Hack Attack! Private Trackers Getting Hacked?

T P S
We are Society.
Apply for membership

othersna

Well-Known Member
Ex Staff
Joined
Jun 20, 2009
Messages
15,933
Location
California
Gold
4,821
We are getting scattered reports of some trackers either getting hacked or exploited in some way, and then the userbase begins to get PMs (on the site) or even e-mails with scam e-mail, usually a request for donations in Bitcoin. It isn't clear how these exploits are occurring, whether it be a hacker getting a staffer's password and accessing the userbase that way, or actually using a hacker technique such as SQL insertion. (Note I am a relative tech n00b, so I cannot get into the specifics of what that means.)

However, this blog article is written for regular tracker members and what it means for them. First, be wary if you get an unsolicited PM from a tracker and it looks suspicious. Some may fool you, if it comes from "System" or an actual staff member. If the PM asks for donations, hold off a bit and check the forums to see if the staff has posted anything about a bogus PM scheme. At one tracker, I once saw a bogus PM asking members to click a link to fix something, and it really did look legitimate. Potentially it could have put malware on your computer. The staff there even suggested members "format their hard drive." :eek:

If you get an unsolicited e-mail requesting you to donate, or to clicka link to an e-mail address you use at trackers, also beware. This is also why I recommend torrenters make up a gmail or similar e-mail address to be used with torrenting and nothing else, and it should not have your real name in the profile.

It is unclear what these hackers are up to. Some may be just simple scammers. They want you to send them money, or click a link which will place malware on your computer. I have also heard of torrenters (using public sites) getting fake e-mails from fake anti-P2P groups saying they've been "caught" and the e-mail asks for payment. I don't think these hackers are real anti-P2P groups as hacking a website is a serious crime, a felony under U.S. Federal law, and can lead to time in Federal Prison. (Again, I suspect these hackers are not from the USA)

In summary, all of us should be cautious about being scammed on the internet, and these scams seem to have spread into the world of private torrent trackers.
 

Gilberto

Captain
Captain
Joined
Aug 31, 2015
Messages
568
Gold
13,795
  • Haha
Reactions: Omen and othersna

othersna

Well-Known Member
Ex Staff
Joined
Jun 20, 2009
Messages
15,933
Location
California
Gold
4,821
Thanks for the simple explanation of SQL injection. Even "sanitize your database inputs" is Greek to me. (Maybe I ought to re-invite Blackpirate/GreeceLight/Rastafarian to translate it. ;) :p )
 
  • Haha
Reactions: jammyone

jammyone

Dark Pirate
Dark Pirate
Joined
Oct 4, 2013
Messages
2,934
Location
(None)
Gold
13,923

othersna

Well-Known Member
Ex Staff
Joined
Jun 20, 2009
Messages
15,933
Location
California
Gold
4,821
^ Some bad users (for example the notorious DeadXxX would have a different nick and e-mail for every tracker he had) so it may seem suspicious. If you use a name plus a different number then I suppose that shows you are not hiding anything.

I just use the same gmail for my trackers, but the gmail cannot be traced back to me (except using IP logs). Got the tinfoil hat on now. ;)
 

Gilberto

Captain
Captain
Joined
Aug 31, 2015
Messages
568
Gold
13,795
There are some 'tricks' available in Gmail that let you have one account but register with each tracker with a different address. Eg. You can add a plus sign and any word before the @ sign e.g. johnsmith+tracker1@gmail.com and johnsmith+tracker2@gmail.com will be delivered to johnsmith@gmail.com.
I've found some sites however won't accept pluses in the registration forms, but it is a very good trick for those sites that do accept it.

Thanks for the simple explanation of SQL injection. Even "sanitize your database inputs" is Greek to me. (Maybe I ought to re-invite Blackpirate/GreeceLight/Rastafarian to translate it. ;) :p )
Basically it just means make sure that the input data doesn't contain anything which might pose a security threat. For example, a webform may ask you to input your username and password to login. If instead of inputting a password, I input ' OR '1'='1 , then this may trick the website into running that little piece code (which evalutates to "true" and therefore (in a simple sense) means that the website accepts that as the password to the account, and I can login. To sanitize the input, we could have a script that removes any special characters from it (like the single quotation marks or the equals sign) before we ever even try running it. That way, its more difficult for the website to be tricked.
 

cherwonk

Shipmate
Shipmate
Joined
Aug 14, 2015
Messages
78
Location
Western NY USA
Gold
4,970
We are getting scattered reports of some trackers either getting hacked or exploited in some way, and then the userbase begins to get PMs (on the site)
I can tell you this has happened a few weeks ago at a place I am acquainted with. PMs were sent out from an admins account. There wasnt a trace left as to how the site/account was compromised.
I can tell you that the solicitations wanted donations sent to this bitcoin account https://blockchain.info/address/1Lp43Z26WJ77JJM9UGWS1R48UNeDz7UBRY
From what I could trace with this account it was just one of a dozen accounts that transferred money to 3 other accounts. Thats as far as I got with it, even if I narrowed it to one account it still wouldn't do anything for the site.

All I can give for advice is ... you know whether or not the sites you belong to solicit for donations, you know where they prefer to get them from. Be wary if you're asked to vary from the norm, ask questions of the staff.
 
  • Like
Reactions: othersna

Morgilroka

New Recruit
New Recruit
Joined
Apr 4, 2015
Messages
57
Location
Canada
Gold
2,575

Null

Do What Now
Ex Staff
Joined
Feb 20, 2014
Messages
424
Gold
10,793
the only real scary thing about coding and germs, no sanitizer hehehe
 

Root

Every Dog Has Its Day
Joined
Jan 7, 2013
Messages
446
Location
Home
Gold
43
Well that sucks , People wouldn't even know what to trust now if this keeps going along.
 

Deku-shrub

Pirate
Pirate
Joined
Oct 18, 2014
Messages
264
Gold
1,043
I've found some sites however won't accept pluses in the registration forms, but it is a very good trick for those sites that do accept it.
Unfortunately you're correct. However the RFC for email standards allows them, so any site that doesn't allow it is non-complaint and you bitch at them from a position of moral superiority. I have a separate throw away email which I give all such sites.
 

Gilberto

Captain
Captain
Joined
Aug 31, 2015
Messages
568
Gold
13,795
Unfortunately you're correct. However the RFC for email standards allows them, so any site that doesn't allow it is non-complaint and you bitch at them from a position of moral superiority. I have a separate throw away email which I give all such sites.
I just checked RFC5322 and there are suprising more special characters for emails then I expected, e.g.
Code:
 ' / { | ~
 

Joe

^5
Shipmate
Joined
Aug 30, 2015
Messages
97
Gold
13,900
So attack has begin, there are few things must be considered.
  • STOP! Think twice before clicking on any suspicious link.
  • Even if your email got exposed make sure you never respond to such scam emails. Simply DELETE those, don't even click on unsubcribe link at the bottom.
  • As othersna othersna said, make sure you investigate even further with staff/admins on particular tracker, so that they can get alert and try to patch hole as soon as possible.
  • Use trusted updated plugin, secure browser and visit only official websites, or else be ready to for bang bang. I mean phishing, more about it on Wikipedia: Phishing
  • Also, I am hoping you are maintaining different, strong & long passwords across all trackers.
Atlast keep learning, gain more knowledge and stay safe.
 
Last edited by a moderator:

Gilberto

Captain
Captain
Joined
Aug 31, 2015
Messages
568
Gold
13,795
So attack has begin, there are few things must be considered.
  • Also, I am hoping you are maintaining different, strong & long passwords across all trackers.
I think this is the most important point, if you use the same email/username/password combination accross multiple sites, all it takes is for one site to be compromised and an attacker can get into any of your other accounts!

Even today there was a news piece about it, a privaliged user on Bugzilla (bug tracking for Mozilla products) used the same password on another site that got compromised, and an attacker was able to gain access to the Bugzilla account. The attacker was able to download critical security information relating to unfixed bugs, and it seems that information has been used to attack users.
http://arstechnica.com/security/2015/09/mozilla-data-stolen-from-hacked-bug-database-was-used-to-attack-firefox/

https://blog.mozilla.org/security/2015/09/04/improving-security-for-bugzilla/

You can setup a password database offline (such as KeePass) to manage your passwords (and there is a good random password generator in there). Then you only need to know the master key to unlock it. Just don't loose the database or master key or you're sool :D
 
  • Like
Reactions: othersna

othersna

Well-Known Member
Ex Staff
Joined
Jun 20, 2009
Messages
15,933
Location
California
Gold
4,821
Thanks for all the input guys. The main purpose of the article is to note that we would never click a link on an e-mail that seems to come from our bank, but says 'Dear member' instead of our name, and asks us to click a link to re-enable our disabled bank account. But we just might click a link on a PM from an admin at a tracker asking us to do something with our tracker account. I'm saying - just be cautious if you get such a PM.

I trust the staff at trackers are doing everything they can to stop these kinds of exploits.
 
Top