Posts tagged ‘Paypal’

TorrentFreak: BitTorrent Hip Hop Album Becomes First Ever to Accept Bitcoin

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Following a December 2013 teaser, February builds of FrostWire’s Windows, Mac and Linux BitTorrent clients included a ground-breaking new feature.

The Frostwire client, which can be used in the same way as uTorrent or Vuze for example, now includes a torrent creation feature which supports Bitcoin, Litecoin, Dogecoin and PayPal donations.

Once a torrent is created and loaded into FrostWire, downloaders are given a new set of icons indicating which crypto-currency donation options are programmed into the release.


Clicking any of these takes the downloader to a custom donation page, meaning that there is a direct connection between a torrent and a monetization option, something that has been absent from torrents since their creation well over a decade ago.

Although software and a music single were used as a demo for the tipping system, no band had taken the plunge and used it for one of their albums. A month later and hip hop band Ain’t No Love have made history, becoming the first ever band to offer a full album for free on BitTorrent, using an integrated Bitcoin tipping mechanism.


“Using Bitcoin has definitely widened our reach to people who don’t necessarily listen to our type of music, but like that we get down with Bitcoin, and started listening to our music, which is a cool thing in itself,” says lead singer Saidah Conrad.

Having worked hard on a Bitcoin implementation, FrostWire say they are pleased to welcome the band on board.

“Ain’t No Love’s Tears of Joy comes to FrostWire during a very special time – as a first ever .torrent album to support crypto-currency donations such as Bitcoin, Litecoin, and Dogecoin (as well as the more traditional PayPal),” the company said.

“So if you love the band just as much as we do, be sure to check them out on Facebook, share the video, spread the news on Twitter or simply show some support by giving a little tip, whatever you can, any way you can.”

The other neat thing is that all donations go directly to the band as there is no middleman, and FrostWire is promising to keep it that way forever.

The torrent for Ain’t No Love’s Tears of Joy can be downloaded here.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: PayPal Cuts Off Torrent Streaming Service Streamza

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

paypaldeniedPayPal is widely known for its aggressive stance towards BitTorrent sites, Usenet providers and file-hosting services, and it appears that streaming services based on BitTorrent technology are receiving the same treatment.

Last summer Polish developer and Wikidot CEO Michal Frackowiak launched Streamza, a torrent download service that lets users stream music and movies securely to their PC, TV, iPhone or iPad. Streamza has been growing steadily ever since and welcomes thousands of new users each month.

Earlier this week, however, the developer was presented with some bad news. Without prior warning, PayPal stopped providing payment services to Streamza and limited the associated account. That also means that all funds have been frozen for the time being.

“They emailed to inform me that my PayPal account had been reviewed and that Streamza does not comply with their policies. My account became ‘limited’ until I removed PayPal from checkout and agreed to their policies, which I did immediately,” Michal informs TF.

The PayPal ban is a major setback for Streamza, as it will no longer be able to process new and recurring membership fees from premium subscribers. At the time of writing the PayPal account is still locked, and Michal hasn’t heard from PayPal after the initial email.

As usual, PayPal remains vague about the precise reason for the ban. The payment provider mentioned that Streamza violated their Acceptable Use Policy, which suggests that PayPal is concerned about possible infringing uses of Streamza.


PayPal’s policies don’t allow “infringing” services to accept payments. In addition, the company requires file-sharing services to be pre-approved.

“Service Requiring Pre-Approval: Offering online dating services; providing file sharing services or access to newsgroups; or selling alcoholic beverages,” PayPal’s AUP reads.

This approvals process requires services to agree to a list of strict terms and conditions. As can be seen below, this includes full disclosure of the processes that are in place to deter piracy, and allowing PayPal to actively monitor their service for copyright infringements.

PayPal’s Termspaypalterminate

While Streamza doesn’t promote copyright infringement in any way, it could be used to download or stream pirated files, much like any other streaming or download services including YouTube. Michal believes, however, that the payment provider is more strict with smaller players.

“When looking at these policies I wonder how the hell can work with PayPal. Somehow I am not that surprised: rules between two bigger players can be different from between a bigger player and a smaller one,” Michal tells TF.

Technically, PayPal may have the right to cut off Streamza under its policies, but it would have been appropriate to send an early warning. Over the past few days the service could only accept payments via Bitcoin, which is hurting business.

Due to personal circumstances Michal had plans to auction off Streamza, and the PayPal issue is the straw that broke the camel’s back. He is accepting bids on Flippa and hopes someone is willing to take over the service, to keep the 34,000 registered users happy.

“I believe that after half a year of running Streamza I created something cool. A project that some people love. It’s not only a great tech and user interface, but a service that fills a niche,” Michal says.

“Personally I hope someone smart can take it from here. It’s a really good piece of tech and a project that has its fans.”

Update: A few hours after publication Michal heard back from PayPal. He can enter the pre-approval process to accept payments for file sharing. This means that Streamza has to comply with the terms listed above. Until this process is completed Streamza can’t process PayPal payments, but the other account restrictions have been lifted.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: WWE Lawyer Offers Gifts to Obtain Streaming Pirate’s Home Address

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

WWE2After launching its own streaming network and speculation surrounding a takeover, World Wrestling Entertainment (WWE) is now worth a reported $2.3 billion.

Like many large entertainment industry companies, WWE is an aggressive protector of its copyrights and for several years has been pursuing companies and site owners who dare to step over the line. Part of that strategy is to force fan sites to hand over their domains, should they include ‘WWE’ in their URL. For owners of sites which threaten their PPV and streaming sales, things aren’t much better.

During March 2013, Facebook said that WWE Intellectual Property Director Matthew Winterroth was behind the closure of a page operated by Wrestling-Network, a site offering links to WWE streams and shows. Wrestling-Network operator ‘BeBe’ was told by the social network that he would need to contact the lawyer directly to solve the dispute. BeBe decided to quit Facebook and moved to Twitter instead, but by the summer WWE had raised its head again, this time after PayPal disabled an account used for the site’s finances.

BeBe says that in October WWE sent a takedown notice to Cloudflare, who handed over the details of the site’s actual host. For a few months things went calm, but last week all that changed. PayPal closed the site’s new account which had been opened by a third-party, and Facebook shutdown Wrestling-Network’s new page and BeBe’s personal page while they were at it. At this point things took a turn for the unusual.

facebayAfter being given Winterroth’s contact details by Facebook, BeBe contacted the lawyer to see what could be done.

“My Facebook page was removed, care to share why?” BeBe wrote in an email to WWE last Saturday.

Without being given any further details (aside from BeBe’s email address which is enough to connect him with Wrestling-Network via a simple Google search), Winterroth wrote straight back suggesting there might have been some kind of mistake.

“What is your name, address and Facebook page that was potentially inadvertently removed and I’ll look into it,” the lawyer wrote.

“,” BeBe responded.

Since Winterroth was the person named by Facebook as being responsible for the takedowns, it would be reasonable to presume that he already knew the circumstances behind the page’s disappearance, so suggesting at this point that there might have been some kind of error seems somewhat unusual. Nevertheless, Winterroth further underlined that notion in a rather unusual follow-up email.

Needless to say, BeBe wasn’t tempted to take up the offer.

“I just woke up and while I was checking my phone, I read the email and started laughing hysterically,” BeBe informs TF.

“I mean, I heard a long time ago about a case where in order to arrest them on US territory, some guys were attracted to the USA by undercover FBI agents who promised them money and girls, but a gift bag from WWE? Really? He could at least given me some WrestleMania tickets.”

BeBe says he politely declined the offer.

“Oh, that’s so generous of you, but no thanks,” he told Winterroth. “I just want my page back since I didn’t post any links to copyrighted materials like you claim.”

Exactly 20 minutes later, the WWE lawyer’s tone had changed.

“Thank you for your correspondence. We have shut down your Facebook page and also worked with PayPal to permanently suspend your payment processor account with them. We now have your address and whereabouts in Romania,” he explained.

“Should you not shut down the website and agree not to infringe WWE intellectual property in the future in an immediate fashion, WWE will continue to work with our counsel in Romania, as well as the relevant legal authorities, including the Ministry of Internal Affairs/Bucharest City Police and Romanian National Audiovisual Council on our ongoing criminal complaint against you.”

What followed were demands for BeBe to hand over his domain but with tempers beginning to fray, that seemed unlikely.

rflag“[..] If you don’t know, Romania is not a state in the United States of America. Romania is a country in eastern Europe. Unless you figured it out by now, US law does not apply here and no Romanian law is being violated,” BeBe told the WWE in an Anakata-inspired response.

“Yes, this is why we are working closely with Romanian legal authorities on this matter, who have more knowledge of the current state of Romanian law that [sic] either you or I,” BeBe was informed. “Your website exists to infringe WWE intellectual property in a wholesale fashion, and such illegal use will not be tolerated.”

At this point, relations truly broke down.

“Ok, ok, I’m gonna go outside and wait for the SWAT team, or are you gonna send Seal Team 6? Well, whatever, in the meantime, you can go fuck yourself ‘Captain Skinny-Dick’,” BeBe told Winterroth.

“Oh, since you wanted my name and address, here it is: Mr. Fukhusen, 110 eatshitlane, 6800 Romania. Also, please stop with these legal threats Judge Judy, go back in your room and watch Suits and Law and Order.”

Signing off with a request for Winterroth to say “Hi” to WWE supremo Vince McMahon, BeBe severed his “negotiations” with WWE and has heard no more since.

Whether WWE will be tag-teaming with the Romanian police anytime soon will remain to be seen.

Photo credit

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Which VPN Services Take Your Anonymity Seriously? 2014 Edition

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

boxedBy now most Internet users are well aware of the fact that pretty much every step they take on the Internet is logged or monitored.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim.

Following a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to be not so private, TorrentFreak decided to ask a selection of VPN services some tough questions.

By popular demand we now present the third iteration of our VPN services “logging” review. In addition to questions about logging policies we also asked VPN providers about their stance towards file-sharing traffic, and what they believe the most secure VPN is.

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

3. What tools are used to monitor and mitigate abuse of your service?

4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

5. What steps are taken when a valid court order requires your company to identify an active user of your service?

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

7. Which payment systems do you use and how are these linked to individual user accounts?

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

What follows is the list of responses from the VPN services, in their own words. Providers who didn’t answer our questions directly or failed by logging everything were excluded. Please note, however, that several VPN companies listed here do log to some extent. The order of the lists holds no value.

Private Internet Access

1. We absolutely do not log any traffic nor session data of any kind, period. We have worked hard to meticulously fork all daemons that we utilize in order to achieve this functionality. It is definitely not an easy task, and we are very proud of our development team for helping Private Internet Access to achieve this unique ability.

2. We operate out of the US which is one of the few, if only, countries without a mandatory data retention law. We explored several other jurisdictions with the help of our professional legal team, and the US is still ideal for privacy-based VPN services.

We severely scrutinize the validity of any and all legal information requests. That being said, since we do not hold any traffic nor session data, we are unable to provide any information to any third-party. Our commitment and mission to preserve privacy is second to none.

3. We do not monitor any traffic, period. We block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.

4. We do not host any content and are therefore unable to remove any of said content. Additionally, our mission is to preserve and restore privacy on the Internet and society. As such, since we do not log or monitor anything, we’re unable to identify any users of our service.

5. Once again, we do not log any traffic or session data. Additionally, unlike the EU and many other countries, our users are protected by legal definition. For this reason, we’re unable to identify any user of our service. Lastly, consumer protection laws exist in the US, unlike many other countries. We must abide by our advertised privacy policy.

6. We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet.

7. Bitcoin, Ripple, PayPal, Google Play (Mobile), OKPay, CashU, Amazon and any major Gift Card. We support plenty of anonymous payment methods. For this reason, the highest risk users should definitely use Bitcoin, Ripple or a major gift card with an anonymous e-mail account when subscribing to our privacy service.

8. We’re the only provider to date that provides a plethora of encryption cipher options. We recommend, mostly, using AES-128, SHA1 and RSA2048.

Private Internet Access website


btguard1. We do not keep any logs whatsoever.

2. The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event in which we would even communicate with a third-party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.

3. If serious abuse is reported we enable tcpdump to confirm the abuse and locate the user. These dumps are immediately removed. If the user is abusing our service they will be terminated permanently but we have never shared user information with a 3rd party.

4. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.

5. We take every step within the law to fight such an order.

6. Yes, all types of traffic our allowed with our services.

7. We accept PayPal and Bitcoin. All payments are linked to users accounts because they have to be for disputes and refunds.

8. 256-bit AES is the most secure. However 128-bit blowfish is plenty good. If you’re concerned about surveillance agencies such as the NSA, their capabilities are shrouded in secrecy and claiming to be able to protect you is offering you nothing but speculation. As far as what’s publicly available for deciphering encryption, both of the encryptions I mentioned are more than sufficient.

BTGuard website


1. TorGuard does not store any IP address or time stamps on any VPN and proxy servers, not even for a second. Further, we do not store any logs or time stamps on user authentication servers connected to the VPN. In this way it is not even possible to match an external time stamp to a user that was simultaneously logged in. Because the VPN servers utilize a shared IP configuration, there can be hundreds of users sharing the same IP at any given moment further obfuscating the ability to single out any specific user on the network.

2. TorGuard is a privately owned company with parent ownership based in Nevis and our headquarters currently located in the US. Our legal representation at the moment is comfortable with the current corporate structuring however we wouldn’t hesitate to move all operations internationally should the ground shift beneath our feet. We now offer VPN access in 23+ countries worldwide and maintain all customer billing servers well outside US borders.

We would only be forced to communicate with a third-party in the event that our legal team received a court ordered subpoena to do so. This has yet to happen, however if it did we would proceed with complete transparency and further explain the nature of TorGuard’s shared VPN configuration. We have no logs to investigate, and thus no information to share.

3. Our network team uses commercial monitoring software with custom scripts to keep an eye on individual server load and service status/uptime so we can identify problems as fast as possible. If abuse reports are received from an upstream provider, we block it by employing various levels of filtering and global firewall rules to large clusters of servers. Instead of back tracing abuse by logging, our team mitigates things in real-time. We have a responsibility to provide fast, abuse-free VPN services for our clients and have perfected these methods over time.

4. In the event of receiving a DMCA notice, the request is immediately processed by our abuse team. Because it is impossible for us to locate which user on the server is actually responsible for the violation, we temporarily block the infringing server and apply global rules depending on the nature of the content and the server responsible. The system we use for filtering certain content is similar to keyword blocking but with much more accuracy. This ensures the content in question to no longer pass through the server and satisfies requirements from our bandwidth providers.

5. Due to the nature of shared VPN services and how our network is configured, it is not technically possible to effectively identity or single out one active user from a single IP address. If our legal department received a valid subpoena, we would proceed with complete transparency from day one. Our team is prepared to defend our client’s right to privacy to the fullest extent of the law.

6. BitTorrent is only allowed on select server locations. TorGuard now offers a variety of protocols like http/socks proxies, OpenVPN, SSH Tunnels, SSTP VPN and Stealth VPN (DPI Bypass), with each connection method serving a very specific purpose for usage. Since BitTorrent is largely bandwidth intensive, we do not encourage torrent usage on all servers. Locations that are optimized for torrent traffic include endpoints in: Canada, Netherlands, Iceland, Sweden, Romania, Russia and select servers in Hong Kong. This is a wide range of locations that works efficiently regardless of the continent you are trying to torrent from.

7. We currently accept payments through all forms of credit or debit card, PayPal, OKPAY, and Bitcoin. During checkout we may ask the user to verify a billing phone and address but this is simply to prevent credit card fraud, spammers, and keep the network running fast and clean. After payment it is possible to change this to something generic that offers more privacy. No VPN or Proxy usage can be linked back to a billing account due to the fact we hold absolutely no levels of logging on any one of our servers, not even timestamps!

8. For best security we advise clients to choose OpenVPN connections only, and if higher encryption is called for use AES256 bit. This option is available on many locations and offers excellent security without degrading performance. For those that are looking to defeat Deep Packet Inspection firewalls (DPI) like what is encountered in countries such as China or Iran, TorGuard offers “Stealth” VPN connections in the Netherlands, UK and Canada. Stealth connections feature OpenVPN obfuscation technology that causes VPN traffic to appear as regular connections, allowing VPN access even behind the most strict corporate wifi networks or government regulated ISPs.

TorGuard website

1. We do not log any information on our VPN servers. The only scenario is if a technical issue arises, but we request permission from the user first, and we only do it for the duration of the job, and then it is removed.

2. We are in the process of moving jurisdictions away from Australia at present as we are unsure what our current government plans to do in regards to our privacy. We have not decided where yet.

3. Only SMTP port 25 is filtered to mitigate spam, but we are working on some tools to make it easier for users to send mail.

4. Any DMCA request is ignored, as we have no logs to do anything about them.

5. Same as above, as we do not log, so we are unable to provide any information. If the law attempts to make us do such things, we will move our business to a location where that cannot occur, and if that fails we will close up shop before we provide any information.

6. All protocols are allowed with our service, with the only exception of SMTP port 25 currently being filtered.

7. At present we only accept PayPal and CC (processed by PayPal), but we are looking into alternative types of payments. We go out of our way to make sure that PayPal transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then nuke that unique key. Bitcoin and Litecoin are also on the agenda.

8. At present we offer 128 bit for PPTP and 256 bit for OpenVPN, We plan to offer stronger encryption for the security conscious. website


vikingvpn1. No. We run a zero knowledge network and are unable to tie a user to an IP address.

2. United States, they don’t have data retention laws, despite their draconian surveillance programs. The only information we share with anyone is billing information to our payment gateway. This can be anonymized by using a pre-paid anonymous card. If asked to share specific data about our users and their habits, we would be unable to do so, because we don’t have any logs of that data.

3. That is mostly confidential information. However, we can assure our users that we do not use logging to achieve this goal.

4. In the event of a DMCA notice, we send out the DMCA policy published on our website. We haven’t yet received a VALID DMCA notice.

5. We exhaust all legal options to protect our users. Failing that, we would provide all of our logs, which do not actually exist. If required to wiretap a user under a National Security Letter, we have a passively triggered Warrant Canary. We would also likely choose to shut down our service and put it up elsewhere.

6. Yes. Those ports are all open, and we have no data caps.

7. We currently only take credit cards. Our payment provider is far more restrictive than we ever imagined they would be. We’re still trying to change payment providers. Fortunately, by using a pre-paid credit card, you can still have totally anonymous service from us.

8. A strong handshake (either RSA-4096+ or a non-standard elliptic curve as the NIST curves are suspect). A strong cipher such as AES-256-CBC or AES-256-GCM encryption (NOT EDE MODE). At least SHA1 for data integrity checks. SHA2 and the newly adopted SHA3 (Skein) hash functions are also fine, but slower and provide no real extra assurances of data integrity, and provide no further security beyond SHA1. The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks.

VikingVPN website


ivpn1. IVPN’s top priority is the privacy of its customers. We use non-persistent logs (stored in memory) which are deleted after 10 minutes. That tiny window gives us the ability to troubleshoot connection issues, whilst still making it practically impossible for any 3rd party to match an IP to a time-stamp.

2. IVPN is incorporated in Malta. We would ignore any request to share data unless it was served by a legal authority with jurisdiction in Malta in which case we would inform them that we don’t have the data to share. If we were served a subpoena which compelled us to log traffic we would find a way to inform our customers and relocate to a new jurisdiction.

3. We use a tool called PSAD to mitigate attacks originating from customers on our network. We also use rate-limiting in iptables to mitigate SPAM.

4. We ensure that our network providers understand the nature of our business and that we do not host any content. As a condition of the safe harbor provisions they are required to inform us of each infringement which includes the date, title of the content and the IP address of the gateway through which it was downloaded. We simply respond to each notice confirming that we do not host the content in question.

5. Assuming the court order is requesting an identity based on a timestamp and IP, our legal department would respond that we don’t have any record of the user’s identity nor are we legally compelled to do so.

6. We ‘allow’ BitTorrent on all servers except gateways based in the USA. Our USA network providers are required to inform us of each copyright infringement and are required to process our response putting undue strain on their support resources (hundreds per day). For this reason providers won’t host our servers in the USA unless we take measures to mitigate P2P activity.

7. We currently accept Bitcoin, Cash and PayPal. No information relating to a customers payment account is stored with the exception of automated PayPal subscriptions where we are required to store the subscription ID in order to assign it to an invoice (only for the duration of the subscription after which it is deleted). Of course PayPal will always maintain a record that you have sent funds to IVPN but that is all they have. If you need to be anonymous to IVPN and don’t wish to be identified as a customer then we recommend using Bitcoin or cash.

8. We recommend and offer OpenVPN using the strongest AES-256 cipher. For key exchange and authentication 2048-bit RSA keys are used (which RSA claims are sufficient until 2030).

IVPN website


1. We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user.

2. We operate in Swedish jurisdiction. Since we do not log any IP addresses we have nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses and activity on the Internet. Therefore we have no information to share with any 3rd party.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

5. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

6. Yes, we allow Torrent traffic.

7. PayPal, Payson and Plimus. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

8. OpenVPN TUN with AES-256. On top is a 2048-bit DH key.

PrivatVPN website


1. No. Wo do not log anything and we only require a working e-mail address to be a customer.

2. Swedish. We do not share information with anyone.

3. Not disclosed.

4. Put it in the trash where it belongs!

5. None, since we do not have any customer information and no logs.

6. We host anything as long as it’s not SPAM related or child porn.

7. Visa/Mastercard, Bitcoin, PayPal. No correlation between payment data and customer data.

8. We provide OpenVPN services (along with dedicated servers and other hosting services).

PRQ website


tigervpn1. Absolutely not! We built tigerVPN to purge all data once the transmission of a IP package was completed successfully. Its impossible to trace back any customer. On top of that we decided to use shared IPs in order to further randomize and anonymize our customers. The combination of having absolutely no logs at all and multiple customers per IP, wipes our customers digital footprint

2. We are a limited liability company in Slovakia. Slovakia does not have any data retention programs and furthermore encourage ISP’s to protect their customers privacy on the net. We are not required to share any information with 3rd party hence it would be illegal thanks to the law of telecom secrecy.

3. Since we don’t keep logs, we can’t monitor abusive behavior, which is the price for building a customer secure environment!

4. We can’t comply since we can’t identify customers, therefore it’s pointless to follow any requests. We have a specific folder for these eMails ;-)

5. Same as above. We seriously can’t tell which customer did what, when, where, at any given time.

6. It’s allowed on all servers although we gently ask our customers to use either Romania or Netherlands. Some infrastructure service providers do not want file sharing so it happened to us that we were asked to move our servers due to file sharing. We found some reliable partners in Romania and Netherlands which tolerate p2p so we kindly ask our customers to use these server parks.

7. Customers can pay with Visa, Mastercard and Debit. On top of that we also use PayPal. We use hash keys and tokens to identify a payment but it’s not logged or linked to the customer. We had to do this anyway hence we are a PCI Level 1 compliant merchant. Therefore we are not allowed to store any card or payment data with the records of our customers. These keys are pointless for anyone else so there is no chance to build a connection.

8. We offer PPTP, L2TP and OpenVPN, while out of nature OpenVPN comes with the highest encryption and algorithm. L2TP and OpenVPN are 256bit SSL encrypted while PPTP comes with a solid 128bit. Although our customers are individual and have their own sense of why and what to use, we recommend L2TP as solid protocol. It’s less geeky and more secure than PPTP, but our customers can pick any of them in all the 47 network nodes around the globe.

tigerVPN website


1. No. This would make both us and our users more vulnerable so we
certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users share each address, both for IPv4 and our upcoming IPv6 support.

2. Swedish jurisdiction. Under no circumstance we will share information with a third-party. First of all we take pains to not actually possess information that could be of interest to third parties, to the extent possible. In the end there is no practical way for the Swedish government to get information about our users from us.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. There is no such Swedish law that is applicable to us.

5. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our
users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

6. Yes.

7. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

8. We use OpenVPN. We also provide PPTP because some people want it but we strongly recommend against it. Encryption algorithms and key lengths are important but often get way too much attention at the expense of other important but harder to measure things such as leaks and computer security.

Mullvad website

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Bitcoin Donations Now Integrated into BitTorrent Client

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

While content distributed via BitTorrent is almost always free (a situation most users would like to keep intact) there has long been a desire to find a straightforward mechanism for optional donations.

The possibilities are intriguing, from artists being able to seed their own content to the public and getting paid directly by fans, to curators of already free content being rewarded for their distribution efforts.

In file-sharing circles there has been a traditional reliance upon PayPal transactions to show appreciation, but with the rise of alternative cryptocurrencies such as Bitcoin, new avenues have opened up. Many sites, The Pirate Bay included, accept donations in Bitcoin and Litecoin, and some artists have adopted the currencies for fans who want to chip-in.

Despite these developments there remains a disconnect between downloading content and a subsequent donation, meaning that split-second urges to hand over cash in appreciation often have time to cool. That, however, is about to change.

Following their teaser in December 2013, a brand new build of FrostWire’s BitTorrent client (Windows, Mac, Linux) now includes torrent creation supporting not only Bitcoin, Litecoin, Dogecoin and PayPal donations, but also the selection of appropriate Creative Commons licenses for delivered content.

We’ll bring you comment from the FrostWire team in just a moment, but first let’s look at the simple process from the creator’s perspective.

After loading up FrostWire one simply goes about creating a .torrent file in the usual way, by selecting the tracking options and pointing it to the relevant content on the host computer. If the torrent creator would then like to give fans the option to donate, two extra screens appear.

The first allows the user to select an appropriate Creative Commons license under which to spread the content.


The next screen configures payment/tips/donation options, whether Bitcoin, Litecoin, Dogecoin, PayPal, or a mix-and-match between all four.


Obviously the creator/distributor will now need to seed, at least until plenty of other people download and start sharing the content.

For the downloader it’s simply a case of installing the correct version of FrostWire (this is a must at the moment until other clients implement the feature) and clicking on a donation-enabled .torrent file.

FrostWire have made a couple available for testing, one of which is a track by FriCtrl labeled Bitcoin_Revolution. Downloading that reveals a box next to the torrent title labeled “Tips/Donations”, with Bitcoin’s logo highlighted. Hovering over reveals the text shown below.


Once an option is clicked, FrostWire launches a payment process which opens a web page containing the target wallet’s cryptocurrency address in QR, hyperlink, and text form.


Of course, there will be those who immediately see possibilities for monetizing piracy. But, speaking with TorrentFreak, FrostWire’s Angel Leon says their objectives actually run counter to that.

“We believe piracy is best fought by giving consumers the options of getting legal content, and we want to build solutions that use this technology to empower content creators no matter how big or small they are. We want them to try BitTorrent as an alternative, an additional channel. We think it will be easier to convince more and more artists to join us with the new possibilities,” Leon told TF.

“Putting it bluntly, Bitcoin and BitTorrent integration give us the tools to create the P2P equivalents of iTunes and Netflix, which are centralized venues which work great for big content but not so much for the little guys who have to jump through many hoops to get in.” 

Leon says that the end result could be a decentralized media store “owned by nobody and available to all,” one which allows consumers to deal directly with content creators “without the corporate interests, censorship issues and draconian rules that make it hard for the little guy to publish his work.”

The possibilities don’t always have to be commercial either.

“Just imagine a BitTorrent bundle powered by this technology in which Bono from U2 shares free songs or a free video documentary to raise awareness and collect Bitcoin donations for the (Red) foundation to further the fight against HIV worldwide,” the FrostWire team teases.

Further information, including the experimental builds and info on how to activate .torrent-enabled donations, can be found here.

Photo: Steve Garfield

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

Schneier on Security: Brian Krebs

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Nice profile of Brian Krebs, cybersecurity journalist:

Russian criminals routinely feed Mr. Krebs information about their rivals that they obtained through hacks. After one such episode, he began receiving daily calls from a major Russian cybercriminal seeking his files back. Mr. Krebs is writing a book about the ordeal, called “Spam Nation,” to be published by Sourcebooks this year.

In the meantime, hackers have been competing in a dangerous game of one-upmanship to see who can pull the worst prank on Mr. Krebs. They often steal his identity. One opened a $20,000 credit line in his name. Admirers have made more than $1,000 in bogus PayPal donations to his blog using hacked accounts. Others have paid his cable bill for three years with stolen credit cards.

The antics can be dangerous. In March, as Mr. Krebs was preparing to have his mother over for dinner, he opened his front door to find a police SWAT team pointing semiautomatic guns in his direction. Only after his wife returned home from the grocery store to find him handcuffed did the police realize Mr. Krebs had been the victim of “swatting.” Someone had called the police and falsely reported a murder at their home.

Four months after that, someone sent packets of heroin to Mr. Krebs’s home, then spoofed a call from his neighbor to the police. But Mr. Krebs had already been tipped off to the prank. He was tracking the fraud in a private forum — where a criminal had posted the shipment’s tracking number ­- and had alerted the local police and the F.B.I.

Darknet - The Darkside: A Story Of Social Engineering – How @N Lost His $50,000 Twitter Handle

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

So last week I read an interesting tale about social engineering on Medium, a story by a chap named Naoki Hiroshima and his Twitter handle, which was @N. Yes just one letter, a pretty rare and it seems valuable handle as he had offers of up to $50,000 for it. In the end though, someone [...]
The post A Story Of Social Engineering – How @N…

Read the full post at

Krebs on Security: File Your Taxes Before the Fraudsters Do

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Jan. 31 marked the start of the 2014 tax filing season, and if you haven’t yet started working on your returns, here’s another reason to get motivated: Tax fraudsters and identity thieves may very well beat you to it.

According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

There are countless shops in the cybercrime underground selling data that is especially useful for scammers engaged in tax return fraud. Typically, these shops will identify their wares as “fullz,” which include a consumer’s first name, last name, middle name, email address (and in some cases email password) physical address, phone number, date of birth, and Social Security number.

This fraud shop caters to thieves involved in tax return fraud.

This underground shop sells consumer identity data, catering to tax return fraud.

The shop pictured above, for example, caters to tax fraudsters, as evidenced by its advice to customers of the service, which can be used to find information that might help scammers establish lines of credit (PayPal accounts, credit cards) in someone else’s name:

“You can use on paypal credit, prepaid cards etc. After buying try to search by address and u can see children, wife and all people at this address,” the fraud shop explains, advising customers on ways to find the names and additional information on the taxpayer’s children (because more dependents mean greater tax deductions and higher refunds): “It’s great for tax return method, because u can get $$$ for ‘your’ children.”

This particular service is not unique; it currently offers fullz information on more than 13,000 U.S. citizens. As such it is just an example, and a small one at that; in 2011, I wrote about a similar “fullz” service called, which sold information on hundreds of thousands of Americans — if not millions. In October 2013, I reported that this same service actually bought its information from a company that was purchased by Experian, one of the three major credit bureaus.

If you become the victim of identity theft outside of the tax system or believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, etc., you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at 1-800-908-4490 so that the IRS can take steps to further secure your account.

That process is likely to involve the use of taxpayer-specific PINs for people that have had issues with identity theft. If approved, the PIN is required on any tax return filed for that consumer before a return can be accepted. To start the process of applying for a tax return PIN from the IRS, check out the steps at this link. You will almost certainly need to file an IRS form 14039 (PDF), and provide scanned or photocopied records, such a drivers license or passport.

The Federal Trade Commission recently held a Tax Identity Theft Awareness Week to raise public awareness on this issue. Check out the FTC’s homepage on this for additional resources and information about this increasingly common form of fraud.

Schneier on Security: Another Credit-Card-as-Authentication Hack

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

This is a pretty impressive social engineering story: an attacker compromised someone’s GoDaddy domain registration in order to change his e-mail address and steal his Twitter handle. It’s a complicated attack.

My claim was refused because I am not the “current registrant.” GoDaddy asked the attacker if it was ok to change account information, while they didn’t bother asking me if it was ok when the attacker did it.


It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification.

The misuse of credit card numbers as authentication is also how Matt Honan got hacked.

Krebs on Security: Happy 4th Birthday,!

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Dec. 29 marks the 4th anniversary of! Below are a few highlights from this past year, and a taste of what readers can look forward to here in 2014.


If there was an important data breach in 2013, chances are that news of it first broke on this blog. Among KrebsOnSecurity’s biggest scoops this year were stories about breaches at Adobe, Bit9, Experian, LexisNexis, Target and The Washington Post.

Some of these stories are ongoing and will unfurl reluctantly but gradually throughout 2014. Look for a more thorough explanation of what really happened when Experian sold more than a year’s worth of consumer credit data directly to an underground service marketed to identity thieves, for example. And of course, we will almost certainly learn more about the “how” and “who” of the massive attack on Target.

The audience for this blog has grown tremendously in the past year. The site now attracts between 10,000 and 15,000 visitors per day. For the first time in its existence, KrebsOnSecuirty is on track to exceed more than 1 million pageviews this month (fittingly, this should come to pass sometime today).

That growth would not have been possible without you, dear loyal readers. 2013 featured more blog posts and more in-depth investigations than perhaps any other year, but the real value in this site comes from the community that has sprung up around it. Readers submitted more than 10,000 comments this past year. More than two dozen of you also supported this site directly via the PayPal or Bitcoin donation links in the blog sidebar. Whichever way you supported this site in 2013, a hearty THANK YOU for your contribution and encouragement.

TorrentFreak: Private Tracker Operators Handed Two Year Suspended Sentences

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

In August 2007, Dutch anti-piracy outfit BREIN caused the closure of six torrent sites operating from local host LeaseWeb. One of the sites, the popular AradiTracker, was soon back online.

One year later and it appeared that history was repeating itself when a notice appeared on the site’s homepage warning that the tracker had been shut down by “the powers that be.” Unlike the previous year’s closure, this time it was made clear that the site would not return.

AradiTracker had operated since May 2005, gathering a few thousand members in its first months of operations up to a peak of around 37,000, but it was the 2008 raids carried out by police and the Federation Against Copyright Theft that finally ended its operations.

In action against the owner of AradiTracker, Hugh Reid of Northern Ireland, police seized all computer related equipment from the 70-year-old’s home and place of work. Three weeks later police and Trading Standards officers raided a second person, Reid’s son-in-law Marcus Lewis, at his home in North Wales.

The AradiTracker shutdown notice displayed in 2008


Five years later in 2013, both Reid and Lewis were pleading guilty to distributing items protected by copyright law.

The prosecution, who framed AradiTracker’s activities as a “movie theft” operation, said that the site received so much money that PayPal refused to process any more transactions. The cash coming in, donations given by the site’s members, was described in court as the users “buying” counterfeit content.

Judge Philpott, who said the behavior of the men was “nothing less than theft”, noted that people suffer due to copyright infringement.

“There are people who work here locally who work to make films locally in this jurisdiction and in others as well,” the judge said. “There are also the people who work in cinemas, the people who distribute DVDs who are all affected by copyright infringements.”

Noting that Lewis had a clean record, the judge at Belfast Crown Court handed both men two year prison sentences, suspended for two years.

According to a local report, that money – said to be £33,000 – will become the subject of a confiscation hearing next month. Reid’s lawyer said his client “had the means” to settle the matter in full.

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

9INI: – лапни го ти

This post was syndicated from: 9INI and was written by: Илия Горанов. Original post: at 9INI

Човек и добре да живее, все някой ден се сблъсква с on-line търговията.

Горното може да обобщи най-кратко и ясно тъжната картинка на българската on-line търговия, ако изобщо може да се нарече on-line и ако изобщо може да се нарече търговия. Историята започва с това, че решавам, да си закупя ваучер за нещо (тук се абстрахираме за какво точно, защото няма връзка с историята) от някой сайт… например от Всичко е прекрасно, избрал съм офертата и съм готов да пазарувам:

1. Проверявам как може да се плати. Разбира се – информация на сайта няма, той се състои от купчина оферти. А може и да има, ама е скрита някъде на тайно място. Обаче виждам на началната страница, че има големи лога на различни платежни инструменти. И сред тях се мъдри логото на PayPal – явно приемат плащания и с PayPal. Супер – продължаваме.

Явно приемат PayPal

2. Откривам с изненада, че имам регистрация в сайта, естествено не си помня паролата… кликвам, че е забравена и след известна стандартна процедура получавам нова парола. Дотук всичко ОК. Решавам да си сменя новогенерираната парола с нещо, което се надявам, че ще запомня по-лесно и започва едно търсене… Оказва се, 10 минути по-късно, че паролата се сменя от менюто “Моите ваучери”. Супер, как не се сетих по-рано, а? Добре, в “Моите ваучери” има подменю “Настройки”… А там – има смяна на парола… и паролата се въвежда в? Не познахте – не в поле за парола, а в обикновено текстово поле. Признавам – много е удобно – виждаш си паролата!

3. Дотук – бели кахъри. Смених си паролата и се отправих към тайната страница за поръчване на оферта. И какво имам там – голям бутон “Направи подарък”… ОК, няма да се правя на ударен, сетих се, че се поръчва с големия червен плюс, ама не беше чак толкова очевидно.

Червения плюс

Кликваш на червения плюс и след няколко екрана за приключване на поръчката се озоваваш при един бутон “Плати сега”. Кликваш го и се зарежда следната форма:

Формата за плащане

Не знам, дали на вас ви прави впечатление, но на мен ми прави впечатление, че в изброените опции за плащане няма PayPal – доста разочароващо. След известен размисъл решавам, че ще избера опцията “Кредитна / Дебитна карта – Плащане директно с Вашата кредитна/дебитна карта”. Въпреки, че по-принцип съм доста мнителен, да не кажа параноичен по отношение на всевъзможни платежни системи със съмнително качество, произход и функционалност. Продължаваме нанатък и – изненада! Попадаме на някакъв зловещ сайт на БОРИКА, който изглежда приблизително така:


Да започнем с това, че логото на търговеца не се зарежда… в едни браузъри се изписва мъдрият надпис “Merchant Logo”, в други стои дупка с очертание. Първото ми подозрение беше, че логото не е по https и затова не се зарежда, при по-обстойната проверка установих, че просто не работи – сървърът просто връща празен отговор, на всичкото отгоре с header Content-Typе: text/plain. Е не че нещо ме учудва – това е БОРИКА все пак.

След това – отдолу се мъдри следната забележка: “Ако Вашата карта поддържа 3D автентификация, може да се наложи да се идентифицирате след натискане на бутона “Плащане”.” И понеже моята карта не е беше с 3D автентикация, продължих най-спокойно нататък. Излезе съобщение, че всъщност моята карта поддържа 3D сигурност и въпреки, че аз съм отказал в банката да използвам тази опция – ако желая да платя през системата на БОРИКА, ще се наложи да се съглася да използвам въпросната 3D сигурност. Но затова по-късно…

4. Попълних всички полета и кликнах заветния бутон “Плащане”. Замърдаха някакви progress bar-ове… и “Системата каза не” – изписа ми, че е възникнала грешка… някаква грешка, никой не знае каква точно, да опитам отново по-късно. Обаче не става ясно, минало ли е плащане или не? Голяма работа – опитайте пак, ако платите два пъти – здраве да е.

Тук правя неочаквано отклонение, което не беше планирано в целия процес на on-line търговията. Вадя си електрическия подпис, пускам другия лаптоп, защото там е инсталирано всичок за него… и влизам в on-line банкерането на банката, която е издала картата, за да проверя, дали имам някакви картови авторизации през последния час. Барем, ако е минало плащане – да ходя да се разправям с някого. Да де, ама не е минало, сакън.

5. Понеже на сайта на БОРИКА има голям надпис, да не се използва BACK бутон или REFRESH (това е от грамотност на програмистите, от опит го знам) – решавам, да се върна ръчно на и да опитам втори път да платя. Връщам се, обаче там няма опция да направиш плащане за поръчка, която първия път не е била платена по някаква причина. Добре – ще пуснем нова поръчка… Техниката вече е отработена – цък, цък, цък… готово, вече сме на сайта на БОРИКА… попълвам пак данните, “Плащане”… progress bar… ура – няма грешка… излиза надпис, че тази карта поддържа 3D сигурност и трябва да посоча някаква парола, която аз естествено нямам, понеже нямам 3D сигурност. След четене на някакъв help, който между другото е настроен да се отваря по подразбиране, като натиснеш Enter в някое поле на формата става ясно, че въпреки, че аз не ползвам 3D сигурност, ако искам да платя през тази система, ще трябва да си регистрирам картата за 3D сигурност в банката, която я е издала…

Следва една друга част, която може да разкажа някой друг път… но да речем, че след около 20 – 30 минути вече имам 3D сигурност на картата и си знам въпросната парола… Естествено – сесията в БОРИКА вече е изтекла и всичок започва отначало.

Тук трябав да отбележим, че бройт на ваучерите в е ограничен и това изрично е посочено в офертата. Прави ми впечатление, че всеки път, като поръчам ваучер и не успея да го платя – бройката на “продадените” се увеличава. И ако си мислите, че причината е, че някой друг също си купува в момента – аз не мисля така, защото действието се развива в малките часове на нощта и просто по-вероятният сценарий е, системата да е малоумна.

6. Минавам през целия сценарий, пускам нова поръчка, вече знам всички подводни камъни, стигам до плащането на БОРИКА, няма грешка и няма да трябва да опитам пак по-късно… пита ме за тайната парола за 3D сигурност… въвеждам я (буквално преди минути съм я получил от банката)… и “Системата каза не” – паролата била грешна. Въвеждам я втори път… “Системата каза не“… трети път, много внимателно, въвеждам я извън полето за парола, за да виждам точно какво се изписва (тук иронично си припомних, колко е удобна формата на където за паролата не се използва поле за пароли), копирам 100% сигурно правилната парола, поставям я и “Системата каза не“… На третия опит вече ми каза, че съм лош хакер и не мога да платя и ме изхвърли… Егаси!

7. Върнах се до on-line банкерането, да проверя, да не би да съм въвел грешно паролата при регистрацията за 3D сигурност… въпреки, че имаше поле за повторно въвеждане на паролата, но уви – оказа се, че няма как да го проверя. Единствената опция е, да си сменя паролата срещу скромната сума от 10 стотинки. Теглих им една майна на всичките (за пореден път)… и реших, че преди да сменям паролата (въпросът е принципен, не в 10-те стотинки) ще се опитам още веднъж да мина по цялата пътечка отначало – докрай. Барем нещо стане най-накрая… Междувременно след всеки неуспешен опит ходя да проверя дали имам картова авторизация, щото вече на никого и на никоя система вяра нямам.

И така – започнах за пореден, не знам кой подрес път, да попълвам всички полета и поленца отначало… намерих офертата, поръчах я още веднъж, избрах метод на плащане, отидох на сайта на БОРИКА, въведох данните, попита ме за паролата за 3D сигурност… и О!Чудо – същата парола, която използвах преди малко и беше грешна, без да я сменям – сега вече не е грешна.

8. Надпис – успешно плащане, проверявам в банката – имаме успешна картова авторизация, пристига SMS за плащането, фамфари, конфети… радост, едночасова битка е на път да приключи с победа на човека над on-line търговията. Връщам се в и там няма нищо… Когато използваш on-line инструменти за плащане и търговия очакваш, че нещата се случват в реално време – уви, оказва се, че се случвали до няколко минути… След няколко минути всичко се появи.

9. Междувременно други проблеми които възникнаха, но не са описани по-горе:

9.1. На сайта на няма контактен телефон, на окйто да се обадиш, ако имаш проблеми като горе описаните.
9.2. На сайта на БОРИКА пише, да се свържа с администратора, но естествено също няма нито телефон, нито e-mail.
9.3. На има едни тайни линкове, до които успях да се докопам чак на другия ден, защото някой титан на техническата мисъл е сложил JavaScript за infinite scroll и в момента в който скролнеш най-долу, да да видиш линковете във footer-а, динамично се зареждат още оферти и footer-а изчезва надолу… и така може да си го гониш до умопомрачаване.
9.4. Търсачката на бърза да търси, докато пишеш… че пишеш разбира по това, че се натискат клавиши. Да обаче няма сложен timeout и колкото и бързо да пишеш – на всеки клавиш се опитва да презареди резултатите. В резултат на това става мазало. На всичкото отгоре – ако натискаш стрелките в полето за търсене (т.е. нищо не пишеш) – резултатите от търсенето отново се презареждат.

И така, някои биха заключили, че опитът ми за on-line търговия е бил успешен, защото всичко е добре, когато завършва добре. Аз обаче ще кажа – НЕ, ОПИТЪТ БЕШЕ НЕУСПЕШЕН, защото не вярвам, че енормално елементарна покупка от Интернет да отнеме в крайна сметка почти два астрономически часа! Това е дейност, която се очаква да бъде бърза, достъпна и лесна.

P.S. докато пишех този пост и правех screenshots в сайтовете на и БОРИКА, ненадейно установих, че всъщност има опция за плащане с PayPal… просто я има в други оферти. От никъде и от нищо не става ясно, защо едни оферти могат да бъдат платени с PayPal, а други не. Може би цената е определяща, а може би нещо друго. Това обаче не се споменава в сайта… в “Често задавани въпроси” пише: “ е международна система за електронни плащания. Поддържа всички видове кредитни карти, както и дебитни карти Visa Electron, които поддържат електронни плащания. За да платите от, трябва предварително да имате регистриран акаунт, както и добавена и потвърдена банкова карта. Ако нямате акаунт в, разгледайте останалите начини за плащане.“.

Bradley M. Kuhn's Blog ( bkuhn ): Using Perl PayPal API on Debian wheezy

This post was syndicated from: Bradley M. Kuhn's Blog ( bkuhn ) and was written by: Bradley M. Kuhn. Original post: at Bradley M. Kuhn's Blog ( bkuhn )

I recently upgraded
to Debian wheezy.
On, Debian squeeze, I
had no problem using the stock Perl module Business::PayPal::API
to import PayPal transactions for Software Freedom Conservancy, via the
Debian package libbusiness-paypal-api-perl.

After the wheezy upgrade, something goes wrong and it doesn’t work.
I reviewed
some similar complaints
, that seem to relate
to this
resolved bug
, but that wasn’t my problem, I don’t think.

I ran strace to dig around and see what was going on. The working
squeeeze install did this:

select(8, [3], [3], NULL, {0, 0})       = 1 (out [3], left {0, 0})
write(3, "SOMEDATA"..., 1365) = 1365
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
rt_sigaction(SIGALRM, {0xxxxxx, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
alarm(60)                               = 0
read(3, "SOMEDATA", 5)               = 5

But the same script on wheezy did this at the same point:

select(8, [3], [3], NULL, {0, 0})       = 1 (out [3], left {0, 0})
write(3, "SOMEDATA"..., 1373) = 1373
read(3, 0xxxxxxxx, 5)                   = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5)                   = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5)                   = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5)                   = -1 EAGAIN (Resource temporarily unavailable)

I was pretty confused, and basically I still am, but then I
noticed this
in the documentation for Business::PayPal::API
regarding SOAP::Lite:

if you have already loaded Net::SSLeay (or IO::Socket::SSL), then Net::HTTPS
will prefer to use IO::Socket::SSL. I don’t know how to get SOAP::Lite to
work with IO::Socket::SSL (e.g., Crypt::SSLeay uses HTTPS_* environment
variables), so until then, you can use this hack:
local $IO::Socket::SSL::VERSION = undef;

That hack didn’t work, but I did confirm via strace that on
wheezy, IO::Socket::SSL was getting loaded instead
of Net::SSL. So, I did this, which was a complete and much worse

use Net::SSL;
use Net::SSLeay;
# Then:
use Business::PayPal::API qw(GetTransactionDetails TransactionSearch);

… And this incantation worked. This isn’t the right fix, but I
figured I should publish this, as this ate up three hours, and it’s worth
the 15 minutes to write this post, just in case someone else tries to use
Business::PayPal::API on wheezy.

I used to be a Perl expert once upon a time. This situation convinced me
that I’m not. In the old days, I would’ve actually figured out what was

TorrentFreak: StopFileLockers Anti-Piracy Outfit Announces Imminent Shutdown

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Speaking with TorrentFreak in July 2012, Australian adult industry businessman Robert King outlined a mission he’d initiated a few weeks earlier.

“What I hope to achieve is very simple. I want to tear apart the illegal file locker industry by removing its supply of funds and then ultimately removing its supply of network connectivity,” King explained.

Over the months that followed King kept up the pressure. With a team of people (he has never revealed its exact size or membership), King sought out infringing files on hosting sites and used their existence to build up a picture that sites were acting illegally.

Then, using contacts he had built in the payment processing sector, AdultKing (as King is known online) began to hit file-hosting sites in the pocket by reporting them to the likes of PayPal, Visa, Mastercard and a variety of intermediate processors. The aim: to cut sites off from their cash.

For some sites the results were extremely problematic. With no options to process payments, file-hosting sites were not only unable to accept money for user subscriptions, but also had problems sending money out, meaning that server bills went unpaid. Worse still, some who had problems with PayPal due to King’s work found their funds frozen for six months, a situation that proved terminal for some fringe players.

Some 90 days into the StopFileLockers campaign, King said he had played a part in 194 sites having their payments interrupted and the total shutdown of 54 others.

There can be little doubt that among King’s targets were sites designed from the ground up to profit from infringing content and for this he gained both moral and financial support from his industry peers. However, in January 2013 King began attacking the payment processing abilities of Kim Dotcom’s brand new, the most-scrutinized file-hosting startup in tech history.

There was no way that Mega would do anything to break the law, yet King was determined to harass the company. He failed, Mega continued to grow, and the moral high-ground of the StopFileLockers campaign had been damaged by going after a law-abiding company going about its 100% legitimate business.

In the months that followed King continued his work, although with less fanfare than in the early days. However, a lowered profile did nothing to improve his standing in file-sharing circles. King is almost certainly the most-hated man in the file-hosting business today, which some will attribute to his successes over the past 15 months.

paypaldeniedKing himself believes that his contribution has been significant, with the suggestion that the StopFileLockers campaign has played a part in the shutdown of hundreds of piracy-related sites and the closure of thousands of PayPal, Payza, Moneybookers and other payment processing options. No official stats or reports are available but it’s safe to say that the project has been a considerable nuisance to the file-hosting market.

However, it’s now clear that King’s work is on the brink. Despite initial enthusiasm and support (including hard cash from industry giant Manwin), interest in the project has waned considerably. In an update to adult industry platform GFY, King announced today that StopFileLockers has run out of money and resources and will shut down this week.

“Unfortunately at the end of September we finally ran out of funds and the resources just don’t exist to keep this effort going any longer. In fact, we now face a deficit in the vicinity of $15,000,” King said.

“Unless a source of funding is found, all operational aspects of the Stop File Lockers project and Copy Control will cease at midnight on Friday 4th October (AEST). I would like to thank every person, company and organization that has provided support (financial and otherwise) to the project.”

So what now for AdultKing? More anti-piracy work, or an unlikely change of sides perhaps?

“Overnight one of the largest remaining file lockers offered me $XXX,XXX a year to come on board as a consultant and help them become compliant and get their PayPal account back,” King revealed in September.

“I told them to get fucked.”

In the absence of any figures to show success or failure it is very difficult to assess the real-world achievements of the campaign, at least as far as it may or may not have boosted sales of official content. However, King’s legacy may lie in a more significant area – adding momentum to the shifting of payment processor attitudes towards the file-sharing space.

“We have recast the way in which file lockers are viewed by many organizations,” King concludes.

Few will argue with that.


“More than one file locker operator has offered either incentive or threat to help them, or desist from working to mitigate their business model. There is no price at which a piracy outfit can obtain my services,” King informs TorrentFreak.

“At the conclusion of the Stop File Lockers project I shall be concentrating my efforts on my mainstream business interests which are not associated with either anti-piracy or the adult industry.”

Source: StopFileLockers Anti-Piracy Outfit Announces Imminent Shutdown

Krebs on Security: How Not to DDoS Your Former Employer

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Pro tip: If you’re planning to launch a debilitating denial-of-service attack against your former employer, try not to “like” the Facebook page of the DDoS-for-hire Web service that you intend to use in the assault.

Tell that to Kevin Courtois, a 28-year-old from Three Rivers, Quebec who was arrested earlier this year for allegedly launching a volley of cyber attacks against his former company over a nine month period beginning in May 2012. Courtois did not respond to requests for comment.

Courtois’s former employer — Concepta Inc., an information security firm based in his hometown — was not the only one suffering from attacks. The assaults — which ranged in size from a few gigabits per second to up to 10 gbps — grew so large that they began significantly affecting Concepta’s Internet service provider  – another Three Rivers company called Xittel. Eventually, the attacks shifted to targeting Xittel directly.

Xittel later hired Robert Masse, a security consultant from Montreal who spoke about the details of this case in a talk at the Black Hat security conference in Las Vegas last month. Xittel and Concepta compared notes and told Masse they’d settled on Cortois as the likely culprit. One potential clue: Cortois had left Concepta to start his own company that specialized in DDoS protection services. 

Masse said when he began his investigation he noticed that Courtois had liked the Facebook page of, a now defunct booter site that redirected him to….wait for it… For those of you who haven’t read my story on and its proprietor Justin Poland, please check it out after reading this piece. In that story, Poland claimed to have been working for the FBI, and even to have backdoored his own service so that FBI agents could snoop on user activity.

Masse said he decided to contact Poland to see what he might be willing to disclose about any customer who’d been using the service to launch attacks against Concepta and Xittel. Masse said he created an account at, funded it with $200 via the site’s default payment method — Paypal — and then reached out to Poland via his support handle in Skype. Would Poland be willing to sell the logs of a particular customer? Say….anyone who happened to be currently using ragebooter to attack a certain Internet address block in Three Rivers, Quebec?

MasseyStrings According to Masse, Poland initially replied that, why yes, there was an attack going on that very moment against that IP address. “For sure, this morning,” Poland wrote in a Skype chat. “First attack November 25 (2012).” Masse said Poland then pasted the account information for a user named…wait for it…”concepta2.” Concepta2 had signed up with ragebooter using the email address, according to the users database that was leaked earlier this year. A historic reverse WHOIS record lookup at, that email address was used to register at least 36 different Web sites, most of them originally registered to a Kevin Courtois from Quebec.

Masse said Poland quickly thought better of posting his customers’ information in a Skype chat with a stranger, and deleted the message a few seconds after he’d pasted it. But Masse was able to retrieve a copy of the message by dumping the memory cache for his Skype client on his OS X machine.

Masse also discovered that a person using the nickname “concepta” had posted on that he was looking to hire a DDoS botnet. With this and other information, Masse was able to get a civilian search warrant to seize and search the computers at Courtois’s residence. But Masse said when he arrived at Courtois’s home with local gendarmes, a bailiff and a locksmith, they found Courtois unbothered by the intrusion, almost like he was expecting it.

Masse and his employer maintain that Courtois had already hacked his former boss’s computer, and so knew in advance the day and the hour that the authorities were coming for him and his stuff.

“What’s funny is when we went to seize the hard drive, he didn’t look surprised because he hacked into the president of the company, so he knew that we were coming,” Masse said. “The funny part is that while he used data wiping software to wipe his drive, he only wiped the free space, but didn’t wipe his backups. That guy thought he was so smart, you should have seen the smirk on his face.”

Courtois was arrested for unauthorized computer use and for mischief to data. His trial is ongoing.

Krebs on Security: Buying Battles in the War on Twitter Spam

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The success of social networking community Twitter has given rise to an entire shadow economy that peddles dummy Twitter accounts by the thousands, primarily to spammers, scammers and malware purveyors. But new research on identifying bogus accounts has helped Twitter to drastically deplete the stockpile of existing accounts for sale, and holds the promise of driving up costs for both vendors of these shady services and their customers.



Twitter prohibits the sale and auto-creation of accounts, and the company routinely suspends accounts created in violation of that policy. But according to researchers from George Mason University, the International Computer Science Institute and the University of California, Berkeley, Twitter traditionally has done so only after these fraudulent accounts have been used to spam and attack legitimate Twitter users.

Seeking more reliable methods of detecting auto-created accounts before they can be used for abuse, the researchers approached Twitter last year for the company’s blessing to purchase credentials from a variety of Twitter account merchants. Permission granted, the researchers spent more than $5,000 over ten months buying accounts from at least 27 different underground sellers.

In a report to be presented at the USENIX security conference in Washington, D.C. today, the research team details its experience in purchasing more than 121,000 fraudulent Twitter accounts of varying age and quality, at prices ranging from $10 to $200 per one thousand accounts.

The research team quickly discovered that nearly all fraudulent Twitter account merchants employ a range of countermeasures to evade the technical hurdles that Twitter erects to stymie the automated creation of new accounts.

“Our findings show that merchants thoroughly understand Twitter’s existing defenses against automated registration, and as a result can generate thousands of accounts with little disruption in availability or instability in pricing,” the paper reads. “We determine that merchants can provide thousands of accounts within 24 hours at a price of $0.02 – $0.10 per account.”


For example, to fulfill orders for fraudulent Twitter accounts, merchants typically pay third-party services to help solve those squiggly-letter CAPTCHA challenges. I’ve written here and here about these virtual sweatshops, which rely on low-paid workers in China, India and Eastern Europe who earn pennies per hour deciphering the puzzles.

topemailThe Twitter account sellers also must verify new accounts with unique email addresses, and they tend to rely on services that sell cheap, auto-created inboxes at HotmailYahoo and, the researchers found. ”The failure of email confirmation as a barrier directly stems from pervasive account abuse tied to web mail providers,” the team wrote. “60 percent of the accounts were created with Hotmail, followed by and”

Bulk-created accounts at these Webmail providers are among the cheapest of the free email providers, probably because they lack additional account creation verification mechanisms required by competitors like Google, which relies on phone verification. Compare the prices at this bulk email merchant: 1,000 Yahoo accounts can be had for $10 (1 cent per account), and the same number Hotmail accounts go for $12. In contrast, it costs $200 to buy 1,000 Gmail accounts.

topcountriesFinally, the researchers discovered that Twitter account merchants very often spread their new account registrations across thousands of Internet addresses to avoid Twitter’s IP address blacklisting and throttling. They concluded that some of the larger account sellers have access to large botnets of hacked PCs that can be used as proxies during the registration process.

“Our analysis leads us to believe that account merchants either own or rent access to thousands of compromised hosts to evade IP defenses,” the researchers wrote.

Damon McCoy, an assistant professor of computer science at GMU and one of the authors of the study, said the top sources of the proxy IP addresses were computers in developing countries like India, Ukraine, Thailand, Mexico and Vietnam.  ”These are countries where the price to buy installs [installations of malware that turns PCs into bots] is relatively low,” McCoy said.


The researchers paid for most of the accounts using PayPal, which means that most Twitter account sellers accept credit cards. They also found that freelance merchants selling accounts via and other sellers not associated with a static Web site were the most likely to resell credentials to other buyers — essentially trying to sell the same accounts to multiple buyers. This was possible because the researchers made the decision not to change the passwords of the accounts they purchased.

One of 27 merchants the researchers studied who were selling mass-registered Twitter accounts.

One of 27 merchants the researchers studied who were selling mass-registered Twitter accounts.

They found that bulk-created Twitter accounts sold via Fiverr merchants were also among the shortest lived: 57 percent of the accounts purchased from Fiverr sellers were cancelled during the time of their analysis. In contrast, Web storefronts like buyaccs[dot]com (pictured at left) had only five percent of their purchased accounts eventually detected as fraudulent.

Turns out, most of the Twitter account merchants stockpile huge quantities of accounts in advance of their sale; the researchers determined that the average age of accounts for sale was about 30 days, while some sellers routinely marketed accounts that were more than a year old. For these latter merchants, “pre-aged” accounts appeared to be a proud selling point, although the researchers said they found little correlation between the age of an account and its ability to outlive others after purchase.


Twitter did not respond to multiple requests for comment. One of the researchers named in the paper — Berkeley grad student Kurt Thomas — was a Twitter employee at the time of the study; he also deferred comment to Twitter. But the other researchers say they had full cooperation from Twitter to test the efficacy of their merchant profiling techniques. They focused on building unique signatures that could be used to identify accounts registered by each of the 27 merchants they studied, based on qualities such as browser user agent strings, submission timing, signup flow and similarly-named accounts.

Vern Paxson, a professor of computer sciences at UC Berkeley and a key researcher at the International Computer Science Institute, said that in cooperation with Twitter the group analyzed the total fraction of all suspended accounts that appeared to originate from the 27 merchants they tracked. They found that at its peak, the underground marketplace was responsible for registering 60% of all accounts that would go on to be suspended for spamming. During more typical periods of activity, the merchants they tracked contributed 10–20% of all spam accounts.

Following Twitter's mass suspension of accounts, alerts customers that it is "temporarily not selling twitter accounts."

Following Twitter’s mass suspension of accounts, alerts customers that it is “temporarily not selling twitter accounts.”

Paxson said that when Twitter went back and applied the group’s merchant signatures to all of the Twitter accounts registered during the ten months of the study, they were able to disable 95 percent of all fraudulent accounts registered by those 27 merchants, including those previously sold but not yet suspended for spamming. Only .08 percent of those accounts that were cancelled asked to be unsuspended, and the researchers believe that 93 percent of those requests were performed by fraudulent accounts abusing the unsuspend process.

Immediately after Twitter suspended the accounts, the researchers placed 16 new orders for accounts from the 10 sellers with the largest stockpiles; of the 14,067 accounts they purchased, 90 percent were dead on arrival due to Twitter’s previous intervention.

“There was a fair amount of confusion on the [black hat hacker] forums about what Twitter was doing,” Paxson said. When the researchers requested working replacements, one of the merchants responded: “All of the stock got suspended….Not just mine…..It happened with all of the sellers….Don’t know what twitter has done….”

Within a few weeks, however, the bigger merchants were back in business, and the templates the researchers built to detect accounts registered by the various merchants began to show their age: Of the 6,879 accounts they purchased two weeks after Twitter’s intervention, only 54 percent were suspended on arrival.

Nevertheless, Paxson said Twitter is actively working to integrate their techniques into its real-time detection framework to help prevent abuse at signups. The trick, he says, is finding a sustainable way to fine-tune their merchant signatures going forward and continue to stay ahead in the arms race.

“We would love to keep doing this, but the hard part is you kind of have to keep doing the buys, and that’s a lot of work,” Paxson said. “The signatures we have created so far are definitely useful to them and they’ve gotten a lot of traction out of it already in actively suspending accounts that match those signatures. But as soon as the account merchants get wise, they change things slightly and our signatures no longer match.”

As such, the paper concludes that a long term disruption of the fraudulent Twitter account marketplace requires both increasing the cost of account registration — perhaps through additional hurdles such as phone verification – and integrating at-signup time abuse classification into the account registration process.

For more on this research, see: Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse (PDF).

Krebs on Security: Mail from the (Velvet) Cybercrime Underground

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.

“Flycracker,” the administrator of crime forum, hatches plan to send drugs to my home.

“Flycracker,” the administrator of crime forum, hatches plan to send drugs to my home.

But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.

This would-be smear campaign was the brainchild of a fraudster known variously online as “Fly,” “Flycracker,” and MUXACC1 (muxa is transliterated Russian for “муха” which means “fly”). Fly is the administrator of the fraud forum “thecc[dot]bz,” an exclusive and closely guarded Russian language board dedicated to financial fraud and identity theft.

On July 14, Flycracker posted a new  forum discussion thread titled, “Krebs Fund,” in which he laid out his plan: He’d created a bitcoin wallet for the exclusive purpose of accepting donations from other members. The goal: purchase heroin in my name and address from a seller on the Silk Road, an online black market that is only reachable via the Tor network.  In the screenshot pictured above, Flycracker says to fellow members:

“Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the “Helping Brian Fund”, and shortly we will create a bitcoin wallet called “Drugs for Krebs” which we will use to buy him the purest heroin on the Silk Road.  My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!”

Together, forum members raised more than 2 bitcoins – currently equivalent to about USD $200. At first, Fly tried to purchase a gram of heroin from a Silk Road vendor named 10toes, an anonymous seller who had excellent and plentiful feedback from previous buyers as a purveyor of reliably good heroin appropriate for snorting or burning and inhaling (see screnshot below).

Flycracker discussing the purchase of a gram of heroin from Silk Road seller "10toes."

Flycracker discussing the purchase of a gram of heroin from Silk Road seller “10toes.”

For some reason, that transaction with 10toes fell through, and Flycracker turned to another Silk Road vendor — Maestro — from whom he purchased a dozen baggies of heroin of “HIGH and consistent quality,” to be delivered to my home in Northern Virginia earlier today. The purchase was made using a new Silk Road account named “briankrebs7,” and cost 1.6532 bitcoins (~USD $165).

Flycracker ultimately bought 10 small bags of smack from Silk Road seller "Maestro."

Flycracker ultimately bought 10 small bags of smack from Silk Road seller “Maestro.” The seller threw in two extra bags for free (turns out he actually threw in three extra bags).

In the screen shot below, Fly details the rest of his plan:

“12 sacks of heroin [the seller gives 2 free sacks for a 10-sacks order] are on the road, can anyone make a call [to the police] from neighbors, with a record? Seller said the package will be delivered after 3 days, on Tuesday. If anyone calls then please say that drugs are hidden well.”


Last week, I alerted the FBI about this scheme, and contacted a Fairfax County Police officer who came out and took an official report about it. The cop who took the report just shook his head incredulously, and kept saying he was trying to unplug himself from various accounts online with the ultimate goal of being “off the Internet and Google” by the time he retired. Before he left, the officer said he would make a notation on my report so that any officer dispatched to respond to complaints about drugs being delivered via mail to my home would prompted to review my report.


I never doubted Flycracker”s resolve for a minute, but I still wanted to verify his claims about having made the purchase. On that front I received assistance from Sara Meiklejohn, a graduate student at the University of California, San Diego who’s been analyzing the role of bitcoin and anonymity on the Silk Road. Meiklejohn confirmed that the bitcoin wallet linked to in Fly’s forum thread was indeed used to deposit two bitcoins into a purse controlled by anonymous individuals who help manage commerce on the Silk Road.

Meiklejohn and fellow researcher Damon McCoy, an assistant professor of computer science at George Mason University, have been mapping out a network of bitcoin wallets that are used exclusively by the curators of the Silk Road. If you wish to transact with merchants on the Silk Road, you need to fund your account with bitcoins. The act of adding credits appears to be handled by a small number of bitcoin purses.

“All Silk Road purchases are handled internally by Silk Road, which means money trades hands from the Silk Road account of the buyer to the Silk Road account of the seller,”  explained Meiklejohn, author of the paper, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, to be released in October 2013 at the ACM Internet Measurement Conference in Barcelona, Spain.

“These accounts aren’t visible on the bitcoin network though, so the only thing we can even hope to see by looking at the public transactions is when money goes into and comes out of the set of addresses that represent the collective account balances of all silk road users,” Meiklejohn wrote in an email to KrebsOnSecurity. “By manually tagging a handful of silk road addresses (via direct interaction) and then bootstrapping using the heuristic I described to label many more (around 250,000 in total), we are able to achieve this second goal by identifying addresses in the network that are ‘owned’ by silk road.”

In short, we can see that Flycracker’s Krebs Fund wallet was used to deposit 2 bitcoins into a bitcoin wallet controlled by those who maintain the Silk Road marketplace, but we can’t say for certain whether he used that credit to make a purchase.


A thin package containing what appears to be packets of some white powder was delivered to my doorstep Monday, a day earlier than Flycracker had told his buddies that it would arrive. The package was hand-delivered by our local postal carrier, sent in a thin USPS Express Mail envelope that was postmarked from Chicago. Inside was another blank envelope containing a May 2013 copy of Chicago Confidential, a weekly glossy magazine from the Chicago Tribune.

On the back of the magazine, taped to a full-page ad for jewelry from LesterLampert, were a baker’s dozen individually wrapped packets emblazoned with the same black and gold skull motif that was on Maestro’s Silk Road ad. I guess the seller in this case was worried that 12 packets didn’t quite meet the 1 gram measurement for which Flycracker and his goons paid, so he threw in an extra one for good measure.

12 packets of what appears to be heroin arrived at my home via the Silk Road on July 29, 2013.

13 packets of what appears to be heroin arrived at my home via the Silk Road on July 29, 2013.

I wasn’t planning even to touch the individual packages, but curiosity got the best of me. Before calling the cop who took my initial report and letting him that know he could come and retrieve the parcel, I had a look inside one of the packets. But not before donning a particulate face mask and a pair of disposable gloves. Hey, I watch Breaking Bad: Safety first!

Without actually having the substance tested at a lab, I can’t say for certain whether this is talcum powder or the real thing. The cop that came to collect the package said he had a drug field test kit in his squad car but then discovered he was out of the heroin tests (I’m not sure what that says about the heroin problem in Northern Virginia, but I digress). Frankly, I’m willing to give the seller the benefit of the doubt, given that Maestro currently has glowing feedback from almost 100 other buyers on Silk Road. Nevertheless, if I receive any testing results from the local police, I’ll update this blog post.

It's not every day your enemies deliver drugs to your door.

It’s not every day your enemies deliver drugs to your door. I’m pretty sure they don’t teach you about this stuff in journalism school (not that I went or anything).

Just who is this Flycracker mischief maker? That will have to wait for another post. Stay tuned.

TorrentFreak: PayPal Cuts Off “Pirate Bay” VPN iPredator, Freezes Assets

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

paypaldeniedPayPal is widely known for their aggressive stance towards BitTorrent sites, Usenet providers and file-hosting services, but a new development suggests that VPN providers can suffer the same fate too.

PayPal has stopped providing payment services to the Swedish based VPN provider iPredator. In addition, all the organization’s funds have been frozen. iPredator is commonly known as the “Pirate Bay” VPN as it was launched by the old Pirate Bay crew in 2009, but it’s currently operated by an independent non-profit foundation.

Ipredator and Pirate Bay founder Peter Sunde informs TorrentFreak that this disconnection came without prior warning and with no explanation from PayPal as to why the organization is no longer allowed to accept payments. PayPal simply stated that there is “an issue with the account.”

For Sunde and his team the disconnection comes at an unfortunate time. Just three weeks ago iPredator was also kicked out by its credit card payment processor Payson, who changed their terms of services and disallowed VPNs. Sunde believes that the two incidents are related.

“It’s not a coincidence that we are banned from Payson, and then PayPal a few weeks after,” he told TorrentFreak.

The iPredator team has tried to contact PayPal to get more information on the reason for the disconnection, but thus far without luck. The VPN provider still has to find a replacement for Payson as well, but to date have been unsuccessful.

Worryingly, one large European payment processor informed iPredator that they have been put on a blacklist of services that are not allowed to accept credit card payments.

“One processor we talked with, to replace Payson, told us that we were on a blacklist of services that are prohibited to accept credit cards. This apparently happened shortly after Payson announced it could no longer process MasterCard and Visa payments for VPN providers,” Sunde explains.

TorrentFreak has asked both MasterCard and Visa about the claims of an operational blacklist, but both companies denied one exists. ipredatorHowever, Sunde believes that they are covering something up.

“It’s a sad day for democracy when third parties interfere with legal business, and then lie about it. This is typically something we hope someone leaks so we can see what they are morally censoring,” he adds.

Mastercard’s Senior Vice President of External Communications, Andrew Bowins, further said that they have no policy to ban VPN services, but that they occasionally disconnect merchants who violate their terms.

“We don’t currently have a policy that unilaterally prohibits VPNs or anonymizers. That said, in order to protect the integrity of the payment system and its participants, we do review merchants to determine whether their models are in compliance with our rules,” Bowins told TorrentFreak.

Neither MasterCard nor Visa could confirm that iPredator was allowed to process credit card payments. Several other payment processors and acquiring banks we contacted regarding the matter did not reply, and PayPal has offered no explanation for their decision either.

For Sunde and the rest of the iPredator team it’s this vagueness and lack of transparency that’s most frustrating. If they are for some reason banned, they would like to know on what grounds.

“If someone SAYS what it is, we can at least argue about it. With the enormous power they have accumulated, they are required to offer some transparency and responsibility,” Sunde tells us.

Without a response from PayPal we can only guess why iPredator is banned. Perhaps it’s their affiliation with the Pirate Bay, the fact that they operate a proxy, or because VPNs are starting to become tricky business. Truth is, we just don’t know.

Meanwhile, iPredator is now forced to go to the “dark corners” of the internet to find payment providers who are still willing to work with them. The VPN provider still has a few payment options left, including Bitcoin, and they hope that the public are willing to support them in during these tough times.

Source: PayPal Cuts Off “Pirate Bay” VPN iPredator, Freezes Assets

TorrentFreak: Tech Giants Sign Deal to Ban Advertising on “Pirate” Websites

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

google-bayHitting the revenue streams of infringing sites has been a recurring theme in recent months.

Companies like PayPal have refused to do business with certain kinds of file-sharing sites, while payment processors and credit card companies have agreed to make life more difficult for controversial domains.

A key source of revenue for many sites is advertising and critics have been swift to attack companies that place ads on torrent, file-hosting and other similar sites for allegedly funding copyright infringement.

As such there has been pressure mounting for companies to be more choosy over where they try to attract business, and for advertising networks such as those run by Google to take better care over who they accept work from. Behind the scenes the voices have been heard.

Just a few moments ago David Jacobs SVP at AOL Networks revealed that together with Yahoo, Microsoft, Google, 24/7 Media, Adtegrity, Condé Nast and SpotXchange, his company has established a set of self-regulating best practices to address known infringing sites in their respective ad networks.

However, they also make a number of things abundantly clear from the start.

“Ad Networks do not control the content on third-party websites and are not able to remove websites from the Internet. Nor can Ad Networks engage in extensive or definitive fact finding to determine a particular party’s intellectual property rights,” the best practices document reads.

aol“Nevertheless, we believe it is useful for Ad Networks to maintain policies intended to discourage or prevent, to the extent possible, websites that are principally dedicated to selling counterfeit goods or engaging in copyright piracy and have no substantial non-infringing uses from participating in the Ad Network. The signatories to this Statement have individually decided to adopt these voluntary best practices in furtherance of that goal.”

The document says that signatories will implement procedures consistent with applicable laws, and will be mindful to balance copyright interests, including fair use, privacy and fair process. To this end, dialogue with content creators, rights holders, consumer organizations, and free speech advocates will be maintained.

The companies acknowledge that rightsholders are best placed to assess infringements of their own intellectual property rights but also note that if their word is to be acted upon, high standards of reporting are required.

“Accordingly, intellectual property holders are expected to be accurate in demonstrating infringement of their copyrights and trademark rights and to target only infringing conduct,” they explain.

microsoftRightsholders will be expected to file correctly formatted complaints with the ad networks that show evidence that the allegedly infringing sites are indeed engaging in illegal activity.

In addition to identifying specific URLs where unauthorized activity is taking place, evidence must also include time-and-date-stamped screenshots and other technical information which shows that advertising from the ad network appears alongside the infringing activity.

In common with DMCA notices, the complaints must be accompanied by a statement that the person submitting the notice “has a good faith belief that the Illegitimate Activity is not authorized by the rights holder.” Whether that will encourage rightsholders to improve their accuracy and not misuse these new tools remains to be seen.

Valid notices will trigger an investigation and sites targeted by the infringement notices may well be asked to cease and desist from their infringing activity.

yahoo“An Ad Network may take steps including but not limited to requesting that the website no longer sell counterfeit goods or engage in copyright piracy, ceasing to place advertisements on that website (or pages within that website) until it is verified that the website (or pages within the website) is no longer selling counterfeit goods or engaging in copyright piracy, or removing the website from the Ad Network,” the agreement reads.

Websites affected by complaints will have a chance to appeal complaints via the filing of a counter-notice.

The advertising companies conclude by making it clear that aside from trying to deter infringing sites from advertising in the first instance, this is not a proactive arrangement.

“This Statement is not intended to impose a duty on any Ad Network to monitor its network to identify such websites,” the companies note.

“Similarly, it is understood that the voluntary best practices reflected in this Statement should not, and cannot, be used in any way as the basis for any legal liability or the loss of any applicable immunity or ‘safe harbor’ from such liability,” they sensibly conclude.

Source: Tech Giants Sign Deal to Ban Advertising on “Pirate” Websites

TorrentFreak: Mastercard and Visa Start Banning VPN Providers?

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

visa-mastercardPayment providers are increasingly taking action against sites and services that are linked to copyright infringement.

There’s an unwritten rule that Mastercard and Visa don’t accept file-hosting sites that have an affiliate program and PayPal has thrown out nearly all cyberlockers in recent months.

It now appears that these policies have carried over to VPN providers and other anonymizing services. Before the weekend customers of the popular Swedish payment service provider Payson received an email stating that VPN services are no longer allowed to accept Visa and Mastercard payments due to a recent policy change.

“Payson has restrictions against anonymization (including VPN services). As a result Payson can unfortunately no longer give your customers the option to finance payments via their cards (VISA or MasterCard),” the email states, adding that they still accept bank transfers as deposits.

The new policy went into effect on Monday, leaving customers with a two-day window to find a solution.

While the email remains vague about why this drastic decision was taken, in a telephone call Payson confirmed that it was complying with an urgent requirement from Visa and Mastercard to stop accepting payments for VPN services.

One of these customers is the iPredator VPN, launched by Pirate Bay co-founder Peter Sunde and friends. Sunde tells TorrentFreak that he is baffled by the decision, which he believes may be an effort to prevent the public from covering their tracks online and preventing government spying.

“It means that US companies are forcing non-American companies not to allow people to protest their privacy and be anonymous, and thus the NSA can spy even more. It’s just INSANE,” Sunde says.

Sunde explains that iPredator will always have plenty of other payment options, but sees it as an outrage that Mastercard and Visa have apparently decided to ban a perfectly legal technology.

“For iPredator there are always other payment methods, like Bitcoin, but it’s insane to censor a totally legit system that is there to avoid censorship and surveillance,” Sunde says.

Despite these alternatives, Sunde is not going to stand idly by. He informs TorrentFreak that Ipredator considering taking legal action, citing the Wikileaks win against the credit card companies as a favorable precedent.

Ipredator is far from the only VPN provider that is affected by the policy change. Anonine, Mullvad, VPNTunnel, Privatvpn and several others are also using Payson’s services.

At this point it’s unclear why the two companies are taking a stand against anonymizing services. It seems likely that an industry or authority has been pushing for the policy change behind the scenes. However, with privacy high on the agenda with the PRISM scandal, the move comes at an odd time.

TorrentFreak has reached out to Mastercard and Visa but we have yet to hear back from the companies. We are not aware of any other payment service providers who have taken action against VPN providers, so the scope of the actions are unknown at this point.

Update July 4: Visa Europe told us that it “has not been involved in this matter in any way, and has not made any such stipulations to Payson or to any other organisation.” We specifically asked whether VPNs and other anonymizing services are in any way prohibited by Visa, but the company didn’t confirm nor deny. Visa believes that the issue was raised by Payson’s acquiring bank, which acts as an intermediary between payment processors and card associations such as Visa and MasterCard.

Update July 8: MasterCard also denies that they are responsible for Payson’s decision to stop accepting VPN services. “Contrary to earlier reports, MasterCard has not been involved in this matter in any way. We have not placed any restrictions on Payson.” MasterCard’s Senior VP of External Communications, Andrew Bowins, told TorrentFreak. The company agreed to offer more insight into their policies which we will address in an upcoming article.

We have asked Payson to clarify the discrepancy and will update the article when we hear back from them.

Source: Mastercard and Visa Start Banning VPN Providers?

TorrentFreak: Major Book Publishers Demand Identities of Usenet Uploaders

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

book-pirateLawsuits against individual file-sharers are nothing new in the United States. In recent years hundreds of thousands have been accused of sharing copyrighted material.

Thus far, these lawsuits have almost exclusively focused on BitTorrent users, but new legal action by several major book publishers suggests that Usenet uploaders are also being eyed.

Cengage Learning, John Wiley and Sons, Elsevier and McGraw-Hill recently obtained subpoenas from the U.S. District Court of Columbia, requiring Usenet providers to hand over the personal details of two very active uploaders.

The publishers state that they caught the uploaders “Hockwards” and “Rockhound” sharing hundreds of books. The pair are allegedly connected to Usenet services provided by Usenetserver and XS News, and both companies are now being held responsible for the infringing uploads.

“This information is being provided to you as the Usenet provider responsible for providing Rockhound with the accounts through which the infringement is occurring,” the publishers write in one of their letters.

“Based on the information at our disposal, we have good faith belief that the material uploaded to Usenet by Rockhound is infringing the book publishers’ copyrights. Over the past four months alone, Rockhound has uploaded hundreds of infringing books.”

The book publishers are asking the Usenet providers to hand over all information they have on the two uploaders, including billing records, phone numbers and addresses. In addition, the publishers list hundreds of infringing books that they want the providers to remove from their servers.

Information requested


TorrentFreak talked to a representative of the book publishers who informed us that they have to protect their rights online, to guarantee that high quality books will continue to be published in the future. Targeting Usenet providers and their users is part of this strategy.

“The publishers are actively monitoring and enforcing their rights on the internet, including on Usenet. Any individual or company that uploads large quantities of digital copies of the publishers’ books for others to download without authorization is a potential target for enforcement,” the representative told us.

“Those individuals and companies are violating the law, no matter where they live and no matter why they are doing it,” the publishers add.

Whether the information obtained through the subpoenas will help the book publishers to identify both users has yet to be seen. It is not uncommon for uploaders to take measures to obfuscate their identities by using prepaid credit cards, VPN services and false contact information.

That said, the action against these Usenet uploaders is significant and in line with developments over the past year. Gradually, we’ve seen anti-piracy efforts begin to include Usenet providers and related services.

Copyright holders, for example, have rapidly increased the number of DMCA takedown notices they send to indexing and hosting services, leading to the shutdown of NZBMatrix. In addition, payment providers such as PayPal are banning Usenet related sites over piracy concerns, causing sites such as Newzbin2 to fold.

Although very rare at the moment, these recent legal actions by book publishers show that Usenet users aren’t immune to legal troubles either.

Update: This article has been updated to make clear that one of the users was a Usenetserver customer. Highwinds is not providing Usenet services.

Source: Major Book Publishers Demand Identities of Usenet Uploaders

TorrentFreak: Movie2K Down: The Mystery and Possible Reincarnation Revealed

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

While the world’s largest torrent indexes tend to grab most of the headlines, a relatively new range of sites have been scooping up huge numbers of users during the past few years.

Avoiding the relative complexity of torrent clients, streaming portals offer movies and TV shows in a YouTube-like environment, with video embedded in a page and ready to watch – no traditional downloading required.

Offering all the latest movies and TV shows for immediate viewing after just a couple of clicks, Movie2K was one of the most popular streaming sites around. Back in February it was the 240th most popular site in the world and in Germany ranked 19th, making it more popular than Twitter, Amazon, Apple, PayPal and Microsoft.

Movie2K – gone

However, on Wednesday Movie2K became unresponsive. We were first alerted to the problems by the operators of PirateReverse and ProxyBay, sites which set themselves up to reconnect users with Movie2K after the UK Hight Court ordered it blocked earlier this month.

Something was clearly wrong – Movie2K first began redirecting to Google and then later to We emailed Movie2K immediately but after receiving no response we began asking questions elsewhere, starting with the site’s former host.

Romanian host shut down Movie2K

Voxility is a Romanian-based company that houses quite a few file-sharing related websites. It is also the last known host of Movie2K so we wrote to the company and asked them what had happened to the site. Voxility failed to respond to our questions, but we weren’t about to give up.

What we do know is that Movie2K had been doing business with Voxility for a long time using the IP address The records for that IP address have now been changed and allocated away from Movie2K and back to ‘reserved’ status with Voxility.


We spoke with a person familiar with Voxility’s operations who told us that ‘reserved’ indicates that the server has been canceled by the host and is no longer in use.

Was Movie2K raided or was the shutdown voluntary?

Ever since Movie2K disappeared earlier this week there have been rumors that the site (or its admin) had been raided. Most seem to be based around a statement last week by anti-piracy group GVU that a former top uploader to the now-defunct had been raided in Germany.

The individual, said to be called “Hologram”, is alleged to have uploaded more than 100,000 movies. GVU said that he was “cooperative” and later “confessed.” The raid took place early on May 22 according to GVU, but TorrentFreak received an email later that evening from the Movie2K admin, so it seems moderately unlikely he was raided that same morning.

However, what we do know from a source inside Voxility is that the operator of Movie2K voluntarily closed down the server this week and canceled his business with Voxility. And in the past few minutes there are suggestions that there might indeed be some connection, not necessarily directly though, between the shutdown of Movie2K and the raid last week.

While stating that they don’t really know why Movie2K has disappeared, GVU are suggesting that the site’s operators may have seen the ongoing investigation and decided that enough is enough. That’s possible of course, but we still aren’t finished.

Updated DNS entries –

Movie2K used to operate via many different domains such as .com and .net, but the prime URL for the site over the years has been Now, .to is the top-level domain (ccTLD) of the island kingdom of Tonga and is handled by the Tonic domain name registry.

Tonic have a policy of keeping domain registrants’ information secret so there is no traditional WHOIS that will reveal names and addresses etc. There is however a limited search that can be done to find out DNS entries etc, which revealed something interesting. An update this morning…

Created on: Tue Aug 31 05:07:54 2010
Last edited on: Fri May 31 08:28:53 2013
Expires on: Thu Aug 31 05:07:54 2017
Primary host add:
Primary host name:
Secondary host add:
Secondary host name:

Piraten Partei is the German Pirate Party and the addresses listed above certainly match the party’s DNS server addresses. So, are they involved?

“We have nothing to do with this and our DNS servers do not serve this domain,” Markus Drenger of the Pirate Party’s press team told TorrentFreak.

So with the Pirate Party denying knowledge we will have to wait a short time to see what happens next with the Movie2K domain. Tonic update their nameservers once a day at (GMT +13) so the next move might become apparent then. However, . com updates sooner….

Movie2K is dead, long live…..Movie4K?

Visitors to are now being redirected to a server in the Virgin Islands playing host to a new site called Movie4K. There’s nothing there at the moment but there are signs that something might be about to burst into life. The DNS entries for that domain were updated last evening.

Created on: Sat Dec 03 00:50:01 2011
Last edited on: Thu May 30 21:11:00 2013
Expires on: Sat Dec 03 00:50:01 2016
Primary host add:
Primary host name:
Secondary host add:
Secondary host name:

So will Movie2K reanimate itself into Movie4K this weekend and become fully operational once again? All the indications suggest that we won’t have long to find out. In the meantime, GVU may have to put their champagne back on ice.

Update: Movie4k is now up and running. TorrentFreak is trying to talk to the operator of the site for a follow-up article. Stay tuned.

Source: Movie2K Down: The Mystery and Possible Reincarnation Revealed

Krebs on Security: Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

On Monday, I profiled, one of several increasingly public DDoS-for-hire services posing as Web site “stress testing” services. Today, we’ll look at, yet another attack service except for one secret feature which sets it apart from the competition: According the site’s proprietor, includes a hidden backdoor that lets the FBI monitor customer activity.

Ddos-for-hire site

Ddos-for-hire site

This bizarre story began about a week ago, when I first started trying to learn who was responsible for running RageBooter. In late March, someone hacked and leaked the users table for The database showed that the very first user registered on the site picked the username “Justin,” and signed up with the email address “”

That email address is tied to a now-defunct Facebook account for 22-year-old Justin Poland from Memphis, Tenn. Poland’s personal Facebook account used the alias “PRIMALRAGE,” and was connected to a Facebook page for an entity called Rage Productions. Shortly after an interview with KrebsOnSecurity, Poland’s personal Facebook page was deleted, and his name was removed from the Rage Productions page.’s registration records are hidden behind WHOIS privacy protection services. But according to a historic WHOIS lookup at, that veil of secrecy briefly fell away when the site was moved behind, a content distribution network that also protects sites against DDoS attacks like the ones Ragebooter and its ilk help to create (as I noted in Monday’s story, some of the biggest targets of booter services are in fact other booter services). For a brief period in Oct. 2012, the WHOIS records showed that was registered by a Justin Poland in Memphis.

I “friended” Poland on Facebook and said I wanted to interview him. He accepted my request and sent me a chat to ask why I wanted to speak with him. I said I was eager to learn more about his business, and in particular why he thought it was okay to run a DDoS-for-hire service. While we were chatting, I took the liberty of perusing his profile pictures, which included several of a large tattoo he’d had inked across the top of his back — “Primal Rage” in a typeface fashioned after the text used in the Transformers movie series.

Poland is serious about his business.

Poland is serious about his business.

“Since it is a public service on a public connection to other public servers this is not illegal,” Poland explained, saying that he’d even consulted with an attorney about the legality of his business. When I asked whether launching reflected DNS attacks was okay, Poland said his service merely took advantage of the default settings of some DNS servers.

“Nor is spoofing the sender address [illegal],” he wrote. “If the root user of the server does not want that used they can simple disable recursive DNS. My service is a legal testing service. How individuals use it is at there [sic] own risk and responsibilitys [sic].  I do not advertise this service anywhere nor do I entice or encourage illegal usage of the product. How the user uses it is at their own risk. I provide logs to any legal law enforcement and keep logs for up to 7 days.”

The conversation got interesting when I asked the logical follow-up question: Had the police or federal authorities ever asked for information about his customers?

That was when Poland dropped the bomb, informing me that he was actually working for the FBI.

“I also work for the FBI on Tuesdays at 1pm in memphis, tn,” Poland wrote. “They allow me to continue this business and have full access. The FBI also use the site so that they can moniter [sic] the activitys [sic] of online users.. They even added a nice IP logger that logs the users IP when they login.”

When I asked Poland to provide more information that I might use to verify his claims that he was working for the FBI, the conversation turned combative, and he informed me that I wasn’t allowed to use any of the information he’d already shared with me. I replied that I hadn’t and wouldn’t agree that any of our discussion was to be off the record, and he in turn promised to sue me if I ran this story. That was more or less the end of that conversation.

As to the relative legality of booter services, I consulted Mark Rasch, a security expert and former attorney for the U.S. Department of Justice. Rasch said companies hire stress testing services all the time, but usually as part of a more inclusive penetration testing engagement. In such engagements, Rasch said, it is common for the parties conducting the tests to insist upon and obtain beforehand a “get out of jail free card,” essentially a notarized letter from the customer stating that the testing firm was hired to break into and otherwise probe the security and stability of the targeted Web site.

“This is also why locksmiths generally force you to show ID that proves your address before they’ll break into a house for you,” Rasch said. “The standard in the security industry is not only to require proof that you own the sites that are going to be shut down or attacked, but also an indemnification provision.”

On Monday, I pinged Mr. Poland once more, again using Facebook’s chat function. I wanted to hear more about his claim that he was working for the feds. To my surprise, he gave me the number of a Memphis man he referred to as his FBI contact, a man Poland said he knew only as “Agent Lies.”

The man who answered at the phone number supplied by Poland declined to verify his name, seemed peeved that I’d called, and demanded to know who gave me his phone number. When I told him that I was referred to him by Mr. Poland, the person on the other end of the line informed me that he was not authorized to to speak with the press directly. He rattled off the name and number of the press officer in the FBI’s Memphis field office, and hung up.

Just minutes after I spoke with “Agent Lies,” Justin dropped me a line to say that he could not be my ‘friend’ any longer. “I have been asked to block you. Have a nice day,” Poland wrote in a Facebook chat, without elaborating. His personal Facebook page disappeared moments later.

Not long after that, I heard back from Joel Siskovic, spokesman for the Memphis FBI field office, who said he could neither confirm nor deny Poland’s claims. Siskovic also declined to verify whether the FBI had an Agent Lies.

“People come forward all the time and make claims they are working with us, and sometimes it’s true and sometimes it’s not,” Siskovic said. “But it wouldn’t be prudent for us to confirm that we have individuals helping us or assisting us, either because they’re being good citizens or because they’re somehow compelled to.”

Update, June 1: A little Googling shows that there is in fact an FBI Agent Lies in the Memphis area. Many of the public cases that Agent Lies has testified in appear to be child-exploitation related, such as this one (PDF).

Original post: I tried to imagine a scenario in which someone in Poland’s situation would make up a story like that, or — if the story were true — might be bold enough to brag about it. I went back over some of the screen shots I’d taken from Poland’s Facebook account before it was deleted, and discovered a saddening discussion where Poland says he is depressed because he can’t quit his habit of smoking marijuana incessantly. In one post he admits to spending more than $1,200 a week on pot. I’m not sure if $1,200 worth of weed is even humanly possible for one man to consume on his own in a week and still function, but it would certainly explain his erratic behavior. Anyway, apparently business is good.

leakforumsjustinI had a lot of help on this research from Brandon Levene and Allison Nixon, two security consultants who have been digging into the booter scene for some time now. Levene and Nixon said they happened on after a generic search for other booters indicated it was one of the top three results.

“What made things interesting, however, were the top advertisements for this service from a forum poster using the name ‘Primal Rage,’” Levene said. “The contact information across multiple forums included the email, which tied to a [now-defunct] Facebook page for Velocity Production, and from this page we identified the private Facebook account of the owner, Justin Poland. Further research revealed more forum profiles using the name Primal Rage and another domain,, registered to Justin Poland (

Levene said the biggest break in their research came from a fawning post on a slightly less public site – – a forum dedicated to sharing information on, well, leaked forum databases for one thing. In a twist that makes this already odd story even weirder, Primal Rage/Justin says in his application for membership on that he is starting a new company called “Booter Be Gone,” which he said would be all about “leaking booters online and there [sic] databases.”

The short CV he posted to the leakforums application said he had experience as a computer repair technician and “Ddos mitigation specialist.” Translation: Eliminate the competition by leaking their databases, and then sell DDoS mitigation services to businesses besieged by attacks of the sort launched by his booter services. What could go wrong?

“Justin’s cross-contamination of online personas  led me to dig deeper,” Levene said. “Simply by drawing focus he made himself a target. The whole thing with his service being for ‘legitimate stressing’ is silly. Even the news updates from the login panel are discussing ways to target users.”

Nixon said her research on showed it to be a booter under active development and one that seems to average more than 400 attacks per day.

Ragebooter's network structure. Image: Allison Nixon.

Ragebooter’s network structure. Image: Allison Nixon.

Oh, and that backdoor Poland claims he added for the FBI? Nixon may have found at least one of them:

“The booter has some information leakage problems too,” Nixon said.  ”The victims can see the username of the logged in attacker because that info is, bizzarely, sent within attack traffic.”

The real irony of all this? Poland admitted in one of our Facebook chats that his own site was recently breached, leading to the leak of ragerbooter’s user database; the attackers broke into his Skype account, and then rifled through his Skype chats until they found login credentials to his servers. Was it the work of hackers allied with competing booter services? A spurned FBI agent? Or Justin himself? One thing’s for sure: If Poland’s “booter be gone” soon, it is nobody’s fault but his own.

One final note: Services like would not be nearly as usable or profitable if they were unable to accept payment via PayPal. A Paypal spokesperson declined to comment on this particular booter service, but said the use of its service for DDoS-for-hire sites would violate its terms of use agreement.

“While we cannot share specifics on our customers’ accounts due to our privacy policy, we can confirm that we will review suspicious accounts for malicious activity and work with law enforcement to ensure cyber criminals are reported properly. We take security very seriously at PayPal and we do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down web sites.”

Krebs on Security: DDoS Services Advertise Openly, Take PayPal

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of today’s so-called “booter” or “stresser” services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.

Asylum's attack options.

Asylum’s attack options.

Many of these booter sites are based on the same source code, meaning that any vulnerabilities in that code can be used to siphon data from the back-end databases of multiple, competing services. This happened in March to, a service that was used to launch a volley of attacks against this blog, among others.

Today we’ll be taking a closer look at another booter service whose customer database was recently leaked: (a.k.a. Like other booter services, isn’t designed to take down large Web sites that are accustomed to dealing with massive attacks from Internet extortionists. But these services can and are used to sideline medium-sized sites, although their most common targets are online gaming servers.

Asylum says it deletes records of attacked sites after one month, and the leaked database confirms that. But the database also shows the sheer volume of online attacks that are channeled through these services: Between the week of Mar. 17, 2013 and Mar. 23, 2013, was used to launch more than 10,000 online attacks.

According to the leaked database for Asylum, the administrator and first registrant on the site uses the address That same email address was the beneficiary of more than $35,000 in Paypal payments made by customers of the service. Overall, more than 33,000 user accounts were created on the site.

That address also is tied to a Facebook account for a 17-year-old honor roll student named Chandler Downs from suburban Chicago. A reverse WHOIS report (PDF) ordered from shows other interesting sites registered with that same email address.

In a brief interview conducted over Gmail chat, Downs maintained that the service is intended only for “stress testing” one’s own site, not for attacking others. And yet, includes a Skype resolver service that lets users locate the Internet address of anyone using Skype. Asylum’s resolver wouldn’t let me look up Downs’ own Skype address — “hugocub1.” But another Skype resolver service shows that that Skype username traces back to a Comcast Internet address outside of Chicago. also features a ad that highlights the service’s ability to “take down your competitors’ servers or Web site.”

“Do you get annoyed all the time because of skids on xBox Live? Do you want to take down your competitors’ servers or Web site?,” reads the site’s ad, apparently recorded by this paid actor at “Well, boy, do we have the product for you! Now, with asylumstresser, you can take your enemies offline for just 30 cents for a 10 minute time period. Sounds awesome, right? Well, it gets even better: For only $18 per month, you can have an unlimited number of attacks with an increased boot time. We also offer Skype and tiny chat IP resolvers.”

Downs said he was not the owner of the site – just the administrator. He shrugged off the ad’s message, and said Asylum wasn’t responsible for what customers did with the service.

“You are able to block any of the ‘attacks’ as you say with rather basic networking knowledge,” Downs said. “If you’re unable to do such a thing you probably shouldn’t be running a website in the first place. No one would spend money to stress a site without a reason. If you’re giving someone a reason, that’s your own fault.”

Not so fast, said Mark Rasch, a computer security expert and former U.S. Justice Department attorney.

“If they’ve got their fingers on the trigger and they launch the attacks when they’re paid to, then I would say they’re criminally and civilly liable for it,” Rasch said.

Allison Nixon, a security consultant who recently left a job analyzing attack traffic at Dell SecureWorks, looked at all of the attack methods offered by Aslyum. Nixon said she was disappointed to discover a glitch in the site’s code: No matter which attack method she chose, the booter ran the same attack: A reflected DNS attack, and some weeks later, a UDP flood.

“They promise all these attacks – like Layer 7 attacks, SYN floods, Apache memory exhaustion, and all I ever got was reflected DNS attacks and UDP floods,” Nixon said. ”Booters are written and modified by amateur coders who often don’t know what they are doing, so these sort of bugs are unsurprising.”

Nixon noted that all of the packets incoming from the traffic she ordered to her test machines appeared to have been sent from spoofed IP addresses. However, when she used the “Down or Not?” host checker function on Asylum, the site responded from what appears to be the real Internet address of one of the servers that are used to launch the attacks: She noted that a booter service that appears to be a clone of Asylum – – is hosted on the same network — at

Asylum, like most other booter services, is hidden behind Cloudflare, a content distribution network that helps sites block attacks that services like Asylum are designed to launch. Apparently, getting attacked is something of an occupational hazard for those running a booter services. Behind the Cloudflare proxy, Nixon found that the secret IP for the Asylum stresser Web frontend was

Both IP addresses map back to Voxility, a hosting facility in Romania that has a solid reputation in the cybercrime underground for providing so-called “bulletproof hosting” services, or those that generally turn a deaf ear to abuse complaints and requests from law enforcement officials. In January 2013, I profiled one data center at this ISP called that was being used as the home base of operations for the organized cybercrime gang that is currently facing charges of developing and distributing the Gozi Banking Trojan.

“I think it is outrageous that Paypal processes money for these people,” Nixon said of Asylum. “If law enforcement cared at all, every booter uses Paypal and the owners’ real financial info will be tied up in it.  It would be super easy for the cops to find them and round all of them up.  And if the info is fake, Paypal should be freezing those accounts.”

Update, 8:24 p.m. ET: A Paypal spokesperson sent the following statement in response to this story:

“While we cannot share specifics on our customers’ accounts due to our privacy policy, we can confirm that we will review suspicious accounts for malicious activity and work with law enforcement to ensure cyber criminals are reported properly. We take security very seriously at PayPal and we do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down web sites.”

Update, May 16, 12:07 p.m. ET: Downs took rather strong exception to several statements in this story. Principally, he maintains the site is owned by someone else, but he has not supplied any information about that individual other than a commonly-used hacker handle. I thought it made sense to share a few more details about my reporting that led me to believe Downs was running the site, if not also profiting directly from it. Check out this thread from, where this service is primarily advertised. It shows that the user “Asylum” states that his contact nickname on Skype is “hugocub1,” which as mentioned in the story above traces back to a user in Chicago. But a more important and interesting find comes from Downs’ channel (referred to by his gaming profile XBLvirus — one of the nicks listed in the Domaintools report linked above), which features mostly videos of his xBox Live gaming and hacking prowess. In one video, the narrator can be heard stating, “Hey youtube, what’s up, it’s Chandler from darklitstudios.” At around  4:01 in this video, if you pause it just right, you can see Lastpass listing his available stored passwords, including several different accounts using the nickname “hugocub”. Hat tip to Allison Nixon for digging up this additional information.

TorrentFreak: As BitCoins Roll In, The Pirate Bay Adds Support For LiteCoin Donations

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

litecointpbFor many years it was relatively easy to fund file-sharing sites. There were a number of options available, from advertising and affiliate schemes, to straightforward PayPal-type donations.

While all of these mechanisms still exist today, there has been a tightening of restrictions.

Pressure is being applied to advertisers like never before and outfits such as PayPal are clamping down on payment processing for file-sharing sites. Unless they successfully pass through PayPal’s pre-approval system, facilities can be withdrawn in an instant.

File-hosting sites have suffered a great deal from this new regime too, and the signs are that private torrent sites – who rely heavily on donations – are also feeling the pain. Both are generally unwelcome to do business with PayPal and the signs are that companies such as Mastercard and Visa are also hardening their stances too.

However, as these forces come into play, sites are looking to augment their income by other means and as we’ve seen recently the crypto-currency BitCoin is appearing more regularly on file-sharing sites and services.

More and more VPN and seedbox companies are accepting BitCoin payments and last week The Pirate Bay added their BitCoin link to the site’s main page.

The site has never accepted donations from its users but the decision to add this anonymous chip-in option has turned out well. In just seven days the site has received a total of 174 Bitcoin donation transactions with a value today of around $2,000, a decent amount that could stretch out to more than $100,000 over the next 12 months.

While BitCoin (BTC) is definitely the number one player in the crypto-currency market, there are other options, some of which claim technical improvements over BTC making them more usable on a day to day basis. The Pirate Bay has just added donation support for one such currency – LiteCoin.


LiteCoin is a peer-to-peer currency based on the BitCoin protocol and is the number two player in the market. One LTC is currently worth just over $3.70, a far cry from a single BTC’s value of around $140 at the time of writing.

Nevertheless, according to its creators LiteCoin (LTC) boasts a couple of advantages. Unlike BitCoin, LiteCoin can still be mined on consumer hardware, and where BitCoin transaction times can sit between ten minutes and an hour, LTC takes a couple of minutes.

At the time of writing The Pirate Bay had received 50.6 LTC so getting rich by this mechanism will take a considerable time yet. Still, it’s money they would’ve never had and when added to the BitCoins already coming in it helps to pay the bills.

The question now is that considering the building pressure from authorities and payment processing companies, how long will it take for currencies such as BitCoin and LiteCoin to become a viable means of keeping file-sharing sites alive. Adaption and evolution in response to aggressive market forces isn’t only something that entertainment industry companies have to think about.

Know a torrent or file-sharing related site that accepts BitCoin, LiteCoin or similar currency? Please let us know.

Source: As BitCoins Roll In, The Pirate Bay Adds Support For LiteCoin Donations