Tag Archives: search engines

Showtime Seeks Injunction to Stop Mayweather v McGregor Piracy

Post Syndicated from Andy original https://torrentfreak.com/showtime-seeks-injunction-to-stop-mayweather-v-mcgregor-piracy-170816/

It’s the fight that few believed would become reality but on August 26, at the T-Mobile Arena in Las Vegas, Floyd Mayweather Jr. will duke it out with UFC lightweight champion Conor McGregor.

Despite being labeled a freak show by boxing purists, it is set to become the biggest combat sports event of all time. Mayweather, undefeated in his professional career, will face brash Irishman McGregor, who has gained a reputation for accepting fights with anyone – as long as there’s a lot of money involved. Big money is definitely the theme of the Mayweather bout.

Dubbed “The Money Fight”, some predict it could pull in a billion dollars, with McGregor pocketing $100m and Mayweather almost certainly more. Many of those lucky enough to gain entrance on the night will have spent thousands on their tickets but for the millions watching around the world….iiiiiiiit’s Showtimmme….with hefty PPV prices attached.

Of course, not everyone will be handing over $89.95 to $99.99 to watch the event officially on Showtime. Large numbers will turn to the many hundreds of websites set to stream the fight for free online, which has the potential to reduce revenues for all involved. With that in mind, Showtime Networks has filed a lawsuit in California which attempts to preemptively tackle this piracy threat.

The suit targets a number of John Does said to be behind a network of dozens of sites planning to stream the fight online for free. Defendant 1, using the alias “Kopa Mayweather”, is allegedly the operator of LiveStreamHDQ, a site that Showtime has grappled with previously.

“Plaintiff has had extensive experience trying to prevent live streaming websites from engaging in the unauthorized reproduction and distribution of Plaintiff’s copyrighted works in the past,” the lawsuit reads.

“In addition to bringing litigation, this experience includes sending cease and desist demands to LiveStreamHDQ in response to its unauthorized live streaming of the record-breaking fight between Floyd Mayweather, Jr. and Manny Pacquiao.”

Showtime says that LiveStreamHDQ is involved in the operations of at least 41 other sites that have been set up to specifically target people seeking to watch the fight without paying. Each site uses a .US ccTLD domain name.

Sample of the sites targeted by the lawsuit

Showtime informs the court that the registrant email and IP addresses of the domains overlap, which provides further proof that they’re all part of the same operation. The TV network also highlights various statements on the sites in question which demonstrate intent to show the fight without permission, including the highly dubious “Watch From Here Mayweather vs Mcgregor Live with 4k Display.”

In addition, the lawsuit is highly critical of efforts by the sites’ operator(s) to stuff the pages with fight-related keywords in order to draw in as much search engine traffic as they can.

“Plaintiff alleges that Defendants have engaged in such keyword stuffing as a form of search engine optimization in an effort to attract as much web traffic as possible in the form of Internet users searching for a way to access a live stream of the Fight,” it reads.

While site operators are expected to engage in such behavior, Showtime says that these SEO efforts have been particularly successful, obtaining high-ranking positions in major search engines for the would-be pirate sites.

For instance, Showtime says that a Google search for “Mayweather McGregor Live” results in four of the target websites appearing in the first 100 results, i.e the first 10 pages. Interestingly, however, to get that result searchers would need to put the search in quotes as shown above, since a plain search fails to turn anything up in hundreds of results.

At this stage, the important thing to note is that none of the sites are currently carrying links to the fight, because the fight is yet to happen. Nevertheless, Showtime is convinced that come fight night, all of the target websites will be populated with pirate links, accessible for free or after paying a fee. This needs to be stopped, it argues.

“Defendants’ anticipated unlawful distribution will impair the marketability and profitability of the Coverage, and interfere with Plaintiff’s own authorized distribution of the Coverage, because Defendants will provide consumers with an opportunity to view the Coverage in its entirety for free, rather than paying for the Coverage provided through Plaintiff’s authorized channels.

“This is especially true where, as here, the work at issue is live coverage of a one-time live sporting event whose outcome is unknown,” the network writes.

Showtime informs the court that it made efforts to contact the sites in question but had just a single response from an individual who claimed to be sports blogger who doesn’t offer streaming services. The undertone is one of disbelief.

In closing, Showtime demands a temporary restraining order, preliminary injunction, and permanent injunction, prohibiting the defendants from making the fight available in any way, and/or “forming new entities” in order to circumvent any subsequent court order. Compensation for suspected damages is also requested.

Showtime previously applied for and obtained a similar injunction to cover the (hugely disappointing) Mayweather v Pacquiao fight in 2015. In that case, websites were ordered to be taken down on the day before the fight.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Won’t Drop Case Against Alleged KickassTorrents Owner

Post Syndicated from Ernesto original https://torrentfreak.com/court-wont-drop-case-against-alleged-kickasstorrents-owner-170804/

kickasstorrents_500x500Last summer, Polish law enforcement officers arrested Artem Vaulin, the alleged founder of KickassTorrents.

Polish authorities acted on a criminal complaint from the US Government, which accused Vaulin of criminal copyright infringement and money laundering.

While Vaulin is still awaiting the final decision in his extradition process in Poland, his US counsel tried to have the entire case thrown out with a motion to dismiss submitted to the Illinois District Court late last year.

One of the fundamental flaws of the case, according to the defense, is that torrent files themselves are not copyrighted content. In addition, they argued that any secondary copyright infringement claims would fail as these are non-existent under criminal law.

After a series of hearings and a long wait afterwards, US District Judge John Z. Lee has now issued his verdict (pdf).

In a 28-page memorandum and order, the motion to dismiss was denied on various grounds.

The court doesn’t contest that torrent files themselves are not protected content under copyright law. However, this argument ignores the fact that the files are used to download copyrighted material, the order reads.

“This argument, however, misunderstands the indictment. The indictment is not concerned with the mere downloading or distribution of torrent files,” Judge Lee writes.

“Granted, the indictment describes these files and charges Vaulin with operating a website dedicated to hosting and distributing them. But the protected content alleged to have been infringed in the indictment is a number of movies and other copyright protected media that users of Vaulin’s network purportedly downloaded and distributed..,” he adds.

In addition, the defense’s argument that secondary copyright infringement claims are non-existent under criminal law doesn’t hold either, according to the Judge’s decision.

Vaulin’s defense noted that the Government’s theory could expose other search engines, such as Google, to criminal liability. While this is theoretically possible, the court sees distinct differences and doesn’t aim to rule on all search engines in general.

“For present purposes, though, the Court need not decide whether and when a search engine operator might engage in conduct sufficient to constitute aiding and abetting criminal copyright infringement. The issue here is whether 18 U.S.C. § 2 applies to 17 U.S.C. § 506. The Court is persuaded that it does,” Judge Lee writes.

Based on these and other conclusions, the motion to dismiss was denied. This means that the case will move forward. The next step will be to see how the Polish court rules on the extradition request.

Vaulin’s lead counsel Ira Rothken is disappointed with the outcome. He stresses that while courts commonly construe indictments in a light most favorable to the government, it went too far in this case.

“Currently a person merely ‘making available’ a file on a network in California wouldn’t even be committing a civil copyright infringement under the ruling in Napster but under today’s ruling that same person doing it in Illinois could be criminally prosecuted by the United States,” Rothken informs TorrentFreak.

“If federal judges disagree on the state of the federal copyright law then people shouldn’t be criminally prosecuted absent clarification by Congress,” he adds.

The defense team is still considering the best options for appeal, and whether they want to go down that road. However, Rothken hopes that the Seventh Circuit Court of Appeals will address the issue in the future.

“We hope one day that the Seventh Circuit Court of Appeals will undo this ruling and the chilling effect it will have on internet search engines, user generated content sites, and millions of netizens globally,” Rothken notes.

For now, however, Vaulin’s legal team will likely shift its focus to preventing his extradition to the United States.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top 10 Most Obvious Hacks of All Time (v0.9)

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/07/top-10-most-obvious-hacks-of-all-time.html

For teaching hacking/cybersecurity, I thought I’d create of the most obvious hacks of all time. Not the best hacks, the most sophisticated hacks, or the hacks with the biggest impact, but the most obvious hacks — ones that even the least knowledgeable among us should be able to understand. Below I propose some hacks that fit this bill, though in no particular order.

The reason I’m writing this is that my niece wants me to teach her some hacking. I thought I’d start with the obvious stuff first.

Shared Passwords

If you use the same password for every website, and one of those websites gets hacked, then the hacker has your password for all your websites. The reason your Facebook account got hacked wasn’t because of anything Facebook did, but because you used the same email-address and password when creating an account on “beagleforums.com”, which got hacked last year.

I’ve heard people say “I’m sure, because I choose a complex password and use it everywhere”. No, this is the very worst thing you can do. Sure, you can the use the same password on all sites you don’t care much about, but for Facebook, your email account, and your bank, you should have a unique password, so that when other sites get hacked, your important sites are secure.

And yes, it’s okay to write down your passwords on paper.

Tools: HaveIBeenPwned.com

PIN encrypted PDFs

My accountant emails PDF statements encrypted with the last 4 digits of my Social Security Number. This is not encryption — a 4 digit number has only 10,000 combinations, and a hacker can guess all of them in seconds.
PIN numbers for ATM cards work because ATM machines are online, and the machine can reject your card after four guesses. PIN numbers don’t work for documents, because they are offline — the hacker has a copy of the document on their own machine, disconnected from the Internet, and can continue making bad guesses with no restrictions.
Passwords protecting documents must be long enough that even trillion upon trillion guesses are insufficient to guess.

Tools: Hashcat, John the Ripper

SQL and other injection

The lazy way of combining websites with databases is to combine user input with an SQL statement. This combines code with data, so the obvious consequence is that hackers can craft data to mess with the code.
No, this isn’t obvious to the general public, but it should be obvious to programmers. The moment you write code that adds unfiltered user-input to an SQL statement, the consequence should be obvious. Yet, “SQL injection” has remained one of the most effective hacks for the last 15 years because somehow programmers don’t understand the consequence.
CGI shell injection is a similar issue. Back in early days, when “CGI scripts” were a thing, it was really important, but these days, not so much, so I just included it with SQL. The consequence of executing shell code should’ve been obvious, but weirdly, it wasn’t. The IT guy at the company I worked for back in the late 1990s came to me and asked “this guy says we have a vulnerability, is he full of shit?”, and I had to answer “no, he’s right — obviously so”.

XSS (“Cross Site Scripting”) [*] is another injection issue, but this time at somebody’s web browser rather than a server. It works because websites will echo back what is sent to them. For example, if you search for Cross Site Scripting with the URL https://www.google.com/search?q=cross+site+scripting, then you’ll get a page back from the server that contains that string. If the string is JavaScript code rather than text, then some servers (thought not Google) send back the code in the page in a way that it’ll be executed. This is most often used to hack somebody’s account: you send them an email or tweet a link, and when they click on it, the JavaScript gives control of the account to the hacker.

Cross site injection issues like this should probably be their own category, but I’m including it here for now.

More: Wikipedia on SQL injection, Wikipedia on cross site scripting.
Tools: Burpsuite, SQLmap

Buffer overflows

In the C programming language, programmers first create a buffer, then read input into it. If input is long than the buffer, then it overflows. The extra bytes overwrite other parts of the program, letting the hacker run code.
Again, it’s not a thing the general public is expected to know about, but is instead something C programmers should be expected to understand. They should know that it’s up to them to check the length and stop reading input before it overflows the buffer, that there’s no language feature that takes care of this for them.
We are three decades after the first major buffer overflow exploits, so there is no excuse for C programmers not to understand this issue.

What makes particular obvious is the way they are wrapped in exploits, like in Metasploit. While the bug itself is obvious that it’s a bug, actually exploiting it can take some very non-obvious skill. However, once that exploit is written, any trained monkey can press a button and run the exploit. That’s where we get the insult “script kiddie” from — referring to wannabe-hackers who never learn enough to write their own exploits, but who spend a lot of time running the exploit scripts written by better hackers than they.

More: Wikipedia on buffer overflow, Wikipedia on script kiddie,  “Smashing The Stack For Fun And Profit” — Phrack (1996)
Tools: bash, Metasploit

SendMail DEBUG command (historical)

The first popular email server in the 1980s was called “SendMail”. It had a feature whereby if you send a “DEBUG” command to it, it would execute any code following the command. The consequence of this was obvious — hackers could (and did) upload code to take control of the server. This was used in the Morris Worm of 1988. Most Internet machines of the day ran SendMail, so the worm spread fast infecting most machines.
This bug was mostly ignored at the time. It was thought of as a theoretical problem, that might only rarely be used to hack a system. Part of the motivation of the Morris Worm was to demonstrate that such problems was to demonstrate the consequences — consequences that should’ve been obvious but somehow were rejected by everyone.

More: Wikipedia on Morris Worm

Email Attachments/Links

I’m conflicted whether I should add this or not, because here’s the deal: you are supposed to click on attachments and links within emails. That’s what they are there for. The difference between good and bad attachments/links is not obvious. Indeed, easy-to-use email systems makes detecting the difference harder.
On the other hand, the consequences of bad attachments/links is obvious. That worms like ILOVEYOU spread so easily is because people trusted attachments coming from their friends, and ran them.
We have no solution to the problem of bad email attachments and links. Viruses and phishing are pervasive problems. Yet, we know why they exist.

Default and backdoor passwords

The Mirai botnet was caused by surveillance-cameras having default and backdoor passwords, and being exposed to the Internet without a firewall. The consequence should be obvious: people will discover the passwords and use them to take control of the bots.
Surveillance-cameras have the problem that they are usually exposed to the public, and can’t be reached without a ladder — often a really tall ladder. Therefore, you don’t want a button consumers can press to reset to factory defaults. You want a remote way to reset them. Therefore, they put backdoor passwords to do the reset. Such passwords are easy for hackers to reverse-engineer, and hence, take control of millions of cameras across the Internet.
The same reasoning applies to “default” passwords. Many users will not change the defaults, leaving a ton of devices hackers can hack.

Masscan and background radiation of the Internet

I’ve written a tool that can easily scan the entire Internet in a short period of time. It surprises people that this possible, but it obvious from the numbers. Internet addresses are only 32-bits long, or roughly 4 billion combinations. A fast Internet link can easily handle 1 million packets-per-second, so the entire Internet can be scanned in 4000 seconds, little more than an hour. It’s basic math.
Because it’s so easy, many people do it. If you monitor your Internet link, you’ll see a steady trickle of packets coming in from all over the Internet, especially Russia and China, from hackers scanning the Internet for things they can hack.
People’s reaction to this scanning is weirdly emotional, taking is personally, such as:
  1. Why are they hacking me? What did I do to them?
  2. Great! They are hacking me! That must mean I’m important!
  3. Grrr! How dare they?! How can I hack them back for some retribution!?

I find this odd, because obviously such scanning isn’t personal, the hackers have no idea who you are.

Tools: masscan, firewalls

Packet-sniffing, sidejacking

If you connect to the Starbucks WiFi, a hacker nearby can easily eavesdrop on your network traffic, because it’s not encrypted. Windows even warns you about this, in case you weren’t sure.

At DefCon, they have a “Wall of Sheep”, where they show passwords from people who logged onto stuff using the insecure “DefCon-Open” network. Calling them “sheep” for not grasping this basic fact that unencrypted traffic is unencrypted.

To be fair, it’s actually non-obvious to many people. Even if the WiFi itself is not encrypted, SSL traffic is. They expect their services to be encrypted, without them having to worry about it. And in fact, most are, especially Google, Facebook, Twitter, Apple, and other major services that won’t allow you to log in anymore without encryption.

But many services (especially old ones) may not be encrypted. Unless users check and verify them carefully, they’ll happily expose passwords.

What’s interesting about this was 10 years ago, when most services which only used SSL to encrypt the passwords, but then used unencrypted connections after that, using “cookies”. This allowed the cookies to be sniffed and stolen, allowing other people to share the login session. I used this on stage at BlackHat to connect to somebody’s GMail session. Google, and other major websites, fixed this soon after. But it should never have been a problem — because the sidejacking of cookies should have been obvious.

Tools: Wireshark, dsniff

Stuxnet LNK vulnerability

Again, this issue isn’t obvious to the public, but it should’ve been obvious to anybody who knew how Windows works.
When Windows loads a .dll, it first calls the function DllMain(). A Windows link file (.lnk) can load icons/graphics from the resources in a .dll file. It does this by loading the .dll file, thus calling DllMain. Thus, a hacker could put on a USB drive a .lnk file pointing to a .dll file, and thus, cause arbitrary code execution as soon as a user inserted a drive.
I say this is obvious because I did this, created .lnks that pointed to .dlls, but without hostile DllMain code. The consequence should’ve been obvious to me, but I totally missed the connection. We all missed the connection, for decades.

Social Engineering and Tech Support [* * *]

After posting this, many people have pointed out “social engineering”, especially of “tech support”. This probably should be up near #1 in terms of obviousness.

The classic example of social engineering is when you call tech support and tell them you’ve lost your password, and they reset it for you with minimum of questions proving who you are. For example, you set the volume on your computer really loud and play the sound of a crying baby in the background and appear to be a bit frazzled and incoherent, which explains why you aren’t answering the questions they are asking. They, understanding your predicament as a new parent, will go the extra mile in helping you, resetting “your” password.

One of the interesting consequences is how it affects domain names (DNS). It’s quite easy in many cases to call up the registrar and convince them to transfer a domain name. This has been used in lots of hacks. It’s really hard to defend against. If a registrar charges only $9/year for a domain name, then it really can’t afford to provide very good tech support — or very secure tech support — to prevent this sort of hack.

Social engineering is such a huge problem, and obvious problem, that it’s outside the scope of this document. Just google it to find example after example.

A related issue that perhaps deserves it’s own section is OSINT [*], or “open-source intelligence”, where you gather public information about a target. For example, on the day the bank manager is out on vacation (which you got from their Facebook post) you show up and claim to be a bank auditor, and are shown into their office where you grab their backup tapes. (We’ve actually done this).

More: Wikipedia on Social Engineering, Wikipedia on OSINT, “How I Won the Defcon Social Engineering CTF” — blogpost (2011), “Questioning 42: Where’s the Engineering in Social Engineering of Namespace Compromises” — BSidesLV talk (2016)

Blue-boxes (historical) [*]

Telephones historically used what we call “in-band signaling”. That’s why when you dial on an old phone, it makes sounds — those sounds are sent no differently than the way your voice is sent. Thus, it was possible to make tone generators to do things other than simply dial calls. Early hackers (in the 1970s) would make tone-generators called “blue-boxes” and “black-boxes” to make free long distance calls, for example.

These days, “signaling” and “voice” are digitized, then sent as separate channels or “bands”. This is call “out-of-band signaling”. You can’t trick the phone system by generating tones. When your iPhone makes sounds when you dial, it’s entirely for you benefit and has nothing to do with how it signals the cell tower to make a call.

Early hackers, like the founders of Apple, are famous for having started their careers making such “boxes” for tricking the phone system. The problem was obvious back in the day, which is why as the phone system moves from analog to digital, the problem was fixed.

More: Wikipedia on blue box, Wikipedia article on Steve Wozniak.

Thumb drives in parking lots [*]

A simple trick is to put a virus on a USB flash drive, and drop it in a parking lot. Somebody is bound to notice it, stick it in their computer, and open the file.

This can be extended with tricks. For example, you can put a file labeled “third-quarter-salaries.xlsx” on the drive that required macros to be run in order to open. It’s irresistible to other employees who want to know what their peers are being paid, so they’ll bypass any warning prompts in order to see the data.

Another example is to go online and get custom USB sticks made printed with the logo of the target company, making them seem more trustworthy.

We also did a trick of taking an Adobe Flash game “Punch the Monkey” and replaced the monkey with a logo of a competitor of our target. They now only played the game (infecting themselves with our virus), but gave to others inside the company to play, infecting others, including the CEO.

Thumb drives like this have been used in many incidents, such as Russians hacking military headquarters in Afghanistan. It’s really hard to defend against.

More: “Computer Virus Hits U.S. Military Base in Afghanistan” — USNews (2008), “The Return of the Worm That Ate The Pentagon” — Wired (2011), DoD Bans Flash Drives — Stripes (2008)

Googling [*]

Search engines like Google will index your website — your entire website. Frequently companies put things on their website without much protection because they are nearly impossible for users to find. But Google finds them, then indexes them, causing them to pop up with innocent searches.
There are books written on “Google hacking” explaining what search terms to look for, like “not for public release”, in order to find such documents.

More: Wikipedia entry on Google Hacking, “Google Hacking” book.

URL editing [*]

At the top of every browser is what’s called the “URL”. You can change it. Thus, if you see a URL that looks like this:

http://www.example.com/documents?id=138493

Then you can edit it to see the next document on the server:

http://www.example.com/documents?id=138494

The owner of the website may think they are secure, because nothing points to this document, so the Google search won’t find it. But that doesn’t stop a user from manually editing the URL.
An example of this is a big Fortune 500 company that posts the quarterly results to the website an hour before the official announcement. Simply editing the URL from previous financial announcements allows hackers to find the document, then buy/sell the stock as appropriate in order to make a lot of money.
Another example is the classic case of Andrew “Weev” Auernheimer who did this trick in order to download the account email addresses of early owners of the iPad, including movie stars and members of the Obama administration. It’s an interesting legal case because on one hand, techies consider this so obvious as to not be “hacking”. On the other hand, non-techies, especially judges and prosecutors, believe this to be obviously “hacking”.

DDoS, spoofing, and amplification [*]

For decades now, online gamers have figured out an easy way to win: just flood the opponent with Internet traffic, slowing their network connection. This is called a DoS, which stands for “Denial of Service”. DoSing game competitors is often a teenager’s first foray into hacking.
A variant of this is when you hack a bunch of other machines on the Internet, then command them to flood your target. (The hacked machines are often called a “botnet”, a network of robot computers). This is called DDoS, or “Distributed DoS”. At this point, it gets quite serious, as instead of competitive gamers hackers can take down entire businesses. Extortion scams, DDoSing websites then demanding payment to stop, is a common way hackers earn money.
Another form of DDoS is “amplification”. Sometimes when you send a packet to a machine on the Internet it’ll respond with a much larger response, either a very large packet or many packets. The hacker can then send a packet to many of these sites, “spoofing” or forging the IP address of the victim. This causes all those sites to then flood the victim with traffic. Thus, with a small amount of outbound traffic, the hacker can flood the inbound traffic of the victim.
This is one of those things that has worked for 20 years, because it’s so obvious teenagers can do it, yet there is no obvious solution. President Trump’s executive order of cyberspace specifically demanded that his government come up with a report on how to address this, but it’s unlikely that they’ll come up with any useful strategy.

More: Wikipedia on DDoS, Wikipedia on Spoofing

Conclusion

Tweet me (@ErrataRob) your obvious hacks, so I can add them to the list.

Russia Bans ‘Uncensored’ VPNs, Proxies and TOR

Post Syndicated from Ernesto original https://torrentfreak.com/russia-bans-unrestricted-vpns-proxies-and-tor-in-russia-170731/

Russia has swiftly become a world leader when it comes to website blocking. Tens of thousands of websites are blocked in the country on copyright infringement and a wide range of other grounds.

However, as is often the case, not all citizens willingly subject themselves to these type of restrictions. On the contrary, many use proxies or anonymizing services such as VPNs and TOR to gain access.

In recent months, the Russian Government has worked on legislation to crack down on these circumvention tools as well, and local media report that President Vladimir Putin has now signed the proposed bill into law.

Under the new law, local telecoms watchdog Rozcomnadzor will keep a list of banned domains while identifying sites, services, and software that provide access to them. Rozcomnadzor will then try to contact the operators of the services, urging them to ban the blocked websites, or face the same fate.

The FSB and the Ministry of Internal Affairs will be tasked with monitoring offenses, which they will then refer to the telecoms watchdog.

In addition to targeting the circumvention sites, services, and their hosts, the bill targets search engines as well.

Search engines will be required to remove links to blocked resources from their results, as these would encourage people to access prohibited material. Search engines that fail to comply with the new requirements face a $12,400 penalty per breach.

Local search giant Yandex previously spoke out against the far-reaching requirements, describing them as unnecessary.

“We believe that the laying of responsibilities on search engines is superfluous,” a Yandex spokesperson said.

“Even if the reference to a [banned] resource does appear in search results, it does not mean that by clicking on it the user will get access, if it was already blocked by ISPs or in any other ways,” the company added.

The new legislation has not been without controversy. Earlier this month many Russians protested the plans, but this had little effect on the final vote. In the Duma, the bill was approved by 373 deputies. Only two voted against the plans, and another and two abstained.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Google Challenges Canada’s Global Blocking Injunction in the US

Post Syndicated from Andy original https://torrentfreak.com/google-challenges-canadas-global-blocking-injunction-in-the-us-170726/

Despite being what courts have described as an “innocent bystander”, Google has found itself at the heart of a potentially damaging intellectual property case. Running since 2014, Equustek Solutions Inc. v. Jack saw Canadian entities battle over stolen intellectual property.

Equustek Solutions claimed that Google’s search results helped to send visitors to Datalink websites operated by the defendants (former Equustek employees) who were selling unlawful products. Google voluntarily removed links to the sites from its Google.ca (Canada) results but Equustek wanted more, and soon got it.

A court in British Columbia, the Court of Appeal, and then the Supreme Court of Canada all agreed that Google should remove links to the sites on a global basis, by definition beyond Canada’s borders.

When court rulings encroach on potentially opposing legal systems overseas, difficulties are bound to arise. Google raised concerns that the decision would conflict with U.S. law, but the Supreme Court described the issues as “theoretical” and left it up to the U.S. to solve the problem.

In response, Google filed for an injunction at the US District Court for Northern California this week, arguing that the Canadian decision violates important U.S. legislation.

“Google now turns to this Court, asking it to declare that the rights established by the First Amendment and the Communications Decency Act are not merely theoretical,” Google wrote.

“The Canadian order is repugnant to those rights, and the order violates principles of international comity, particularly since the Canadian plaintiffs never established any violation of their rights under U.S. law.

“Pursuant to well-established United States law, Google seeks a declaratory judgment that the Canadian court’s order cannot be enforced in the United States and an order enjoining that enforcement.”

According to Google, Internet search results are fully protected speech under the First Amendment, and because the Canadian decision is directed to a specific speaker (Google) and is content-specific, it must come under scrutiny.

Google insists that the websites to be censored are already a matter of public record and Equustek has not shown that it has no alternative remedies to hand other than to censor Google’s results outside of Canada.

“Equustek has not sought similar delisting injunctions against the world’s other search engines, such as Bing or Yahoo,” Google writes, noting that action hasn’t been taken against regular websites carrying links either.

Google also suggests that Equustek could have taken action against Datalink’s registrars and webhosts, which have the ability to delete the actual sites in question. With the websites gone the search de-indexing battle would be moot, but for reasons unknown, Equustek has chosen a different battle.

Describing the Canadian order as one of “convenience,” Google criticizes the effort to deal with a Canadian legal problem on a global basis, adding that “no one country should purport to control the global internet.”

In closing, Google asks the court to declare the Canadian Order unenforceable in the United States on the basis it violates the the First Amendment, the Communications Decency Act, and public policy surrounding enforceability of foreign judgments.

“The Canadian Order purports to place the Canadian court in the position of
supervising the law enforcement activities of a foreign sovereign nation (the United States) against the United States’ own citizens on American soil. Because the Canadian courts ignored principles of international comity, corrective action by this Court is required,” Google concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Movie Studios Wipe Pirate Site Homepages From Google Search

Post Syndicated from Ernesto original https://torrentfreak.com/movie-studios-wipe-pirate-site-homepages-from-google-search-170716/

Over the past two weeks several pirate streaming sites have seen their homepages disappear from Google’s search results.

Earlier this week we reported how GoMovies switched to a new domain name, for this very reason, but on closer inspection it appears that several other sites have suffered the same fate.

While homepages have been removed before, the takedown notices that triggered the recent removals seem to be a systematic effort. They are all sent by the prominent law firm Kilpatrick Townsend, which acts on behalf of a variety of Hollywood movie studios.

The notices, of which the first was sent roughly two weeks ago, all follow a similar pattern. They identify infringing content on pirate streaming sites and list the individual URLs for these movies. In addition, however, many also include the homepage, which often highlights the same movie as a “new” or popular title.

In the case of Gomovies.is, a request was sent on behalf of Warner Bros. to remove Wonder Woman’s streaming page from Google, as well as the homepage where the movie was listed in the popular section.

This worked, not only for the GoMovies domain name but also for dozens of other streaming sites including yesmovies.org, watchfree.ac, xmovies.is, watch29.com, vivo.to, tunemovie.com, putlockervip.com, playmovies.to, moviesub.is and fmovies.ac.

The takedown notice

The example above is just the tip of the iceberg. Over the past two weeks the law firm has targeted many pirate streaming sites, acting on behalf of Warner Bros, Walt Disney Studios, Paramount Pictures, NBC Universal and others. This effectively removed dozens of pirate site homepages from search results.

To outsiders, it may seem like a homepage is just another link but for site owners, it’s a crucial matter. Many of these streaming sites rely on their brand name to remain findable in search engines, and when the homepage is removed, it’s nearly impossible to rise to the top of search results.

Although Google removed many of the early requests, it’s not blindly removing all URLs.

In response to several recent notices the search engine decided to take “no action” for the homepages, which is why gomovies.sc, cmovieshd.com, ap551.com, and others remain indexed. It’s possible that the infringing content was no longer linked on these homepages when Google reviewed the DMCA notices in question.

As for GoMovies, they simply decided to move to a new URL and remove any infringing content from the homepage so they don’t face the same problem in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Just How Risky is Internet Piracy in 2017?

Post Syndicated from Andy original https://torrentfreak.com/just-how-risky-is-internet-piracy-in-2017-170715/

The world’s largest entertainment companies in the spheres of music, movies, and gaming would jump for joy if the Internet piracy phenomenon came to a crashing halt tomorrow. (Spoiler: it won’t)

As a result, large sums of money are expended every day in an effort to keep unlawful distribution under control. Over the years there have been many strategies and several of these have involved targeting end users.

The world is a very big place and the tackling of piracy differs from region to region, but what most consumers of unauthorized media want to know is whether they’re putting themselves at risk.

The short answer is that no matter where people are, there is always some level of risk attached to obtaining and using pirate content. The long answer is more nuanced.

BitTorrent and other P2P protocols

By its very nature, using BitTorrent to access copyrighted content comes with a risk. Since downloaders are also distributors and their IP addresses are necessarily public, torrent users are extremely easy to track. In fact, with a minimum of equipment, any determined rightsholder is able spot and potentially uncover the identity of a file-sharer.

But while basic BitTorrent sharing gets a 0/10 for privacy, that’s a bit like saying that a speeding car gets 0/10 for stealth. Like the speeding car, anyone can see the pirating torrent user, but the big question is whether there’s anyone around who intends to do anything about it.

The big surprise in 2017 is that users are still statistically unlikely to face any consequences.

In the United States, for example, where copyright trolling can be a serious issue for those who get caught up in the net, the problem still only affects a tiny, tiny proportion of pirates. A one percent risk of getting snared would be overstating the risk but these are still odds that any gambler would be happy to take.

Surprisingly, pirates are also less likely to encounter a simple friendly warning than they were last year too. The “Six Strikes” Copyright Alerts System operated by the MPAA and RIAA, that set out to advise large volumes of pirates using notices sent via their ISPs, was discontinued in January. Those behind it gave in, for reasons unknown.

This means that millions of torrent users – despite exposing their IP addresses in public while sharing copyrighted content – are doing so without significant problems. Nevertheless, large numbers are also taking precautions, by using anonymization technologies including VPNs.

That’s not to say that their actions are legal – they’re not – but outside the few thousand people caught up in trolls’ nets each year, the vast and overwhelming majority of torrent users (which number well over 100 million) are pirating with impunity.

In the UK, not even trolling is a problem anymore. After a few flurries that seemed to drag on longer than they should, copyright trolls appear to have left the country for more lucrative shores. No cases have gone through the courts in recent times which means that UK users are torrenting pretty much whatever they like, with no legal problems whatsoever.

It’s important to note though, that their actions aren’t going unnoticed. Unlike the United States, the UK has a warning system in place. This means that a few thousand customers of a handful of ISPs are receiving notices each month informing them that their piratey behavior has been monitored by an entertainment company.

Currently, however, there are no punishments for those who are ‘caught’, even when they’re accused of pirating on a number of occasions. At least so far, it seems that the plan is to worry pirates into submission and in some cases that will probably work. Nevertheless, things can easily change when records are being kept on this scale.

Germany aside (which is overrun with copyright trolling activity), a handful of other European countries have also endured relatively small troll problems (Finland, Sweden, Denmark) but overall, file-sharers go about their business as usual across the continent. There are no big projects in any country aiming to punish large numbers of BitTorrent users and only France has an active warning notice program.

Canada and Australia have also had relatively small problems with copyright trolls (the former also has a fairly toothless ISP warning system) but neither country is considered a particularly ‘dangerous’ place to share files using BitTorrent. Like the United States, UK, and Europe, the chances of getting prosecuted for infringement are very small indeed.

Why such little enforcement?

There are a number of reasons for the apparent lack of interest in BitTorrent users but a few bubble up to the top. Firstly, there’s the question of resources required to tackle millions of users. Obviously, some scare tactics could be deployed by hitting a few people hard, but it feels like most companies have moved beyond that thinking.

That’s partly due to the more recent tendency of entertainment groups and governments to take a broader view of infringement, hitting it at its source by strangling funds to pirate sites, hitting their advertisers, blocking their websites, and attempting to forge voluntary anti-piracy schemes with search engines.

It’s also worth noting that huge numbers of people are routinely protecting themselves with VPN-like technology, which allows them to move around the Internet with much improved levels of privacy. Just recently, anti-piracy outfit Rightscorp partly blamed this for falling revenues.

Importantly, however, the nature of infringement has been changing for some time too.

A few years ago, most people were getting their movies and music from torrent sites but now they’re more likely to be obtaining their fix from a streaming source. Accessing the top blockbusters via a streaming site (perhaps via Kodi) is for the most part untraceable, as is grabbing music from one of the hundreds of MP3 portals around today.

But as recent news revealed, why bother with ‘pirate’ sites when people can simply rip music from sites like YouTube?

So-called stream-ripping is now blamed for huge swathes of piracy and as a result, torrent sites get far fewer mentions from anti-piracy groups than they did before.

While still a thorn in their side, it wouldn’t be a stretch to presume that torrent sites are no longer considered the primary problem they once were, at least in respect of music. Now, the ‘Value Gap‘ is more of a headache.

So, in a nutshell, the millions of people obtaining and sharing copyrighted content using BitTorrent are still taking some risks in every major country, and those need to be carefully weighed.

The activity is illegal almost everywhere, punishable in both civil and criminal courts, and has the potential to land people with big fines and even a jail sentence, if the scale of sharing is big enough.

In truth, however, the chances of the man in the street getting caught are so slim that many people don’t give the risks a second thought. That said, even people who drive 10mph over the limit get caught once in a while, so those that want to keep a clean sheet online often get a VPN and reduce the risks to almost 0%.

For people who stream, life is much less complicated. Streaming movies, TV shows or music from an illicit source is untraceable by any regular means, which up to now has made it almost 100% safe. Notably, there hasn’t been a single prosecution of a user who streamed infringing content anywhere in the world. In the EU it is illegal though, so something might happen in future, potentially…..possibly…..at some point….maybe.

And here’s the thing. While this is the general position today, the ‘market’ is volatile and has the ability to change quickly. A case could get filed in the US or UK next week, each targeting 50,000 BitTorrent users for downloading something that came out months ago. Nobody knows for sure so perhaps the best analogy is the one drummed into kids during high-school sex education classes.

People shouldn’t put themselves at risk at all but if they really must, they should take precautions. If they don’t, they could easily be the unlucky one and that is nearly always miserable.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hollywood Wants Governments to Push Voluntary Anti-Piracy Deals

Post Syndicated from Ernesto original https://torrentfreak.com/hollywood-wants-governments-to-push-voluntary-anti-piracy-deals-170704/

The ever-present threat of online piracy remains a hot topic in Hollywood.

A lot has changed over the years. Piracy is arguably more mainstream now with easy to use streaming sites and tools, and site owners have become more skilled at evading various enforcement efforts.

Most sites have multiple domain names at their disposal, for example, as well as access to hosting facilities that are more responsive to complaints from rightsholders.

According to Hollywood’s MPAA, cross-border cooperation with various third-party intermediaries is required to curb piracy. The group has promoted this agenda for a while and is now reemphasizing the need for governments to facilitate these kinds of deals.

In a statement prepared for an upcoming meeting of WIPO’s Advisory Committee on Enforcement, MPAA’s Global Content Protection chief Dean Marks states that voluntary agreements are essential in their fight against piracy.

These agreements will help to adapt to the evolving piracy landscape, much quicker than copyright legislation can.

“Unlike laws and regulations, voluntary measures can quickly be adapted to address changing forms of online piracy. Such measures benefit not only rightsholders, but also internet intermediaries, service providers, governments and individual users of the internet,” Marks notes.

“Voluntary measures should therefore be encouraged by governments as an important means of addressing online copyright piracy,” he adds (pdf).

One of the problems, according to the Hollywood group, is that piracy sites are spreading their infrastructure all over the world. They may use a domain name in one country, hosting in a few others, and a CDN on top of all that.

This cross-border threat can often not be dealt with in a single country or by a single company. It requires cooperation from a wide variety of third-party intermediaries, including search engines and hosting providers.

“Clearly this new paradigm of infringement strains the foundational notion of territoriality of copyright law and increases the difficulty of effectively enforcing copyrights,” Marks writes.

“Hosting providers, domain name registries and registrars, CDNs, cloud storage services and even internet access providers and search engines all can serve a constructive role by adopting measures to prevent their platforms and services from being abused for copyright infringement.”

The MPAA has thus far struck two voluntary deals with the domain name registries Donuts and Radix. This allows the anti-piracy group to report infringing domain names, which may then be removed. Thus far this has resulted in 25 domain name suspensions, but the MPAA would like to broaden its scope and partner with more registries.

Hosting companies, CDNs such as Cloudflare, and search engines can also do more to curb copyright infringements. Ultimately this will be in their own interest, the MPAA says. These companies do not want to be associated with piracy or face tougher legislation when governments step in.

“…many companies do not wish to be associated with those engaged in illegal activities, including copyright pirates. Moreover, turning a blind eye to doing business with pirate websites can result in damaging repercussions.

“In the United States of America (USA), for example, intermediaries have been named as unindicted co-conspirators in criminal copyright prosecutions,” Marks notes.

MPAA’s Global Content Protection chief suggests a few ways governments can intervene. They could host hearings to facilitate cooperation, for example. Another option is to adopt laws or regulations that foster cooperation.

Finally, Marks notes that authorities can instruct law enforcement agencies to “work with” internet intermediaries and service providers to adopt voluntary anti-piracy measures, similar to the ones in place with City of London Police and its piracy watch list for advertisers.

Previously the MPAA has offered similar suggestions to the US Government. While this may have had some effect, many companies are still reluctant to jump on board.

Companies such as Google, CloudFlare and ICANN don’t believe they are required to proactively enforce against piracy on a broad scale, and it likely requires a massive push to change their perspective.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Putin Signs Law to Remove Pirate Proxies From Search Engines

Post Syndicated from Andy original https://torrentfreak.com/putin-signs-law-remove-pirate-proxies-search-engines-170703/

In its battle control the flow of copyrighted content on the Internet, Russia is creating new legislation at a faster rate than almost any other country today.

Not only is the country becoming a leader when it comes to blocking, but it’s also positioning itself to handle future threats.

Part of that is dealing with the endless game of whac-a-mole that emerges when a site or service is blocked following the orders of the Moscow Court. Very quickly new domains appear, that either provide proxy access, mirror the contents of the original, or present that same content in a new format.

These techniques have allowed pirates to quickly recover from most legal action. However, a new law just signed by the Russian president aims to throw a significant wrench in the works.

After being adopted by the State Duma on June 23 and approved by the Federation Council June 28, on Saturday July 1 Vladimir Putin signed a new law enabling the country to quickly crack down on sites designed to present content in new ways, in order to circumvent blockades.

The legislation deals with all kinds of derivative sites, including those that are “confusingly similar to a site on the Intenet, to which access is restricted by a decision of the Moscow City Court in connection with the repeated and improper placement of information containing objects of copyright or related rights, or the information needed to obtain them using the Internet.”

As usual, copyright holders will play an important role in identifying such sites, but the final categorization as a derivative, mirror, or reverse proxy will be the responsibility of the Ministry of Communications. That government department will be given 24 hours to make the determination following a complaint.

From there, the Ministry will send a notification in both Russian and English to the operator of the suspected pirate site. Telecoms watchdog Roskomnadzor will also receive a copy before ordering ISPs to block the sites within 24 hours.

In an effort to make the system even more robust, both original pirate sites and any subsequent derivatives are also being made harder to find.

In addition to ISP blockades, the law requires search engines to remove all blocked sites from search results, so Googling for ‘pirate bay mirror’ probably won’t be as successful in future. All advertising that informs Internet users of where a blocked site can be found must also be removed.

The new law comes into force on October 1, 2017.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

New Lawsuit Demands ISP Blockades Against ‘Pirate’ Site Sci-Hub

Post Syndicated from Ernesto original https://torrentfreak.com/new-lawsuit-demands-isp-blockades-against-pirate-site-sci-hub-170629/

Founded more than 140 years ago, the American Chemical Society (ACS) is a leading source of academic publications in the field of chemistry.

The non-profit organization has around 157,000 members and researchers publish tens of thousands of articles a year in its peer-reviewed journals.

ACS derives a significant portion of its revenue from its publishing work, which is in large part behind a paywall. As such, it is not happy with websites that offer their copyrighted articles for free, such as Sci-Hub.

The deviant ‘pirate site’ believes that all scientific articles should be open to the public, as that’s in the best interest of science. While some academics are sympathetic to the goal, publishers share a different view.

Just last week Sci-Hub lost its copyright infringement case against Elsevier, and now ACS is following suit with a separate case. In a complaint filed in a Virginia District Court, the scientific society demands damages for Sci-Hub’s copyright and trademark infringements.

According to the filing, Sci-Hub has “stolen Plaintiff’s copyright-protected scientific articles and reproduced and distributed them on the Internet without permission.”

ACS points out that Sci-Hub is operating two websites that are nearly identical to the organization’s official site, located at pubs.acs.org.sci-hub.cc and acs.org.secure.sci-hub.cc. These are confusing to the public, they claim, and also an infringement of its copyrights and trademarks.

“The Pirated/Spoofed Site appears to almost completely replicate the content of Plaintiff’s website. For example, the Pirated/Spoofed Site replicates webpages on ACS’s history, purpose, news, scholarship opportunities, and budget,” the complaint (pdf) reads.

“Each of these pages on the Pirated/Spoofed Site contains ACS’s Copyrighted Works and the ACS Marks, creating the impression that the Pirated/Spoofed Site is associated with ACS.”

From the ACS complaint

By offering its articles for free and mimicking the ACS website, Sci-Hub is in direct competition with the scientific society. As a result, ACS claims to lose revenue.

“Defendants are attempting to divert users and revenues away from ACS by replicating and distributing ACS’s Copyrighted Works without authorization,” the complaint reads.

With the lawsuit, ACS hopes to recoup the money it claims to have lost. It’s likely that the total damages amount will run in the millions. However, if the defendants stay out of reach, this might be hard to collect.

Perhaps this is why the current lawsuit has included a request for a broader injunction against Sci-Hub. Not only does it ask for domain name seizures, but the scientific society also wants search engines, web hosting companies and general Internet providers to block access to the site.

“That those in privity with Defendants and those with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries cease facilitating access to any or all domain names and websites through which Defendants engage in unlawful access to, use, reproduction, and distribution of the ACS Marks or ACS’s Copyrighted Works,” it reads.

If granted, it would mean that Internet providers such as Comcast would have to block users from accessing Sci-Hub. That’s a big deal since pirate site blockades are not common in the United States.

It might very well be that ACS is not expecting any compensation for the alleged copyright and trademark infringements, but that the broad injunction is their main goal. If that is the case, this case could turn out to be more crucial than it looks at first sight.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Canada’s Supreme Court Orders Google to Remove Search Results Worldwide

Post Syndicated from Andy original https://torrentfreak.com/canadas-supreme-court-orders-google-remove-search-results-worldwide-170629/

Back in 2014, the case of Equustek Solutions Inc. v. Jack saw two Canadian entities battle over stolen intellectual property used to manufacture competing products.

Google had no direct links to the case, yet it became embroiled when Equustek Solutions claimed that Google’s search results helped to send visitors to websites operated by the defendants (former Equustek employees) who were selling unlawful products.

Google voluntarily removed links to the sites from its Google.ca (Canada) results, but Equustek demanded a more comprehensive response. It got one.

In a ruling handed down by a court in British Columbia, Google was ordered to remove the infringing websites’ listings from its central database in the United States, meaning that the ruling had worldwide implications.

Google filed an appeal hoping for a better result, arguing that it does not operate servers in British Columbia, nor does it operate any local offices. It also questioned whether the injunction could be enforced outside Canada’s borders.

Ultimately, the British Columbia Court of Appeal disappointed the search giant. In a June 2015 ruling, the Court decided that Google does indeed do business in the region. It also found that a decision to restrict infringement was unlikely to offend any overseas nation.

“The plaintiffs have established, in my view, that an order limited to the google.ca search site would not be effective. I am satisfied that there was a basis, here, for giving the injunction worldwide effect,” Justice Groberman wrote.

Undeterred, Google took its case all the way to the Supreme Court of Canada, hoping to limit the scope of the injunction by arguing that it violates freedom of expression. That effort has now failed.

In a 7-2 majority decision released Wednesday, Google was branded a “determinative player” in facilitating harm to Equustek.

“This is not an order to remove speech that, on its face, engages freedom of expression values, it is an order to de-index websites that are in violation of several court orders,” wrote Justice Rosalia Abella.

“We have not, to date, accepted that freedom of expression requires the facilitation of the unlawful sale of goods.”

With Google now required to delist the sites on a global basis, the big question is what happens when other players attempt to apply the ruling to their particular business sector. Unsurprisingly that hasn’t taken long.

The International Federation of the Phonographic Industry (IFPI), which supported Equustek’s position in the long-running case, welcomed the decision and said that Google must “take on the responsibility” to ensure it does not direct users to illegal sites.

“Canada’s highest court has handed down a decision that is very good news for rights holders both in Canada and around the world. Whilst this was not a music piracy case, search engines play a prominent role in directing users to illegal content online including illegal music sites,” said IFPI CEO, Frances Moore.

“If the digital economy is to grow to its full potential, online intermediaries, including search engines, must play their part by ensuring that their services are not used to facilitate the infringement of intellectual property rights.”

Graham Henderson, President and CEO of Music Canada, which represents Sony, Universal, Warner and others, also welcomed the ruling.

“Today’s decision confirms that online service providers cannot turn a blind eye to illegal activity that they facilitate; on the contrary, they have an affirmative duty to take steps to prevent the Internet from becoming a black market,” Henderson said.

But for every voice of approval from groups like IFPI and Music Canada, others raised concerns over the scope of the decision and its potential to create a legal and political minefield. In particular, University of Ottawa professor Michael Geist raised a number of interesting scenarios.

“What happens if a Chinese court orders [Google] to remove Taiwanese sites from the index? Or if an Iranian court orders it to remove gay and lesbian sites from the index? Since local content laws differ from country to country, there is a great likelihood of conflicts,” Geist said.

But rather than painting Google as the loser in this battle, Geist believes the decision actually grants the search giant more power.

“When it comes to Internet jurisdiction, exercising restraint and limiting the scope of court orders is likely to increase global respect for the law and the effectiveness of judicial decisions. Yet this decision demonstrates what many have feared: the temptation for courts will be to assert jurisdiction over online activities and leave it to the parties to sort out potential conflicts,” Geist says.

“In doing so, the Supreme Court of Canada has lent its support to global takedowns and vested more power in Internet intermediaries, who may increasingly emerge as the arbiters of which laws to follow online.”

Only time will tell how Google will react, but it’s clear there will be plenty of entities ready to test the limits and scope of the company’s responses to the ruling.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Banning VPNs and Proxies is Dangerous, IT Experts Warn

Post Syndicated from Andy original https://torrentfreak.com/banning-vpns-and-proxies-is-dangerous-it-experts-warn-170623/

In April, draft legislation was developed to crack down on systems and software that allow Russian Internet users to bypass website blockades approved by telecoms watchdog Roskomnadzor.

Earlier this month the draft bill was submitted to the State Duma, the lower house of the Russian parliament. If passed, the law will make it illegal for services to circumvent web blockades by “routing traffic of Russian Internet users through foreign servers, anonymous proxy servers, virtual private networks and other means.”

As the plans currently stand, anonymization services that fail to restrict access to sites listed by telecoms watchdog Rozcomnadzor face being blocked themselves. Sites offering circumvention software for download also face potential blacklisting.

This week the State Duma discussed the proposals with experts from the local Internet industry. In addition to the head of Rozcomnadzor, representatives from service providers, search engines and even anonymization services were in attendance. Novaya Gazeta has published comments (Russian) from some of the key people at the meeting and it’s fair to say there’s not a lot of support.

VimpelCom, the sixth largest mobile network operator in the world with more than 240 million subscribers, sent along Director for Relations with Government, Sergey Malyanov. He wondered where all this blocking will end up.

“First we banned certain information. Then this information was blocked with the responsibility placed on both owners of resources and services. Now there are blocks on top of blocks – so we already have a triple effort,” he said.

“It is now possible that there will be a fourth iteration: the block on the block to block those that were not blocked. And with that, we have significantly complicated the law and the activities of all the people affected by it.”

Malyanov said that these kinds of actions have the potential to close down the entire Internet by ruining what was once an open network running standard protocols. But amid all of this, will it even be effective?

“The question is not even about the losses that will be incurred by network operators, the owners of the resources and the search engines. The question is whether this bill addresses the goal its creators have set for themselves. In my opinion, it will not.”

Group-IB, one of the world’s leading cyber-security and threat intelligence providers, was represented CEO Ilya Sachkov. He told parliament that “ordinary respectable people” who use the Internet should always use a VPN for security. Nevertheless, he also believes that such services should be forced to filter sites deemed illegal by the state.

But in a warning about blocks in general, he warned that people who want to circumvent them will always be one step ahead.

“We have to understand that by the time the law is adopted the perpetrators will already find it very easy to circumvent,” he said.

Mobile operator giant MTS, which turns over billions of dollars and employs 50,000+ people, had their Vice-President of Corporate and Legal Affairs in attendance. Ruslan Ibragimov said that in dealing with a problem, the government should be cautious of not causing more problems, including disruption of a growing VPN market.

“We have an understanding that evil must be fought, but it’s not necessary to create a new evil, even more so – for those who are involved in this struggle,” he said.

“Broad wording of this law may pose a threat to our network, which could be affected by the new restrictive measures, as well as the VPN market, which we are currently developing, and whose potential market is estimated at 50 billion rubles a year.”

In its goal to maintain control of the Internet, it’s clear that Russia is determined to press ahead with legislative change. Unfortunately, it’s far from clear that there’s a technical solution to the problem, but if one is pursued regardless, there could be serious fallout.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

BPI Breaks Record After Sending 310 Million Google Takedowns

Post Syndicated from Andy original https://torrentfreak.com/bpi-breaks-record-after-sending-310-million-google-takedowns-170619/

A little over a year ago during March 2016, music industry group BPI reached an important milestone. After years of sending takedown notices to Google, the group burst through the 200 million URL barrier.

The fact that it took BPI several years to reach its 200 million milestone made the surpassing of the quarter billion milestone a few months later even more remarkable. In October 2016, the group sent its 250 millionth takedown to Google, a figure that nearly doubled when accounting for notices sent to Microsoft’s Bing.

But despite the volumes, the battle hadn’t been won, let alone the war. The BPI’s takedown machine continued to run at a remarkable rate, churning out millions more notices per week.

As a result, yet another new milestone was reached this month when the BPI smashed through the 300 million URL barrier. Then, days later, a further 10 million were added, with the latter couple of million added during the time it took to put this piece together.

BPI takedown notices, as reported by Google

While demanding that Google places greater emphasis on its de-ranking of ‘pirate’ sites, the BPI has called again and again for a “notice and stay down” regime, to ensure that content taken down by the search engine doesn’t simply reappear under a new URL. It’s a position BPI maintains today.

“The battle would be a whole lot easier if intermediaries played fair,” a BPI spokesperson informs TF.

“They need to take more proactive responsibility to reduce infringing content that appears on their platform, and, where we expressly notify infringing content to them, to ensure that they do not only take it down, but also keep it down.”

The long-standing suggestion is that the volume of takedown notices sent would reduce if a “take down, stay down” regime was implemented. The BPI says it’s difficult to present a precise figure but infringing content has a tendency to reappear, both in search engines and on hosting sites.

“Google rejects repeat notices for the same URL. But illegal content reappears as it is re-indexed by Google. As to the sites that actually host the content, the vast majority of notices sent to them could be avoided if they implemented take-down & stay-down,” BPI says.

The fact that the BPI has added 60 million more takedowns since the quarter billion milestone a few months ago is quite remarkable, particularly since there appears to be little slowdown from month to month. However, the numbers have grown so huge that 310 billion now feels a lot like 250 million, with just a few added on top for good measure.

That an extra 60 million takedowns can almost be dismissed as a handful is an indication of just how massive the issue is online. While pirates always welcome an abundance of links to juicy content, it’s no surprise that groups like the BPI are seeking more comprehensive and sustainable solutions.

Previously, it was hoped that the Digital Economy Bill would provide some relief, hopefully via government intervention and the imposition of a search engine Code of Practice. In the event, however, all pressure on search engines was removed from the legislation after a separate voluntary agreement was reached.

All parties agreed that the voluntary code should come into effect two weeks ago on June 1 so it seems likely that some effects should be noticeable in the near future. But the BPI says it’s still early days and there’s more work to be done.

“BPI has been working productively with search engines since the voluntary code was agreed to understand how search engines approach the problem, but also what changes can and have been made and how results can be improved,” the group explains.

“The first stage is to benchmark where we are and to assess the impact of the changes search engines have made so far. This will hopefully be completed soon, then we will have better information of the current picture and from that we hope to work together to continue to improve search for rights owners and consumers.”

With more takedown notices in the pipeline not yet publicly reported by Google, the BPI informs TF that it has now notified the search giant of 315 million links to illegal content.

“That’s an astonishing number. More than 1 in 10 of the entire world’s notices to Google come from BPI. This year alone, one in every three notices sent to Google from BPI is for independent record label repertoire,” BPI concludes.

While it’s clear that groups like BPI have developed systems to cope with the huge numbers of takedown notices required in today’s environment, it’s clear that few rightsholders are happy with the status quo. With that in mind, the fight will continue, until search engines are forced into compromise. Considering the implications, that could only appear on a very distant horizon.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

snitch – Information Gathering Tool Via Dorks

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/i9qgH9CxYJ0/

Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can…

Read the full post at darknet.org.uk

Bill to Ban VPNs & Unmask Operators Submitted to Russia’s Parliament

Post Syndicated from Andy original https://torrentfreak.com/bill-to-ban-vpns-unmask-operators-submitted-to-russias-parliament-170609/

Website blocking in Russia is becoming a pretty big deal. Hundreds of domains are now blocked at the ISP level for a range of issues from copyright infringement through to prevention of access to extremist material.

In common with all countries that deploy blocking measures, there is a high demand in Russia for services and software that can circumvent blockades. As a result, VPNs, proxies, mirror sites and dedicated services such as Tor are growing in popularity.

Russian authorities view these services as a form of defiance, so for some time moves have been underway to limit their effectiveness. Earlier this year draft legislation was developed to crack down on systems and software that allow Internet users to bypass website blockades approved by telecoms watchdog Roskomnadzor.

This week the draft bill was submitted to the State Duma, the lower house of the Russian parliament. If passed, it will effectively make it illegal for services to circumvent web blockades by “routing traffic of Russian Internet users through foreign servers, anonymous proxy servers, virtual private networks and other means.”

As it stands, the bill requires local telecoms watchdog Rozcomnadzor to keep a list of banned domains while identifying sites, services, and software that provide access to them. Once the bypassing services are identified, Rozcomnadzor will send a notice to their hosts, giving them a 72-hour deadline to reveal the identities of their operators.

After this stage is complete, the host will be given another three days to order the people running the circumvention-capable service to stop providing access to banned domains. If the service operator fails to comply within 30 days, all Internet service providers will be required to block access to the service and its web presence, if it has one.

This raises the prospect of VPN providers and proxies being forced to filter out traffic to banned domains to stay online. How this will affect users of Tor will remain to be seen, since there is no way to block domains. Furthermore, sites offering the software could also be blocked, if they continue to offer the tool.

Also tackled in the bill are search engines such as Google and Yandex that provide links in their indexes to banned resources. The proposed legislation will force them to remove all links to sites on Rozcomnadzor’s list, with the aim of making them harder to find.

However, Yandex believes that if sites are already blocked by ISPs, the appearance of their links in search results is moot.

“We believe that the laying of responsibilities on search engines is superfluous,” a spokesperson said.

“Even if the reference to a [banned] resource does appear in search results, it does not mean that by clicking on it the user will get access, if it was already blocked by ISPs or in any other ways.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

John Oliver is wrong about Net Neutrality

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/05/john-oliver-is-wrong-about-net.html

People keep linking to John Oliver bits. We should stop doing this. This is comedy, but people are confused into thinking Oliver is engaging in rational political debate:
Enlightened people know that reasonable people disagree, that there’s two sides to any debate. John Oliver’s bit erodes that belief, making one side (your side) sound smart, and the other side sound unreasonable.
The #1 thing you should know about Net Neutrality is that reasonable people disagree. It doesn’t mean they are right, only that they are reasonable. They aren’t stupid. They aren’t shills for the telcom lobby, or confused by the telcom lobby. Indeed, those opposed to Net Neutrality are the tech experts who know how packets are routed, whereas the supporters tend only to be lawyers, academics, and activists. If you think that the anti-NetNeutrality crowd is unreasonable, then you are in a dangerous filter bubble.
Most everything in John Oliver’s piece is incorrect.
For example, he says that without Net Neutrality, Comcast can prefer original shows it produces, and slow down competing original shows by Netflix. This is silly: Comcast already does that, even with NetNeutrality rules.
Comcast owns NBC, which produces a lot of original shows. During prime time (8pm to 11pm), Comcast delivers those shows at 6-mbps to its customers, while Netflix is throttled to around 3-mbps. Because of this, Comcast original shows are seen at higher quality than Netflix shows.
Comcast can do this, even with NetNeutrality rules, because it separates its cables into “channels”. One channel carries public Internet traffic, like Netflix. The other channels carry private Internet traffic, for broadcast TV shows and pay-per-view.
All NetNeutrality means is that if Comcast wants to give preference to its own contents/services, it has to do so using separate channels on the wire, rather than pushing everything over the same channel. This is a detail nobody tells you because NetNeutrality proponents aren’t techies. They are lawyers and academics. They maximize moral outrage, while ignoring technical details.
Another example in Oliver’s show is whether search engines like Google or the (hypothetical) Bing can pay to get faster access to customers. They already do that. The average distance a packet travels on the web is less than 100-miles. That’s because the biggest companies (Google, Facebook, Netflix, etc.) pay to put servers in your city close to you. Smaller companies, such as search engine DuckDuckGo.com, also pay third-party companies like Akamai or Amazon Web Services to get closer to you. The smallest companies, however, get poor performance, being a thousand miles away.
You can test this out for yourself. Run a packet-sniffer on your home network for a week, then for each address, use mapping tools like ping and traceroute to figure out how far away things are.
The Oliver bit mentioned how Verizon banned Google Wallet. Again, technical details are important here. It had nothing to do with Net Neutrality issues blocking network packets, but only had to do with Verizon-branded phones blocking access to the encrypted enclave. You could use Google Wallet on unlocked phones you bought separately. Moreover, market forces won in the end, with Google Wallet (aka. Android Wallet) now the preferred wallet on their network. In other words, this incident shows that the “free market” fixes things in the long run without the heavy hand of government.
Oliver shows a piece where FCC chief Ajit Pai points out that Internet companies didn’t do evil without Net Neutrality rules, and thus NetNeutrality rules were unneeded. Oliver claimed this was a “disingenuous” argument. No, it’s not “disingenuous”, it entirely the point of why Net Neutrality is bad. It’s chasing theoretical possibility of abuse, not the real thing. Sure, Internet companies will occasionally go down misguided paths. If it’s truly bad, customers will rebel. In some cases, it’s not actually a bad thing, and will end up being a benefit to customers (e.g. throttling BitTorrent during primetime would benefit most BitTorrent users). It’s the pro-NetNeutrality side that’s being disingenuous, knowingly trumping up things as problems that really aren’t.
The point is this. The argument here is a complicated one, between reasonable sides. For humor, John Oliver has created a one-sided debate that falls apart under any serious analysis. Those like the EFF should not mistake such humor for intelligent technical debate.

Australia Readies New Copyright Safe Harbor Consultation

Post Syndicated from Andy original https://torrentfreak.com/australia-readies-new-copyright-safe-harbor-consultation-170427/

Unlike in the United States where so-called safe harbor provisions apply to Internet service providers and online platforms such as Google and Facebook, Australia’s system offers reduced protection for the latter group.

To put the country on a similar footing as other technologically advanced nations, amendments were proposed to Australia’s Copyright Act that would’ve seen enhanced safe harbor assurances for platforms including search engines and social networks.

Last month, however, the government dropped the amendments before they were due to be introduced to parliament. That came as a surprise, particularly as Prime Minister Malcolm Turnbull had given the proposals his approval just a week earlier.

While business startup advocates were disappointed by the move, copyright holders welcomed the decision, with Dan Rosen, chief executive of the Australian Recording Industry Association, calling for a “full, independent and evidence-based review” in advance of similar future proposals. Just a month later and that seems a likely outcome.

In a statement delivered by Minister for Communications Mitch Fifield, the government has now announced a further consultation on extending the safe harbor provisions of the Copyright Act.

“An expanded safe harbor regime would provide a useful mechanism for rights holders to have material that infringes their copyright removed from online service providers,” Fifield said.

“An expanded regime would also ensure that service providers are not held responsible for the infringing actions of their users, provided they take reasonable steps to take down material that infringes copyright.”

The minister said that the government intends to “proceed carefully” to ensure that any legislation achieves the above objectives while balancing the need to grow Australia’s digital economy and supporting the needs of creators and copyright holders.

The Department of Communications will now oversee a series of meetings and roundtable discussions with stakeholders, prior to delivering advice to the government by early June 2017.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Russia Plans To Ban VPNs & Proxies That Unblock Blocked Sites

Post Syndicated from Andy original https://torrentfreak.com/russia-plans-to-ban-vpns-proxies-that-unblock-blocked-sites-170420/

When it comes to blocking websites, Russia is quickly emerging as a world leader. Tens of thousands of resources are now blocked in the country on copyright infringement and a wide range of other grounds.

Of course, Russian citizens are not always prepared to be constrained by their government, so large numbers of people regularly find ways to circumvent ISP blockades. The tools and methods deployed are largely the same as those used in the West, including VPNs, proxies, mirror sites and dedicated services such as Tor.

To counter this defiance, the Russian government has been considering legislation to tackle sites, tools and services that provide Internet users with ways to circumvent blockades. According to local news outlet Vedomosti, that has now resulted in a tough new bill.

Russia’s plan is to issue a nationwide ban on systems and software that allow Internet users to bypass website blockades previously approved by telecoms watchdog Roskomnadzor. This means that if a VPN, proxy or similar tool unblocks torrent site RuTracker, for example, it will be breaking the law. As a result, it too will find itself on Russia’s banned site list.

The publication says it has confirmed the bill’s existence with a federal official and several Internet service provider sources.

The technical aspects of the bill were reportedly formulated by lawyers working for the Media Communications Union (MCU), a trade group established by the largest media companies in the country. The MCU has a particular interest in ensuring that web users do not bypass pirate site blockades by using anonymous web-based CGI proxies.

The bill does give VPN and proxy providers some remove for maneuver. If they are configured to prevent access to all domains present in Russia’s banned resources list, it appears they can avoid legal issues. However, for VPN services which pride themselves on not monitoring user traffic, censoring certain sites could provoke a backlash and undermine credibility.

As previously reported, Russia also has search engines in its sights. It wants to prevent links to banned sites appearing in search results, claiming that these encourage people to access banned material.

The new bill reportedly lays out a new framework which will force search engines to remove such links. Failing to do so could result in fines of up to $12,400 per breach, clearly a significant issue for companies such as Google and local search giant Yandex.

“We believe that the laying of responsibilities on search engines is superfluous,” a Yandex spokesperson said.

“Even if the reference to a [banned] resource does appear in search results, it does not mean that by clicking on it the user will get access, if it was already blocked by ISPs or in any other ways.”

This morning, the bill was discussed at the Russian Internet Forum (RIF). While it’s aim of reducing copyright infringement was understood, there were concerns that the bill could affect negatively effect the rights of Internet users.

“Naturally, we are against the spread of illegal content, but the law does not violate the rights and freedoms of citizens to access information,” says Sergey Grebennikov, director of the Regional Public Center of Internet Technologies.

“Yes, there is a ‘gray zone’ used to carry out illegal activities and the distribution of illegal content using a CGI proxies, but it does not mean that legitimate users have to suffer. It is also important to note that the laws do not violate the rights of users who choose the safe use of the Internet, for example, by using a VPN connection,” Grebennikov concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Russian MP Says She Loves Torrents, Hates Web Blockades

Post Syndicated from Andy original https://torrentfreak.com/russian-mp-says-she-loves-torrents-hates-web-blockades-170417/

From Canada through the United States, to the UK, Europe, and beyond, few politicians want to be seen supporting copyright infringement.

With the notable exception of the Pirate Party, for most politicians, piracy is something to fight against, not promote. Over in Russia, however, they like to do things a little bit differently.

On the one hand, the country is cracking down really hard on pirate sites, blocking them left and right while planning new legislation that will hold social networks liable for the piracy of their users. On the other, we have Senator Lyudmila Bokova who didn’t get the memo.

Speaking at the “Internet and Law” event organized by Russian news outlet Kommersant, the Federation Council member steered away from criticism to endorse piracy as a convenient and cost-effective method of obtaining content.

“I like to use torrents because they provide the ability to download information quickly and cheaply,” Bokova said.

“To go to the cinema today – just look at the price of tickets: 1000 rubles ($17.78). For a family of three people go to the movies it’s 3,000 rubles ($53.34) from the budget. It’s expensive. A torrent is cheap.”

But the Senator, who served as deputy chairman of the Federation Council Committee on Constitutional Legislation and State Building, didn’t stop there.

Speaking with RNS, Bokova condemned Russia’s plans to block pirate sites without a trial. She criticized amendments that will force search engines such as Google and local giant Yandex to remove links to sites from search results.

“I think if we follow the path of pre-trial blocking [of pirate content and search engine links] it will create more problems in our society. I believe that in this case a court order, in my opinion, is the most correct approach,” she said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

FBI Uses BitTorrent to Find and Catch Child Porn Offenders

Post Syndicated from Ernesto original https://torrentfreak.com/fbi-uses-bittorrent-to-find-and-catch-child-porn-offenders-170415/

To combat the distribution of child pornography on the Internet, U.S. law enforcement is using BitTorrent to track down and catch perpetrators.

File-sharing networks and tools are used to transfer all sorts of files, including pornographic footage of children.

The Department of Justice in the U.S. sees these cases as a high priority and has successfully prosecuted many cases in recent years. Several of these, were concluded with help from P2P file-sharing software.

A few years ago applications with shared folders, such as Limewire, allowed the FBI to pinpoint infringers who were actively sharing illegal content. The evidence in these cases was relatively strong and led to many convictions.

However, now that Limewire and other popular “shared folder” applications are no longer available, law enforcement has switched to BitTorrent.

While there have been similar cases before, this week we first spotted an indictment where BitTorrent was used to find someone sharing these files. In the affidavit, signed by a Homeland Security Investigations agent, the process is explained in detail.

The agent describes BitTorrent as a “very popular” file-sharing network that users typically connect to, through torrents they download from search engines such as Isohunt or The Pirate Bay.

These torrent sites don’t store any material themselves, the affidavit clarifies, but the perpetrators and law enforcement can use these sites to find illegal content.

“Law enforcement can search the BitTorrent network in order to locate individuals sharing previously identified child exploitation material in the same way a user searches this network,” the affidavit reads.

“By searching the network for these known torrents, law enforcement can quickly identify targets in the searcher’s jurisdiction.”

The FBI and other law enforcement agencies use these search engines to find torrents that are known to link to child porn. They then load the torrent files in modified torrent clients and obtain IP-addresses and other information from the associated trackers.

The software in question is modified to download complete files from a single source, so the investigator knows that the person on the other end has a full copy.

“There is law enforcement-specific BitTorrent network software which allows for single-source downloads from a computer at a single IP address, meaning that an entire file or files are downloaded only from a computer at a single IP address as opposed to obtaining the file from multiple peers/clients on the BitTorrent network.

“This procedure allows for the detection and investigation of those computers involved in sharing digital files of known or suspected child pornography on the BitTorrent network,” the affidavit adds.

In the present case a search by FBI special agent David Hand led to a Simi Valley man, who was arrested and indicted by a federal grand jury last week.

In addition to distributing child pornography, a follow-up investigation unveiled more gruesome details. The indictment alleges that the man also took 83 images and three videos of a 6-year-old girl with his iPhone.

Based on the above, the man faces lengthy prison terms for producing, distributing and possession of child pornography.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.