Just over a month ago, a Javascript cryptocurrency miner was silently added to The Pirate Bay. Noticed by users who observed their CPU usage going through the roof, it later transpired the site was trialing a miner operated by Coinhive.

Many users were disappointed that The Pirate Bay had added the Javascript-based Monero coin miner without their permission. However, it didn’t take long for people to see the potential benefits, with a raft of other sites adding the miner in the hope of generating additional revenue.

Now, however, Coinhive has an unexpected and potentially serious problem to deal with. The company has just revealed that on Monday night its DNS records maintained at Cloudflare were accessed by a third-party, allowing an unnamed attacker to redirect user mining traffic to a server they controlled.

“The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server. This third party server hosted a modified version of the JavaScript file with a hardcoded site key. This essentially let the attacker ‘steal’ hashes from our users,” Coinhive said in a statement.

The company hasn’t revealed how long the unauthorized redirect stayed in place for, but it appears that all coins mined on sites hosting Coinhive’s script were ‘stolen’ during the period, instead of being credited to their accounts.

Coinhive stresses that no user account information was leaked and that its website and database servers were uncompromised. But while that’s good news, the method that the hackers used to access the company’s DNS provider lay in a basic security error.

Back in 2014, crowdfunding platform Kickstarter – which Coinhive used – fell victim to a security breach. After being advised of the fact by law enforcement officials, Kickstarter shut down unauthorized access, began strengthening its systems, while advising customers to do the same.

While Coinhive did respond to the warning to ensure that its data was safe, something slipped through the net. One piece of information – its Cloudflare account password – remained unchanged after the Kickstarter attack. It now seems the most likely culprit for this week’s DNS breach.

“The root cause for this incident was an insecure password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014,” Coinhive says.

“We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.”

While not mentioning Coinhive explicitly, Kickstarter warned earlier this month that the 2014 incident may not be completely over. In an update posted on the site Oct 6, Kickstarter noted that some of its customers had recently been hearing more information about the breach from notification service Have I been pwned?.

In the meantime, Coinhive has issued an apology and indicated it will find ways to reimburse sites which have lost revenue as a result of the DNS hack.

“We’re deeply sorry about this severe oversight,” the company said. “Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate. Please give us a few hours to roll this out.”

Based on earlier calculations carried out by TF, The Pirate Bay (if it was mining during the breach) could be potentially owed around $200 for the lost hashes, give or take. After turning off mining in September, the site reactivated it again in October, with no opt-out. The situation appears fluid.

While the hack is obviously a disappointment, Coinhive appears to have advised its users quickly and transparently, which under the circumstances is exactly what’s required. The fact that it’s offering compensation to users will also be welcomed.

The breach is the latest controversy to hit the company. Earlier this month, Cloudflare began banning sites which implemented Coinhive mining without informing their users. The CDN company said it considered non-advised mining as malware.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

In recent years, New Zealand has been the center stage of the largest copyright battle in Internet history; the criminal prosecution of Megaupload and several of its former employees.

In 2012, the country’s law enforcement officials helped to bring down the file-sharing site, including a military-style raid on its founder, Kim Dotcom.

While the Megaupload case is still ongoing, a separate copyright battle in New Zealand came to a conclusion this week. In this case, the country’s leading National Party was the accused.

In 2014 the party of former Prime Minister and Kim Dotcom nemesis John Key was sued for copyright infringement by Eminem’s publisher Eight Mile Style. In an advertising spot for the General Election campaign, the party used a song heavily inspired by the track “Lose Yourself.” A blatant copyright infringement, they argued.

This week the High Court agreed with the publisher ruling that the ad indeed infringed on their copyright. The National Party must now pay a total of $600,000 (415,000 USD) including damages and interest, NZ Herald reports.

Recognizing the irony, Kim Dotcom swiftly took the matter to Twitter. He launched a poll asking who’s guilty of copyright infringement, him or the National Party? The results are, as expected, in his favor.

Lose Yourself?

Dotcom sees the matter as something the old government is responsible for and he has more faith in the current leadership.

“All I can say is that the irony of this is hilarious and that Karma has finally caught up with the corrupt !former! National government. Honest people are now running New Zealand and the courts will be busy dealing with the crimes committed by the last government,” Dotcom informs us.

The National Party didn’t simply use the song without paying for it. They actually sought professional advice before starting the campaign and licensed a track called Eminem Esque, which is the one they used in the ad.

While the party hoped to avoid more expensive licensing fees by using the knock-off song, the High Court ruled that the similarities between Lose Yourself and Eminem Esque are so significant that it breached copyright.

And indeed, the music used in the ad campaign below is quite similar to the original Eminem track.

National Party president Peter Goodfellow is disappointed with the outcome and stresses that the party did not act flagrantly and properly licensed the song that was used.

“The music was licensed with one of New Zealand’s main industry copyright bodies, the Australasian Mechanical Copyright Owners Society. Being licensed and available for purchase, and having taken advice from our suppliers, the party believed the purchase was legal.”

The fact that the Party sought advice and licensed the knock-off track was taken into account. The High Court didn’t award any additional damages, but nonetheless, the copyright infringement claims stuck.

The other camp was more positive about the outcome. Adam Simpson, who represented Eminem’s publisher, described the ruling as a win for musicians and a warning to those who infringe on their rights.

“The ruling clarifies and confirms the rights of artists and songwriters. It sets a major precedent in New Zealand and will be influential in Australia, the UK and elsewhere,” Simpson said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Over the past several years, Rozcomnadzor has become a highly controversial government body in Russia. With responsibility for ordering web-blockades against sites the country deems disruptive, it’s effectively Russia’s online censorship engine.

In total, Rozcomnadzor has ordered the blocking of more than 82,000 sites. Within that total, at least 4,000 have been rendered inaccessible on copyright grounds, with an additional 41,000 innocent platforms blocked as collateral damage.

This massive over-blocking has been widely criticized in Russia but until now, Rozcomnadzor has appeared pretty much untouchable. However, a scandal is now engulfing the organization after at least four key officials were charged with fraud offenses.

News that something was potentially amiss began leaking out two weeks ago, when Russian publication Vedomosti reported on a court process in which the initials of the defendants appeared to coincide with officials at Rozcomnadzor.

The publication suspected that three men were involved; Roskomnadzor spokesman Vadim Ampelonsky, head of the legal department Boris Yedidin, and Alexander Veselchakov, who acts as an advisor to the head of the department monitoring radio frequencies.

The prosecution’s case indicated that the defendants were involved in “fraud committed by an organized group either on an especially large scale or entailing the deprivation of citizen’s rights.” Indeed, no further details were made available, with the head of Rozcomnadzor Alexander Zharov claiming he knew nothing about a criminal case and refusing to answer questions.

It later transpired that four employees had been charged with fraud, including Anastasiya Zvyagintseva, who acts as the general director of CRFC, an agency under the control of Rozcomnadzor.

According to Kommersant, Zvyagintseva’s involvement is at the core of the matter. She claims to have been forced to put “ghost employees” on the payroll, whose salaries were then paid to existing employees in order to increase their salaries.

The investigation into the scandal certainly runs deep. It’s reported that FSB officers have been spying on Rozcomnadzor officials for six months, listening to their phone conversations, monitoring their bank accounts, and even watching the ATM machines they used.

Local media reports indicate that the illegal salary scheme ran from 2012 until February 2017 and involved some 20 million rubles ($347,000) of illegal payments. These were allegedly used to retain ‘valuable’ employees when their regular salaries were not lucrative enough to keep them at the site-blocking body.

While Zvyagintseva has been released pending trial, Ampelonsky, Yedidin, and Veselchakov have been placed under house arrest by the Chertanovsky Court of Moscow until November 7.

Rozcomnadzor’s website is currently inaccessible.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Last week The Pirate Bay’s .SE domain name expired and, soon after, it was deactivated.

As a result, many people could no longer use their old bookmarks, which traditionally pointed them to the most recent domain of the notorious torrent site.

This appeared to mark the end of this historic domain but today it’s clear that this is not the case. For the past few hours, Thepiratebay.se has been operating as usual again, directing visitors to the current .org domain.

A quick look at the Whois information shows that the domain has been reactivated and the registration updated to October next year. This means that it’s safe, at least for a while.

Thepiratebay.se back in action

At the time of writing it’s unclear whether the Pirate Bay listed the deactivation or if this was done on behalf of the Swedish Court of Appeal.

In 2013, a local anti-piracy group filed a motion to have it seized. This resulted in a lengthy legal battle where the Swedish Court of Appeal eventually ruled that The Pirate Bay’s domain had to be confiscated and forfeited to the state.

The forfeiture has yet to take place, though, as the case is still pending at the Supreme Court. Because of this, the Pirate Bay’s owners are not allowed to change the domain details, which may be why it expired initially.

However, without re-registering it, the domain would be released to the public again. This means that outsiders could pick it up, which isn’t supposed to happen, and this is likely why it’s now active again.

The Pirate Bay has yet to comment on the domain issue. When we hear from the team this article will be updated accordingly.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

More than half a decade has passed since Megaupload was shut down and it’s still unclear how the criminal proceedings will unfold.

Aside from Andrus Nomm’s plea deal, progress in the criminal proceedings has been slow.

Earlier this year there was some movement when the New Zealand High Court ruled that Kim Dotcom and his former colleagues can be extradited to the US. This extradition would not be on copyright grounds, but for conspiracy to defraud.

Following the ruling, Dotcom and his former colleagues quickly announced they would take the matter to the Court of Appeal. This process is still pending and may take several more months to complete.

While all parties await the outcome, the criminal case in the United States remains pending. The same goes for the civil cases launched by the MPAA and RIAA in 2014.

Since the civil cases may influence the criminal proceedings, Megaupload’s legal team previously managed to put these cases on hold, and last week they requested another extension.

This is not the first time that such a request had been made. There have been several extensions already.

At the time of the last request, there were concerns that the long delays could result in the destruction of evidence, as some of Megaupload’s hard drives were starting to fail. However, after the parties agreed on a solution to back-up and restore the files, this is no longer an issue.

“With the preservation order in place, and there being no other objection, Defendant Megaupload hereby moves the Court to enter the attached proposed order, continuing the stay in this case for an additional six months,” Megaupload’s legal team informed the court this week.

Without any objections from the MPAA and RIAA, U.S. District Court Judge Liam O’Grady swiftly granted Megaupload’s request to stay both lawsuits until April next year.

To be continued.

Order to stay

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.