Argentinean hackers have stolen the e-mail addresses, IP addresses, usernames and passwords of more than four million Pirate Bay users. Pirate Bay is the most popular BitTorrent site, a place to download pirated apps.
This time, it was Pirate Bay that was pirated. A trio of hackers in the Latin American country have claimed responsibility for the attack and even produced a video demonstrating their successful hacking tactics.
"The community caused problems to huge companies and corporations which turned into threats between this companies and them," wrote hacker Ch Russo. "What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn't anything out of the ordinary."
Russo is well aware of how valuable that information would be to the Recording Industry Association of America and the Motion Picture Association of America (MPAA), considering the number of illegal song and movie downloads from Pirate Bay. However, Russo doesn't appear to have any plans to turn over the information to these industry associations.
"Probably these groups would be very interested in this information, but we are not [trying] to sell it. Instead we wanted to tell people that their information may not be so well protected," wrote Russo. Russo does seem to have a money motive, though. He's marketing his security-exploit software program called Impassioned Framework.
Pirate Bay moved quickly to take down the hacker video, which showed how malicious actors discovered and exploited several SQL injection vulnerabilities on the site. Pirate Bay was the victim of a similar attack in 2007, despite efforts to shore up security.
The Pirate Bay temporarily went offline for maintenance, offering the following message: "Upgrading some stuff, database in use for backups, soon back again. Btw, it's nice weather outside I think."
Is the MPAA Watching?
What happens with the four million e-mail addresses could make people feel uncomfortable about using the service, according to Rob Enderle, principal analyst at the Enderle Group. Then again, he said, with the MPAA's aggressive pursuit of Pirate Bay, he's not sure anyone should feel too secure about using the service anyway.
"The fact that this hacker could get these e-mail addresses would suggest that other people could do it as well and may have already done it and aren't telling anybody," Enderle said.
"This hacker is being vocal; another organization with a vested interest in penetrating the security of Pirate Bay may have already done so," he said. "Just because the MPAA is not talking about it doesn't mean they aren't monitoring the use of the site. It's not in their best interest to go around bragging that they penetrated the site."
Posted: 2010-07-08 @ 7:30pm PT
Just because something is on a torrent, doesn't mean it's illegal. There are plenty of other things like demos you can download. This proves nothing. Let alone the fact what he did IS illegal. Especially if he downloaded that information, and it would be even worse for him if he gave it away to others. Anyone obtaining it from him would be just as guilty.