Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Torrent Supersite User Database Compromised

With all of the legal, semi-legal, and illegal uses for torrent files, the presence of specialised torrent search engines and trackers is bound to attract the attention of groups who would go to any length to find out the identities of users who frequent the sites. One of the largest such sites, Pirate Bay, has had more than 4 million of its users compromised when Argentinian attackers contacted KrebsonSecurity to provide evidence of having compromised the user database (more information from the hackers themselves.

Despite the risks of SQL injection having been well understood for a number of years, it is reported that it was via a series of SQL injections that the attackers were able to gain the key access needed to the user database. What exacerbates the immediate privacy concern about identities being linked to online accounts, is the account activity, which includes the torrent activity (also searchable through the main Pirate Bay search interface), but also allows linking of email and IP addresses to these accounts, a virtual goldmine of information for groups seeking to identify and prosecute file sharers.

With such a valuable lode of information, many of the groups seeking to prosecute file sharers would have a strong financial interest in gaining access to the data extracted from the database, but the Argentinians behind the attack have so far only sought to inform users that their information may be at risk.

As with any claim of information disclosure or capture, the concern is how viable and current is the data that has been obtained. When tested by Brian Krebs, the Argentinians were able to provide him with the correct account details for a user account that he had set up, demonstrating that the information is, if not actually live, current enough to be most valuable.

There is a variety of responses from the file sharing community to this particular breach, but as is pointed out, the key identifying element, the IP address of users, can be extracted from the torrent swarms, but in this case it is all collected in a centralised manner, making the job of data mining that much simpler.

12 July 2010

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.