Tag Archives: anonymous

Steal This Show S01E14: KickassTorrents Down!

Post Syndicated from J.J. King original https://torrentfreak.com/steal-show-s01e14-kickasstorrents/

stslogoThe alleged owner of KickassTorrents was arrested last week, to be extradited from Poland to the United States. The site – at least the original version – remains offline.

In this episode of STEAL THIS SHOW, we invite Peter Sunde, co-founder of The Pirate Bay, Andrew Norton, US Pirate Party chairman, and Gary Fung, founder of isoHunt, to discuss this critical event, its significance for the torrent community, and implications for the world of P2P.

We discuss the propriety of extraordinary rendition for copyright crime, the question of how much money pirates are really making, and how the anti-P2P agenda is leading to further decentralisation. Kickass Torrents, we learn, is just one head of the many-headed hydra.

Steal This Show aims to release bi-weekly episodes featuring insiders discussing copyright and file-sharing news. It complements our regular reporting by adding more room for opinion, commentary and analysis.

The guests for our news discussions will vary and we’ll aim to introduce voices from different backgrounds and persuasions. In addition to news, STS will also produce features interviewing some of the great innovators and minds.

Host: Jamie King

Guests: Peter Sunde, Gary Fung and Andrew Norton.

Produced by Jamie King
Edited & Mixed by Riley Byrne
Original Music by David Triana
Web Production by Siraje Amarniss

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Openload Domain Suspended By Namecheap

Post Syndicated from Andy original https://torrentfreak.com/openload-domain-suspended-by-namecheap-160726/

namecheapCopyright holders know that one of the most effective ways to hinder a file-sharing site is to attack its domain. As a result, various strategies have emerged to deprive owners of their use.

Those methods range from a basic complaint to registrars over incomplete or inaccurate WHOIS entries, to the more complex seizing of domains via the legal system.

The amount of time spent on enforcement is often comparable with the quality of the end results. WHOIS information is quickly fixed but domains ordered seized by a judge tend to stay that way forever.

Interestingly, a situation now faced by a leading file-hosting site might lie somewhere in the middle.

Openload is one of the most-used file-hosting platforms on the Internet, with more traffic than 4shared, Rapidgator and Uploaded. It has a worldwide Alexa rank of 402 and millions of visitors every week but yesterday a wrench was thrown into the works.

Around 18:22 Monday, Openload’s .co domain was suspended by its registrar Namecheap. As can be seen in the entry below, the reason is reported as “abuse”.


Namecheap passed our request for comment to its legal department who have yet to formally respond. However, we were able to contact the operator of Openload who confirmed that there had been an alleged breach of Namecheap’s Terms of Service.

“Namecheap suspended our domain for abuse according to their TOS,” Openload’s operator told TF. “Basically, they just said that they received too many DMCA reports.”

It is fairly unusual for a domain registrar to be targeted with so many copyright complaints since they are traditionally directed at the site itself, its webhost, or both. In this case, however, Namecheap appears to have been overwhelmed.

To get an idea of potential scale, in less than a year Google has received in excess of 450,000 DMCA complaints against Openload’s .co and .io domains.


The range of entertainment companies involved is broad, from the RIAA, Netflix and Warner Bros, to various Japanese anime distributors. Indeed, a large proportion of Openload’s traffic hails from Japan.

That being said, Openload says it is DMCA-compliant and processes complaints in a timely fashion.

“[The complaints received by Namecheap] were of course all taken down within 6-24 hours, but the number of notices is too much for them,” the site told us.

Copyright holders do have other options though. In addition to inviting complaints via a standard web form, Openload also offers a takedown tool.

“Openload is anxious to optimize the process of taking down files that violate copyright. Therefore Openload is offering a takedown API,” the site says.

But while takedowns are important, Openload does have a feature that tends to irritate copyright holders – paying uploaders for the amount of downloads they generate.

“We pay a fixed amount per 10,000 downloads/streams. Each payment amount per download/stream depends on the country the actions comes from,” the site explains on its rewards page.


Of course, YouTube also pays uploaders for the amount of traffic they generate but copyright holders have traditionally drawn a line in the sand when the same is offered by Openload-type hosting sites. The U.S. Department of Justice indictment against Megaupload famously paints a loosely similar scheme in a very dim light.

For now, Openload has lost control of its main Openload.co domain but the site is back up and running at Oload.co, a domain that was purchased last night following Namecheap’s suspension.

“Our site is reachable via oload.co which is actually a kind of read-only site. All features will return on the new domain during the next hours,” Openload’s operator concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Orders News Site Blocked Following Article Piracy

Post Syndicated from Andy original https://torrentfreak.com/court-orders-news-site-blocked-following-article-piracy-160726/

news-smallWhile countries like China have a dubious reputation for online censorship, millions of Internet users are now reluctantly becoming accustomed to sites being blocked on copyright grounds.

The practice is present in scattered countries across Europe but is most prevalent in the UK where more than a thousand sites are now being rendered inaccessible by regular means.

Most of the complaints originate from traditional copyright holders such as movie, TV show and recording labels, but a new threat has just emerged in Russia for the very first time.

Launched in 1999, Gazeta.ru is one of Russia’s leading Internet news resources and the 68th most-visited site overall. The platform enjoys an impressive 11 million readers each month but like many others it claims to have a problem with people republishing its content without permission.

Back in March, Gazeta published an article about tourism in Azerbaijan. The piece was popular with Gazeta readers but other commercial outfits were also attracted to the content. One of them, Story-media.ru, later reproduced the Gazeta article in full, without obtaining permission from the copyright holder.

In the world of news this is hardly a rare event. Many outlets find their articles being reproduced elsewhere on the Internet without permission and within seconds of publication. However, Gazeta decided that enough was enough and decided to fight back.

Using the same copyright complaints system that has been used countless times by movie studios and record labels since its 2013 introduction, Gazeta filed a case at the Moscow City Court.

Categorizing the tourism article as a “literary work” (literary works were added to Russia’s anti-piracy law last May), Gazeta owner Rambler & Co demanded action against Story-media.ru for the unauthorized reproduction of its copyright work.

According to Vedomosti, lawyers for Rambler & Co argued that the company “consistently fights the illegal placement of [copyrighted] content” and since the operators of Story-media.ru hide their identities (WHOIS is anonymous), the site should be blocked.

The Moscow City Court found the argument persuasive and in response ordered Russian ISPs to immediately block Story-media.ru. The court order describes the injunction as “an interim measure” designed to protect the “intellectual rights to the literary work.”

While plenty of torrent, streaming and linking sites have been blocked under the same process, this is believed to be the first use of Russia’s anti-piracy law to block a news resource following a complaint from a publisher over a written article.

Gazeta has previously taken action against a site that published an infographic without permission, resulting in the block of media site go2life.net, Vedomosti reports.

Story-media.ru now needs to respond to the Gazeta complaint but it is unclear whether it will do so. The site is currently offline.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KickassTorrents Community Resurrects, Without Torrents

Post Syndicated from Ernesto original https://torrentfreak.com/kickasstorrents-community-resurrects-without-torrents-160725/

kickasstorrents_500x500With an active community and millions of regular visitors, KickassTorrents was much more than a site to leech the latest torrents from. Many considered it to be their virtual home.

This ended abruptly last week, following the arrest of its alleged founder in Poland. A criminal complaint from the U.S. Government revealed that the entire operation had been compromised by the Department of Homeland Security.

Although not all domain names and servers were seized, the site quickly disappeared and after nearly a week there is still no sign of life. At least, not at the original site.

Over the past few days, several members of the KAT team have regrouped in an effort to get the community part of the site back up. Since then they have launched Katcr.co, which hosts a forum where several staffers are present.

Speaking on behalf of the KAT-team that’s left, Mr.Black says that the criminal investigation won’t be the end of the community.

“We need to remember that Kickass Torrents is not simply about uploading, the heart and soul of KAT is our members, which are family and family is important as we all know. Nothing can ever take that away and no matter what happens we will not let our community down.”

“We guarantee that KAT will continue in one form or another and we will come back stronger than ever,” Mr.Black adds.

The forum, created by Mr.Prairi3DoG, has already gathered thousands of visitors over the past few days and continues to grow. While many of the original team members are present, it doesn’t necessarily mean that the original site will be restored as well.

KAT forum


TorrentFreak has learned that remaining “KAT team” doesn’t have access to the original code. They are mainly people who kept the site clean and in order, in the role of moderator or administrator, and who have no contact with the alleged site owner.

However, if the “owners” of the site would like to make a comeback, they will have the support of the KAT team that’s now trying to keep the community alive.

“Should the business owners choose to revive KAT then they will have our full support,” Mr.Black says.

He further notes that the site was taken down “under dubious circumstances” and calls the charges against the alleged operator “murky” at best. “No copyrighted material was ever stored on Kickass Torrents and the site was fully DMCA compliant,” Mr.Black says.

KAT spirit is still alive


For now, the forum will give estranged KAT users a place to get together once again. However, many are also still looking for alternatives, with various KAT mirrors growing in popularity.

The KAT team has noticed this as well, but warns that none of these are connected to the old team, urging people to proceed with caution.

“Please be aware that there is no legitimate fully-working KAT site available so be cautious and never attempt to login to any fake sites that may appear online,” Mr.Black warns.

Meanwhile, the alleged operator of KickassTorrents faces extradition to the United States. As far as we know he still remains in Poland, but the authorities haven’t announced any new information since last week, while the court case remains sealed.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

20th Century Fox Accuses Kim Dotcom of Asset Freeze Breach

Post Syndicated from Andy original https://torrentfreak.com/20th-century-fox-accuses-kim-dotcom-of-asset-freeze-breach-160725/

dotcom-laptopIn the early days of 2012, Kim Dotcom was the operator of arguably the most successful file-hosting site the world had ever seen. With 50 million daily users, Megaupload seemed to be an unstoppable juggernaut. Three weeks later it was all over.

As law enforcement officers raided the company and its operators in multiple locations, authorities were seeking to freeze Kim Dotcom’s considerable assets. Dozens of millions of dollars were seized in multiple jurisdictions, including locally in New Zealand.

Since then, Dotcom and his legal team have engaged in frequent battles to have funds released so that the businessman can go about his life. On the whole, the New Zealand courts have been receptive, and over the past several years have granted Dotcom access to considerable sums of money.

Now, however, one of his main legal adversaries has accused Dotcom of breaching the terms of the asset freeze imposed in 2012. Speaking in the New Zealand High Court, a lawyer for 20th Century Fox said that Dotcom had taken a loan from his lawyers on behalf of a trust for his children.

Speaking for the studio, lawyer Matt Sumpter said the NZ$220,000 (US$154,000) loan amounted to contempt of court, RadioNZ reports.

However, Kim Dotcom’s lawyer Ron Mansfield argued that the loan was a new asset that was not covered by the original freezing order and represented an increase in his clients’sassets, not a reduction.

Dotcom has been free to generate new income since the raid on his home but has been required to obtain permission to access seized assets. Last year he said that an allowance of US$15,000 per month was proving a struggle.

That led to a court awarding him $128K per month to live on, including $60K for mansion rent, $25,600 to cover staff and security, plus $11,300 for grocery and other expenses.

However, in recent months he left his famous mansion for a slightly more modest waterfront penthouse at Princes Wharf, a move which should have positively impacted his living expenses.

Since his departure, Dotcom’s rented mansion has since been sold for an undisclosed sum. The asking price was NZ$35m (US$24.4m).

But even with the mansion behind him, Dotcom’s battles continue.

Following an extradition hearing lasting several weeks, last December a New Zealand District Court judge ruled that Dotcom and his former Megaupload colleagues can be extradited to the United States to face charges of copyright infringement, conspiracy, money laundering and racketeering.

Dotcom immediately filed an appeal. That hearing is now scheduled to take place in just over a month’s time and is expected to last several weeks.

As always, Dotcom will put up a spirited fight but even a defeat at this stage won’t mark the end of the road.

“The appeal route is High Court, Court of Appeal, Supreme Court,” Dotcom previously told TF.

“If I lose, it goes to a decision by Minister of Justice, then to a High Court judicial review of the Minister’s decision. Then it’s the end of the road.”

The process will span extremely interesting times over in the United States, as the spotlight falls on the presidential election and the Obama administration which Dotcom blames for the demise of Megaupload. As a result, Dotcom is happy to stir things up, most recently in a series of Tweets this morning.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top 10 Most Pirated Movies of The Week – 07/25/16

Post Syndicated from Ernesto original https://torrentfreak.com/top-10-pirated-movies-week-072516/

xmenapoThis week we have three newcomers in our chart.

X-Men: Apocalypse, which came out as HDRip with Korean subtitles, is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

Ranking (last week) Movie IMDb Rating / Trailer
1 (10) X-Men: Apocalypse (Subbed HDRip) 7.7 / trailer
2 (1) Central Intelligence 6.9 / trailer
3 (…) Batman: The Killing Joke 7.3 / trailer
4 (2) Warcraft (subbed HDRip) 7.7 / trailer
5 (3) The Purge: Election Year (subbed HDRip) 6.3 / trailer
6 (…) Ghostbusters (TS) 5.3 / trailer
7 (5) Batman v Superman: Dawn of Justice 7.0 / trailer
8 (…) The Secret Life of Pets (HDTS) 6.8 / trailer
9 (4) The Legend of Tarzan (HDTS) 6.9 / trailer
10 (9) Independence Day: Resurgence (HDTS) 5.6 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KAT Takedown Triggers Traffic Spike at Torrent Sites

Post Syndicated from Ernesto original https://torrentfreak.com/kat-takedown-triggers-traffic-spike-at-torrent-sites-160724/

kickasstorrents_500x500With millions of unique visitors per day KickassTorrents (KAT) was the largest file-sharing site in the world.

In fact, shortly before the site went offline it was the 69th most-visited site on the entire Internet, beating Craigslist, Alibaba and the BBC.

Today, however, the site is still offline and there haven’t been any signs of an imminent comeback. This means that KAT’s millions of users have to find a new home to get their daily torrent fix.

The Pirate Bay appears to be one of the prime alternatives. The notorious torrent site has been operating steadily recently, aside from some occasional downtime, and is still seen by many as the Godfather of all torrent sites.

At the end of 2014 many Pirate Bay users moved to KAT, when the site suffered more than a month of downtime. To get the latest torrents and discuss the latest developments, among other things. Now many KAT users are likely to switch in the other direction.

TorrentFreak spoke with TPB staff member Spud17, who has seen some increase in forum traffic in recent days. She says they will welcome homeless torrenters with open arms.

“When both TPB and its forum went down, we had overwhelming support from KAT users on their forum, and our staff were able to keep the communities updated on important news and announcements thanks to the help and messages of support we received.

“Reciprocation is only right and we hope KAT staff will keep us informed of any official news/announcements so that we can help to inform,” Spud17 adds.

As for the future, the TPB staffer believes that the KAT community is strong enough to survive one way or another.

“Personally, I think KAT will be back, their community is too strong to just fizzle out, much like the TPB community seeking refuge on IRC meant it stayed together during downtime, I’m sure the KAT community will keep the faith,” Spud17 notes.

Another refuge for KAT users is ExtraTorrent, which was already the third largest torrent site before the KAT takedown. TorrentFreak spoke to an operator of the site who said that they’re seeing a significant traffic spike.

“So far we got 200% signup, and 300% traffic increase at ExtraTorrent,” ET’s SaM told us a day after KAT went down.

Similar to KAT, ExtraTorrent has an active community and forums, which makes it one of the most natural alternatives.

Despite the traffic boost, ExtraTorrent’s operator is not happy to see another site going down. However, he is not willing to throw in the towel and believes that the “torrent community” will survive this setback.

“It is sad to see an iconic site go this way, and it shows how the torrent community is targeted by all means. But, I guess torrenting will prevail and this doesn’t mean the death or end of this era,” SaM says.

Another operator of one of the top torrent sites, who spoke with us on condition of anonymity, reports a traffic increase as well, albeit a small one. The site in question targets a different audience, which may explain the limited effect.

“We’re seeing a small traffic increase, but then again we were never the KAT type of site. So KAT’s users will not move to us,” the operator says.

Despite from the traffic spikes, some torrent sites were adversely affected this week. The popular torrent caching service Torcache.net went offline at the same time KAT did, which is likely related.

As a result, torrents on 1337x.to, Monova and other sites that use the same service are not loading at the moment. Time will tell if and how these events are connected.

It is safe to say, however, that the KAT downtime has had a significant effect on the torrent community. But as history has shown time and time again, it’s doubtful that it will stop many people from sharing files in the long run.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

VKontakte CEO: Time to Remove Us From ‘Pirate’ Blacklists

Post Syndicated from Andy original https://torrentfreak.com/vkontakte-ceo-time-to-remove-us-from-pirate-blacklists-160724/

After years of being branded one of the world’s worst Internet piracy facilitators, last week social networking giant vKontakte took another important step towards making peace with rightsholders.

Parent company Mail.ru signed a licensing agreement with Universal Music and United Music Agency which will see music and video content appear legally on vKontakte, Classmates (Odnoklassniki) and My World, the three most-visited social networking sites in Russia.

With all copyright-related disputes now settled with Universal Music, the deal effectively transforms bitter conflict into cooperation, opening up opportunities for music sales development in a notoriously difficult region.

To find out more about the deal, this week TF caught up with VKontakte CEO Boris Dobrodeyev, who told us he’s optimistic for the future.

TF: Can you explain how the music licensing system with Universal Music will work?
BD: In accordance with the terms of the agreement, we cannot disclose the specific licensing provisions. However, we can say that the licensing agreements cover use of content on existing and planned new services on all of Mail.Ru Group’s social networks: VKontakte, Odnoklassniki and My World.

TF: What happens to the thousands/millions of ‘pirate’ tracks that are stored already on VKontakte? Do these effectively become legal or will Universal Music be supplying new content?
BD: The term “piracy” is not applicable to User Generated Content (UGC) services. Our position, which we have successfully defended in legal disputes, is that we do not distribute pirate content.

VKontakte’s content is user-generated, and so the rights holders’ requests were directed to them. From our side, we do everything that we can to protect the rights of the holders and remove content that violates their ownership rights.

Now that VKontake has signed the respective agreements with the major music companies, it is implementing substantial measures to identify the ownership of user content on the basis of the original files provided by the rights holders. VKontakte’s new services will be created using original content from the labels (including Warner, Sony and Universal).

Boris Dobrodeyev, VKontakte CEO

Boris Dobrodeyev

TF: Is VKontakte obliged to end all music piracy on its platform now, or just for the recoding labels it has struck a deal with?
BD: We would reiterate that the term “piracy” is not correct when talking about UGC services. Following significant efforts to license music content, the overwhelming majority of music by global artists on VK is completely legal.

With regard to music rights holders that have not yet signed an agreement with VK, at the very least they are able to use the existing procedures and technology in place to remove content and prevent it from being re-uploaded. It goes without saying that we also intend to sign corresponding agreements with these other rights holders in the near future.

We would add that many users and artists voluntarily upload their own music to VK in order to increase their popularity.

TF: Will fingerprinting technology or any other anti-piracy measures implemented?
BD: Yes, we intend to use a unique content identification system, which we developed in-house, and is similar to the technologies used in Audible Magic and Gracenote Content ID.

We will work together with the rights holders to continuously improve this technology in line with the development of the IT industry in general.

Moving forward

Of course, after years of copyright disputes vKontakte’s reputation in the United States has been somewhat sullied, largely due to rightsholders lobbying the United States Trade Representative to add the site to its Notorious Markets list. Dobrodeyev informs TF that it’s now time to move forward.

“We certainly hope that VKontakte will be removed from ‘piracy’ lists following the settlements and taking into account the enormous amount of work that the network has undertaken in this area,” he concludes.

Mail.ru and its subsidiaries now have licensing agreements in place with the three leading recording labels – Universal Music Group (UMG), Warner Music and Sony Music. Together they’ll hope to make inroads and indeed profit from a difficult and largely untapped Russian music market.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

isoHunt Founder Settles with Music Industry for $66 Million

Post Syndicated from Ernesto original https://torrentfreak.com/isohunt-founder-settles-cria-66-million/

isohunt-fredomAfter years of legal battles, isoHunt and its founder Gary Fung are free at last.

Today, Fung announced that he has settled the last remaining lawsuit with Music Canada, formerly known as the Canadian Recording Industry Association (CRIA).

“After 10 long years, I’m happy to announce the end of isoHunt’s and my lawsuits,” Fung says, noting that he now owes the Canadian music group $66 million.

The multi-million dollar agreement follows an earlier settlement with the MPAA, for $110 million, on paper. While most site owners would be devastated, Fung has long moved beyond that phase and responds rather sarcastically.

“And I want to congratulate both Hollywood and CRIA on their victories, in letting me off with fines of $110m and $66m, respectively. Thank you!” he notes, adding that he’s “free at last”.

The consent order (pdf) signed by the Supreme Court of British Columbia prohibits isoHunt’s founder from operating any file-sharing site in the future.

It further requires Fung to pay damages of $55 million and another $10 million in aggravated punitive damages. The final million dollars is issued to cover the costs of the lawsuit.

Although isoHunt shut down 2013, it took more than two years for the last case to be finalized. The dispute initially began in the last decennium, when the Canadian music industry went after several prominent torrent sites.

In May 2008, isoHunt received a Cease and Desist letter from the CRIA in which they demanded that isoHunt founder Gary Fung should take the site offline. If Fung didn’t comply, the CRIA said it would pursue legal action, and demand $20,000 for each sound recording the site has infringed.

A similar tactic worked against Demonoid, but the isoHunt founder didn’t back down so easily. Instead, he himself filed a lawsuit against the CRIA asking the court to declare the site legal.

That didn’t work out as isoHunt’s founder had planned, and several years later the tables have been turned entirely, with the defeat now becoming final.

While the outcome won’t change anything about isoHunt’s demise, Fung is proud that he was always able to shield its users from the various copyright groups attacking it. No identifiable user data was shared at any point.

Fung is also happy for the support the site’s users have given him over the years.

“I can proudly conclude that I’ve kept my word regarding users’ privacy above. To isoHunt’s avid users, it’s worth repeating since I shutdown isoHunt in 2013, that you have my sincerest thanks for your continued support,” Fung notes.

“Me and my staff could not have done it for more than 10 years without you, and that’s an eternity in internet time. It was an interesting and challenging journey for me to say the least, and the most profound business learning experience I could not expect.”

The Canadian entrepreneur can now close the isoHunt book for good and move on to new ventures. One of the projects he just announced is a mobile search tool called “App to Automate Googling” AAG for which he invites alpha testers.

The original isoHunt site now redirects to MPAA’s “legal” search engine WhereToWatch. However, the name and design lives on via the clone site IsoHunt.to, which still draws millions of visitors per month – frustrating for the MPAA and Music Canada.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KickassTorrents’ Connections to the US Doomed the Site

Post Syndicated from Andy original https://torrentfreak.com/kickasstorrents-connections-to-the-us-doomed-the-site-160723/

katTo the huge disappointment of millions of BitTorrent users, KickassTorrents disappeared this week following an investigation by the Department of Homeland Security in the United States.

With a huge hole now present at the top of the torrent landscape, other sites plus interested groups and individuals will be considering their options. Step up their game and take over the top slot? Cautiously maintain the status quo? Or pull out altogether…

Make no mistake, this is a game of great reward, matched only by the risk. If the DHS complaint is to be believed, Kickass made dozens of millions of euros, enough to tempt even the nerviest of individuals. But while that might attract some, is avoiding detection almost impossible these days?

The complaint against KAT shows that while not inevitable, it’s becoming increasingly difficult. It also shows that carelessness plays a huge part in undermining security and that mistakes made by others in the past are always worth paying attention to.

Servers in the United States

Perhaps most tellingly, in the first instance KAT failed to learn from the ‘mistakes’ made by Megaupload. While the cases are somewhat dissimilar, both entities chose to have a US presence for at least some of their servers. This allowed US authorities to get involved. Not a great start.

“[Since 2008], KAT has relied on a network of computer servers around the world to operate, including computer servers located in Chicago, Illinois,” the complaint against the site reads.

The Chicago server weren’t trivial either.

“According to a reverse DNS search conducted by the hosting company on or about May 5, 2015, that server was the mail client ‘mail.kat.ph’.”

Torrent site mail servers. In the United States. What could go possibly go wrong?

In a word? Everything. In January 2016, DHS obtained a search warrant and cloned the Chicago servers. Somewhat unsurprisingly this gifted investigating agent Jared Der-Yeghiayan (the same guy who infiltrated Silk Road) valuable information.

“I located multiple files that contained unique user information, access logs, and other information. These files include a file titled ‘passwd’ located in the ‘etc’ directory, which was last accessed on or about January 13, 2016, and which identified the users who had access to the operating system,” Der-Yeghiayan said.

Servers in Canada

KAT also ran several servers hosted with Montreal-based Netelligent Hosting Services. There too, KAT was vulnerable.

In response to a Mutual Legal Assistance Treaty request, in April 2016 the Royal Canadian Mounted Police obtained business records associated with KAT’s account and made forensic images of the torrent site’s hard drives.

Why KAT chose Netelligent isn’t clear, but the site should have been aware that the hosting company would be forced to comply with law enforcement requests. After all, it had happened at least once before in a case involving Swedish torrent site, Sparvar.

Mistakes at the beginning

When pirate sites first launch, few admins expect them to become world leaders. If they did, they’d probably approach things a little differently at the start. In KAT’s case, alleged founder Artem Vaulin registered several of the site’s domains in his own name, information that was happily handed to the DHS by US-based hosting company GoDaddy.

Vaulin also used a Gmail account, operated by US-based Google. The complaint doesn’t explicitly say that Google handed over information, but it’s a distinct possibility. In any event, an email sent from that account in 2009 provided a helpful bridge to investigators.

“I changed my gmail. now it’s admin@kickasstorrents.com,” it read.

Forging further connections from his private email accounts to those operated from KAT, in 2012 Vaulin sent ‘test’ emails from KAT email addresses to his Apple address. This, HSI said, signaled the point that Vaulin began using KAT emails for business.

No time to relax, even socially

In addition to using an email account operated by US-based Apple, (in which HSI found Vaulin’s passport and driver’s license details, plus his banking info), the Ukranian also had an iTunes account.

Purchases he made there were logged by Apple, down to the IP address. Then, thanks to information provided by US-based Facebook (notice the recurring Stateside theme?), HSI were able to match that same IP address against a login to KAT’s Facebook page.

Anonymous Bitcoin – not quite

If the irony of the legitimate iTunes purchases didn’t quite hit the spot, the notion that Bitcoin could land someone in trouble should tick all the boxes. According to the complaint, US-based Bitcoin exchange Coinbase handed over information on Vaulin’s business to HSI.

“Records received from the bitcoin exchange company Coinbase revealed that the KAT Bitcoin Donation Address sent bitcoins it received to a user’s account maintained at Coinbase. This account was identified as belonging to Artem Vaulin located in Kharkov, Ukraine,” it reads.

Final thoughts

For a site that the US Government had always insisted was operating overseas, KickassTorrents clearly had a huge number of United States connections. This appears to have made the investigation much more simple than it would have been had the site and its owner had maintained a presence solely in Eastern Europe.

Why the site chose to maintain these connections despite the risks might never be answered, but history has shown us time and again that US-based sites are not only vulnerable but also open to the wrath of the US Government. With decades of prison time at stake, that is clearly bad news.

But for now at least, Vaulin is being detained in Poland, waiting to hear of his fate. Whether or not he’ll quickly be sent to the United States is unclear, but it seems unlikely that a massively prolonged Kim Dotcom-style extradition battle is on the agenda. A smaller one might be, however.

While the shutdown of KAT and the arrest of its owner came out of the blue, the writing has always been on the wall. The shutdown is just one of several momentous ‘pirate’ events in the past 18 months including the closure (and resurrection) of The Pirate Bay, the dismantling of the main Popcorn Time fork, and the end of YTS/YIFY.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Digital Citizens Slam Cloudflare For Enabling Piracy & Malware

Post Syndicated from Andy original https://torrentfreak.com/digital-citizens-slam-cloudflare-for-enabling-piracy-malware-160722/

For the past several years, one of the key educational strategies of entertainment industry companies has been to cast doubt on the credibility of so-called ‘pirate’ sites.

Previously there have been efforts to suggest that site operators make huge profits at the expense of artists who get nothing, but there are other recurring themes, mostly centered around fear.

One of the most prominent is that pirate sites are dangerous places to visit, with users finding themselves infected with viruses and malware while being subjected to phishing attacks.

This increasingly well-worn approach has just been revisited by consumer interest group Digital Citizens Alliance (DCA). In a new report titled ‘Enabling Malware’, the Hollywood-affiliated group calls out United States-based companies for helping pirate site operators “bait consumers and steal their personal information.”

“When you think of Internet crime, you probably imagine shadowy
individuals operating in Eastern Europe, China or Russia who come up with devious plans to steal your identity, trick you into turning over financial information or peddling counterfeits or stolen content. And you would be right,” DCA begin.

“But while many online criminals are based overseas, and often beyond the reach of U.S. prosecutors, they are aided by North American technology companies that ensure that overseas operators’ lifeline to the public – their websites – are available.”

DCA has examined the malware issue on pirate sites on previous occasions but this time around their attention turns to local service providers, including hosting platform Hawk Host and CDN company Cloudflare who (in)directly provide services to pirate sites.

“Are these companies doing anything illegal? No more than the landlord of an apartment isn’t doing anything illegal by renting to a drug dealer who has sellers showing up day and night,” DCA writes.

“But just like that landlord, more often than not these companies either look the other way or just don’t want to know.”

Faced with an investigative dead-end when it comes to tracing the operators of pirate sites, DCA criticizes Cloudflare for providing a service which effectively shields the true location of such platforms.

“In order to utilize CloudFlare’s CDN, DNS, and other protection services customers have to run all of their website traffic through the CloudFlare network. The end result of doing so is masked hosting information,” DCA reports.

“Instead of the actual hosting provider, IP address, domain name server, etc., a Whois search provides the information for CloudFlare’s network.”

To illustrate its point, DCA points to a pirate domain which presents itself as the famous Putlocker site but is actually a third-party clone operating from the dubious URL, Putlockerr.ac.

“From websites such as putlockerr.ac consumers are tricked into downloading malware. For example, when a consumer clicks to watch a movie, they are sent to a new screen in which they are told their video player is out of date and they must update it. The update, Digital Citizens’ researchers found, is the malware delivery mechanism.”

There’s little doubt that some of these low-level sites are in the malware game so DCA’s research is almost certainly sound. However, just like their colleagues at the MPAA and RIAA who regularly shift responsibility to Google, DCA lays the blame on Cloudflare, a more easily pinpointed target than a pirate site operator.

Unsurprisingly, Cloudflare isn’t particularly interested in getting involved in the online content-policing business.

“CloudFlare’s service protects and accelerates websites and applications. Because CloudFlare is not a host, we cannot control or remove customer content from the Internet,” the company said in a response to the report.

In common with Google, Cloudflare also says it makes efforts to stop the spread of malware but due to the nature of its business it is unable to physically remove content from the Internet.

“CloudFlare leaves the removal of online content to law enforcement agencies and complies with any legal requests made by the authorities,” the company notes.

“If we believe that one of our customers’ websites is distributing malware, CloudFlare will post an interstitial page that warns site visitors and asks them if they would like to proceed despite the warning. This practice follows established industry norms.”

Finally, while DCA says it has the safety of Internet users at heart, its malware report misses a great opportunity. Aside from criticizing companies like Cloudflare for not doing enough, it offers zero practical anti-malware advice to consumers.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KickassTorrents Mirrors and Imposters Spring into Action

Post Syndicated from Ernesto original https://torrentfreak.com/kickasstorrents-mirrors-and-imposters-spring-into-action-160722/

With an active community and millions of regular visitors, KickassTorrents has been the most used torrent site for quite some time.

This ended abruptly earlier this week, following the arrest of its alleged founder in Poland. A criminal complaint from the U.S. Government revealed that entire operation had been compromised by the Department of Homeland Security.

Starting a few hours ago, the first Kickass domain was signed over to the U.S. authorities. Others are expected to follow during the days to come.

Kickass.to now displays a seizure notice, which means that the associated domain registry was quick to respond to the U.S. warrant. People who visit the Kickass.to address today will see the following banner, specifically tailored for KAT.

KAT’s seizure banner


As expected, the U.S. authorities are not the only ones to ‘lift’ KAT’s logo, many others are doing the same, but for a different reason.

Shortly after KAT went offline dozens of people began promoting mirrors and copies of the site. Some are just trying to keep lost files accessible, but there’s also a group trying to take over the brand, similar to the efforts seen following YIFY’s demise.

For example, the operator of Kickass.la sent an email to several reporters promoting a new KAT address. In a follow-up, we were told that the site is an “official backup,” and that a copy of the database is in their possession.

However, the site appears to be little more than a partial copy and the person behind it later admitted that they are not related to KAT.

Only adding to the confusion are the many other copies and alternatives claiming to be the official resurrection of KAT. Some even advertise themselves as such, but most have been available for a longer time as proxy/mirror sites.

Kickasstorrents.to, for example, has been around for a long time, hosting cached pages of the original site. The latter is also true for others, such as Dxtorrent.com. But in any case, there is no true backup with freshly added content available.

Another mirror that has been widely discussed is kickasstorrents.website.

Unlike others, the people behind this site are very clear about the fact that they are not related to the original KAT team. Their copy currently lists torrent files from the past one and a half years, but like other mirrors it doesn’t have a working forum or upload functionality.

“It’s not perfect but if users need to save and archive something it’s time. We don’t know how long it can last, but at least it’s something,” the site’s operator told TorrentFreak.

The people behind the site, who describe themselves as a group of individuals who stand for freedom of the Internet, also launched a petition on Change.org calling for the release of KAT’s alleged owner Artem Vaulin.

“We are protesting against violent attack on our right to share information and arrest of Kat.cr founder Artem Vaulin. Our freedom to share is the human right which Artem Vaulin has been providing to millions of users from all over the world,” they say.

While a notable effort, the banner promoting the cause appears to show a photo of an entirely different Artem Vaulin. The image was removed from the petition after we pointed this out, but it’s still present in the manifesto at the time of writing and being shared in news articles and on social media.

What is clear is that former KAT users are grasping at straws to get their old community back. While mirrors and copies do look like their old home, without a working forum and new content they don’t provide much of an alternative.

For now, people are probably better off not trusting any “KAT resurrection” claims. The chance of getting your password stolen is higher than finding a site with a true backup of the user database.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Solarmovie Disappears Following KAT Shutdown

Post Syndicated from Andy original https://torrentfreak.com/solarmovie-disappears-following-kat-shutdown-160721/

solarmovieIn the most dramatic turn of events since the raid of The Pirate Bay in December 2014, KickassTorrents went dark yesterday.

Previously the world’s largest torrent site, KAT shut down following the arrest of its alleged founder. Artem Vaulin, a 30-year-old from Ukraine, was arrested in Poland after his entire operation had been well and truly compromised by the Department of Homeland Security (DHS).

When large sites are raided it is common for other sites in a similar niche to consider their positions. This phenomenon was illustrated perfectly when the 2012 raids on Megaupload resulted in sites such as BTjunkie taking the decision to shut down.

At this point, most other torrent sites seem fairly stable but there appears to have been at least one ‘pirate’ casualty following yesterday’s drama.

For many years, Solarmovie has been one of the most visible and visited ‘pirate’ streaming portals. Like many others, the site has had its fair share of domain issues, starting out at .COM and more recently ending up at .PH. However, sometime during the past few hours, Solarmovie disappeared.


No official announcement concerning the site’s fate has been made but it’s clear from the criminal complaint filed against KickassTorrents that Artem Vaulin had close connections to Solarmovie.

As reported yesterday, the Department of Homeland Security obtained a copy of KickassTorrents’ servers from its Canadian host and also gained access to the site’s servers in Chicago. While conducting his inquiries, the Special Agent handling the case spotted an email address for the person responsible for renting KAT’s servers.

Further investigation of Vaulin’s Apple email account showed the Ukrainian corresponding with this person back in 2010.

“The subject of the email was ‘US Server’ and stated: ‘Hello, here is access to the new server’ followed by a private and public IP address located in Washington DC, along with the user name ‘root’ and a password,” the complaint reveals.

Perhaps tellingly, the IP address provided by this individual to Vaulin was found to have hosted Solarmovie.com from August 2010 through to April 2011. Furthermore, up until just last month, the IP address was just one away from an IP address used to host KickassTorrents.

“As of on or about June 27, 2016, one of the IP addresses hosting solarmovie.ph was one IP address away ( from an IP address that was being used to host KAT ( and,” the complaint adds.

While none of the above is proof alone that Vaulin was, for example, the owner of Solarmovie, it’s clear that at some point he at least had some connections with the site or its operator.

On the other hand, in torrent and streaming circles it’s common for people to use services already being used by others they know and trust, so that might provide an explanation for the recent IP address proximity.

In any event, last night’s shutdown of Solarmovie probably indicates that the heat in the kitchen has become just a little too much. Expect more fallout in the days to come.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Can KickassTorrents Make a Comeback?

Post Syndicated from Ernesto original https://torrentfreak.com/can-kickasstorrents-make-a-comeback-160721/

kickasstorrents_500x500Founded in 2009, KickassTorrents (KAT) grew out to become the largest torrent site on the Internet with millions of visitors a day.

As a result, copyright holders and law enforcement have taken aim at the site in recent years. This resulted in several ISP blockades around the world, but yesterday the big hit came when the site’s alleged founder was arrested in Poland.

Soon after the news was made public KAT disappeared, leaving its users without their favorite site. The question that’s on many people’s minds right now is whether the site will make a Pirate Bay-style comeback.

While it’s impossible to answer this question with certainty, the odds can be more carefully weighed by taking a closer look at the events that led up to the bust and what may follow.

First off, KickassTorrents is now down across all the site’s official domain names. This downtime seems to be voluntary in part, as the authorities haven’t seized the servers. Also, several domains are still in the hands of the KAT-team.

That said, the criminal complaint filed in the U.S. District Court in Chicago does reveal that KAT has been heavily compromised (pdf).

According to the feds, Artem Vaulin, a 30-year-old from Ukraine, is the key player behind the site. Over the years, he obfuscated his connections to the site, but several security holes eventually revealed his identity.

With help from several companies in the United States and abroad, Homeland Security Investigations (HSI) agent Jared Der-Yeghiayan identifies the Ukrainian as the driving force behind the site.

The oldest traces to Vaulin are the WHOIS records for various domains, registered in his name early 2009.

“A review of historical Whois information for KAT….identified that it was registered on or about January 19, 2009, to Artem Vaulin with an address located in Kharkiv, Ukraine,” the affidavit reads.

This matches with records obtained from domain registrar GoDaddy, which indicate that Vaulin purchased three KAT-related domain names around the same time.

The agent further uncovered that the alleged KAT founder used an email address with the nickname “tirm.” The same name was listed as KAT’s “owner” on the site’s “People” page in the early days, but was eventually removed in 2011.

Tirm on KAT’s people page


The HSI agent also looked at several messages posted on KAT, which suggest that “tirm” was actively involved in operating the site.

“As part of this investigation, I also reviewed historical messages posted by tirm, KAT’s purported ‘Owner.’ These postings and others indicate that tirm was actively engaged in the early running of KAT in addition to being listed as an administrator and the website’s owner,” the HSI agent writes.

Assisted by Apple and Facebook the feds were then able to strengthen the link between Vaulin, tirm, and his involvement in the site.

Facebook, for example, handed over IP-address logs from the KAT fanpage. With help from Apple, the investigator was then able to cross-reference this with an IP-address Vaulin used for an iTunes transaction.

“Records provided by Apple showed that tirm@me.com conducted an iTunes transaction using IP Address on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook Account.”

In addition, Apple appears to have handed over private email conversations which reference KAT, dating back several years. These emails also mention a “kickasstorrent payment,” which is believed to be revenue related.

“I identified a number of emails in the tirm@me.com account relating to Vaulin’s operation of KAT. In particular, between on or about June 8, 2010, and on or about September 3, 2010,” the HSI agent writes.

More recent records show that an IP-address linked to KAT’s Facebook page was also used to access Vaulin’s Coinbase account, suggesting that the Bitcoin wallet also assisted in the investigation.

“Notably, IP address accessed the KAT Facebook Account about a dozen times in September and October 2015. This same IP Address was used to login to Vaulin’s Coinbase account 47 times between on or about January 28, 2014, through on or about November 13, 2014.”

As for the business side, the complaint mentions a variety of ad payments, suggesting that KAT made over a dozen million dollars in revenue per year.

It also identifies the company Cryptoneat as KAT’s front. The Cryptoneat.com domain was registered by Vaulin and LinkedIn lists several employees of the company who were involved in the early development of the site.

“Many of the employees found on LinkedIn who present themselves as working for Cryptoneat are the same employees who received assignments from Vaulin in the KAT alert emails,” the complaint reads.

Interestingly, none of the other employees are identified or charged.

To gather further information on the money side, the feds also orchestrated an undercover operation where they posed as an advertiser. This revealed details of several bank accounts, with one receiving over $28 million in just eight months.

“Those records reflect that the Subject Account received a total of approximately €28,411,357 in deposits between on or about August 28, 2015, and on or about March 10, 2016.”

Bank account


Finally, and crucially, the investigators issued a warrant directed at the Canadian webhost of KickassTorrents. This was one of the biggest scores as it provided them with full copies of KAT’s hard drives, including the email server.

“I observed […] that they were all running the same Linux Gentoo operating system, and that they contained files with user information, SSH access logs, and other information, including a file titled ‘passwd’ located in the ‘etc’ directory,” the HSI agent writes.

“I also located numerous files associated with KAT, including directories and logs associated to their name servers, emails and other files,” he adds.

Considering all the information U.S. law enforcement has in its possession, it’s doubtful that KAT will resume its old operation anytime soon.

Technically it won’t be hard to orchestrate a Pirate Bay-style comeback, as there are probably some backups available. However, now that the site has been heavily compromised and an ongoing criminal investigation is underway, it would be a risky endeavor.

Similarly, uploaders and users may also worry about what information the authorities have in their possession. The complaint cites private messages that were sent through KAT, suggesting that the authorities have access to a significant amount of data.

While regular users are unlikely to be targeted, the information may provide useful for future investigations into large-scale uploaders. More clarity on this, the site’s future, and what it means for the torrent ecosystem, is expected to become evident when the dust settles.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Feds Seize KickassTorrents Domains, Arrest Owner

Post Syndicated from Ernesto original https://torrentfreak.com/feds-seize-kickasstorrents-domains-charge-owner-160720/

kickasstorrents_500x500With millions of unique visitors per day KickassTorrents (KAT) has become the most-used torrent site on the Internet, beating even The Pirate Bay.

Today, however, the site has run into a significant roadblock after U.S. authorities announced the arrest of the site’s alleged owner.

The 30-year-old Artem Vaulin, from Ukraine, was arrested today in Poland from where the United States has requested his extradition.

In a criminal complaint filed in U.S. District Court in Chicago, the owner is charged with conspiracy to commit criminal copyright infringement, conspiracy to commit money laundering, and two counts of criminal copyright infringement.


The complaint further reveals that the feds posed as an advertiser, which revealed a bank account associated with the site.

It also shows that Apple handed over personal details of Vaulin after the investigator cross-referenced an IP-address used for an iTunes transaction with an IP-address that was used to login to KAT’s Facebook account.

“Records provided by Apple showed that tirm@me.com conducted an iTunes transaction using IP Address on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook,” the complaint reads.

In addition to the arrest in Poland, the court also granted the seizure of a bank account associated with KickassTorrents, as well as several of the site’s domain names.

Commenting on the announcement, Assistant Attorney General Caldwell said that KickassTorrents helped to distribute over $1 billion in pirated files.

“Vaulin is charged with running today’s most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials.”

“In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice.”

KAT’s .com and .tv domains are expected to be seized soon by Verisign. For the main Kat.cr domain as well as several others, seziure warrants will be sent to the respective authorities under the MLAT treaty.

At the time of writing the main domain name Kat.cr has trouble loading, but various proxies still appear to work. KAT’s status page doesn’t list any issues, but we assume that this will be updated shortly.

TorrentFreak has reached out to the KAT team for a comment on the news and what it means for the site’s future, but we have yet to hear back.

Breaking story, in depth updates will follow.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Megavideo Lawyer Slams TV Piracy Court Ruling

Post Syndicated from Andy original https://torrentfreak.com/megavideo-lawyer-slams-tv-piracy-court-ruling-160720/

megavideoWhile Kim Dotcom’s Megaupload has been the focus of thousands of headlines over the past half decade, the tech entrepreneur also had many other successful ventures in his portfolio.

Among them was Megavideo, a file-hosting service that allowed users to upload video in much the same way as YouTube does today. The ad-supported platform was free to use for any video up to 72 minutes in length, with content of longer duration requiring a subscription to watch in full without waits.

Megavideo disappeared in 2012 following the raids on Megaupload but that didn’t stop Italian TV outfit RTI (Reti Televisive Italiane) suing for copyright infringement. As reported yesterday, a Rome court has just ordered Megavideo to pay $13.4m in damages after the company reportedly failed to respond to takedown notices.

However, the decision is an extremely unusual one. In Megavideo’s absence the court found that the copyright holder’s takedown notices (which listed only TV show titles and contained no URLs) were sufficient for Megavideo to take action. The court also found that video categorization and ad placement undermined Megavideo’s safe harbor.

Speaking with TorrentFreak, Megaupload/Megavideo lawyer Ira Rothken says that the ruling represents a real cause for concern for other companies operating in the same sector.

“The Rome court apparently ruled on this Megavideo case in a default context, unknown to us, and the result is unworkable caselaw on ISP secondary copyright liability,” Rothken explains.

“The court used user-generated categorization and garden variety ads like those found on YouTube and other mainstream cloud sites as adverse factors. Without categories and ads there likely could be no user-generated content sites.”

But unsurprisingly it’s the issue of the URL-free takedown notices that attracts the most attention. In the United States and across Europe, it’s an accepted norm that takedown notices must be specific about the content to be removed. That the Italian court decided otherwise presents a real danger for service providers.

“It was not explained in the Rome ruling why the copyright owners couldn’t provide URLs in the takedown notices and no burden analysis based on competent evidence was done by the Court,” Rothken says.

“The Rome Court’s ruling not requiring specific URLs in cloud takedown notices contradicts US caselaw in the United States in cases which permit ISPs to ignore takedown requests that do not contain a specific link.”

Rothken points out that in US courts the burden is on copyright holders to police their works online and that service providers are not responsible for deciding what is and is not infringing.

“The ISP has no duty to investigate and providing only a title without a URL would require investigation and the making of ad hoc copyright assessments,” he adds.

But that’s exactly what Megavideo would have had to do in the scenario outlined by the court. Without specific URLs being provided in takedown requests, Megavideo would have been left to trawl its databases for titles of videos that contained the same or similar words cited by copyright holders, a notoriously inaccurate method of detecting infringing content.

“Under the Rome Court’s ‘no URL’ requirement, some enterprising plaintiff can do a takedown notice for some video clips called “the Greek wedding” with no URL provided and no one will know what Greek wedding clips they are referring to,” Rothken says.

“Worse, to disambiguate the takedown request the ISP would need a legal copy of the alleged video for comparison purposes obtainable through no court-described method.”

However, even in the event that the original video was successfully obtained from the copyright holder, matters would not be straightforward.

“The ISP would need a warehouse full of folks that would need to watch the target video and thousands of cloud-stored videos and make ad hoc assessments on infringements versus third-party works versus fair use versus licensed uses to avoid overbroad deletions or copyright lawsuits,” Rothken warns.

Aside from the obviously curious details of the ruling, it’s a little surprising that other companies invested in the sector, YouTube for instance, haven’t become involved in a case that appears to have implications for them. Nevertheless, the court has spoken and Rothken says that its ruling poses a real cause for concern.

“This type of secondary infringement rule if allowed to stand arguably violates EU freedom of expression and copyright-related treaties, amongst other things,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

U.S. Government Sued for Software Piracy, Maker Claims $600m

Post Syndicated from Ernesto original https://torrentfreak.com/u-s-government-sued-for-software-piracy-maker-claims-600m-160720/

usnavyIn recent years the U.S. Government has taken an aggressive stance towards copyright infringement, both at home and abroad.

However, that doesn’t mean that the Government always sticks to the rules, quite the contrary. In a recent lawsuit it stands accused of willful copyright infringement on a massive scale.

The case centers around “BS Contact Geo,” a 3D virtual reality application developed by the German company Bitmanagement. The Navy was enthusiastic about the geographical modeling capabilities of the software and in 2011 and 2012 it agreed to license its use for 38 computers.

“Those individual PC-based licenses authorized the Navy to install BS Contact Geo on a total of just 38 computers for the purposes of testing, trial runs, and integration into Navy systems,” the software vendor states in the federal claims court complaint (pdf).

After testing the application for a while, both parties started negotiating the licensing of additional computers. However, before any deals were made, the software maker learned that the Navy had already installed it on over 100,000 computers.

According to emails Bitmanagement executives received in 2013, the software had been rolled onto at least 558,466 computers on the Navy’s network, without their permission.

“Even as it negotiated with Bitmanagement over the proposed large-scale licensing of its product, the Navy was simultaneously copying and installing that software, without Bitmanagement’s advance knowledge or authorization, on a massive scale,” the complaint reads.

In addition, the Navy allegedly disabled the software that is supposed to track on how many computers the software is being used. This violation of the terms of service prevents the software vendor from stopping the unauthorized copying.

“To make matters worse, starting in 2014, the ‘Flexwrap’ software intended to track the Navy’s use and duplication of BS Contact Geo on Navy computers was disabled,” the complaint explains.

This change made it impossible for Bitmanagement to know the scope of the deployment and use of BS Contact Geo on unlicensed machines or to limit that use,” the company adds.

The software vendor says that the willful copyright infringement has caused injury to its business and rights. As a result, they’re now demanding compensation for the damage that was caused, to a total of nearly $600 million.

Installing BS Contact Geo onto a single PC cost roughly $1067 at the time, so Bitmanagement claims that it is entitled to at least $596,308,103 in unpaid licensing fees.

For comparison, that is more than the damages Kim Dotcom and Megaupload have caused copyright holders, according to the United States. And that case was billed by the FBI as one of the “largest criminal copyright cases” in history.

Interestingly this is not the first time that the U.S. military has been “caught” pirating software. A few years ago it was accused of operating unlicensed logistics software, a case the Obama administration eventually settled for $50 million.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court: Google and Bing Don’t Have to Censor “Torrent” Searches

Post Syndicated from Ernesto original https://torrentfreak.com/court-google-and-bing-dont-have-to-censor-torrent-searches-160719/

google-bayFor years, entertainment industry groups have been demanding that search engines do something about “pirate sites” showing up in their search results.

In France, this prompted music industry group SNEP to take the matter to court. Representing three local artists, they demanded automated search engine filters from both Google and Microsoft.

Before the High Court of Paris the music group argued that, when paired with the artist names, “torrent” related searches predominantly link to pirated content.

To counter this, they demanded a filter that would block results for these searches for the keyword “torrent,” as well as websites that include the same word in their domain name.

SNEP based its request on Article L336-2 of France’s intellectual property code, which states that “all appropriate measures” are permitted to prevent copyright infringement. The same article has been used before to force Google and Bing to make various other pirate sites disappear.

However, in the present cases the High Court of Paris decided against the music industry group, Nextinpact reports.

In their defense Microsoft had warned that the broad filtering system requested by the music group would be imprecise, disproportionate and inefficient, something the court agreed with.

While French law permits far-reaching anti-piracy measures, it also states that it’s necessary to preserve the rights of individual Internet users, such as freedom of expression and communication. An overbroad filtering scheme would go against this principle.

“SNEP’s requests are general, and pertain not to a specific site but to all websites accessible through the stated methods, without consideration for identifying or even determining the site’s content, on the premise that the term ‘Torrent’ is necessarily associated with infringing content,” the Court writes in its order.

More specifically, the court notes that the word “torrent” has many legitimate uses, as does the BitTorrent protocol, which is a neutral communication technology. This means that blocking everything “torrent” related is likely to censor legal content as well.

“Yet [torrent] is primarily a common noun, with a meaning in French and in English; it also refers to a neutral communication protocol developed by the company Bittorrent that enables access to lawfully downloaded files.

“The requested measures are thus tantamount to general monitoring and may block access to lawful websites,” the High Court order adds.

Part of the Bing order


The case against Google, which was similar in nature, also ended in favor of the search engine. The High Court dismissed this case on the grounds that it would only protect the interests of three artists, Kendji Girac, Shy’m and Christophe Willem.

For Article L336-2 to be invoked, the preventive anti-piracy measures have to protect a wider range of artists and rightsholders.

This means that both “torrent” filtering requests have not been rejected. Instead, the music group has been ordered to pay Microsoft and Bing 10,000 to cover legal fees and costs.

Interestingly, French media highlights that TorrentFreak would have been automatically censored if Google and Microsoft would have lost their case. After all, our URL includes the word torrent.

This means that a mere mention of the artists’ names would have been enough to make an article disappear from the search results.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Orders Dotcom’s Megavideo to Pay $13.4m For TV Show Piracy

Post Syndicated from Andy original https://torrentfreak.com/court-orders-dotcoms-megavideo-to-pay-13-4m-for-tv-show-piracy-160719/

megavideoKim Dotcom’s Megaupload empire was shuttered in 2012 with dramatic raids in New Zealand and legal action on several continents. Nevertheless, the drama continues.

The entrepreneur and his former colleagues are fighting on several fronts, including extradition cases in New Zealand plus pending copyright, racketeering and money laundering charges in the United States. Interestingly, another case has just emerged out of the shadows in Europe.

Megavideo, Megaupload’s sister site, was focused on storing videos uploaded by its users. Predictably, however, thousands of these videos were movies and TV shows, for which Megaupload users held no copyrights.

Some of that content belonged to TV company RTI (Reti Televisive Italiane), a subsidiary of Mediaset, the media giant founded by former Italian president Silvio Berlusconi. In an effort to have that content removed, in 2010 RTI says it contacted Megavideo with takedown requests, takedowns which the company failed to act upon.

This prompted RTI to take Megavideo to court, claiming that the video hosting platform had infringed its broadcasting rights and engaged in unfair competition. RTI asked the court to order Megavideo to take down the unauthorized content and award damages of more than $110m.

The unfair competition claim gained no traction but the Tribunale di Roma has just handed down its decision and its bad news for Megavideo.

The Court found that the Hong Kong-based video hosting platform illegally distributed more than 16,000 minutes of RTI programming and ordered it to pay the equivalent of $13.4m in damages, plus more than $60,000 in legal costs.

In Megavideo’s absence (the company did not defend itself), the Court considered whether the platform could enjoy safe harbor as a hosting provider.

Megavideo failed on a number of points, notably by organizing content into various categories, placing advertising based on the geo-locations of its users, and lifting viewing limitations on users after they paid a subscription.

But perhaps the most curious element of the case surrounds the takedown notices RTI sent to Megavideo back in 2010.

While most DMCA-style efforts must include an offending URL so that platforms are easily able to identify the content in question, RTI offered Megavideo no such luxury. The TV company simply advised the hosting platform that its TV shows were on the site and ordered it to take them down.

Strangely the Court found that this was enough information for Megavideo to act on the allegations of infringement. In a partial translation of the ruling, IPKitten has the Court noting that “the information included in those takedown requests was sufficient to allow the defendant to take action to prevent the continuation of the infringement of [RTI’s] rights.”

Even in the absence of the takedowns, the Court added that “the defendant could easily and independently acquire knowledge of such infringements, both because of the notoriety of the TV programmes in question and the relevant broadcasting channels and, in particular, the presence RTI’s distinctive signs on all TV programmes’ extracts.”

In the overall scheme of things the ruling probably represents a minor setback for Kim Dotcom, but the notion that copyright holders can send extremely general takedown requests to hosting platforms and expect them to take action is a worrying one that might not be supported under EU law.

Kim Dotcom did not immediately respond to our requests for comment.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Carbanak Gang Tied to Russian Security Firm?

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/

Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity.

The Carbanak gang derives its name from the banking malware used in countless high-dollar cyberheists. The gang is perhaps best known for hacking directly into bank networks using poisoned Microsoft Office files, and then using that access to force bank ATMs into dispensing cash. Russian security firm Kaspersky Lab estimates that the Carbanak Gang has likely stolen upwards of USD $1 billion — but mostly from Russian banks.

Image: Kaspersky

Image: Kaspersky

I recently heard from security researcher Ron Guilmette, an anti-spam crusader whose sleuthing has been featured on several occasions on this site and in the blog I wrote for The Washington Post. Guilmette said he’d found some interesting commonalities in the original Web site registration records for a slew of sites that all have been previously responsible for pushing malware known to be used by the Carbanak gang.

For example, the domains “weekend-service[dot]com” “coral-trevel[dot]com” and “freemsk-dns[dot]com” all were documented by multiple security firms as distribution hubs for Carbanak crimeware. Historic registration or “WHOIS” records maintained by Domaintools.com for all three domains contain the same phone and fax numbers for what appears to be a Xicheng Co. in China — 1066569215 and 1066549216, each preceded by either a +86 (China’s country code) or +01 (USA). Each domain record also includes the same contact address: “williamdanielsen@yahoo.com“.

According to data gathered by ThreatConnect, a threat intelligence provider [full disclosure: ThreatConnect is an advertiser on this blog], at least 484 domains were registered to the williamdanielsen@yahoo.com address or to one of 26 other email addresses that listed the same phone numbers and Chinese company.  “At least 304 of these domains have been associated with a malware plugin [that] has previously been attributed to Carbanak activity,” ThreatConnect told KrebsOnSecurity.

Going back to those two phone numbers, 1066569215 and 1066549216; at first glance they appear to be sequential, but closer inspection reveals they differ slightly in the middle. Among the very few domains registered to those Chinese phone numbers that haven’t been seen launching malware is a Web site called “cubehost[dot]biz,” which according to records was registered in Sept. 2013 to a 28-year-old Artem Tveritinov of Perm, Russia.

Cubehost[dot]biz is a dormant site, but it appears to be the sister property to a Russian security firm called Infocube (also spelled “Infokube”). The InfoKube web site — infokube.ru — is also registered to Mr. Tveritinov of Perm, Russia; there are dozens of records in the WHOIS history for infokube.ru, but only the oldest, original record from 2011 contains the email address atveritinov@gmail.com. 

That same email address was used to register a four-year-old profile account at the popular Russian social networking site Vkontakte for Artyom “LioN” Tveritinov from Perm, Russia. The “LioN” bit is an apparent reference to an Infokube anti-virus product by the same name.

Mr. Tveritinov is quoted as “the CEO of InfoKub” in a press release from FalconGaze, a Moscow-based data security firm that partnered with the InfoKube to implement “data protection and employee monitoring” at a Russian commercial research institute. InfoKube’s own press releases say the company also has been hired to develop “a system to protect information from unauthorized access” undertaken for the City of Perm, Russia, and for consulting projects relating to “information security” undertaken for and with the State Ministry of Interior of Russia.

The company’s Web site claims that InfoKube partners with a variety of established security firms — including Symantec and Kaspersky. The latter confirmed InfoKube was “a very minor partner” of Kaspersky’s, mostly involved in systems integration. Zyxel, another partner listed on InfoKube’s partners page, said it had no partners named InfoKube. Slovakia-based security firm ESET said “Infokube is not and has never been a partner of ESET in Russia.”

Presented with Guilmette’s findings, I was keen to ask Mr. Tveritinov how the phone and fax numbers for a Chinese entity whose phone number has become synonymous with cybercrime came to be copied verbatim into Cubehost’s Web site registration records. I sent requests for comment to Mr. Tveritinov via email and through his Vkontakte page.

Initially, I received a friendly reply from Mr. Tveritinov via email expressing curiosity about my inquiry, and asking how I’d discovered his email address. In the midst of composing a more detailed follow-up reply, I noticed that the Vkontakte social networking profile that Tveritinov had maintained regularly since April 2012 was being permanently deleted before my eyes. Tveritinov’s profile page and photos actually disappeared from the screen I had up on one monitor as I was in the process of composing an email to him in the other.

Not long after Tveritinov’s Vkontakte page was deleted, I heard from him via email. Ignoring my question about the sudden disappearance of his social media account, Tveritinov said he never registered cubehost.biz and that his personal information was stolen and used in the registration records for cubehost.biz.

“Our company never did anything illegal, and conducts all activities according to the laws of Russian Federation,” Tveritinov said in an email. “Also, it’s quite stupid to use our own personal data to register domains to be used for crimes, as [we are] specialists in the information security field.”

Turns out, InfoKube/Cubehost also runs an entire swath of Internet addresses managed by Petersburg Internet Network (PIN) Ltd., an ISP in Saint Petersburg, Russia that has a less-than-stellar reputation for online badness.

For example, many of the aforementioned domain names that security firms have conclusively tied to Carbanak distribution (e.g., freemsk-dns[dot].com) are hosted in Internet address space assigned to Cubehost. A search of the RIPE registration records for the block of addresses at turns up a physical address in Ras al Khaimah, an emirate of the United Arab Emirates (UAE) that has sought to build a reputation as a tax shelter and a place where it is easy to create completely anonymous offshore companies. The same listing says abuse complaints about Internet addresses in that address block should be sent to “info@cubehost.biz.”

This PIN hosting provider in St. Petersburg has achieved a degree of notoriety in its own right and is probably worthy of additional scrutiny given its reputation as a haven for all kinds of online ne’er-do-wells. In fact, Doug Madory, director of Internet analysis at Internet performance management firm Dyn, has referred to the company as “…perhaps the leading contender for being named the Mos Eisley of the Internet” (a clever reference to the spaceport full of alien outlaws in the 1977 movie Star Wars).

Madory explained that PIN’s hard-won bad reputation stems from the ISP’s documented propensity for absconding with huge chunks of Internet address blocks that don’t actually belong to it, and then re-leasing that purloined Internet address space to spammers and other Internet miscreants.

For his part, Guilmette points to a decade’s worth of other nefarious activity going on at the Internet address space apparently assigned to Tveritinov and his company. For example, in 2013 Microsoft seized a bunch of domains parked there that were used as controllers for Citadel online banking malware, and all of those domains had the same “Xicheng Co.” data in their WHOIS records.  A Sept. 2011 report on the security blog dynamoo.com notes several domains with that Xicheng Co. WHOIS information showing up in online banking heists powered by the Sinowal banking Trojan way back in 2006.

“If Mr. Tveritinov, has either knowledge of, or direct involvement in even a fraction of the criminal goings-on within his address block, then the possibility that he may perhaps also have a role in other and additional criminal enterprises… including perhaps even the Carbanak cyber banking heists… becomes all the more plausible and probable,” Guilmette said.

It remains unclear to what extent the Carbanak gang is still active. Last month, authorities in Russia arrested 50 people allegedly tied to the organized cybercrime group, whose members reportedly hail from Russia, China, Ukraine and other parts of Europe. The action was billed as the biggest ever crackdown on financial hackers in Russia.