laid bare. It’s even the harmless, mundane, trivial stuff that makes up any day’s email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.

    These people didn’t have anything to hide. They aren’t public figures. Their details aren’t going to be news anywhere in the world. But their privacy as been violated, and there are literally thousands of personal tragedies unfolding right now as these people deal with their friends and relatives who have searched and reads this stuff.

    These are people who did nothing wrong. They didn’t click on phishing links, or use dumb passwords (or even if they did, they didn’t cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb. Even if they didn’t have the expectation of full privacy, at most they may have assumed that an IT creeper might flip through their inbox, or that it was being crunched in an NSA server somewhere. For better or worse, we’ve become inured to small, anonymous violations. What happened to Sony Pictures employees, though, is public. And it is total.

    Gizmodo got this 100% correct. And this is why privacy is so important for everyone.

I’m sure there’ll be more information as this continues to unfold.

TorrentFreak: MPAA Prepares to Bring Pirate Site Blocking to the U.S.

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

mpaa-logoSite blocking has become one of the go-to anti-piracy techniques for the music and movie industries. Mechanisms to force ISPs to shut down subscriber access to “infringing” sites are becoming widespread in Europe but have not yet gained traction in the United States.

If the Stop Online Piracy Act had been introduced, U.S. blocking regimes might already be in place but the legislation was stamped down in 2012 following a furious public and technology sector revolt. Behind closed doors, however, blocking proponents were simply waiting for the storm to die down.

TorrentFreak has learned that during 2013 the MPAA and its major studio partners began to seriously consider their options for re-introducing the site blocking agenda to the United States. Throughout 2014 momentum has been building but with no real option to introduce new legislation, the MPAA has been looking at leveraging existing law to further its aims.

Today we can reveal that the MPAA has been examining four key areas.

DMCA

According to TF sources familiar with the plan, the MPAA began by exploring the possibility of obtaining a DMCA 512(j) blocking injunction without first having to establish that an ISP is also liable for copyright infringement.

To get a clearer idea the MPAA commissioned an expert report from a national lawfirm with offices in Chicago, Dallas, New York and Washington, DC. Returned in July, the opinion concluded that a U.S. court would “likely” require a copyright holder to establish an ISP as secondarily liable before granting any site-blocking injunction.

This option might be “difficult” and financially costly, the law firm noted.

Rule 19 of the Federal Rules of Civil Procedure

Rule 19 – ‘Required Joinder of Parties’ – is also under consideration by the MPAA as a way to obtain a blocking injunction against an ISP. In common with the DMCA option detailed above, the MPAA hopes that a blocking order might be obtained without having to find an ISP liable for any wrongdoing.

The MPAA is considering a situation in which they obtain a judgment finding a foreign “rogue” site guilty of infringement but one whose terms the target rogue site has failed to abide by. Rule 19 could then be used to join an ISP in the lawsuit against the rogue site without having to a) accuse the ISP of wrongdoing or b) issue any claims against it.

The same lawfirm again provided an expert opinion, concluding that the theory was “promising, but largely untested.”

Using the ITC to force ISPs to block ‘pirate’ sites

Among other things the United States International Trade Commission determines the impact of imports on U.S. industry. It also directs action on unfair trade practices including those involving patents, trademarks and copyright infringement.

The MPAA has been examining two scenarios. The first involves site-blocking orders against “transit” ISPs, i.e those that carry data (infringing content) across U.S. borders. The second envisions site-blocking orders against regular ISPs to stop them providing access to “rogue” sites.

Again, the same lawfirm was asked for its expert opinion. In summary its lawyers found that scenario one presented significant technical hurdles. Scenario two might be feasible, but first ISPs would have to be found in violation of Section 337.

“Section 337 declares the infringement of certain statutory intellectual property rights and other forms of unfair competition in import trade to be unlawful practices,” the section reads (pdf).

The lawfirm’s August report highlights several potential issues. One noted that an injunction against a domestic ISP would effectively stop outbound requests to “rogue” sites when it is in fact “rogue” sites’ inbound traffic that is infringing. Also at issue is sites that don’t “import” content themselves but merely offer links to such content (torrent sites, for example).

Nevertheless, the general conclusion is that if a clear relationship between the linking sites and the infringing content can be established, the ITC may take the view that the end result still amounts to “unfair competition” and “unfair acts” during importation of articles.

The Communications Act

Details on this final MPAA option involves the Communications Act and how it is perceived by the Federal Communications Commission and the Supreme Court.

The scenario balances on the MPAA’s stance that ISPs have taken the “public position” that they are not “telecommunications services”. When the position of the ISPs and opinions of the FCC and Supreme Court are combined, the MPAA wonders whether the ISPs could become vulnerable.

The scenario under discussion is one in which ISPs are not eligible for safe harbor as DMCA 512(a) “conduits” since the DMCA definition of a conduit is the same as the Communications Act’s definition of “telecommunications service” provider.

Major meeting two months ago

TorrentFreak sources reveal that a large meeting consisting of more than two dozen studio executives took place in October to discuss all aspects of site-blocking. A senior engineer from U.S. ISP Comcast was also invited.

On the agenda was a wide range of topics including bringing on board “respected” people in the technology sector to agree on technical facts and establish policy support for site blocking.

Other suggestions included encouraging academics to publish research papers with a narrative that site blocking elsewhere in the world has been effective, is not a threat to DNSSEC, and has not “broken the Internet”.

Conclusion

In June, MPAA chief and former U.S. Senator Chris Dodd praised pirate site blockades as one of the most important anti-piracy measures, and in August a leaked draft revealed MPAA research on the topic.

The big question now is whether the studios’ achievements in Europe will be mirrored in the United States – without a SOPA-like controversy alongside. While the scale is unlikely to be the same, opposition is likely to be vigorous.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: EZTV Slowly Recovers From Swedish Police Raid

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

eztv-logo-smallEarlier this week Swedish police raided a nuclear-proof data center built into a mountain complex in the city of Nacka.

The target of the raid was The Pirate Bay but collateral damage caused several other torrent sites to go down as well. This included EZTV, the go-to place for many torrenting TV fans.

After nearly two days of downtime EZTV is slowly starting to crawl back up. TF spoke to the EZTV crew who confirmed that several servers are up and running again and that the site’s services are coming back online.

At the time of writing the main site is still offline. However, the upload bots are back in action and EZTV torrents are being uploaded again in other places such as Kickass.so and ExtraTorrent.

In addition, EZTV proxies such as eztv-proxy.net can now connect to the site’s backend IP-addresses. This means that these are showing new uploads again, as can be seen below.

EZTV recovers
eztv-back

During the days to come EZTV hopes to recover fully and continue business as usual from the main EZTV.it domain.

For Pirate Bay users there is no positive news to report yet. The site remains offline and there are no indications that it will return in the near future.

There are several unofficial mirror sites that still work, but these have nothing to do with a possible comeback. These sites provide a minimal archive of old torrents, but there’s no new content being added as these all lack an upload feature.

For now, many estranged Pirate Bay users seem to be flocking to other popular torrent sites. ExtraTorrent informed TF that they saw a 90 percent surge in user signups following the raid, while the number of downloads increased by a third.

Most other sites that were hit by the raid remain offline. These include Torrage, the Istole tracker and Pirate Bay’s forum Suprbay. Torrent storage servie Zoink has fully recovered.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Can The Pirate Bay Make a Comeback?

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

phoenix-bayIn recent years The Pirate Bay took several steps to make the site as resilient as possible, moving from a full-fledged BitTorrent tracker to a trimmed-down and highly portable torrent index.

The infamous torrent site canceled nearly all central servers and moved most of its operation to the cloud, where it ran on 21 virtual machines scattered over several commercial cloud hosting providers.

Yesterday, however, the site was pulled offline with a single raid at the Nacka station, a nuclear-proof data center built into a mountain complex. Despite various rumors of TPB reincarnations there is still no sign that the site will return anytime soon.

So how can it be that The Pirate Bay was taken down despite all the time and effort that went into making its setup raid proof?

TF has been speaking with various people familiar with the matter and one of the most likely scenarios emerging is that the site’s loadbalancer was hit by the raid. This has been one of the remaining bottlenecks for TPB in recent years and the cause of previous downtime.

If this theory holds true it should be possible for the site to recover quickly if a new loadbalancer with the right setup is put in place. After all, the virtual machines are not centrally hosted and should be up and running.

How long it will take to connect these to the Internet remains guesswork for now, if it happens at all.

At the moment it’s still unknown what Pirate Bay-related hardware was seized during the raid. The Pirate Bay team previously stressed, however, that everything is encrypted in case it falls into the wrong hands.

On the human front, the police arrested one member of the Pirate Bay crew yesterday. The identity of this person hasn’t been confirmed, but if it’s one of the people with access to the site’s crucial infrastructure it will further complicate any possible comeback.

Another concern is that the people running TPB and other sites affected by the raid are also remaining quiet. The popular TV-torrent site EZTV remains offline too and thus far the operator is not commenting on the situation.

Meanwhile, most other torrent sites are seeing a spike in traffic from Pirate Bay users looking for a new home. TorrentReactor and other large torrent sites inform TF that there’s an increase in traffic of between 5 and 10 percent at the moment.

After the first raid in 2006 it took The Pirate Bay three days to recover, making a blazing comeback as “The Police Bay.” There’s not long left to beat that record.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: BitTorrent Inc Works on P2P Powered Browser

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bittorrent-logoBitTorrent Inc. announced a new project today, a web browser with the ambition of making the Internet “people powered.”

Project Maelstrom, as it’s called, is in the very early stages of development but BitTorrent Inc. is gearing up to send out invites for a closed Alpha test.

The company hasn’t released a feature set as yet, but it’s clear that the browser will serve websites and other content through users.

According to BitTorrent Inc. this can not only speed up websites but also boost people’s privacy. In addition, it should be capable of bypassing website blockades and other forms of censorship.

“If we are successful, we believe this project has the potential to help address some of the most vexing problems facing the Internet today,” BitTorrent CEO Eric Klinker notes.

“How can we keep the Internet open? How can we keep access to the Internet neutral? How can we better ensure our private data is not misused by large companies? How can we help the Internet scale efficiently for content?”

The idea for a BitTorrent powered browser is not new. The Pirate Bay started work on a related project a few months ago with the aim of keeping the site online even if its servers were raided.

The project hasn’t been released yet, although it would have come in handy today.

Interestingly, BitTorrent’s brief summary of how the browser will work sounds a lot like Pirate Bay’s plans. The company shared the following details with Gigaom.

“It works on top of the BitTorrent protocol. Websites are published as torrents and Maelstrom treats them as first class citizens instead of just downloadable content. So if a website is contained within a torrent we treat it just like a normal webpage coming in over HTTP.”

More details are expected to follow during the months to come. Those interested in Project Maelstrom can sign up for an invite to the Alpha test here.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.