Tag Archives: sweden

Inside ‘The Attack That Almost Broke the Internet’

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/

In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystanders in the process. Here’s a never-before-seen look at how that attack unfolded, and a rare glimpse into the shadowy cybercrime forces that orchestrated it.

The following are excerpts taken verbatim from a series of Skype and IRC chat room logs generated by a group of “bullet-proof cybercrime hosts” — so called because they specialized in providing online hosting to a variety of clientele involved in spammy and scammy activities.

Facebook profile picture of Sven Olaf Kamphuis

Facebook profile picture of Sven Olaf Kamphuis

Gathered under the banner ‘STOPhaus,’ the group included a ragtag collection of hackers who got together on the 17th of March 2013 to launch what would quickly grow to a 300+Gigabits per second (Gbps) attack on Spamhaus.org, an anti-spam organization that they perceived as a clear and present danger to their spamming operations.

The attack –a stream of some 300 billion bits of data per second — was so large that it briefly knocked offline Cloudflare, a company that specialized in helping organizations stay online in the face of such assaults. Cloudflare dubbed it “The Attack that Almost Broke the Internet.

The campaign was allegedly organized by a Dutchman named Sven Olaf Kamphuis (pictured above). Kamphuis ran a company called CB3ROB, which in turn provided services for a Dutch company called “Cyberbunker,” so named because the organization was housed in a five-story NATO bunker and because it had advertised its services as a bulletproof hosting provider.

Kamphuis seemed to honestly believe his Cyberbunker was sovereign territory, even signing his emails “Prince of Cyberbunker Republic.” Arrested in Spain in April 2013 in connection with the attack on Spamhaus, Kamphuis was later extradited to The Netherlands to stand trial. He has publicly denied being part of the attacks and his trial is ongoing.

According to investigators, Kamphuis began coordinating the attack on Spamhaus after the anti-spam outfit added to its blacklist several of Cyberbunker’s Internet address ranges. The following logs, obtained by one of the parties to the week-long game of offensive, showcases the planning and executing of the DDoS attack, including digital assaults on a number of major Internet exchanges. The record also exposes the identities and roles of each of the participants in the attack.

Please note that the logs below are excerpts from a much longer conversation. The entire, unedited chat logs are available here. The logs are periodically broken up by text in italics, which includes additional context about each snippet of conversation. Please note that the logs below may contain speech that some find offensive.

====================================================================

THE CHAT LOG MEMBERS
————————————————————
Aleksey Frolov : vainet[dot]biz, vainet[dot].ru, Russian host.
————————————————————
Alex Optik : Russian ‘BP host’. AKA NEO
————————————————————
Andrei Stanchevici : secured[dot]md Moldova
————————————————————
Cali : Vitalii Boiko AKA Vitaliyi Boyiko AKA Cali Yhzar, alleged by Spamhaus to be dedicated crime hosters urdn[dot]com.ua AKA Xentime[dot]com AKA kurupt[dot]ru
————————————————————
Darwick : Zemancsik Zsolt, 23net[dot]hu, Hungarian host.
————————————————————
eDataKing : Andrew Jacob Stephens, Ohio/Florida based spamware seller formerly listed on Spamhaus’s Register of Known Spam Operations (ROKSO). Was main social media mouthpiece of Stophaus (e.g. see @stophaus). Andrew threatens to sue everyone for libel, and is likely to show up in the comments below and do the same here.
————————————————————
Erik Bais : A2B Internet, Netherlands
————————————————————
Goo : Peter van Gorkum AKA Gooweb.nl, alleged by Spamhaus to be a botnet supplier in the Netherlands.
————————————————————
Hephaistos : AKA @AnonOps on Twitter
————————————————————
HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: Sven Olaf Kamphuis
AKA Cyberbunker AKA CB3ROB
————————————————————
Karlin König : Suavemente/SplitInfinity, San Diego based host.
————————————————————
marceledler : German hoster that Spamhaus says has a history of hosting spammers, AKA Optimate-Server[dot]de
————————————————————
Mark – Evgeny Pazderin : Russian, alleged by Spamhaus to be hoster of webinjects used for man-in-the-middle attacks (MITM) against online banking sessions.
————————————————————
Mastermind of Possibilities : Norman “Chris” Jester AKA Suavemente/SplitInfinity, alleged by Spamhaus to be San Diego based spam host.
————————————————————
Narko :Sean Nolan McDonough, UK-based teenager, trigger man in the attack. Allegedly hired by Yuri to perform the DDoS. Later pleaded guilty to coordinating the attack in 2013.
————————————————————
NM : Nikolay Metlyuk, according to Spamhaus a Russian botnet provider
————————————————————
simomchen : Simon Chen AKA idear4business counterfeit Chinese products, formerly listed on Spamhaus ROKSO.
————————————————————
Spamahost : As its name suggests, a Russian host specializing in spam, spam and spam.
————————————————————
twisted : Admin of Cyberbunker[dot]com
————————————————————
valeralelin : Valerii Lolin, infiumhost[dot]com, Ukraine
————————————————————
Valeriy Uhov : Per Spamhaus, a Russian ‘bulletproof hoster’.
————————————————————
WebExxpurts : Deepak Mehta, alleged cybercrime host specializing in hosting botnet C&Cs. AKA Turbovps (<bd[at]turbovps[dot]com>).
————————————————————
wmsecurity : off-sho[dot]re ‘Bulletproof’ hoster. Lithuania. AKA “Antitheist”. Profiled in this story.
————————————————————
Xennt : H.J. Xennt, owner of Cyberbunker.
————————————————————
Yuri : Yuri Bogdanov, owner of 2×4[dot]ru. According to Spamhaus, 2×4[dot]ru is a longtime spam friendly Russian host, formerly part of Russian Business Network (RBN). Allegedly hired Narko to launch DDoS attack against Spamhaus.
============================================================

[17.03.2013 19:51:31] eDataKing: watch the show: http://www.webhostingtalk.com/showthread.php?t=1247982
[17.03.2013 19:52:02] -= Darwick =-: hell yeah! :)
[17.03.2013 19:52:09] -= Darwick =-: hit them hard :)
[17.03.2013 19:54:07] -= Darwick =-: is that a ddos attack?
[17.03.2013 19:54:56] eDataKing: but let’s forget what it is and focus on it’s consequence lol 😉

====================================================================

A number of chat members chastise eDataKing for incessantly posting comments to what they refer to as “nanae,” a derisive reference to the venerable Google Groups anti-spam list (news.admin.et-abuse.email) that focused solely on exposing spammers and their spamming activities. eDataKing is flustered and posting on nanae with rapid-fire, emotional replies to anti-spammers, but his buddies don’t want that kind of attention to their cause.

[17.03.2013 20:27:57] Mastermind of Possibilities: Andrew why are you posting in nanae? Stop man lol

====================================================================

Some of the chat participants begin debating whether they should consider adopting residence in a country that does not play well with the United States in terms of extradition.

[18.03.2013 02:28:30] eDataKing: what about a place that takes an ex-felon from the US for citizenship or expat?

====================================================================

The plotters begin running scans to find misconfigured or ill-protected systems that can be enslaved in attacks. They’re scanning the Web for domain name servers (DNS) systems that can be used to amplify and disguise or “reflect” the source of their attacks. Narko warns Sven about trying to enlist servers hosted by Dutch ISP Leaseweb, which was known to anticipate such activity and re-route attack traffic back to the true source of the traffic.

[18.03.2013 16:39:22] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: is just global transit thats filtered with them
[18.03.2013 16:39:33] narko: they change the ip back to your real server ip
[18.03.2013 16:39:38] narko: you will ddos your own server if you try this attack at leaseweb
[18.03.2013 16:39:46] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm
[18.03.2013 16:39:50] Antitheist: what about root.lu?
[18.03.2013 16:39:54] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: very creative of them
[18.03.2013 16:39:55] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[18.03.2013 16:40:21] Antitheist: and nforce
18.03.2013 16:49:22] Antitheist: i host many cc shops, they even appeared on krebs blog 😀
[18.03.2013 16:49:27] narko: where?

At around 4 p.m. GMT that same day, Sven announces that the group’s various cyber armies had succeeded in knocking Spamhaus off the Internet. Incredibly, Sven advertises his involvement with the group to all 3,850 of his Facebook friends.

17.03.2013 22:30:01] my 3850 facebook friends <img src=” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” /> www.spamhaus.org still down, and that criminal bunch of self declared internet dictators will still remain down, until our demands are met <img src=” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” /> over 48h already <img src=” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” /> resolving your shit. end of the line buddy <img src=” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” />” class=”wp-smiley” style=”height: 1em; max-height: 1em;” /> should have called and paid for the damages.
[17.03.2013 22:25:54] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: rokso no longer exists haha
[17.03.2013 22:29:51] Mastermind of Possibilities: Where is that posted ?
[17.03.2013 22:30:01] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: my 3850 facebook friends 😛
[17.03.2013 22:30:12] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: you know, stuff people actually -use-… unlike smtp and nntp
[17.03.2013 22:30:12] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[17.03.2013 22:30:23] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP:facebook.com/cb3rob

====================================================================

Spamhaus uses a friendly blog — Wordtothewise.com — to publish an alert that it is “under major dDos.” While Spamhaus is offline, various parties to the attack begin hatching ways to take advantage by poisoning search-engine results so that when one searches for “Spamhaus,” the first several results instead redirect to Stophaus[dot]org, the forum this group set up to coordinate the attacks.

w2tw

18.03.2013 13:09:09] Alex Optik:http://www.stopspamhaus.org/2013_02_01_archive.html
[18.03.2013 13:09:35] Alex Optik: as i see there is already has same projects
[18.03.2013 13:09:59] narko: (wave)
[18.03.2013 13:10:17] eDataKing: that site is owned by a person in this group Alex
stealing seo to bump spamhaus while it’s offline 3 days
[18.03.2013 16:14:14] Antitheist: do you mind if we put spamhaus metatags on stophaus?
[18.03.2013 16:14:24] Antitheist: so we can come up first on google soon 😀
file fake info alert to ICANN
[18.03.2013 16:26:45] narko: Your report concerning whois data inaccuracy regarding the domain spamhaus.org has been confirmed. You will receive an email with further details shortly. Thank you.
[18.03.2013 16:29:26] narko: Any future correspondence sent to ICANN must contain your report ID number.
Please allow 45 days for ICANN’s WDPRS processing of your Whois inaccuracy
claim. This 45 day WDPRS processing cycle includes forwarding the complaint
to the registrar for handling, time for registrar action and follow-up by
ICANN if necessary.

====================================================================

Sven Kamphuis then posts to Pastebin about “OPERATION STOPHAUS,” a tirade that includes a lengthy list of demands Sven says Spamhaus will have to meet in order for the DDoS attack to be called off. Meanwhile, another spam-friendly hosting provider — helpfully known as “Spamahost[dot].com,” joins the chat channel. At this point, the attack has kept Spamhaus.org offline for the better part of 48 hours.

Narko's account on Stophaus.

Narko’s account on Stophaus.

[19.03.2013 00:02:43] Yuri: another one hoster, spamahost.com added.
[19.03.2013 00:02:48] Yuri: i hope he can help with some servers.
[19.03.2013 00:02:57] spamahost: Will do ^^ :)
[19.03.2013 00:05:49] eDataKing: be safe when accessing this link, but there was an edu writeup:http://isc.sans.edu/diary/Spamhaus+DDOS/15427
[19.03.2013 00:05:51] spamahost: Spamhaus can blow me.
[19.03.2013 00:06:00] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: me too 😛
[19.03.2013 00:06:20] spamahost: What software you using to send out attacks?
[19.03.2013 00:06:22] spamahost: IRC and bots?
[19.03.2013 00:06:28] Yuri: spamhaus like spamahost very very much.
[19.03.2013 00:06:35] Yuri: that’s the realy true love
[19.03.2013 00:06:37] spamahost: Yes they love us
[19.03.2013 00:38:20] Yuri: MEGALOL
[19.03.2013 00:38:27] Yuri: spamhaus is down 3 days
[19.03.2013 00:38:58] Yuri: this is the graph of our mail server http://mx1.2×4.ru/cgi-bin/mailgraph.cgi
that shows amount of spam rejected by our mail server.
last days there are much less SPAm
[19.03.2013 00:39:13] Yuri: http://mail.2×4.ru same graph here.

====================================================================

The Stophaus members discover that Spamhaus is now protected by Cloudflare. This amuses the Stophaus members, who note that Spamhaus has frequently listed large swaths of Cloudflare Internet addresses as sources of spam.

cloudflare

[19.03.2013 00:47:07] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: cloudflare
[19.03.2013 00:47:48] Antitheist: fuck who would believe
[19.03.2013 00:48:10] Antitheist: after they listed all cloudlares /24 for being criminal supportive because of free reverse proxying
[19.03.2013 00:49:11] Antitheist: here we go again…
[19.03.2013 00:49:12] Antitheist: http://www.spamhaus.org/sbl/query/SBL179312
[19.03.2013 00:49:14] Antitheist: lol
[19.03.2013 00:49:46] Antitheist: it had been officialy bought…b-o-u-g-h-t
[19.03.2013 00:50:45] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm
[19.03.2013 00:50:57] Antitheist: narko?
[19.03.2013 00:51:11] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: k… just take down the spamhaus.org nameservers…all 8 of em
[19.03.2013 00:51:22] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: after all the client on cloudflare is ‘spamhaus.eu’
[19.03.2013 00:51:33] Cali: spamhaus under cloudflare?
[19.03.2013 00:51:35] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: they still need the spamhaus.org nameservers for that and their shitlist to work
[19.03.2013 00:51:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: yeah with spamhaus.eu
[19.03.2013 00:51:46] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: which is a cname to spamhaus.org
[19.03.2013 00:51:59] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: so just take out the 8 spamhaus nameservers and stop targetting the old website
[19.03.2013 00:52:09] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: that ALSO takes out their dns shitlists…
[19.03.2013 00:52:12] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: indirectly
[19.03.2013 00:52:22] Yuri: that’s a fuck. a lot of work for us
[19.03.2013 00:53:20] Yuri: may be just let’s make cloudflare down ?
[19.03.2013 00:53:29] Antitheist: thats hard yuri
[19.03.2013 00:53:31] Yuri: so they will refuse any spamhaus
[19.03.2013 00:53:43] Antitheist: you need to cripple level3 and nlayer
[19.03.2013 00:54:04] Antitheist: |OR|
[19.03.2013 00:54:12] Antitheist: you need to spend too much traffic
[19.03.2013 00:54:16] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: narko: new target… the 8 nameservers of spamhaus.org… and still smtp-ext-layer.spamhaus.org ofcourse
[19.03.2013 00:54:20] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: no morewww.spamhaus.org
[19.03.2013 00:54:24] Antitheist: since cloudflares packages are traffic volume priced
[19.03.2013 00:55:44] Karlin Konig: I don’t think they are charging spamhaus
[19.03.2013 00:56:27] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: as stated before, unfair competition, in many ways
[19.03.2013 00:56:28] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lulz
[19.03.2013 00:57:46] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm is cloudflare hosting? or a reverse proxy?
[19.03.2013 00:57:57] Cali: reverse proxy.
[19.03.2013 00:58:00] Yuri: reverse
[19.03.2013 00:58:09] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: as when its a reverse proxy, it probably goes to that spamhaus.as1101.net box
[19.03.2013 00:58:13] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: aka, surfnet.
[19.03.2013 01:00:10] Cali: already offline 😀
[19.03.2013 01:00:17] Cali: This website is offline
[19.03.2013 01:02:26] narko: I will make down their cloudflare 😉 if I have enough free servers
[19.03.2013 01:02:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: they moved it to cloudlfare
[19.03.2013 01:02:31] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[19.03.2013 01:02:43] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: then just go for the nameservers on spamhaus.org
[19.03.2013 01:02:49] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: which also breaks their dns shitlist
[19.03.2013 01:02:52] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: after 24h
[19.03.2013 01:02:55] Cali: usually websites use cloudflare dns as well.
[19.03.2013 01:02:58] Cali: so they might change soon.
[19.03.2013 01:03:03] Cali: I think you should give them some hope
[19.03.2013 01:03:10] Cali: because they will be so proud to bring it back
[19.03.2013 01:03:14] Cali: then you switch it off again :)
[19.03.2013 01:03:20] Cali: they will rage :)
[19.03.2013 01:03:23] Karlin Konig: it’s down again
[19.03.2013 01:03:24] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: they do… spamhaus.EU is on cloudflare dns
[19.03.2013 01:03:25] Karlin Konig: lol
[19.03.2013 01:03:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP:spamhaus.org… is on spamhaus dns
[19.03.2013 01:03:45] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: for the very obvious reason that they have 70 dns shitlist servers in that zone
[19.03.2013 01:03:49] Cali: yeah but I think they might change that soon.
[19.03.2013 01:03:52] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and those use their weird rotating system
[19.03.2013 01:03:54] Cali: ahah
[19.03.2013 01:03:57] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: cloudflare can’t do that
[19.03.2013 01:04:04] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: they can’t change the domain of the dns shitlist
[19.03.2013 01:04:05] Cali: even with the paid version?
[19.03.2013 01:04:07] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: so they have to keep that
[19.03.2013 01:04:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: soo… if they come up again, just kill the dns servers on their main domainspamhaus.org
[19.03.2013 01:04:33] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: 😛
[19.03.2013 01:04:33] Cali: ok, now it is online and responds.
[19.03.2013 01:04:50] narko: ok
[19.03.2013 01:04:52] narko: moment
[19.03.2013 01:05:07] Cali:http://www.spamhaus.org/images/spamhaus_dnsbl_basic.gif “meet spamhaus policy”
[19.03.2013 01:05:07] Cali: lol
[19.03.2013 01:05:14] Cali: like IPs have to meet Spamhaus policies
[19.03.2013 01:05:18] Cali: lol
[19.03.2013 01:05:24] narko: they are using the cloudflare paid plan
[19.03.2013 01:05:31] narko: as they have 5 IP
[19.03.2013 01:05:31] narko: not 2
[19.03.2013 01:05:44] narko: i think it means that cf will keep them longer
[19.03.2013 01:05:46] narko: :(
[19.03.2013 02:09:03] narko: added some extra gbit/s to two dns servers that seemed half-up :) lets see if google dns renews it now
[19.03.2013 02:09:28] Yuri: fuck.. no dns resolve :))))
[19.03.2013 02:09:45] narko: (mm)
[19.03.2013 02:09:57] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: when -these- time out, they’re out of business
[19.03.2013 02:10:01] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: <<>> DiG 9.8.1-P1 <<>> A b.ns.spamhaus.org
[19.03.2013 08:01:24] Yuri: good morning
[19.03.2013 08:01:32] Yuri: it was short night for me…. fuck
[19.03.2013 08:01:40] Yuri: spamhaus is down ? again :) ?
[19.03.2013 08:02:09] Yuri: looks it’s some our friend work
[19.03.2013 08:10:30] simomchen: how about we hijack spamhaus’s IP together , if can not take them down again ?
[19.03.2013 08:10:59] Yuri: we would like to.
[19.03.2013 08:11:08] Yuri: but we need upstream who will allow us to do that
[19.03.2013 08:11:25] simomchen: we can just announce those over IX exchange
[19.03.2013 08:11:34] simomchen: them , do not need upstream allow this
[19.03.2013 08:11:39] nmetluk: Russian upstreams allow:)
[19.03.2013 08:13:10] Yuri: (at least we have one good russian upstream here)
[19.03.2013 08:14:15] Yuri: spamhaus desided to bring some shit sbls toinfiumhost.com, /22 listed just for nothing.and some extra SBLs to pinspb
[19.03.2013 08:14:28] eDataKing: that is how they do it
[19.03.2013 08:14:35] eDataKing: that is why it is terrorism
[19.03.2013 08:14:57] simomchen: SH will force upstreams disconnect them
[19.03.2013 08:15:05] simomchen: that’s their next step
[19.03.2013 08:15:15] Yuri: they are too big to be disconneted
[19.03.2013 08:15:22] eDataKing: yes, the upstream does not really make the decision because the decision is coerced through damages
[19.03.2013 08:15:43] eDataKing: who is too big to be disconnected?
[19.03.2013 08:16:03] simomchen: infiumhost.com ?
[19.03.2013 08:16:31] Yuri: pinspb.ru
[19.03.2013 08:16:33] Yuri: gpt.ru
[19.03.2013 08:16:42] Yuri: and other that was with some new sbls today
[19.03.2013 08:16:50] Yuri: currenty it’s just nothing serious
[19.03.2013 08:16:58] Yuri: they keep searching
[19.03.2013 08:24:33] simomchen: Donate to the fund needed to shut SH down for good. Send your donations via Bitcoin to 17SgMS56W6s1oMU7oEZ66NFkbEk1socnTJ

====================================================================

At this point, several media outlets begin erroneously reporting that the DDoS attack on Spamhaus and Cloudflare is the work of Anonymous (probably because Kamphuis ended his manifesto with the Anonymous tagline, “We do not forgive. We do not forget”).

[19.03.2013 12:35:51] Antitheist: lol, anonymous indonesia took the responsibility for the spamhaus ddos
[19.03.2013 12:35:51] Antitheist: https://twitter.com/anonnewsindo
[19.03.2013 12:36:38] Antitheist: wait no, its all over softpedia! hahaha
[19.03.2013 12:37:31] Antitheist: http://news.softpedia.com/news/Anonymous-Hackers-Launch-DDOS-Attack-Against-Spamhaus-338382.shtml
[19.03.2013 12:46:11] narko: http://www.spamhaus.org/sbl/query/SBL179322
[19.03.2013 12:46:39] Antitheist: http://www.spamhaus.org/sbl/query/SBL179321
[19.03.2013 12:55:30] Yuri: people report that MAIL from spamhaus start working
[19.03.2013 12:55:42] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: oeh! spam!
[19.03.2013 12:56:03] Antitheist: the mail is their weakest point, since cloudflare cannot protect it
[19.03.2013 12:56:22] Antitheist: so we need to hit there. the result means no SBL removals :)
[19.03.2013 12:56:33] Antitheist: mad mad admins pulling off hair 😀
[19.03.2013 14:46:09] Yuri: news.softpedia.com
[19.03.2013 14:46:16] Antitheist: they think its anonymous because of Svens pastebin
[19.03.2013 14:46:48] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: also good
[19.03.2013 14:46:56] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: then the rest of anon also thinks its anon 😛
[19.03.2013 14:47:00] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and starts to help
[19.03.2013 14:47:01] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[19.03.2013 14:47:17] Yuri: wow what a news
[19.03.2013 14:47:17] Antitheist: lol anon-amplification yeah
[19.03.2013 14:47:26] Yuri: spamhaus says in twitter that softpedia new is false
[19.03.2013 14:47:29] Yuri: :)))
[19.03.2013 14:47:40] Yuri:http://www.spamhaus.org/news/article/693/softpedia-publish-misleading-story-of-anonymous-attack-on-spamhaus
[19.03.2013 15:10:05] eDataKing: 1. Let them think Anons were behind it and do not dispute
[19.03.2013 15:10:05] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: can’t sign up for twitter as i don’t have any working email lol
[19.03.2013 15:10:21] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: edataking: its allready all over the press that its not anons lol.
[19.03.2013 15:10:22] Antitheist: I know Mohit from thehackernews, if it gets posted there it will soon be viral
[19.03.2013 15:10:26] eDataKing: or 2. Remind them that Anons are everyone and Anonymous as a group did not orchestrate it
[19.03.2013 15:10:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: at least in .nl its quite clear that its the republic cyberbunker and others
[19.03.2013 15:10:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: haha
[19.03.2013 15:10:58] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: that anon also has some ehm… stuff to ‘arrange’ with spamhaus, is a different story
[19.03.2013 15:11:19] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: *points out that over half of my facebook friends have the masks anyway*
[19.03.2013 15:11:28] eDataKing: Anonymous name gets major media
[19.03.2013 15:11:33] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and that i’m still officially the PR guy for anonymous germany
[19.03.2013 15:14:36] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: y my name don’t fit twitter..
[19.03.2013 15:14:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: HRH Sven Olaf Prince
getting twitter accounts shut down, listing stophaus on the sbl.

====================================================================

Spamhaus has by now worked out the identity of many Stophaus members, and has begun retaliating at them individually by listing Internet addresses tied to their businesses and personal life. Here, Narko reveals that he runs his own (unprofitable) hosting firm that Spamhaus found and listed it as an address to be blocked because it was hosting stophaus[dot]org.

[19.03.2013 17:50:04] narko: im back
[19.03.2013 17:50:25] narko: the nameservers for stophaus need to be changed
[19.03.2013 17:51:04] narko: spamhaus SBLed my site and my host will terminate me unless spamhaus tells them that it’s ok
[19.03.2013 17:51:08] narko: fucking internet police
[19.03.2013 17:52:57] eDataKing: ok, what are we changing them to?
[19.03.2013 17:53:40] narko: i will set up dns servers on my home connection
[19.03.2013 17:53:41] narko: lol
[19.03.2013 17:53:45] narko: i dont think my isp gives a shit
[19.03.2013 17:53:48] narko: i’m alraedy in PBL
[19.03.2013 17:53:56] eDataKing: lol, as long as you are safe
[19.03.2013 17:53:59] narko: what does it matter if i’m in SBL? 😛
[19.03.2013 17:54:04] narko: well.. as long as they won’t ddos me
[19.03.2013 17:54:05] eDataKing: ok, then it should be all good
[19.03.2013 17:54:06] narko: I have a static ip
[19.03.2013 17:54:18] eDataKing: what about your upstream?
[19.03.2013 17:54:50] narko: I want to buy a /24 and host this just to fuck spamhaus
[19.03.2013 17:54:57] narko: anyone selling /24 😛 i pay €200
[19.03.2013 17:55:34] narko: i cannot believe that my host is telling me i need to leave for a fake SBL listing that is not even hosted at their network
[19.03.2013 17:55:38] Yuri: they will list all network at once and put upsteam
[19.03.2013 17:55:39] narko: why do they listen to spamhaus..?
[19.03.2013 18:21:28] simomchen: let me make a CC to them in China
[19.03.2013 18:21:35] eDataKing: then this will kill them in the end
[19.03.2013 18:21:49] Antitheist: https://www.cloudflare.com/business
[19.03.2013 18:22:10] Yuri: stophaus.com moved to new DNS.
[19.03.2013 18:22:16] simomchen: I brought 50K adsl Broilers just now
[19.03.2013 18:22:48] eDataKing: Then their DNS is a ticking timebomb dependent on public support. They don’t have a lot of that left
[19.03.2013 18:23:46] Yuri: 50k of what?
[19.03.2013 18:23:52] Antitheist: DNS of stophaus should be hosted on cloudflare imho
[19.03.2013 18:24:13] Antitheist: they will be afraid to list it lol
[19.03.2013 18:24:20] simomchen: 50000 ADSL broilers zombies , hehe
[19.03.2013 18:24:23] Yuri: cloudflare will kick off
[19.03.2013 18:24:27] Yuri: oohh.. shit.
[19.03.2013 18:24:48] Yuri: we need a plan how to fight :)
[19.03.2013 18:27:02] simomchen: Antitheist:
<<< we need bots that will do large POST requests on the search form of ROKSOyes, that’s CC attack I said just now. ROKSO is not big enought , I’m CC their http://www.spamhaus.org/sbl/latest/ currently
[19.03.2013 18:27:11] simomchen: do not know cloudflare can handle that
[19.03.2013 18:27:24] Antitheist: SBL are not in mysql
[19.03.2013 18:27:53] Antitheist: there is no search on the DB when you request them [19.03.2013 18:28:06] eDataKing: true
[19.03.2013 18:28:12] Antitheist: but a search form, any of them, must have at least 1 SELECT statement [19.03.2013 18:28:15]
simomchen: okay, http://www.spamhaus.org/rokso/ how about this page ?
[19.03.2013 18:28:23] Antitheist: yes, see the search form
[19.03.2013 18:28:27] eDataKing: RBLs are on a Logistics server at abuseat.org
[19.03.2013 18:28:29] Antitheist: you need to post long random shit there
[19.03.2013 18:28:34] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: SBL157600 5.157.0.0/22 webexxpurts.com 19-Mar 13:53 GMT Spammer hosting (escalation) SBL157599 5.153.238.0/24 webexxpurts.com 19-Mar 13:53 GMT Spammer hosting (escalation)
[19.03.2013 18:28:36] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[19.03.2013 18:28:41] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: wasn’t he in here the other day 😛
[19.03.2013 18:28:46] eDataKing: at least the cbl is
[19.03.2013 18:28:54] eDataKing: yes
[19.03.2013 18:28:59] eDataKing: He left?
[19.03.2013 18:29:05] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: dunno
[19.03.2013 18:29:05] simomchen: okay, let me make a ‘search’
[19.03.2013 18:29:08] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: changed names?
[19.03.2013 18:29:12] eDataKing: maybe
[19.03.2013 18:29:21] eDataKing: that was who I thought Darwin was
[19.03.2013 18:29:47] eDataKing: like he changed his name in the middle of a conversation
[19.03.2013 18:29:54] eDataKing: and Darwin picked up the chat
[19.03.2013 18:29:54] Antitheist: oh good news, its available in GET as well
[19.03.2013 18:30:01] Antitheist: http://www.spamhaus.org/rokso/search/?evidence=LONGSHITGOESHERE
[19.03.2013 18:30:40] eDataKing: They are desperate to take down the content though
[19.03.2013 18:30:55] eDataKing: I knew they would be scared to show their faces to public scrutiny
[19.03.2013 18:36:03] Yuri: SBL179370 66.192.253.42/32 twtelecom.net 19-Mar 15:15 GMT Suavemente/SplitInfinity/Innova Direct
: Feed to Jelly Digital (AS4323 >>> AS33431)
SBL179369 4.53.122.98/32 level3.net
19-Mar 15:03 GMT Suavemente/SplitInfinity/Innova Direct : Feed to Critical Data Network, Inc. (AS3356 >>> AS53318) spamhaus started to fuck hardly everywhere. they are angry.
[19.03.2013 18:37:39] Antitheist: no mercy anymore, everyone who they scraped out of stophaus members gets the entire /24 listed in ROKSO :)
[19.03.2013 18:37:40] simomchen: cloudflare service them , we are angry too
[19.03.2013 18:40:35] simomchen: but if the ddos keeping , I think spamhaus would go bankrupt
[19.03.2013 18:40:52] narko: they won’t go bankrupt
[19.03.2013 18:40:55] narko: he will just buy a smaller boat
[19.03.2013 18:41:00] simomchen: because cloudflare must charge tons of money form them
[19.03.2013 18:41:34] simomchen: what they can do in that boat ? if they do not pay to cloudflare , they will down again
[19.03.2013 18:41:48] narko: cloudflare only cost $200 per month
[19.03.2013 19:02:27] Yuri: For SBLs spamhaus
use
[19.03.2013 19:02:27] Yuri:
<<< http://stopforumspam.com/
https://www.projecthoneypot.org/ – этот точно
https://zeustracker.abuse.ch/
https://spyeyetracker.abuse.ch/those sites 100%
[19.03.2013 19:02:39] narko: ok let’s make these down 😉
[19.03.2013 21:32:06] narko: i run my host company since FEB 2012 and i am still losing like 350$ per month lol
[19.03.2013 21:32:28] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: we’ve been doing it commercially since 1996 on ‘cb3rob’
[19.03.2013 21:32:34] eDataKing: how much would that be?
[19.03.2013 21:32:39] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and well.. there are times where it runs at a loss 😛
[19.03.2013 21:32:45] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and there are times where it makes heaps 😛
[19.03.2013 21:32:55] narko: i have not had a single month
[19.03.2013 21:33:01] narko: where the costs of servers+licenses were covered..
[19.03.2013 21:33:12] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: you don’t have your own servers either/
[19.03.2013 21:33:13] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: ?
[19.03.2013 21:33:16] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: just reselling?
[19.03.2013 21:33:32] narko: rent server, install cpanel, advertise
[19.03.2013 21:33:33] narko: (y)
[19.03.2013 21:33:45] eDataKing: agreed
[19.03.2013 21:33:54] narko: but I think soon i will buy my own servers and colo
[19.03.2013 21:33:56] narko: it will be cheaper
[19.03.2013 21:34:04] eDataKing: agreed as well
[19.03.2013 21:34:06] narko: the problem is
[19.03.2013 21:34:11] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: i’d say thats the only way to do it 😛
[19.03.2013 23:43:05] narko: i don’t understand this
[19.03.2013 23:43:16] narko: how can cloudflare take 100gbps of udp and latency is not even increased by 1ms
[19.03.2013 23:47:05] Antitheist:http://www.apricot2013.net/__data/assets/pdf_file/0009/58878/tom-paseka_1361839564.pdf
[19.03.2013 23:47:19] Antitheist: CloudFlare has seen DNS reflection attacks hit 100Gbit traffic globally
[19.03.2013 23:47:23] Antitheist: they are used to it
[19.03.2013 23:47:49] narko: when they were hosting at rethem hosting
[19.03.2013 23:47:52] narko: I took down sprint
[19.03.2013 23:47:54] narko: i took down level3
[19.03.2013 23:47:56] narko: i took down cogent
[19.03.2013 23:48:06] narko: but cloudflare nothing!
[19.03.2013 23:48:26] narko: back in 2009 cloudflare went down with 10gbps
[19.03.2013 23:48:28] narko: all down..
[19.03.2013 23:49:34] narko: o i’m causing some dropped packets now 😛
[19.03.2013 23:56:06] Cali: narko, was it you who DDoSed us like a year and half ago ? 😀
[19.03.2013 23:56:14] narko: what network?
[19.03.2013 23:56:27] narko: or site
[19.03.2013 23:56:32] narko: sent it me in private chat and i can tell you
[20.03.2013 00:05:39] narko: http://i.imgur.com/M2mbNE0.png
[20.03.2013 00:05:44] narko: Spamhaus cloudflare current status
[20.03.2013 00:05:48] narko: with over 100Gbps of attack traffic
[20.03.2013 00:07:39] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm does this affect other cloudflare customers, as in that case its bye bye spamhaus pretty soon
[20.03.2013 00:07:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[20.03.2013 00:07:49] narko: i dont know
[20.03.2013 00:07:56] narko: i hope so because i cant keep such traffic up for a long time
[20.03.2013 00:08:02] narko: it’s probably closer to 200 than 100 Gbps
[20.03.2013 00:08:07] Cali: it will be harder than that I think.
[20.03.2013 00:09:35] Cali: no more icmp @cloudflare?
[20.03.2013 00:09:52] narko: 7 * * * Request timed out.
[19.03.2013 21:32:39] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and well.. there are times where it runs at a loss 😛
[19.03.2013 21:32:45] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and there are times where it makes heaps 😛
[19.03.2013 21:32:55] narko: i have not had a single month
[19.03.2013 21:33:01] narko: where the costs of servers+licenses were covered..
[19.03.2013 21:33:12] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: you don’t have your own servers either/
[19.03.2013 21:33:13] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: ?
[19.03.2013 21:33:16] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: just reselling?
[19.03.2013 21:33:32] narko: rent server, install cpanel, advertise
[19.03.2013 21:33:33] narko: (y)
[19.03.2013 21:33:45] eDataKing: agreed
[19.03.2013 21:33:54] narko: but I think soon i will buy my own servers and colo
[19.03.2013 21:33:56] narko: it will be cheaper
[19.03.2013 21:34:04] eDataKing: agreed as well
[19.03.2013 21:34:06] narko: the problem is
[19.03.2013 21:34:11] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: i’d say thats the only way to do it 😛
[20.03.2013 00:22:24] Antitheist: they list every IP/DNS that resolves stophaus in any way
[20.03.2013 00:22:31] narko: “Please update us when this client no longer utilises *any* part of our network so we can get back in touch with Spamhaus.”
[20.03.2013 00:22:35] Antitheist: we can change it every hour and block the entire internet lol
[20.03.2013 00:22:47] narko: They do not understand the word “THIS CLIENT HAS NOTHING TO DO WITH YOUR NETWORK”
[20.03.2013 00:22:53] narko: they treat it like it’s a request from law enforcement
[20.03.2013 00:22:56] narko: not some moron on a boat
[20.03.2013 00:47:00] Antitheist: so whats up with wordtothewise
[20.03.2013 00:47:02] narko: i only met you peoples on friday and never heard of most of you before then 😛
[20.03.2013 00:47:29] eDataKing: lol, I just talk like I know everyone
[20.03.2013 00:47:48] eDataKing: It’s better than being secretive. I get nervous around quite people.
[20.03.2013 00:47:59] eDataKing: I think they are plotting on me lol 😉
[20.03.2013 00:48:01] narko: I said too much already in this chat
[20.03.2013 00:48:04] narko: I’m expecting the raid soon
[20.03.2013 00:48:06] narko: 😛

====================================================================

Narko has directed most of his botnet resources at Cloudflare now instead of Spamhaus, and the group is surprised to see Spamhaus go offline when it was hidden behind Cloudflare’s massive DDoS protection resources. Also, Yuri enlists the help of some other attackers to join in the assault.

[20.03.2013 01:00:32] Antitheist: This website is offline. No cached version is available
[20.03.2013 01:00:33] Antitheist: LOL
[20.03.2013 01:00:47] narko: lol
[20.03.2013 01:00:50] narko: not working for me either
[20.03.2013 01:00:56] Antitheist: narko you are the king
[20.03.2013 01:00:59] Antitheist: haha
[20.03.2013 01:01:00] narko: i didnt do anything
[20.03.2013 01:01:03] narko: i was just attacking cloudflare
[20.03.2013 01:01:16] Antitheist: well, thats not something they wanted to have
[20.03.2013 01:01:17] narko: see now its back up :(
[20.03.2013 01:01:36] Cali: It is offline here.
[20.03.2013 01:01:44] Antitheist: off…
[20.03.2013 01:01:45] narko: it went down again
[20.03.2013 01:01:51] narko: and back
[20.03.2013 01:03:11] Cali: yup
[20.03.2013 01:04:33] narko: let’s create some more records
[20.03.2013 01:04:36] narko: for DNS of stophaus
[20.03.2013 01:04:47] narko: dummy records, such as the IP of softlayer.com , etc
[20.03.2013 01:04:55] narko: it won’t affect the site because it will just try from the next server
[20.03.2013 01:05:01] narko: but they’re going to SBL some big sites
[20.03.2013 01:05:02] narko: lol
[20.03.2013 01:05:47] Antitheist: it will create more damage if we list MTAs
[20.03.2013 01:06:06] narko: ok let’s see
[20.03.2013 01:06:20] narko:
[20.03.2013 02:16:57] narko: Cloudflare changed the ips
[20.03.2013 02:16:59] narko: put only 2 IPs now
[20.03.2013 02:17:05] narko: will move attack to these IPs
[20.03.2013 02:18:24] narko: also I have a friend with a small botnet. I asked him to contribute
[20.03.2013 02:19:45] Yuri: i see.
[20.03.2013 02:19:59] Yuri: i asked some hackers to assist also
[20.03.2013 02:20:31] narko: my friend is in saudi arabia. he has bots in arab regions. will provide some diversity to the attack.
[20.03.2013 02:20:52] Yuri: spamhaus sbl site is the high end of iceberg
[20.03.2013 02:21:11] Yuri: did you try to put down spamhas relates sites?
[20.03.2013 02:21:23] narko: after spamhaus.org main site :))
[20.03.2013 02:21:55] narko: i am just getting very annoyed at this company now
[20.03.2013 02:22:08] narko: i just received 2 minutes ago “We are sorry to inform that your account has been terminated.” from my host.
[20.03.2013 02:22:14] narko: due to SBL
[20.03.2013 02:22:43] Yuri: on what host?
[20.03.2013 02:22:52] narko: EuroVPS.com
[20.03.2013 02:23:02] Yuri: write me pm what do you need
[20.03.2013 03:13:26] narko: lets host here
[20.03.2013 03:13:38] narko:http://www.beltelecom.by/business/hosting/virtual-dedicated-server
[20.03.2013 03:13:45] narko: i dont think they can even speak english. to read the abuse report from spamhaus. 😀
[20.03.2013 03:14:03] Cali: lol
20.03.2013 17:07:45] eDataKing: lol
[20.03.2013 17:27:58] narko: looks like one of the cloudflare dc is down
[20.03.2013 17:28:08] narko: previously my connection to spamhaus was to amsterdam
[20.03.2013 17:28:10] narko: now it’s to paris :)
[20.03.2013 17:28:53] simomchen: keeping ddos them , then , cloudflare will cick SH out
[20.03.2013 17:29:03] narko: i am adding more
[20.03.2013 17:29:20] narko: if you know anyone with botnet – ask them to help too. there will be a point where even the $2000 cloudflare enterprise plan is not worth it to them.
[20.03.2013 17:31:42] simomchen: maybe someone joined us. SH released xxx is making ddos them. and some other guys saw this.but do not connect us. they was blackmailed by SH before. so , it’s a hidden retaliation time for them
[20.03.2013 17:32:04] narko: hope so
[20.03.2013 17:32:09] narko: it seems they split the load between 2 dc [datacenters] actually
[20.03.2013 17:32:12] Antitheist: who is ddosing them?
[20.03.2013 17:32:17] narko: spamhauas has 2 ip and 1 is amsterdam other is paris
[20.03.2013 17:32:18] Antitheist: where did you see it idear4business
[20.03.2013 17:33:16] Yuri: look, there too much people who is not active here. may be we could remove them from this chat ?
[20.03.2013 17:33:29] narko: yes I think that’s good idea. there’s some people who i have never seen one messaage
[20.03.2013 17:33:48] simomchen: they do not wanna to show their identity, just wanna to make retaliation. I guess those. can not seeing this. but at least , some of our clients also joined , and making ddos SH from China. they hate spamhaus , because SH made their domains ‘clent hold’ (over 50000 domains) in the passed year
[20.03.2013 17:33:49] Yuri: let’s create new one subchat and move there. how is the idea?
[20.03.2013 17:34:32] Antitheist: spamhaus made 500 of my domains hold
[20.03.2013 17:34:38] narko: everyone who has bp host
[20.03.2013 17:34:40] Antitheist: cnobin, its a bizcn reseller
[20.03.2013 17:34:46] narko: hijack the botnets of your clients and ddos spamhaus 😛
[20.03.2013 17:34:51] Antitheist: lol)))
[20.03.2013 17:35:14] narko: my experience with BP hosts – you can always get some free bots from whoever used the IP previously :))))
[20.03.2013 17:35:27] Antitheist: if you have the same panel
[20.03.2013 17:35:40] narko: well I just adapt my software to accept their commands
[20.03.2013 17:35:41] simomchen: no need to hijack , if our clients wanna to ddos someone , they will buy some botnets. it’s cheap in China , like 0.01 EUR/each
[20.03.2013 17:35:44] narko: most of them are not encrypted at all
[20.03.2013 17:35:45] NM: :)
[20.03.2013 17:35:50] simomchen: Sven also know that
[20.03.2013 17:35:56] narko: each bot?
[20.03.2013 17:36:01] simomchen: yes
[20.03.2013 17:36:06] simomchen: ADSL bot
[20.03.2013 17:36:10] narko: what is the upload speed of china ADSL?
[20.03.2013 17:36:16] simomchen: with dynamic IP
[20.03.2013 17:36:24] simomchen: just 50-100Kbps
[20.03.2013 17:36:40] narko: we need some netherland/sweden/romania bots 😛
[20.03.2013 17:36:49] narko: they have 100mbps or more
[20.03.2013 17:37:04] NM: In Russia too
[20.03.2013 17:37:33] simomchen: SH is not works in China till now. and sometime , they are going up down up down.
[20.03.2013 17:38:09] narko: spamhaus can make down .cn domains ?
[20.03.2013 17:38:18] Yuri: yes.
[20.03.2013 17:38:39] simomchen: our clients is selling something to EU and US, so , they do not use .cn
[20.03.2013 17:38:50] simomchen: usually , they use .com/net
[20.03.2013 17:39:16] narko: they should apply for a new tld
[20.03.2013 17:39:17] narko: .ugg
[20.03.2013 17:39:33] simomchen: yes
[20.03.2013 17:39:51] Antitheist: .rx
[20.03.2013 17:39:54] Yuri: )))))
[20.03.2013 17:40:09] Yuri: .ugg (y)
[20.03.2013 17:40:17] narko: (sun)
[20.03.2013 17:40:43] narko: i hosted botnets under .w2c.ru domain
[20.03.2013 17:41:10] narko: and the domain was not made down
[20.03.2013 17:41:34] Yuri: hey. wtf, it’s my domain :)
[20.03.2013 17:41:41] narko: yes I had dedicated server
[20.03.2013 17:41:44] narko: free subdomain
[20.03.2013 17:41:57] Yuri: :O:D
[20.03.2013 17:42:11] narko: but i needed to move
[20.03.2013 17:42:19] narko: because a big ISP in Europe blocked all your ip range 😛
[20.03.2013 17:42:26] narko: i lost half my bots
[20.03.2013 17:44:53] narko: ok. currently i have running against spamhaus:
[20.03.2013 17:45:15] narko: ~100Gbps UDP
~ 20M pps TCP
~ 65k req/s HTTP
distributed between the 2 IP
[20.03.2013 17:45:21] narko: cloudflare must remove them soon..
[20.03.2013 17:45:21] narko: cloudflare must remove them soon.
[20.03.2013 19:25:20] narko: i think spamhaus wrote to my pamyent processor
[20.03.2013 19:25:23] narko: has it happened before?
[20.03.2013 19:25:44] narko: an IP address started to browse my site. assigned to 2Checkout Inc. now my merchant account is put into a review status.
[20.03.2013 19:27:32] eDataKing: How did they get your processor’s info?
[20.03.2013 19:27:43] narko: they require it to be written in the site
[20.03.2013 19:27:48] narko: “Services provided by 2Checkout Inc”
[20.03.2013 19:27:51] eDataKing: Also, they tried that with my Paypal account for 3 years. We are still Top-Tier members
[20.03.2013 19:28:03] eDataKing: they reviewed the records and it took 6 hours to be restored
[20.03.2013 19:28:18] eDataKing: no other complaint ever made it past the first level of abuse
[20.03.2013 19:28:20] narko: lol
[20.03.2013 19:28:31] narko: someone called paypal and said i was threatening to kill them unless they paid me money
[20.03.2013 19:28:34] narko: and my account was limited for a week

====================================================================

At this point, Narko is sending between 150-300 Gbps of packet love at Cloudflare’s major datacenter Internet addresses. Cloudflare.com briefly goes offline. Cloudflare publishes a blog post stating that the attack was successfully handled and mitigated by Cloudflare. Narko disagrees, saying Cloudflare was able to mitigate the attack because he paused it. Spamhaus posts an update on the ongoing attacks, claiming that most of its operations are returning to normal.

Narko shares this screenshot in the chat forum. It shows that the attack on Cloudflare is at more than 100 Gbps, which is more than enough to knock most sites offline.

Narko shares this screenshot in the chat forum. It shows that the attack on Cloudflare is at more than 100 Gbps, which is more than enough to knock most sites offline.

20.03.2013 19:58:21] narko: did someone else start attack to cloudflare? their site is even down now :))
[20.03.2013 19:58:27] Yuri: we need to post it to the public, in twitter and etc?
[20.03.2013 20:33:19] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: we’ll just break the god damn internet if thats what it takes 😛
[20.03.2013 20:33:20] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[20.03.2013 20:46:19] eDataKing: http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
[20.03.2013 20:46:38] eDataKing: The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)
[20.03.2013 20:46:43] eDataKing: they mitigated it?
[20.03.2013 20:46:45] eDataKing: news to me
[20.03.2013 20:47:11] eDataKing: hmm
[20.03.2013 20:47:12] eDataKing: CloudFlare’s own history grew out of Project Honey Pot, which started as an automated service to track the resources used by spammers and publishes the HTTP:BL.
[20.03.2013 20:47:21] eDataKing: good data
[20.03.2013 20:47:24] eDataKing: didn’t know that
[20.03.2013 20:48:53] eDataKing: Beginning on March 18th?
[20.03.2013 20:48:59] eDataKing: that is factually incorrect
[20.03.2013 20:51:11] narko: reading now
[20.03.2013 20:51:47] eDataKing: the attack did not start a day before their great admins mitigated it
[20.03.2013 20:51:54] eDataKing: is it even mitigated?
[20.03.2013 20:52:12] narko: hehehehe :)))))))))))))))))))))
[20.03.2013 20:52:15] narko: this is like 140Gbps
[20.03.2013 20:52:27] eDataKing: lol
[20.03.2013 20:52:37] eDataKing: don’t look like mitigation to me lol
[20.03.2013 20:52:57] eDataKing: Their article almost reads as a challenge
[20.03.2013 20:53:14] narko: I stopped the attack
[20.03.2013 20:53:25] narko: i am generating a new dns list. then I will start again and it will be over 200 gbps
[20.03.2013 20:53:30] narko: the current list is quite old

====================================================================

Narko grows concerned about getting busted because Andrew (eDataKing) mistakenly published on the anti-spam Google Group forum NANAE a screenshot that included Narko’s Skype screen name. Helpfully for the U.K. authorities closing in on him, Narko provides a link to view the screenshot that includes what he identifies as his Skype screen name.

Narko's screen as he's in the middle of launching attacks on Spamhaus. A portion of his Skype address at the time can be seen in the upper right corner of the screenshot.

Narko’s screen as he’s in the middle of launching attacks on Spamhaus. A portion of his Skype address at the time can be seen in the upper right corner of the screenshot.

20.03.2013 21:08:59] eDataKing: lol,
[20.03.2013 21:08:59] eDataKing: This morning at 09:47 UTC CloudFlare effectively dropped off the Internet. The outage affected all of CloudFlare’s services including DNS and any services that rely on our web proxy. During the outage, anyone accessing CloudFlare.com or any site on CloudFlare’s network would have received a DNS error. Pings and Traceroutes to CloudFlare’s network resulted in a “No Route to Host” error.
[20.03.2013 21:09:15] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: 😛
[20.03.2013 21:09:25] eDataKing: sry, that was on 03-03
[20.03.2013 21:09:27] eDataKing: not related
[20.03.2013 21:09:38] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: someone was doing it better than narko ?
[20.03.2013 21:09:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: wth
[20.03.2013 21:09:41] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[20.03.2013 21:09:48] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: get that guy in here too haha
[20.03.2013 21:09:57] eDataKing: wait to see what narko does next though
[20.03.2013 21:15:03] Yuri: spamhaus down ?
[20.03.2013 21:15:07] Yuri: cloudflare shows down
[20.03.2013 21:15:34] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: nope
[20.03.2013 21:15:38] eDataKing: nope
[20.03.2013 21:19:37] narko: we need to find more people.
[20.03.2013 21:19:49] narko: cloudflare network just has a lag with my attack
[20.03.2013 21:20:00] narko: my attack + some botnets will take them down entirely. then they have no choice but to kick spamhaus.
[20.03.2013 22:24:39] narko: who posted the screenshot on nanae please remove it
[20.03.2013 22:24:41] narko: it has written my skype name
[20.03.2013 22:24:59] narko: t.ravis
[20.03.2013 22:25:04] eDataKing: that was the indian
[20.03.2013 22:25:13] eDataKing: you said to post it
[20.03.2013 22:25:22] eDataKing: I’ll tell him
[20.03.2013 22:25:31] eDataKing: I don’t think it can be removed though
[20.03.2013 22:25:52] eDataKing: argh, why didn’t you edit that image?
[20.03.2013 22:26:01] eDataKing: I will be sure to check all images from here out
[20.03.2013 22:26:11] eDataKing: but doesn’t the image only say probing?
[20.03.2013 22:26:24] narko: no it has my skype username
[20.03.2013 22:26:27] narko: i didn’t expcet it to be posted
[20.03.2013 22:26:29] narko: i just said
[20.03.2013 22:26:31] narko: narko:
<<< http://i.imgur.com/prDIVYU.png — current status
[20.03.2013 22:27:51] Yuri: don’t see any info on screenshot
[20.03.2013 22:28:09] eDataKing: I see all but the last digit
[20.03.2013 22:28:16] eDataKing: enough to run a trace on that skype account
[20.03.2013 22:28:28] eDataKing: but nothing incriminating
[20.03.2013 22:28:48] eDataKing: don’t they already blame you though?
[20.03.2013 22:28:59] narko: no one on nanae/spamhaus knows about me
[20.03.2013 22:29:03] eDataKing: I’ll tell the indian to wait for approval bwefore posting anything else
[20.03.2013 22:29:16] eDataKing: I will also look at the images if there are any more screens
[20.03.2013 22:29:38] eDataKing: can you grab a new skype account and nix this one just in case?
[20.03.2013 22:29:44] narko: i am just worried. because it has my skype name < i am uploaded the image from my home connection, and FBI in USA already has a case on me ddosing before, they were going to people in america and asking them questions about me
[20.03.2013 22:29:44] narko: no
[20.03.2013 22:29:45] narko: its fine for me
[20.03.2013 22:29:48] narko: for now *
[20.03.2013 22:29:50] eDataKing: you said this one was for this session only right?
[20.03.2013 22:29:53] narko: yes
[20.03.2013 22:30:22] eDataKing: the image won’t have any hex code though because it is on imgur
[20.03.2013 22:30:24] Yuri: other solution – is to upload same imase from other IPs
[20.03.2013 22:30:31] eDataKing: yes
[20.03.2013 22:30:36] Yuri: so they have to think who is that was…
[20.03.2013 22:30:41] eDataKing: oh, gotcha
[20.03.2013 22:30:44] eDataKing: yeah
[20.03.2013 22:31:13] eDataKing: I am so used to be completly anon that I would have never imagined you imported that from home
[20.03.2013 22:31:54] eDataKing: can you delete it from imgur?
[20.03.2013 22:32:30] eDataKing: I want to mitigate any issues because the indian is my dude and I feel responsible for what he did
[20.03.2013 22:32:34] narko: no
[20.03.2013 22:32:37] narko: nothing will happen
[20.03.2013 22:32:41] narko: nothing has ever happened
[20.03.2013 22:29:44] narko: i am just worried. because it has my skype name < i am uploaded the image from my home connection, and FBI in USA already has a case on me ddosing before, they were going to people in america and asking them questions about me.
[20.03.2013 22:40:58] narko: but I ran an illegal site (carding, ddos, etc) from 2010-2012 and 90% customers were US
[21.03.2013 03:40:43] narko: well i’m going to sleep
[21.03.2013 03:40:49] narko: wll attack cloudflare again tomorrow :)

====================================================================

Stophaus claims victory when Spamhaus moves off of Cloudflare’s network and over to Amazon. The Stophaus members begin planning their next move.

[21.03.2013 10:00:21] eDataKing: CBL (cbl,http://t.co/M9Jz8KKvi5) is up again, after a heavy DDOS. It is now protected through amazon cloud. #spamhaus
[21.03.2013 10:14:19] simomchen: so , SH have separated , and protedted by 2 cloud ?
[21.03.2013 10:14:54] eDataKing: yep
[21.03.2013 10:15:10] eDataKing: but they are only buying a short amlunt of time really
[21.03.2013 10:16:23] simomchen: they must have a contract with cloudflare and amazon , once ddos leave over 7 days. maybe, they will break the contract with these 2 companies
[21.03.2013 13:19:10] Antitheist: congratilations narko your SBL was removed
[21.03.2013 13:19:25] narko: after 3 days 😛 I’m still moving. I have server from new DC in russia now
[21.03.2013 13:19:31] Antitheist: pin?
[21.03.2013 13:19:34] narko: yes
[21.03.2013 13:20:02] narko: I will not deal with the british datacenters any more
[21.03.2013 13:20:08] narko: even swiftway didn’t give a shit about the SBL
[21.03.2013 13:20:18] narko: but Racksrv treats it like they’re the secret police
[21.03.2013 14:15:03] Yuri: looks spamhaus pissed off
they try to piss everywhere
[21.03.2013 14:15:07] Yuri: SBL179470
217.65.0.0/22 citytelecom.ru
21-Mar-2013 11:59 GMT
Spammer hosting (escalation)
[21.03.2013 14:15:30] narko: is this for providing connectivity to 2×4?
[21.03.2013 14:15:35] narko: or another
[21.03.2013 14:15:41] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: no this is for being russians haha
[21.03.2013 14:15:46] narko: lol
[21.03.2013 14:16:00] Yuri: he provide us and some others.
[21.03.2013 14:16:02] NM: i cant open their site
[21.03.2013 14:42:49] Yuri: i found why
——————
spamahost wrote yesturday in facebook.
One of our VPS nodes is undergoing a node transfer. We are moving the “Zeus” node to a different upstream (which now supports full emailing!), as well as upgraded hardware. Please check your emails for more information, as well as your client areas!
——————-
and his website was on our network.
[21.03.2013 14:42:57] Yuri: so spamhaus pissed on it.
[21.03.2013 15:17:13] narko: i go to feed my addiction to chinese food now.brb
[21.03.2013 15:17:40] narko: when i’m back in few minutes. let’s ddos some more shit
[21.03.2013 15:17:41] narko: (hug)

====================================================================

Spamhaus succeeds in getting Stophaus[dot]org suspended at the domain registry level. This angers Prinz Sven, who begins coming unglued — threatening to attack or harm the domain registrar and anyone else involved in the suspension. Sven even goes so far as to post a manifesto on his Facebook account, taking on the persona of a pirate and lobbing threats of additional DDoS attacks as well as physical violence against Spamhaus members.

[21.03.2013 17:35:41] Antitheist: fuckers
[21.03.2013 17:35:42] narko: fuck! how they did this
[21.03.2013 17:35:56] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm?
[21.03.2013 17:35:57] Antitheist: who are ahnames?
[21.03.2013 17:36:02] narko: advanced hosters ltd
[21.03.2013 17:36:13] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: say what
[21.03.2013 17:36:18] narko: the domain is suspended
[21.03.2013 17:36:22] narko: by the registrar
[21.03.2013 17:36:45] Antitheist: what kind of a shit registrar was it
[21.03.2013 17:36:59] narko: www.ahnames.com
[21.03.2013 17:37:03] Antitheist: webnames.ru or naunet.ru are pissing on spamhaus
[21.03.2013 17:37:13] Antitheist: had to get domain from them
[21.03.2013 17:37:19] narko: well now nothing can be done
[21.03.2013 17:37:21] Antitheist: its still possible to transfer
[21.03.2013 17:37:37] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: then do so
[21.03.2013 17:37:44] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: to -their- domain registrar 😛
[21.03.2013 17:37:56] narko: gandi is a bad registrar
[21.03.2013 17:46:33] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: Domain Name: STOPHAUS.COM

Abuse email: abuse@ahnames.com

DOMAIN SUSPENDED DUE TO VIOLATION OF OUR TOS
Arr! · · Promote
now turn it back on before we send those 80gbit/s down your ass.
[21.03.2013 17:47:02] narko: you have very big balls
[21.03.2013 17:47:12] narko: writing ddos threads on facebook? I would not even do that and I am the person doing th attacks 😛 lol
[21.03.2013 17:47:21] narko: threats *
[21.03.2013 17:47:33] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: who cares, they just ddossed us 😛
[21.03.2013 17:47:40] Yuri: most men in this chat are with big balls.
[21.03.2013 17:47:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: by disabling the domain without a proper excuse
[21.03.2013 17:47:44] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: so might as well disable theirs
[21.03.2013 17:47:53] eDataKing: what’s wrong with ahnames?
[21.03.2013 17:47:56] eDataKing: what did they do?
[21.03.2013 17:47:59] narko: they banned the domain
[21.03.2013 17:48:01] Yuri: did somebody stoped our domain ?
[21.03.2013 17:48:02] narko: suspended it
[21.03.2013 17:48:09] Yuri: wtf
[21.03.2013 17:48:10] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: actually i threattened to have steve linford terminated physically a minute before that on my own profile
[21.03.2013 17:48:11] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: lol
[21.03.2013 17:48:14] Yuri: we could change to RU
[21.03.2013 17:48:17] Yuri: stophaus.ru
[21.03.2013 17:48:19] Goo: xD
[21.03.2013 17:48:19] eDataKing: then we should hit them
[21.03.2013 17:48:21] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: just call them and have em turn it back on
[21.03.2013 17:48:26] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: or else we take THEM down
[21.03.2013 17:48:29] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: simple as that
[21.03.2013 17:48:32] narko: we need .com back because it’s already in google, linked in pages, etc
[21.03.2013 17:48:32] eDataKing: suspending the domain is a direct challenge
[21.03.2013 17:48:41] eDataKing: yes, the .com needs up
[21.03.2013 17:49:01] eDataKing: We need to contact ahnames and tell them to allow us to transfer the domain
[21.03.2013 17:49:06] Yuri: we need to transfer it to nic.ru
[21.03.2013 17:49:07] eDataKing: they have allowed it before
[21.03.2013 17:49:13] Yuri: they not slose it.
[21.03.2013 17:49:16] narko: domain transfer takes 5-6 days
[21.03.2013 17:49:18] Yuri: they have balls
[21.03.2013 17:49:21] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: im going to announce ALL of their motherfucking nameservers.
[21.03.2013 17:49:25] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: need to make some changes
[21.03.2013 17:49:27] Yuri: ok
[21.03.2013 17:49:31] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: hmm wait better not do that lol
[21.03.2013 17:49:40] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: that ehm would cost us quite a few peerings haha
[21.03.2013 17:49:49] eDataKing: no, it is way faster
[21.03.2013 17:49:58] narko: it doesnt mtater
[21.03.2013 17:50:00] narko: matter
[21.03.2013 17:50:04] narko: you are already offline from most locations
[21.03.2013 17:50:05] narko: :))
[21.03.2013 17:50:27] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: they responded
[21.03.2013 17:50:50] narko: facebook asks me to log in to see it
[21.03.2013 17:50:51] narko: what a joke
[21.03.2013 17:50:56] narko: i will never register to that site
[21.03.2013 17:51:50] eDataKing: if we show them that we will not tolerate them playing spamhaus games they may see that it could cost them to do so
[21.03.2013 17:52:19] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: Sven Olaf Kamphuis how about, its not a question, we know damn well that steve linford of spamhaus has been spreading lies again, this here undermines our freedom of speech, after all there is nothing on that forum that isn’t done 904903 times as much by spamhaus itself… so, if you’re not with us, you’re against us. turn it back on or we turn YOU OFF.
a few grains o’ sand ago · Arr!
Sven Olaf Kamphuis there is no clause in your TOS that states you have to be friends with ‘spamhaus’
a few grains o’ sand ago · Arr!
Sven Olaf Kamphuis so take your pick… 80gbit/s up your ass, orrrr… turning the domain back on
a few grains o’ sand ago · Arr!
[21.03.2013 17:52:25] eDataKing: perfect Sven
[21.03.2013 17:52:29] eDataKing: that is what they need to hear
[21.03.2013 17:53:01] Yuri: stophaus.org also our domain?
[21.03.2013 17:53:17] Goo: haha nice sven
[21.03.2013 17:53:22] Goo: they will be scared
[21.03.2013 17:53:32] Goo: otherwise they’re fucked haha
[21.03.2013 17:53:56] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: send them a few packets so they know
[21.03.2013 17:54:03] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: narko: ddos on that ahnames for like 1 minute
[21.03.2013 17:54:04] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: 😛
[21.03.2013 17:54:05] Yuri: also .to – they will not close, they ignore everything
[21.03.2013 17:54:30] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: we;re not gonna change the god damn domain name
[21.03.2013 17:54:35] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: we’re gonna make them turn it back on
[21.03.2013 17:54:37] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: simple as that.
[21.03.2013 17:56:16] Goo: i’m bored, shall i hack spamhaus?
[21.03.2013 17:56:27] Yuri: +1
[21.03.2013 17:56:39] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: goo: sure 😛
[21.03.2013 17:56:44] Goo: alright
[21.03.2013 17:56:48] Goo: Goo grabs some donuts
[21.03.2013 17:56:55] Goo: let do this
[21.03.2013 17:57:34] eDataKing: ok, I just collabed with my buddy here he has a good sugg.
[21.03.2013 18:15:24] Cali: your stophaus is offline.
[21.03.2013 18:15:25] Cali: what happened?
[21.03.2013 18:15:37] narko: the domain got suspended by the registrar
[21.03.2013 18:15:47] Cali: lame.
[21.03.2013 18:16:07] Cali: but you should have never registered a .com
[21.03.2013 18:16:23] Antitheist: its not about the tld its about the registrar
[21.03.2013 18:16:55] Antitheist: normal registrar will not suspend domains because of some stupid threats
[21.03.2013 18:17:33] Yuri: Cali, go other chat
[21.03.2013 18:17:40] Yuri: new one
[21.03.2013 18:17:43] Cali: well if it has not been suspended by the .tld then that’s even more lame.
[21.03.2013 18:17:53] Cali: new one?
[21.03.2013 18:18:25] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: as far as i recall marco rinaudo ran a registrar…
[21.03.2013 18:42:32] Valeriy Uhov: today spamhaus very angry
[21.03.2013 18:42:37] Valeriy Uhov: lists everybody
[21.03.2013 18:43:00] narko: yes they listed /25 of hostkey and /25 of burstnet
[21.03.2013 18:43:02] narko: really angry 😀
[21.03.2013 18:43:14] eDataKing: yeah, they are definitely fighting back
[21.03.2013 18:43:18] Yuri: spamhaus should be blind
[21.03.2013 18:43:39] Yuri: we can make a lit what spamhaus can;t close
[21.03.2013 18:43:44] eDataKing: but why wouldn’t they…this is very likely to be their version of Custard’s Last Stand
[21.03.2013 18:44:11] Yuri: like twitter, email account, icq, facebook, home LAN ADSL IP, domains in the next zones like .ru, .su, .to
[21.03.2013 18:44:27] Valeriy Uhov: .ru and .su it closes
[21.03.2013 18:44:39] Yuri: if botnets- yes. its ok.
[21.03.2013 18:44:45] Yuri: but for other things – they can’t close.
[21.03.2013 18:44:49] Yuri: my layer is the guard.
[21.03.2013 18:44:51] Valeriy Uhov: they close for spam
[21.03.2013 18:44:53] Valeriy Uhov: etc
[21.03.2013 18:44:59] eDataKing: what is spam again?
[21.03.2013 18:45:37] Yuri: for INFORMATION: write to other one chat
[21.03.2013 18:45:47] Valeriy Uhov: which one?
[21.03.2013 18:46:09] Valeriy Uhov: http://en.wikipedia.org/wiki/Spam
[21.03.2013 18:48:50] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: steve linford has -6- people on facebook that like his wikipedia page.
[21.03.2013 18:48:53] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: -6- 😛
[21.03.2013 18:48:56] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: so why even bother lol
[22.03.2013 04:18:56] valeralelin: http://clip2net.com/s/4MLYWZ
[22.03.2013 04:41:13] narko: (party)
[22.03.2013 04:46:07] valeralelin: i can get more documents about sh
[22.03.2013 04:50:22] narko: get a document with his real address on it
[22.03.2013 04:50:25] narko: not some virtual offices
[22.03.2013 04:54:08] edataking: let me see that one
[22.03.2013 04:54:17] edataking: post under his name in the records area
[23.03.2013 16:41:24] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: its running into the 95% percentile bandwith billing on cloudflare’s transits atm
[23.03.2013 16:41:43] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: and cloudflare has network issues, so at some point they’ll have to boot spamhaus as it affects their other clients
[23.03.2013 16:42:00] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: at which point, spamhaus has nowhere else to go that can cover them 😛
[23.03.2013 16:42:13] HRH Prinz Sven Olaf von CyberBunker-Kamphuis MP: i doubt google is stupid enough to take them lol 😛

====================================================================

The Skype chat goes quiet at this point and resumes four weeks later. Narko’s worries about his Skype screen name showing up in a screenshot that eDataKing posted to anti-spam forum turn out to be warranted: It is this very screenshot that authorities in the United Kingdom use to later track him down and arrest him.

In April 2013, Kamphuis is arrested in Spain and eventually sent back to the Netherlands, where he is currently on trial. He publicly denies being involved in launching the attacks on Spamhaus.

Narko was a juvenile when he was arrested by the U.K.’s National Crime Agency (NCA); when the NCA raided Narko’s home, they found his computer still logged in to crime forums, and they seized £70,000 from his bank account (believed to be payments for DDoS attacks). Narko later pleaded guilty to coordinating the attacks, but because of his age and in return for cooperating with the NCA he avoided a jail term.

[26.04.2013 18:36:32] Hephaistos: guys
[26.04.2013 18:36:49] Hephaistos: I just got noticed in the news that sven got arrested
[26.04.2013 18:39:39] ??????? ?????: where in the new
[26.04.2013 18:39:39] ??????? ?????: news
[26.04.2013 18:40:40] Hephaistos:
http://translate.google.be/translate?sl=nl&tl=en&u=http%3A%2F%2Fwww.telegraaf.nl%2Fbinnenland%2F21518021%2F
__Nederlander_aangehouden_in_Spanje_vanwege_cyberaanvallen__.html
[26.04.2013 18:40:43] Hephaistos: dutch news
[26.04.2013 18:45:05] Hephaistos: his large-scale DDoS attacks last
month were also performed on Spamhaus partners in the Netherlands, the
United States and Great Britain. The attackers were using fake IP addresses.
As yet, no evidence that the cyber attack on Spamhaus related to the
attacks are later deployed to include banks, payment system iDeal and
DigiD. The house of the suspect, who lives in Barcelona, ??is examined.
Is expected to K. transferred to the Dutch Public Prosecution Service.
[26.04.2013 19:12:40] Hephaistos: http://translate.google.be/translate?sl=nl&tl=en&u=http%3A//www.om.nl/actueel/nieuws-persberichten/@160856/nederlander/
[26.04.2013 19:18:48] The STOPhaus Movement: I thought something was wrong
[26.04.2013 19:19:02] The STOPhaus Movement: is he arrested or just being searched and forensics?
[26.04.2013 19:19:13] Hephaistos: arrested
[26.04.2013 19:19:19] The STOPhaus Movement:
[26.04.2013 19:19:21] Hephaistos: as far as I can see.
[26.04.2013 19:19:33] Hephaistos: it goes off in twitter
[26.04.2013 19:19:39] The STOPhaus Movement: everyone else is ok though right?
[26.04.2013 19:19:45] Hephaistos: on irc anonops there is a channel #freecb3rob
[26.04.2013 19:19:54] Hephaistos: https://twitter.com/freecb3rob
[26.04.2013 19:20:06] Hephaistos: well I have not seen Narko for 2 days.
[26.04.2013 19:20:16] The STOPhaus Movement:
[26.04.2013 19:20:27 |changed 19:20:34] The STOPhaus Movement: we need an update from him
[26.04.2013 19:20:59] The STOPhaus Movement: narko is never offline that long
[26.04.2013 19:21:26] Hephaistos: thing is that I cannot connect to his irc server either.
[26.04.2013 19:21:56] The STOPhaus Movement: I thought anonops was talking shit about Sven promoting CB via STOP when I saw the chatroom?
[26.04.2013 19:22:12 | changed 19:22:22] The STOPhaus Movement: Now there is a channel. I am glad, but that’s some flip-flop stuff right there
[26.04.2013 19:22:14] Hephaistos: well I created the channel
[26.04.2013 19:22:22] Hephaistos: if they have a problem with me .. bring it on
[26.04.2013 19:22:22] The STOPhaus Movement: oh ok
[26.04.2013 19:22:29] The STOPhaus Movement: lulz
[26.04.2013 19:22:40] The STOPhaus Movement: Self-righteous assholes
[26.04.2013 19:28:44] Cali: Sven from cb3rob has been arrested.
[26.04.2013 19:40:19] Hephaistos: Sven = cb3rob
[26.04.2013 19:40:47] Cali: yeah
[26.04.2013 19:40:49] Cali: so he’s been stopped
[26.04.2013 19:40:52] Cali: in Spain.
[26.04.2013 19:40:57] Hephaistos: yes
[26.04.2013 19:41:05] NM: Is it truth? Not fake?
[26.04.2013 19:41:13] Cali: it is in dutch news.
[26.04.2013 19:41:16] Hephaistos: it is truth
[26.04.2013 19:41:21] Hephaistos: and all over twitter
[26.04.2013 19:43:13] Hephaistos: https://twitter.com/search?q=%23freecb3rob&src=hash
[26.04.2013 20:27:00] Hephaistos: http://www.ibtimes.co.uk/articles/461848/20130426/spamhaus-suspect-arrests-spain-kamphuis.htm
[26.04.2013 20:29:30] Yuri: heh.
[26.04.2013 20:30:07] Hephaistos: On twitter “Sven Olaf Kamphuis #freecb3rob possible source behind
record braking 300gbps #DDos arrested. #Anonymous will now try and break that record!”
[26.04.2013 20:32:31] Cali: So, it has made some PR for spamhaus.
[26.04.2013 20:32:37] Cali: that sucks.
[26.04.2013 20:34:06] Hephaistos: negative is still good.
[26.04.2013 20:34:36] Cali: this information has gone to press and media.
[26.04.2013 20:34:48] Cali: thus to the people
[26.04.2013 20:34:58] Hephaistos: well once they read what stophaus is.
[26.04.2013 20:35:05] Cali: who are at 90% dumb.
[26.04.2013 20:35:09] Hephaistos: true
[26.04.2013 20:35:14] Hephaistos: You got a point there
[26.04.2013 20:35:15] Cali: So now that make them think that spamhaus is doing well.
[26.04.2013 20:41:22] Hephaistos: pastebin.com/qzhcE1nV
[26.04.2013 20:41:25] Hephaistos: more badnews
[26.04.2013 20:41:56] Cali: Who has written that?
[26.04.2013 20:42:09] Hephaistos: I have no idea.
[26.04.2013 20:42:23] Hephaistos: its over the news everyone is freaking out
[26.04.2013 20:42:25] Cali: It seems to have be written by a 12 years old.
[26.04.2013 20:42:31] Cali: been*
[26.04.2013 20:42:52] Hephaistos: correct, seems like a trol to me. But tell that to the media
[26.04.2013 20:43:03] Hephaistos: and the 90% dumb people
[26.04.2013 20:43:09] Cali: Also I don’t understand.
[26.04.2013 20:43:23] Cali: How is it possible to get such reflection in media by posting something on pastebin?
[26.04.2013 20:43:37] Cali: So if I post that I am going to attack the U.S on pastebin, I would be in the news?
[26.04.2013 20:43:58] Hephaistos: Well, thing is that people think that banks will be ddosed and cannot get their
money. So their hoping that there will be a bankrun.
[26.04.2013 20:44:45] Cali: It is very doubtful that DDoSing the website of a bank will prevent the bank from operating.
[26.04.2013 20:46:45] Hephaistos: it will cost the bank money
[26.04.2013 20:47:32] Cali: Maybe to crap bank.
[26.04.2013 20:48:07] Cali: it will be insignifiant
[26.04.2013 20:48:11] Cali: insignificant.
[26.04.2013 18:21:36] Erik Bais: http://www.om.nl/actueel/nieuws-persberichten/@160856/nederlander/
[26.04.2013 18:26:15] Yuri: wtf
[26.04.2013 18:26:42] Yuri: is that about sven?
[26.04.2013 18:26:53] Erik Bais: looks like it.
[26.04.2013 18:27:03] NM: what does it mean?)))
[26.04.2013 18:28:17] Yuri: looks like some new that somebody got arrested becouse of some attacks of spamhaus…
heh… looks spamhaus has long hands.
[26.04.2013 18:29:49] Yuri: not so fine.
[26.04.2013 18:31:11] Yuri: afk
[26.04.2013 18:31:44] Yuri: Eric, can you call Sven and check if he is available?
[26.04.2013 18:31:55] Erik Bais: yes.
[26.04.2013 18:32:30] Erik Bais: I also just asked Twisted on Skype. he didn’t knew about it..
He hasn’t spoken to him yet today (he did yesterday) ..
[26.04.2013 18:33:59] Erik Bais: his spanish nr is not working (I get a message in spanish .. ) could be because the number is off.
[26.04.2013 21:51:16] Erik Bais: http://pastebin.com/qzhcE1nV
[26.04.2013 21:51:51] Erik Bais: http://www.telegraaf.nl/binnenland/21518021/__Arrest_NL_er_cyberaanvallen__.html
[26.04.2013 21:52:11] Erik Bais: http://tweakers.net/nieuws/88767/nederlander-opgepakt-voor-ddos-aanvallen-spamhaus.html
[26.04.2013 21:53:32] Erik Bais: http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/
[26.04.2013 21:53:50] Yuri: shit is going on..
[26.04.2013 21:56:17] Erik Bais: where did the pastbin thing came from ? Any idea ?
[26.04.2013 22:02:14] Yuri: don’t know
[26.04.2013 22:02:46] Yuri: may be we should use other system for chat?
[26.04.2013 22:18:07] Erik Bais: they have taken all his phones, data carriers and servers / computers located in Spain..
[26.04.2013 22:18:24] WebExxpurts: what is patebin
[26.04.2013 22:18:25] WebExxpurts: pastebin
[26.04.2013 22:18:39] Erik Bais: [26 April 2013 21:51] Erik Bais: <<< http://pastebin.com/qzhcE1nV
[26.04.2013 22:18:50] WebExxpurts: i mean who created that?
[26.04.2013 22:19:21] Erik Bais: no idea. I got it pasted from someone.. and it is also linked in various media outings on the Netherlands.
[26.04.2013 22:20:27] WebExxpurts: who is someone? that is interested
[26.04.2013 22:20:33] WebExxpurts: what sven did?
[26.04.2013 22:20:53] WebExxpurts: nonsense reports
[26.04.2013 22:21:20] Erik Bais: I got it from Xennt
[26.04.2013 22:21:45] Erik Bais: the owner of Cyberbunker. he got it linked by someone (I don’t know who. )
[26.04.2013 22:24:55] WebExxpurts: i m sure that sven is mistaken identity and authority have made mistake

====================================================================

To my knowledge, nobody else associated with this attack has been arrested or brought to justice. This chat log is fascinating because it highlights how easy it has been and remains for cybercriminals to commit massively disruptive attacks and get away with it.

These days, some of the biggest and most popular DDoS attack resources are in the hands of a few young men operating DDoS-for-hire “booter” or “stresser” services that in some cases accept both credit cards and PayPal, as well as Bitcoin. An upcoming investigation to be published soon by KrebsOnSecurity will provide perhaps the most detailed look yet at the this burgeoning and quite profitable industry. Stay tuned!

Further reading (assuming your eyes still work after this wall of text):

The Guardian: The Man Accused of Breaking the Internet

The Daily Beast: Yeah, We Broke the Internet: The Inside Story of the Biggest Attack Ever

Also, if you enjoy reading this kind of thing, you’ll probably get a kick out of Spam Nation.

Pirate Bay is The King of Torrents Once Again

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-bay-king-torrents-160814/

thepirateHollywood hoped that it would never happen, but this week The Pirate Bay quietly turned thirteen years old.

The site was founded in 2003 by Swedish pro-culture organization Piratbyrån (Piracy Bureau). The idea was to create the first public file-sharing network in Sweden, but the site soon turned into the global file-sharing icon it is today.

Over the years there have been numerous attempts to shut the site down. Following pressure from the United States, Swedish authorities raided the site in 2006, only to see it come back stronger.

The criminal convictions of the site’s founders didn’t kill the site either, nor did any of the subsequent attempts to take it offline.

The Pirate Bay is still very much ‘alive’ today.

That’s quite an achievement by itself, looking at all the other sites that have fallen over the years. Just last month KickassTorrents shut down, followed by Torrentz a few days ago.

Many KickassTorrents and Torrentz users are now turning to TPB to get their daily dose of torrents. As a result, The Pirate Bay is now the most visited torrent site, once again.

TorrentFreak spoke to several members of the TPB-crew. While they are not happy with the circumstances, they do say that the site has an important role to fulfil in the torrent community.

“TPB is as important today as it was yesterday, and its role in being the galaxy’s most resilient torrent site will continue for the foreseeable future,” Spud17 says.

“Sure, TPB has its flaws and glitches but it’s still the go-to site for all our media needs, and I can see TPB still being around in 20 or 30 years time, even if the technology changes,” she adds.

Veteran TPB-crew member Xe agrees that TPB isn’t perfect but points to the site’s resilience as a crucial factor that’s particularly important today.

“TPB ain’t perfect. There are plenty of things wrong with it, but it is simple, steadfast and true,” Xe tells TorrentFreak.

“So it’s no real surprise that it is once more the destination of choice or that it has survived for so long in spite of the inevitable turnover of crew.”

And resilient it is. Thirteen years after the site came online, The Pirate Bay is the “King of Torrents” once again.

Finally, we close with a yearly overview of the top five torrent sites of the last decade. Notably, the Pirate Bay is the only site that appears in the list every year, which is perhaps the best illustration of the impact it had, and still has today.

2007

1. TorrentSpy
2. Mininova
3. The Pirate Bay
4. isoHunt
5. Demonoid

2008

1. Mininova
2. isoHunt
3. The Pirate Bay
4. Torrentz
5. BTJunkie

2009

1. The Pirate Bay
2. Mininova
3. isoHunt
4. Torrentz
5. Torrentreactor

2010

1. The Pirate Bay
2. Torrentz
3. isoHunt
4. Mininova
5. BTJunkie

2011

1. The Pirate Bay
2. Torrentz
3. isoHunt
4. KickassTorrents
5. BTJunkie

2012

1. The Pirate Bay
2. Torrentz.com
3. KickassTorrents
4. isoHunt
5. BTJunkie

2013

1. The Pirate Bay
2. KickassTorrents
3. Torrentz
4. ExtraTorrent
5. 1337X

2014

1. The Pirate Bay
2. KickassTorrents
3. Torrentz
4. ExtraTorrent
5. YIFY-Torrents

2015

1. KickassTorrents
2. Torrentz.com
3. ExtraTorrent
4. The Pirate Bay
5. YTS

2016

1. KickassTorrents
2. The Pirate Bay
3. ExtraTorrent
4. Torrentz
4. RARBG

Today

1. The Pirate Bay
2. ExtraTorrent
3. RARBG
4. YTS.AG
5. 1337X

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Report: Operating Systems Should Actively Block Pirated Downloads

Post Syndicated from Ernesto original https://torrentfreak.com/rightsholders-want-microsoft-ban-pirated-software-windows-160803/

microsoft-pirateWhen Windows 10 was launched last year, rumors spread that the operating system was equipped with a built-in piracy kill switch.

According to some reports, this would allow Microsoft to nuke all torrents downloaded from The Pirate Bay, and more. A scary outlook, but also a massive exaggeration, for now.

The controversy originated from a single line in Microsoft’s Service Agreement which allows the company to download software updates and configuration changes that may prevent people from “playing counterfeit games.”

Technically this allows Microsoft to block people from playing pirated games across Windows 10 and other services, but thus far there is no indication that this is happening.

However, this week the issue was highlighted again in a report published by Black Market Watch and the Global Initiative against Transnational Organized Crime, which made several recommendations on how online piracy could be tackled in Sweden.

While most of the media attention focused on the role of ISPs, there is an even more controversial proposal that has been largely overlooked. According to the report, pirated content should be banned on the operating system level.

“Other players that possess the potential ability to limit piracy are the companies that own the major operating systems which control computers and mobile devices such as Apple, Google and Microsoft,” one of the main conclusions reads.

“The producers of operating systems should be encouraged, or regulated, for example, to block downloads of copyright infringing material,” the report adds.

The report references last year’s Windows 10 controversy, noting that these concerns were great enough for some torrent sites to block users with the new operating system.

While Sweden doesn’t have enough influence to make an impact on these global software manufacturers, applying pressure through the international community and trade groups may have some effect.

“Sweden’s ability to influence this as a single state is small, but it can take action through the EU and the international community. Copyright holders can also play a role in promoting this through international industry associations,” the report notes.

For now, it’s unlikely that the plan will become reality in the near future.

Yesterday, Swedish ISP Bahnhof responded to the report by saying that it doesn’t want to act as piracy police, and Apple, Google and Microsoft are not going to be happy with this role either.

However, it’s clear that anti-piracy proposals are getting more extreme year after year.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

ISP: We’re Not The Internet Piracy Police

Post Syndicated from Ernesto original https://torrentfreak.com/isp-were-not-the-internet-piracy-police-160802/

piratkeybAround the world copyright holder groups are lobbying for increased efforts to combat online piracy.

The situation is no different in Sweden, where the Black Market Watch group just published a report calling for increased cooperation from stakeholders such as advertisers and ISPs.

In an opinion piece for DN, Internet providers are accused of handsomely profiting from their inaction, generating an estimated 2.5 billion Swedish krona ($230 million) from piracy.

“According to our calculations, revenue for Swedish Internet providers potentially exceeds two-and-a-half billion kronor a year, much more than the pirate sites earn,” Black Market Watch co-founder Karl Lallerstedt writes, together with the report’s co-author Waldemar Ingdahl.

They argue that Internet providers are in a unique position to prevent copyright infringement, as they can see what their users do online and have the means to block websites.

Speaking with IDG, Jon Karlung, CEO of Internet provider Bahnhof, refutes these calls and discredits the profit claims as lobbyist nonsense.

“It is pure nonsense, there is no truth in it. This is the work of their business lobbyists who want to put more responsibility on us. Our task is to ensure an internet with free movement, not playing cops,” he says.

Ideally, rightholders would like to see a series of measures being introduced to combat copyright infringement. This includes easier domain name seizures, increased anti-piracy efforts from law enforcement and ISPs, plus better education about the risks of piracy.

According to Karlung, Bahnhof already does enough to alert subscribers about unsafe sites. It is also happy to assist law enforcement but the company doesn’t see itself proactively policing its network to catch pirates.

“We inform users about unsafe sites today, and we will continue to do so without copyright holders instructing us what to do,” Karlung says.

“If there is merit to the Swedish legislation, we will help the police if they can show in a documented manner that the servers are being used for illegal activities. But it is not our job to act, they themselves must identify the type of activities.”

The copyright holder requests go directly against one of the core goals of the company – protecting the privacy of its subscribers. In recent years the Internet provider has fought hard to guarantee this right.

Bahnhof has been a major opponent of extensive data retention requirements, launched a free VPN to its users, and recently vowed to protect subscribers from a looming copyright troll invasion.

Given the above, it’s unlikely that rightsholders can expect much voluntary cooperation from Bahnhof.

This stance doesn’t come as a surprise, and the report suggests that rightsholders should demand new legislation from Swedish lawmakers to force ISPs and other stakeholders into action.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Europe Has The Highest Online Piracy Rates, By Far

Post Syndicated from Ernesto original https://torrentfreak.com/europe-has-the-highest-online-piracy-rates-by-far-160801/

europe-flagDespite the growing availability of legal options, online piracy remains rampant. Every day pirate sites are visited hundreds of millions of times.

Piracy tracking outfit MUSO has documented the piracy landscape with data from 14,000 of the largest global piracy sites. In total, the company recorded 141 billion visits to pirate sites last year alone.

But where are these pirates coming from?

In absolute numbers the United States clearly comes out on top. With nearly 10 billion visits to streaming portals and over 3 billion to torrent sites, the U.S. beats all other countries.

Perhaps not a surprise, as the U.S. is one of the largest countries in the world with a high Internet penetration. Things get more interesting, however, when we look at the piracy rate based on the number of Internet users around the world.

Data MUSO exclusively shared with TorrentFreak, shows that different countries float to the top when the Internet population is taken into account.

A comparison of the top 50 countries with the most piracy traffic shows that Europe in particular has a persistent piracy problem. In fact, all of the 10 countries with the highest online piracy rates are in Europe.

Latvia comes out on top with a massive 46% of the Internet users visiting pirate sites, followed by Bulgaria, Lithuania, Croatia, Spain and Greece. The top 10 piracy havens is completed by Serbia, Ireland, Romania and Sweden.

The first non-European country in the list is Australia, with a piracy rate of 16%, followed by Israel. Canada is the first North American country, located in the middle of the bunch, with a piracy rate of 11%.

When taking the size of the Internet population into account, the United States is actually one of the countries with the lowest piracy rates, just under 5%. The UK also has a modest piracy rate with nearly 8%.

Most surprising, perhaps, is the low piracy rate in Germany, where less than 2% of the Internet population are considered to be “pirates.” Vietnam closes the list with just over 1%.

The dataset includes visits to both international and local pirate sites, and MUSO believes that it’s an accurate overview of the global piracy landscape. The current list is based on data from 2015 and it will be interesting to see if these rankings will change over time.

Below is the top 50 in reverse order. China, Japan and Korea were excluded as MUSO didn’t have sufficient sites representing these countries to accurately include them.

Top 50 pirate countries by relative piracy rank.

country1

country2

country3

country4

country5

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pirate Bay Founder: The ‘Piracy’ Scene Needs Innovation

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-bay-founder-piracy-scene-needs-innovation-160726/

peter-sundeLast week the alleged owner of KickassTorrents (KAT) was arrested in Poland, where he faces an extradition request from the United States.

The news came as a shock to many of the site’s users and also had a profound impact on the torrent ecosystem at large, particularly in the short term.

TorrentFreak discusses the events and repercussions with several experts on a special episode of Steal This Show. Pirate Bay co-founder Peter Sunde is one of the guests, and he finds it quite odd that the long arm of the United States can reach deep into Europe.

“For me, it’s weird that Poland is arresting someone on the orders of the United States where the person has not been,” Sunde says.

“I have an issue with a country having that much power. I don’t care if it’s the United States, Russia or whatever, but one country shouldn’t be able to just grab people from anywhere in the world just because they do something on the Internet. That’s insanity.”

Sunde and the other Pirate Bay founders had their own criminal prosecution in Sweden several years ago, for which they all served jail time. Their case was also spurred on by U.S. influence, he believes, but it was prosecuted on their home turf instead.

Legalities aside, Peter Sunde believes that the shutdown of KAT shows how vulnerable the torrent ecosystem is. The majority of users rely on a very small group of torrent sites, which are all major targets for law enforcement.

A more distributed system would be much better, according to Pirate Bay’s founder.

“I think maybe people now understand that we shouldn’t just have a few sites. Because everything depends on these sites. That’s the thing I always wanted, a large hybrid of lots of smaller sites instead of one big target like KickassTorrents or Pirate Bay.”

Just setting up basic mirrors isn’t going to cut it in this case. At the moment there are still dozens of KAT copies online, but since they don’t have access to the backend of the original site, uploaders can’t use their accounts.

Also, many smaller torrent sites were relying on KAT’s database of torrents, and these have been faced with a similar problem since last week. A lack of new content.

“If one of the big sites goes down a lot of smaller sites are hit as well because they are just a copy of the original database. We need lots of sites that federate all the data instead of having to depend on the higher-ups,” Sunde notes.

So what’s the alternative? According to Pirate Bay’s founder, more innovation and decentralization is required.

ipfs

There are already plenty of new technologies that could make torrent sites more decentralized. Zeronet and IPFS, for example. However, according to Sunde the large torrent sites such as TPB don’t really have the urge to innovate.

“IPFS is really good and if everyone started using that instead it would be great. It would be working perfectly with less centralization. The problem is that the big sites like TPB and KAT are not really good at using new technology.”

Without a userbase these new technologies don’t catch on, so that keeps the current status quo intact. The only way to change this is by bringing in something fresh, Sunde says.

“If you look at the big sites, name one of them that has an up-to-date user experience or uses new technology at all. It’s the same shit that’s been around for 10, 15 years. There is no innovation whatsoever that’s visible on these sites.

“We need new voices, new people, new activists and new ideologies in the piracy scene,” Sunde adds.

Millions of people now rely on TPB and KAT to just be there for them. However, that makes the ecosystem very vulnerable without any incentive to innovate. This is why Sunde and others who were involved early, wanted to shut down the site on its 10th anniversary. To make room for something better.

“I’ve been saying for years that I want The Pirate Bay to shut down, and now with KickassTorrents being shut down I hope this will actually inspire people to do something fresh, innovative and something new.”

“To be honest, it’s not really hard to run a torrent site, or set one up,” Sunde says.

—-

You can hear more from Peter Sunde in the latest episode of Steal This Show (not all comments cited here appear in the episode), which was published earlier today. The episode also features isoHunt founder Gary Fung and U.S. Pirate Party founder Andrew Norton.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Landmark Piracy Trial Suspended Pending EU Ruling

Post Syndicated from Andy original https://torrentfreak.com/landmark-piracy-trial-suspended-pending-eu-ruling-160630/

pirate-cardFollowing successful prosecutions of torrent site operators such as those behind The Pirate Bay, Sweden has turned to the increasing problem of online streaming.

Cases involving streaming sites are relatively rare and as a result, case law is thin on the ground. Nevertheless, last year Swedish authorities felt confident enough to close down the country’s most popular streaming site.

Founded half a decade ago, Swefilmer took advantage of increasing trends towards browser-based viewing of pirate content. In addition to convenience and a non-existent learning curve, advanced users were also attracted to the perceived security benefits of streaming platforms.

Swefilmer gained significant traction but that came to an end last summer when one of the site’s operators was arrested and detained for 90 hours.

That was followed this year by the detention of the site’s main operator in Germany, following the execution of a secret European arrest warrant.

As reported last week, the men – aged 22 and 25 – were recently prosecuted. Together they face charges of facilitating copyright infringement of more than 1,400 movies alongside penalties of $1.7m.

Swefilmer’s primary operator also stands accused of aggravated money laundering offenses related to his handling of the site’s finances.

The Swefilmer case is one of the most important prosecutions in Sweden’s piracy crackdown history and this week the trial began as planned. Entertainment giants including Disney, Sony, Warner, Universal and Fox lined up Tuesday to take down their adversaries, but things didn’t go to plan.

Rather than the relatively open-and-shut case anticipated by the prosecution, after just a few hours a decision was made to suspend the case.

“We asked the court to seek a preliminary ruling from the European Court of Justice, and we got what we wanted,” says Claes Kennedy, the lawyer representing the 22-year-old.

While Kennedy’s client admits to having been involved in the operation of Swefilmer, all along he has maintained that his actions did not amount to a crime. Why that might indeed be true lies in a case currently in the hands of the ECJ.

The case deals with a dispute between Dutch blog GeenStijl.nl and Playboy. In 2011, GeenStijl published a post linking to leaked Playboy photos, which were stored on file-hosting platform FileFactory.

Although Playboy publisher Sanoma successfully requested the removal of the photos from FileFactory, GeenStijl continued to link to other public sources where the images were still available. This, Sanoma argued, amounted to infringement.

A Dutch Court subsequently asked the EU Court of Justice to rule whether those links could be seen as a ‘communication to the public’ under Article 3(1) of the Copyright Directive of the Copyright Directive, and whether they facilitated copyright infringement.

Earlier this year, Advocate General Melchior Wathelet delivered his advice to the ECJ, noting that in his opinion “linking” is not the same as “making available” – that would only apply to the original uploader. That means that GeenStijl’s acts of linking would not amount to infringement, the ECJ summarized.

“Hyperlinks which lead, even directly, to protected works are not ‘making them available’ to the public when they are already freely accessible on another website, and only serve to facilitate their discovery,” the EU Court of Justice wrote.

The Advocate General’s advice is not binding, but the ECJ often gives significant weight to this kind of expert opinion. The final verdict is expected to be released later this year and Claes Kennedy is hoping for a positive outcome for his client.

“What we know so far, is that linking to another website is not to be considered the same as making available to the public. But we are waiting for a decision from the EU Court,” Kennedy says.

So for now the Swefilmer trial is on hold, initially until September but potentially later depending on when the ECJ hands down its ruling. Whenever it arrives the decision will have implications way beyond this case and right across Europe.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Streaming Site Operators Face Jail & $1.7m Forfeiture

Post Syndicated from Andy original https://torrentfreak.com/streaming-site-operators-face-jail-1-7m-forfeiture-160626/

Founded half a decade ago, Swefilmer was Sweden’s most popular unauthorized streaming site.

Offering all the latest movies and TV shows, Swefilmer (and another, Dreamfilm) captured up to 25% of all web TV viewing in Sweden according to a 2015 report.

Last summer, however, the noose began to tighten. In July local man Ola Johansson revealed that he’d been raided by the police under suspicion of being involved in running the site.

Meanwhile, police continued the hunt for the site’s primary operator and in March 2016 it was revealed that a Turkish national had been arrested in Germany on a secret European arrest warrant. The 25-year-old is said to be the person who received donations from users and set up Swefilmer’s deals with advertisers.

Both men have now been prosecuted by Swedish authorities. In an indictment filed in the Varberg District Court, both men are accused of copyright infringement connected to the unlawful distribution of more than 1,400 movies.

Additionally, the 25-year-old stands accused of aggravated money laundering offenses related to his handling of Swefilmer’s finances.

The prosecution says that the site generated more than $1.7m between November 2013 and June 2015. More than $1.5m of that amount came from advertising with user donations contributing around $110,000. The state wants the 25-year-old to forfeit the full amount. A $77,000 car and properties worth $233,000 have already been seized.

While both could be sent to prison, the 22-year-old faces less serious charges and will be expected to pay back around $3,600.

The trial, which is expected to go ahead in just over a week, will be the most significant case against a streaming portal in Sweden to date.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pirate Bay Domain Dispute Appealed to Supreme Court

Post Syndicated from Andy original https://torrentfreak.com/pirate-bay-domain-dispute-appealed-to-supreme-court-160618/

In 2013, anti-piracy prosecutor Fredrik Ingblad filed a motion targeting two of The Pirate Bay’s oldest domains, ThePirateBay.se and PirateBay.se.

Ingblad filed a complaint against Punkt SE (IIS), the organization responsible for Sweden’s top-level .SE domain, arguing that since The Pirate Bay is an illegal site the domains are tools used to infringe copyright. On this basis they should be suspended, Ingblad said.

The case was heard in April 2015 and a month later the Stockholm District Court ruled that The Pirate Bay should forfeit both ThePirateBay.se and PirateBay.se.

The case went to the Court of Appeal and last month the ruling of the District Court was upheld.

But as is so often the case with Pirate Bay legal action, the show isn’t over yet. Following the ruling, site co-founder Fredrik Neij indicated he would take an appeal to the Supreme Court. That has now been filed.

“Fredrik Neij moves that the Supreme Court, by the modification and elimination of the District Court and Court of Appeal’s decision, should reject the prosecutor’s request for Fredrik Neij’s forfeiture to the right of the domain names piratebay.se and thepiratebay.se,” Neij’s lawyer Jonas Nilsson writes in a translation sent to TF.

The situation is somewhat complex. In 2012, Neij transferred the domains to a person named Supavadee Trakunroek. However, the Court of Appeal found that transaction to be mere ‘paperwork’ and that in real terms Neij had retained control of the domains.

With that in mind the question remained – should the domains be ‘seized’ from Neij or from IIS, the organization responsible for Sweden’s top-level .SE domain?

The Court found that domain names should be considered a type of intellectual property, property that is owned by the person or organization that purchased the domain. Therefore, in this case IIS is not the owner of the Pirate Bay domains, Neij is.

It is this aspect of the ruling that Fredrik Neij is now appealing to the Supreme Court.

“Fredrik Neij argues that the District Court and the Court of Appeal wrongly concluded that a domain name is a type of intellectual property that can be confiscated in accordance with copyright law,” his appeal reads.

With the appeal now filed it is up to the Supreme Court to decide whether to take the case. Domains used for illegal activity have been seized in Sweden before, but none have been fought as actively as this one.

Meanwhile, The Pirate Bay is operating from the .org domain it began with, all those years ago.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Police: File-Sharing Cases Dominate Sweden IP Complaints

Post Syndicated from Andy original https://torrentfreak.com/police-file-sharing-cases-dominate-sweden-ip-complaints-160609/

swedpoliceThe Pirate Bay might no longer be the most popular torrent site on the Internet but its story is certainly the most colorful in the history of online piracy.

That history is now inexorably intertwined with that of Sweden, a Scandinavian country that found itself slammed into the middle of the United States’ war on piracy due to the site operating from its territory.

At first Sweden took little action against TPB and its founders, but as pressure built the authorities governing the sub 10 million population decided that enough was enough. Not only would Pirate Bay be forced to its knees, but all similar services that had brought Sweden’s IP policies under the spotlight too.

The resulting crackdown, which has run for more than a decade but has intensified in the past six years, has seen countless torrent sites, Direct Connect hubs, streaming platforms and end users targeted by the authorities.

Once considered a piracy haven, Sweden is now a somewhat risky country to start a file-sharing operation or share large volumes of files. Nevertheless, the authorities report that illegal downloading continues at a pace.

According to stats just released by Sweden’s national police, the most common intellectual property crimes committed in the country relate to unauthorized file-sharing, despite physical counterfeiting being valued at billions of krona every year.

“75 percent of complaints are about copyright violations and file sharing, although we may be seeing some decline,” says Paul Pintér, police national coordinator for intellectual property crimes.

That decline is almost certainly due to the attractive legal services that have been gaining traction year on year. Platforms such as Spotify and Netflix are doing very well in Sweden, with three quarters of the population now using streaming services to consume music and video. The former has impressively tied up around 90% of the paying market.

Still, it’s apparent that Sweden still has work to do if it wants to eradicate the piracy problem. Despite the crackdown of recent years carried out by a dedicated copyright unit embedded in the police force, Pintér says that Sweden sits in third place among European Union countries when it comes to illegal downloads of music.

Quite why that’s the case is unclear, but police say they remain extremely busy when it comes to processing file-sharing complaints. According to Pintér his unit is handling around 120 such complaints every year, that’s roughly one every three days.

Not all reach the prosecution stage of course but those are big numbers for a country with a relatively small population. Still, the revelation is hardly a surprise.

Last month, local ISP Bahnhof revealed that when it comes to police requests for data, 27.5% relate to cases involving online file-sharing. This makes it the most prevalent ‘crime’ committed by users, ahead of other offenses such as fraud, forgery and grooming minors.

So for now it appears that Sweden’s quest to crush file-sharing will continue. Last month it was reported that Sweden’s Minister for Justice has called for even tougher punishments for infringers. And with even those making their own subtitles facing prison, it seems that no one is safe.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

RIAA Fails to Take Down Pirate Bay Domain, For Now

Post Syndicated from Ernesto original https://torrentfreak.com/riaa-fails-take-pirate-bay-domain-now-160606/

thepirateEarlier today we wrote about the Copyright Alliance’s critique of the US-based Public Interest Registry (PIR), which is responsible for .ORG domains.

The group called out the registry as hypocritical, as it allows “criminal” sites such as The Pirate Bay to use its service. A few hours later it turns out that this criticism didn’t come out of nowhere.

The Pirate Bay’s registrar EasyDNS reveals that the RIAA sent PIR a letter last week, urging it to suspend the Pirate Bay’s domain.

The music group lists several European court decisions against The Pirate Bay, including the criminal convictions of its founders in Sweden. It states that the torrent site is clearly operating illegally, and hopes the registry will take its domain name out of circulation.

According to the RIAA, The Pirate Bay violates PIR’s anti-abuse policy and terms of service. As such, it hopes that a court order isn’t required for the registry to take action.

“When, as in this case, there is overwhelming evidence of infringing and abusive activity on a domain, along with court orders from several jurisdictions with well-developed copyright jurisprudence, it cannot be the ‘right thing’ or ‘in the community interest’ to hold out for those decisions to be processed before the U.S. courts before taking action,” the RIAA writes.

RIAA’s letter to the Public Interest Registry

The RIAA’s letter was sent last week and thus far PIR has not taken any steps against the domain. Instead, it forwarded the RIAA’s letter to Pirate Bay’s registrar, the Canadian-based EasyDNS.

TorrentFreak spoke with EasyDNS CEO Mark Jeftovic, who informs us that he doesn’t want to be seen as a refuge for torrent sites. However, he is committed to protecting due process, and for now he sees no reason to suspend the domain name.

EasyDNS forwarded the letter to TPB and intriguingly, the site’s operator replied that they are DMCA compliant. In addition, they waved away any concerns about malware that was distributed through third-party ads.

Infringements or not, EasyDNS says its abuse policy only covers net abuse, not copyright matters. This means that in order to get a domain suspended the RIAA would need to present a local court order, or a foreign one that’s served through the Ontario Sheriff’s Office.

“We would need some kind of legal finding here in Ontario, or a foreign legal finding that has been duly served to us via the Ontario Sheriff’s Office,” Jeftovic tells us.

Alternatively, EasyDNS says it will accept the outcome of a formal proceeding under ICANN’s rules and regulations. However, it won’t take action against a one-sided complaint.

All in all, this means that the RIAA’s letter is unlikely to achieve the result they desire. This also begs the question, what’s next?

Although the RIAA would prefer to avoid a legal case against The Pirate Bay in the United States, if only to avoid the media attention, it appears that they have few other options left than to go to court.

Court case or not, the TPB team isn’t worried. They are not tied to the .ORG domain and can easily switch to an alternative.

“TPB is more than just a domain, it’s a movement, and taking down one domain will have zero effect on our inalienable right to share culture with our peers,” TPB’s Spud17 told us earlier today.

And so the whack-a-mole game is likely to continue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Fan-Created Movie Subtitle Site Operator Facing Prison

Post Syndicated from Andy original https://torrentfreak.com/fan-created-movie-subtitle-site-operator-facing-prison-160525/

Running a site offering or even linking to pirated movies and TV shows can be a hazardous occupation. It attracts the attention of copyright holders, the police, and in some cases even governments. For those running them these perils represent an occupational hazard.

But what if a site creates its own content and distributes that online, should that be a crime? That question is about to be answered in a unique case featuring fan-populated subtitling site Undertexter.se.

For ten years Undertexter (‘subtitles’ in Swedish) provided a somewhat useful service. Faced with what they perceived as a dearth of subtitling in local language, members of the site made their own translated subtitles for movies and TV shows. These were made available to all via the site.

However, in the summer of 2013 everything came crashing down. Under pressure from powerful Hollywood-based movie companies, police raided the site and seized its servers.

“The people who work on the site don’t consider their own interpretation of dialog to be something illegal, especially when we’re handing out these interpretations for free,” site founder Eugen Archy said at the time.

The authorities firmly disagreed, Archy was arrested, and the investigation into his site continued. Now, almost three years later, the Undertexter founder has been prosecuted for distributing infringing subtitles.

“I have indicted the person I say is behind the site Undertexter.se which made the dialogue from 74 films available to the public,” says prosecutor Henrik Rasmusson.

Of particular interest is the nature of the 74 movies referenced by the prosecution. Rather than tackle all of the subtitles on the site, the prosecution appears to have hand-picked a few dozen that gives them the strongest case, i.e those that relate to movies that weren’t commercially available in Sweden at the time.

The underlying suggestion is that those who created the subtitles either managed to legally view them in other regions or more likely carried out their translation work from pirate copies available online. Also, since the majority of Undertexter’s traffic came from Sweden, it’s likely that users of the site married the subtitles up with pirate copies.

Archy does not deny that he founded and operated the site, nor does he refute claims that he made some money from his activities, largely through on-site advertising. However, he does believe that offering fan-created subtitles is not a crime.

Unsurprisingly, Rasmusson strongly disagrees and even suggests that a prison sentence could be a possible outcome of this prosecution.

“This particular type of case, with pirate subtitles for pirate movies, has not been tried before. But the scale is at such a level that the penalty does not stop at fines, but imprisonment. It could be a suspended sentence,” Rasmusson says.

Soon it will be up to the court to decide whether distributing fan-created subtitles is a crime in Sweden. Experts have already weighed in on the case with Sanna Wolk, an associate professor of civil law at Uppsala University, noting that the devil could be in the detail.

“The core issue is whether the lyrics count as independent works or pure translations. If they follow the script, it’s a copyright violation to distribute them without permission, but if they’re self-published, it is not,” Wolk noted earlier.

“It is difficult to say where the exact line is. Subtitles need to be considered on their own merits to make an assessment.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hollywood Withdraws Funding for UK Anti-Piracy Group FACT

Post Syndicated from Andy original https://torrentfreak.com/hollywood-withdraws-funding-for-uk-anti-piracy-group-fact-160524/

factThe Federation Against Copyright Theft (FACT)is the most aggressive private anti-piracy group currently operating in the UK.

In recent years the organization has been responsible for investigating dozens of alleged pirates and has secured many convictions, largely on behalf of its movie and TV industry partners.

Now, however, FACT faces a somewhat uncertain future after the Motion Picture Association, the movie industry outfit that supplies FACT with half of its funding, decided to pull its support for the anti-piracy group.

The MPA, which represents the interests of Disney, Paramount, Sony, 20th Century Fox, Universal and Warner Bros, has recently advised FACT that it intends to terminate its 30-year long relationship by not renewing its membership when it expires in six months’ time.

Speaking with Screen Daily, MPA Europe president Stan McCoy explained that local funding for FACT had been withdrawn in favor of financing larger regional hubs with a wider remit.

The relevant regional office dealing with the UK is the MPA’s EMEA (Europe, Middle East, Africa) in Brussels which aims to provide “a nimble local presence and a direct relationship with local law enforcement.”

McCoy acknowledged FACT’s efforts over the last three decades but said that the changing nature of piracy, including the shift away from physical to online infringement, requires “a more flexible approach” than the one currently in place.

“We live in a world now where a piracy website can have its nexus in Sweden one day, then move in a few months to Eastern Europe, then to Thailand, or it can operate in all three of those jurisdictions at once,” McCoy said.

For FACT the withdrawal of the MPA and by extension the major studios is a massive blow. The MPA currently provides FACT with around 50% of its funding, leaving the balance to made up a range of partners including the UK Cinema Association, the Film Distributors’ Association, the Premier League, and broadcasters including ITV.

FACT confirmed that its MPA funding is being withdrawn and is said to be considering its options. In the meantime, however, it’s unlikely that the UK will become a care-free piracy zone. The MPA says it intends to continue its work protecting copyright in the UK which will include the pursuit of more site-blocking injunctions and increased cooperation with the Police Intellectual Property Crime Unit.

That being said, it will be interesting to see how this situation plays out. FACT provided “boots on the ground” for the studios in the UK and undertook investigations against pirates that in some cases the police were reluctant to take on and in others carry through to a prosecution. Abandoning that local touch could be risky strategy for the MPA, but only time will tell.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

ISP: Police Requests Most User Data for File-Sharing “Crimes”

Post Syndicated from Ernesto original https://torrentfreak.com/bahnhof-police-requests-160521/

pirate-runningIn recent years Internet provider Bahnhof has fought hard to protect the privacy of its subscribers.

The company has been a major opponent of extensive data retention requirements, launched a free VPN to its users, and recently vowed to protect subscribers from a looming copyright troll invasion.

This week Bahnhof reiterated its pro-privacy stance by stressing that it doesn’t hand over personal details of alleged pirates, not even to the police.

For the first time in history the company published details on the nature of police data requests. Interestingly, this reveals that file-sharing ‘crime’ is the largest category by far.

Of all requests received by the ISP well over a quarter, 27.5%, were for cases related to online file-sharing. This trumps other crimes such as grooming minors, forgery and fraud.

“We want to publish these figures to show that police are violating people’s privacy and putting resources into meaningless trifles,” Bahnhof CEO Jon Karlung says, commenting on the release.

Bahnhof-small

While the total number of 40 requests is relatively modest the data shows that file-sharing is high on the agenda for the Swedish police. However, from Bahnhof they shouldn’t expect any cooperation.

Citing European privacy regulations the Internet provider says that it will only hand over data to the police if the complaint applies to a serious crime, which doesn’t apply to piracy according to the company.

The ISP’s decision goes against the recommendation of the Swedish Telecoms Authority as well as the police, and a future court ruling is expected to provide more clarity on the issue.

Until then, Bahnhof will continue to shield alleged file-sharers from police requests for their personal data.

“The IP address is your fingerprint on the web,” Karlung says, noting that it’s tied to people’s browsing habits and all sorts of private data. “It shall not be disclosed without strong reasons.”

The recent comments fall in line with the ISP’s critique on the ongoing push to criminalize file-sharing in Sweden. Just a few weeks ago Karlung dismissed calls for harsher punishments for online piracy, noting that rightsholders should concentrate on developing better legal options instead.

For their part, the police note that the high number of file-sharing related requests are the result of increased enforcement efforts from copyright holders. When these report criminal activity, police are obliged to investigate the matter.

Credit: Translated chart by Rick Falkvinge

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Orders Pirate Bay Domains to be Forfeited to the State

Post Syndicated from Andy original https://torrentfreak.com/court-orders-pirate-bay-domains-forfeited-state-160512/

In 2013, anti-piracy prosecutor Fredrik Ingblad filed a motion targeting two of The Pirate Bay’s most recognizable names, ThePirateBay.se (the site’s main domain) and PirateBay.se (a lesser used alternative).

Rather than take on the site and its operators directly, Ingblad filed a complaint against Punkt SE (IIS), the organization responsible for Sweden’s top level .SE domain.

Ingbland argued that since The Pirate Bay is an illegal site the domains are tools used to infringe copyright and should be suspended. Furthermore, the prosecutor insisted that as the controller of those domains, IIS should also be held liable for copyright infringement.

IIS naturally took an opposing stance and said that any decision on the fate of the domains should be decided by the court. Meanwhile, IIS refused to suspend The Pirate Bay’s domains.

The case was heard in April 2015 and a month later the Stockholm District Court ruled that The Pirate Bay should forfeit both ThePirateBay.se and PirateBay.se.

But despite ordering the domain seizures the case against IIS was essentially rejected, with the District Court dismissing the prosecution’s case and awarding the registry close to $40,000 in costs. As a result the prosecution took the case to appeal.

This morning, however, the Svea Court of Appeal handed down its decision which upholds the decision of the Stockholm District Court.

“In common with the District Court ruling the Court of Appeal finds that there is a basis for confiscation since the domain names assisted crimes under the Copyright Act,” the Svea Court of Appeal said in a statement.

This means that ThePirateBay.se and PirateBay.se are now set to be forfeited to the Swedish state and The Pirate Bay will have to find alternatives.

Speaking with TorrentFreak, IIS counsel Elisabeth Ekstrand says that her organization is pleased that the decision of the District Court has been upheld.

“We are pleased that the Court of Appeal chose to uphold the decision from the District Court. We think it is good that this issue has been examined. Now we need some time to read through the verdict before we can make any further comments,” Ekstrand told TF.

Both of the domains are held in the name of Pirate Bay co-founder Fredrik Neij and the District Court previously ruled that he is the owner.

“The prosecutor’s primary claim with respect to Fredrik Neij should be upheld and domain names should be confiscated from him in accordance with the Copyright Act,” the Court said.

However, speaking with TorrentFreak a few minutes ago, Neij denied that he is the owner of the domains and will file an appeal to the Supreme Court to protest.

“I will appeal on the grounds that I do not own the domain and that I did not commit copyright infringement as I am not involved with the site anymore,” Neij explained.

All of the parties involved are allowed to appeal so this case seems far from over.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

ISP Boss Criticizes Calls to Criminalize File-Sharers

Post Syndicated from Andy original https://torrentfreak.com/isp-boss-criticizes-calls-to-criminalize-file-sharers-160507/

karlungThere are very few Internet service providers around the world who could be described as file-sharer friendly. Most will steadfastly do their bare minimum when aggressive copyright holders come calling, with the majority happy to throw their customers to the wolves, guilty or not.

The same cannot be said about Swedish ISP Bahnhof. CEO Jon Karlung has been at the forefront of several arguments over file-sharers for many years, particularly when their activities intersect with a right to privacy.

In 2009, Karlung threw a wrench in the works of the Intellectual Property Rights Enforcement Directive (IPRED) by refusing to log the IP addresses of his customers. This meant that if a court came calling for the data, none would be available.

In 2011, Karlung was pleasing the masses again, this time by hosting Wikileaks and promising to route all customer traffic through an encrypted VPN service. And in April this year the Bahnhof CEO vowed to protect his customers from copyright trolls.

Now Karlung has turned his attentions to the Swedish government following an open hearing at the end of last month on the subject of piracy in the digital marketplace.

The published purpose of the hearing was to “share knowledge and gain a greater insight into how piracy and other infringements of intellectual property affects both businesses and consumers and society in general” but it appears Karlung was not impressed.

Servers at Bahnhof

bahnoff servers

Writing in Sweden’s SVT, Karlung said that the meeting was attended by representatives from the film and music industries who sat alongside police and politicians. He says that the atmosphere was good, with everyone in agreement.

“For several hours they repeated, with rising fighting spirit, the same message again and again: ‘We need to block illegal sites! We must strengthen penalties!’,” the Bahnhof CEO reports.

Eventually Sweden’s Minister for Justice took the floor and told those assembled that “theft is theft!” while championing tougher penalties for infringers. He also noted that his first meetings after he took over as attorney general had been with the film industry. This appears to have riled Karlung.

“It is symptomatic that no Internet service provider was invited to the meeting – or anyone else with a broader understanding of digital conditions,” he explains.

The Bahnhof CEO says the exchange reminded him of 2008 when he attended a meeting in Sweden’s Parliament on the topic of file-sharing. Back then too, a politician stood up, declared that “theft is theft”, and left without discussing the issue with the ISP. For Karlung, history is repeating itself.

“In 2016, Sweden wants to criminalize hundreds of thousands of citizens for file-sharing. Now?! When large parts of the film and music industry have already adapted to the digital landscape with services such as Spotify and Netflix?” he questions.

“Consumers are apparently willing to pay. How about adding resources to develop the right services instead of taking a large sledgehammer to the free Internet?”

Karlung says that Sweden used to be at the forefront in that respect, but things have changed.

“Now we are internationally renowned as a place where courts prohibit public art from being shared online,” he explains.

Whether Karlung’s words will have any effect on government policy will remain to be seen but in any event it is extremely rare for the CEO of an ISP to make his voice heard in the way Karlung has for the past several years. Certainly, privacy conscious customers could do worse than check out this ISP.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Crooks Go Deep With ‘Deep Insert’ Skimmers

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/05/crooks-go-deep-with-deep-insert-skimmers/

ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls “deep insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine.

KrebsOnSecurity’s All About Skimmers series has featured several stories about insert skimmers. But the ATM manufacturer said deep insert skimmers are different from typical insert skimmers because they are placed in various positions within the card reader transport, behind the shutter of a motorized card reader and completely hidden from the consumer at the front of the ATM.

Deep insert skimmers removed from hacked ATMs.

Deep insert skimmers removed from hacked ATMs.

NCR says these deep insert skimming devices — usually made of metal or PCB plastic — are unlikely to be affected by most active anti-skimming jamming solutions, and they are unlikely to be detected by most fraudulent device detection solutions.

“Neither NCR Skimming Protection Solution, nor other anti-skimming devices can prevent skimming with these deep insert skimmers,” NCR wrote in an alert sent to banks and other customers. “This is due to the fact the skimmer sits well inside the card reader, away from the detectors or jammers of [NCR’s skimming protection solution].

The company said it has received reports of these skimming devices on all ATM manufacturers in Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States.

“This suggests that ‘deep insert skimming’ is becoming more viable for criminals as a tactic to avoid bezel mounted anti-skimming devices,” NCR wrote. The company said it is currently testing a firmware update for NCR machines that should help detect the insertion of deep insert skimmers and send an alert.

A DEEP DIVE ON DEEP INSERT SKIMMERS

Charlie Harrow, solutions manager for global security at NCR, said the early model insert skimmers used a rudimentary wireless transmitter to send card data. But those skimmers were all powered by tiny coin batteries like the kind found in watches, and that dramatically limits the amount of time that the skimmer can transmit card data.

Harrow said NCR suspects that the deep insert skimmer makers are using tiny pinhole cameras hidden above or beside the PIN pad to record customers entering their PINs, and that the hidden camera doubles as a receiver for the stolen card data sent by the skimmer nestled inside the ATM’s card slot. He suspects this because NCR has never actually found a hidden camera along with an insert skimmer. Also, a watch-battery run wireless transmitter wouldn’t last long if the signal had to travel very far.

According to Harrow, the early model insert skimmers weren’t really made to be retrieved. Turns out, that may have something to do with the way card readers work on ATMs.

“Usually what happens is the insert skimmer causes a card jam,” at which point the thief calls it quits and retrieves his hidden camera — which has both the card data transmitted from the skimmer and video snippets of unwitting customers entering their PINs, he said. “These skimming devices can usually cope with most cards, but it’s just a matter of time before a customer sticks an ATM card in the machine that is in less-that-perfect condition.”

The latest model deep insert skimmers, Harrow said, include a tiny memory chip that can hold account data skimmed off the cards. Presumably this is preferable to sending the data wirelessly because writing the card data to a memory chip doesn’t drain as much power from the wimpy coin battery that powers the devices.

The deep insert skimmers also are designed to be retrievable:

“The ones I’ve seen will snap into some of the features inside the card reader, which has got various nooks and crannies,” Harrow said. “The latest ones also have magnets in them which are used to hold them down against the card reader.” Harrow says the magnets are on the opposite side of the device from the card reader, so the magnets don’t interfere with the skimmer’s job of reading the data off of the card’s magnetic stripe.

Many readers have asked why the fraudsters would bother skimming cards from ATMs in Europe, which long ago were equipped to read data off the chip embedded in the cards issued by European banks. The trouble is that virtually all chip cards still have the account data encoded in plain text on the magnetic stripe on the back of the card — mainly so that the cards can be used in ATM locations that cannot yet read chip-based cards (i.e., the United States).

When thieves skim data from ATMs in Europe, they generally sell the data to fraudsters who will encode the card data onto counterfeit cards and withdraw cash at ATMs in the United States or in other countries that haven’t yet fully moved to chip-based cards. In response, some European financial institutions have taken to enacting an anti-fraud mechanism called “geo-blocking,” which prevents the cards from being used in certain areas.

“Where geo-blocking has been widely or partially implemented, the international loss profile is very different, with minimal losses reported,” wrote the European ATM Security Team (EAST) in their latest roundup of ATM skimming attacks in 2015 (for more on that, see this story). “From the perspective of European card issuers the USA and the Asia-Pacific region are where the majority of such losses are being reported.”

east-lossesbycountry

Even after most U.S. banks put in place chip-capable ATMs, the magnetic stripe will still be needed because it’s an integral part of the way ATMs work: Most ATMs in use today require a magnetic stripe for the card to be accepted into the machine. The principal reason for this is to ensure that customers are putting the card into the slot correctly, as embossed letters and numbers running across odd spots in the card reader can take their toll on the machines over time.

Swedish Police Want to Block The Pirate Bay & Seize Domains

Post Syndicated from Andy original https://torrentfreak.com/swedish-police-want-to-block-the-pirate-bay-seize-domains-160502/

With infrastructure often spread around the world and multiple domains in backup, shutting down access to torrent and streaming sites can be a complex affair. Even when national legal systems provide the necessary tools, the process can be extremely drawn out, not to mention ineffective.

The case of The Pirate Bay provides a perfect example. Deemed illegal just about everywhere, the site has remained online despite the efforts of law enforcement, countless legal professionals, and courts around the globe. The world’s most notorious torrent site doesn’t play by the rules, a point certainly not lost on Paul Pintér, Sweden’s national coordinator for IP enforcement.

Pintér, previously a computer crime and forensics investigator with the Stockholm County Police, has headed up a specialist anti-piracy unit since 2010. He feels that the police need more powers to shut down sites such as The Pirate Bay.

In a memorandum submitted to the Government, Pintér says that websites that violate copyright or trademark law should be blocked by Internet service providers. Furthermore, while preliminary investigations are underway, domain names should be seized by the authorities.

“They commit crimes, they should be removed from the Internet. I see it as an additional tool to combat piracy,” Pintér told IDG.

Pintér understands the problems only too well. The process to seize The Pirate Bay’s .SE domain has dragged on since 2013 and now sits with the court of appeal. A decision was due this week but Punkt SE (IIS), the organization responsible for Sweden’s top level .SE domain, informs TorrentFreak that the decision has been delayed again.

“If we have a site selling counterfeit clothing or an illegal streaming site, and you can seize its domain during the investigation, it is gone during that time. It is a good preventive measure if nothing else,” Pintér says.

Being able to quickly seize a ‘pirate’ domain would certainly be an asset to the police but there are those who will question whether that would trample due process. Pintér suggests that wouldn’t be the case.

“I want the law to be technology neutral. We carry out seizures in many, many other cases, everything from computers to money,” Pintér says.

Nevertheless, adjustments would have to be made. In his memorandum to the government Pintér calls for changes in the law that would allow police to seize not only tangible items such as physical property, but also intangible items such as domain names.

Furthermore, rather than relying on entertainment industry companies to take their own legal action, Pintér would like amendments to the law that would allow copyright or trademark infringing sites to be blocked by ISPs.

“I’m not talking about blocking everything. I’m talking about sites that contain criminal material. I don’t see a difference between child pornography, copyright infringement or trademark infringement – for me it is a crime,” Pintér concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

ISP Vows to Prevent Users From a Piracy Witch Hunt

Post Syndicated from Ernesto original http://feedproxy.google.com/~r/Torrentfreak/~3/W92Ynf3SyIo/

trollsignIn recent years file-sharers all across Europe have been threatened with lawsuits, if they don’t pay a significant settlement fee.

The process was pioneered in Germany where it turned into an industry by itself, but copyright holders have also targeted alleged pirates in the UK, Finland and elsewhere.

Sweden is one of the latest countries where these so-called “copyright trolls” have landed. At the birth ground of The Pirate Bay, media outfit Crystalis Entertainment received permission from the court to identify several BitTorrent users, based on their IP-addresses.

The case, which could be the first of many, was filed against the local ISP TeliaSonera who handed over the requested information without putting up much of a fight.

This prompted the competing Internet provider Bahnhof to issue a warning. The company notes that the copyright holder in question doesn’t have a very strong case, and it criticizes Telia for caving in too easily.

“The Stockholm district court did not even see any evidence showing that these IP addresses were actually used for file sharing. It could basically be one of these Nigerian mail scams,” Bahnhof CEO Jon Karlung says.

“I think that Telia folded caved in too easily. Although Crystal Entertainment properly represents certain copyright holders, at Bahnhof we would choose to appeal,” he adds.

The ISP says that they will not hand over any data without urging for a proper review of the evidence.

This is no surprise for a company that’s heavily focused on user privacy. Bahnhof’s tagline is “Internet with privacy” and two years ago the ISP was one of the first to launch a free VPN, responding to a legal requirement that required it to log subscriber activities.

In a press release Bahnhof explains how these extortion-like demands from copyright holders have become commonplace in Germany. It’s exactly this type of witch hunt is something they hope to prevent in Sweden.

This means that if copyright holders demand the same info from Bahnhof, they will fight this in court.

“We have to follow the law and no one can predict the future, but one thing I can guarantee, we’re on the side if our users. We will do everything in our power to prevent the German situation from spreading,” Karlung says.

Bahnhof’s CEO also has some advice for the media companies that are affected by piracy. They should invest their time and money in offering great content, instead of taking their customers to court.

“It is better for copyright holders to put their money into developing services that people want to pay for, like Netflix and Spotify, instead of becoming entrenched in the 1900s,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Poland vs the United States: crime and punishment

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/07/poland-vs-united-states-crime-and.html

This is the tenth article in a short series about Poland, Europe, and the United States. To explore the entire series, start here.

Throughout much of its history, the United States has been a comparatively violent nation. From the famed lawlessness of the western frontier, to the brawling biker gangs, to the iconic Italian Mafia and the fearsome Mexican drug cartels, the thirst for blood has left a mark on the American psyche – and profoundly influenced many of the country’s most cherished works of literary and cinematic art.

But sooner or later, a line gets drawn. And so, when a tidal wave of violent crime swept the nation in the late 80s, the legislators and the executive branch felt obliged to act. Many wanted to send a message to the criminal underworld by going after it with relentless and uncompromising zeal – kicking off the multi-decade War on Drugs and rolling out policies such as the three strikes law in California or stop-and-frisk in New York City. Others saw the root of all evil in the pervasive gun culture of the United States – successfully outlawing the possession or carry of certain classes of firearms and establishing a nation-wide system of background checks.

And then, in the midst of these policy changes, something very interesting started to unfold: the crime rate plunged like a rock, dropping almost 50% over the course of twenty years. But why? Well, the funny thing is, nobody could really tell. The proponents of tough policing and the War on Drugs tooted their own horns; but less vindictive municipalities that adopted programs of community engagement and proactive policing heralded broadly comparable results. Gun control advocates claimed that getting AR-15s and handguns off the streets made a difference; gun rights activists found little or no crime gap between the gun-friendly and the gun-hostile states. Economists pointed out that people were living better, happier, and longer lives. Epidemiologists called out the elimination of lead – an insidious developmental neurotoxin – from paints and gasoline. Some scholars have gone as far as claiming that easy access to contraception and abortion caused fewer children to be born into multi-generational poverty and to choose the life of crime.

Europe certainly provided an interesting contrast; the old continent, having emerged from two unspeakably devastating and self-inflicted wars, celebrated its newly-found pacifist streak. Its modern-day penal systems reflected the philosophy of reconciliation – abolishing the death penalty and placing greater faith in community relationships, alternative sentencing, and the rehabilitation of criminals. A person who served a sentence was seen as having paid the dues: in Poland and many other European countries, his or hers prospective employers would be barred from inquiring about the criminal record, and the right to privacy would keep the indictments and court records from public view.

It’s hard to say if the European model worked better when it comes to combating villainy; in the UK, crime trends followed the US trajectory; in Sweden, they did the opposite. But the utilitarian aspect of the correctional system aside, the US approach certainly carries a heavy humanitarian toll: the country maintains a truly astronomical prison population, disproportionately comprised of ethnic minorities and the poor; recidivism rates are high and overcrowding in some penitentiary systems borders on the inhumane.

Untangling this mess is not easy; most Americans seriously worry about crime and see it as a growing epidemic, even if their beliefs are not substantiated by government-published stats. Perhaps because of this, they favor tough policing; reports of potential prosecutorial oversight – such as the recent case of a tragic homicide in San Francisco – tend to provoke broader outrage than any comparable claims of overreach. Similarly, police brutality or prison rape are widely acknowledged and even joked about – but are seen as something that only ever happens to the bad folks.

For the next article in the series, click here.