For the past several years, one of the key educational strategies of entertainment industry companies has been to cast doubt on the credibility of so-called ‘pirate’ sites.

Previously there have been efforts to suggest that site operators make huge profits at the expense of artists who get nothing, but there are other recurring themes, mostly centered around fear.

One of the most prominent is that pirate sites are dangerous places to visit, with users finding themselves infected with viruses and malware while being subjected to phishing attacks.

This increasingly well-worn approach has just been revisited by consumer interest group Digital Citizens Alliance (DCA). In a new report titled ‘Enabling Malware’, the Hollywood-affiliated group calls out United States-based companies for helping pirate site operators “bait consumers and steal their personal information.”

“When you think of Internet crime, you probably imagine shadowy
individuals operating in Eastern Europe, China or Russia who come up with devious plans to steal your identity, trick you into turning over financial information or peddling counterfeits or stolen content. And you would be right,” DCA begin.

“But while many online criminals are based overseas, and often beyond the reach of U.S. prosecutors, they are aided by North American technology companies that ensure that overseas operators’ lifeline to the public – their websites – are available.”

DCA has examined the malware issue on pirate sites on previous occasions but this time around their attention turns to local service providers, including hosting platform Hawk Host and CDN company Cloudflare who (in)directly provide services to pirate sites.

“Are these companies doing anything illegal? No more than the landlord of an apartment isn’t doing anything illegal by renting to a drug dealer who has sellers showing up day and night,” DCA writes.

“But just like that landlord, more often than not these companies either look the other way or just don’t want to know.”

Faced with an investigative dead-end when it comes to tracing the operators of pirate sites, DCA criticizes Cloudflare for providing a service which effectively shields the true location of such platforms.

“In order to utilize CloudFlare’s CDN, DNS, and other protection services customers have to run all of their website traffic through the CloudFlare network. The end result of doing so is masked hosting information,” DCA reports.

“Instead of the actual hosting provider, IP address, domain name server, etc., a Whois search provides the information for CloudFlare’s network.”

To illustrate its point, DCA points to a pirate domain which presents itself as the famous Putlocker site but is actually a third-party clone operating from the dubious URL, Putlockerr.ac.

“From websites such as putlockerr.ac consumers are tricked into downloading malware. For example, when a consumer clicks to watch a movie, they are sent to a new screen in which they are told their video player is out of date and they must update it. The update, Digital Citizens’ researchers found, is the malware delivery mechanism.”

There’s little doubt that some of these low-level sites are in the malware game so DCA’s research is almost certainly sound. However, just like their colleagues at the MPAA and RIAA who regularly shift responsibility to Google, DCA lays the blame on Cloudflare, a more easily pinpointed target than a pirate site operator.

Unsurprisingly, Cloudflare isn’t particularly interested in getting involved in the online content-policing business.

“CloudFlare’s service protects and accelerates websites and applications. Because CloudFlare is not a host, we cannot control or remove customer content from the Internet,” the company said in a response to the report.

In common with Google, Cloudflare also says it makes efforts to stop the spread of malware but due to the nature of its business it is unable to physically remove content from the Internet.

“CloudFlare leaves the removal of online content to law enforcement agencies and complies with any legal requests made by the authorities,” the company notes.

“If we believe that one of our customers’ websites is distributing malware, CloudFlare will post an interstitial page that warns site visitors and asks them if they would like to proceed despite the warning. This practice follows established industry norms.”

Finally, while DCA says it has the safety of Internet users at heart, its malware report misses a great opportunity. Aside from criticizing companies like Cloudflare for not doing enough, it offers zero practical anti-malware advice to consumers.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

With an active community and millions of regular visitors, KickassTorrents has been the most used torrent site for quite some time.

This ended abruptly earlier this week, following the arrest of its alleged founder in Poland. A criminal complaint from the U.S. Government revealed that entire operation had been compromised by the Department of Homeland Security.

Starting a few hours ago, the first Kickass domain was signed over to the U.S. authorities. Others are expected to follow during the days to come.

Kickass.to now displays a seizure notice, which means that the associated domain registry was quick to respond to the U.S. warrant. People who visit the Kickass.to address today will see the following banner, specifically tailored for KAT.

KAT’s seizure banner

As expected, the U.S. authorities are not the only ones to ‘lift’ KAT’s logo, many others are doing the same, but for a different reason.

Shortly after KAT went offline dozens of people began promoting mirrors and copies of the site. Some are just trying to keep lost files accessible, but there’s also a group trying to take over the brand, similar to the efforts seen following YIFY’s demise.

For example, the operator of Kickass.la sent an email to several reporters promoting a new KAT address. In a follow-up, we were told that the site is an “official backup,” and that a copy of the database is in their possession.

However, the site appears to be little more than a partial copy and the person behind it later admitted that they are not related to KAT.

Only adding to the confusion are the many other copies and alternatives claiming to be the official resurrection of KAT. Some even advertise themselves as such, but most have been available for a longer time as proxy/mirror sites.

Kickasstorrents.to, for example, has been around for a long time, hosting cached pages of the original site. The latter is also true for others, such as Dxtorrent.com. But in any case, there is no true backup with freshly added content available.

Another mirror that has been widely discussed is kickasstorrents.website (which is NOT a project of Isohunt.to, as some reports suggest).

Unlike others, the people behind this site are very clear about the fact that they are not related to the original KAT team. Their copy currently lists torrent files from the past one and a half years, but like other mirrors it doesn’t have a working forum or upload functionality.

“It’s not perfect but if users need to save and archive something it’s time. We don’t know how long it can last, but at least it’s something,” the site’s operator told TorrentFreak.

The people behind the site, who describe themselves as a group of individuals who stand for freedom of the Internet, also launched a petition on Change.org calling for the release of KAT’s alleged owner Artem Vaulin.

“We are protesting against violent attack on our right to share information and arrest of Kat.cr founder Artem Vaulin. Our freedom to share is the human right which Artem Vaulin has been providing to millions of users from all over the world,” they say.

While a notable effort, the banner promoting the cause appears to show a photo of an entirely different Artem Vaulin. The image was removed from the petition after we pointed this out, but it’s still present in the manifesto at the time of writing and being shared in news articles and on social media.

What is clear is that former KAT users are grasping at straws to get their old community back. While mirrors and copies do look like their old home, without a working forum and new content they don’t provide much of an alternative.

For now, people are probably better off not trusting any “KAT resurrection” claims. The chance of getting your password stolen is higher than finding a site with a true backup of the user database.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

In the most dramatic turn of events since the raid of The Pirate Bay in December 2014, KickassTorrents went dark yesterday.

Previously the world’s largest torrent site, KAT shut down following the arrest of its alleged founder. Artem Vaulin, a 30-year-old from Ukraine, was arrested in Poland after his entire operation had been well and truly compromised by the Department of Homeland Security (DHS).

When large sites are raided it is common for other sites in a similar niche to consider their positions. This phenomenon was illustrated perfectly when the 2012 raids on Megaupload resulted in sites such as BTjunkie taking the decision to shut down.

At this point, most other torrent sites seem fairly stable but there appears to have been at least one ‘pirate’ casualty following yesterday’s drama.

For many years, Solarmovie has been one of the most visible and visited ‘pirate’ streaming portals. Like many others, the site has had its fair share of domain issues, starting out at .COM and more recently ending up at .PH. However, sometime during the past few hours, Solarmovie disappeared.

No official announcement concerning the site’s fate has been made but it’s clear from the criminal complaint filed against KickassTorrents that Artem Vaulin had close connections to Solarmovie.

As reported yesterday, the Department of Homeland Security obtained a copy of KickassTorrents’ servers from its Canadian host and also gained access to the site’s servers in Chicago. While conducting his inquiries, the Special Agent handling the case spotted an email address for the person responsible for renting KAT’s servers.

Further investigation of Vaulin’s Apple email account showed the Ukrainian corresponding with this person back in 2010.

“The subject of the email was ‘US Server’ and stated: ‘Hello, here is access to the new server’ followed by a private and public IP address located in Washington DC, along with the user name ‘root’ and a password,” the complaint reveals.

Perhaps tellingly, the IP address provided by this individual to Vaulin was found to have hosted Solarmovie.com from August 2010 through to April 2011. Furthermore, up until just last month, the IP address was just one away from an IP address used to host KickassTorrents.

“As of on or about June 27, 2016, one of the IP addresses hosting solarmovie.ph was one IP address away (185.47.10.11) from an IP address that was being used to host KAT (185.47.10.12 and 185.47.10.13),” the complaint adds.

While none of the above is proof alone that Vaulin was, for example, the owner of Solarmovie, it’s clear that at some point he at least had some connections with the site or its operator.

On the other hand, in torrent and streaming circles it’s common for people to use services already being used by others they know and trust, so that might provide an explanation for the recent IP address proximity.

In any event, last night’s shutdown of Solarmovie probably indicates that the heat in the kitchen has become just a little too much. Expect more fallout in the days to come.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Founded in 2009, KickassTorrents (KAT) grew out to become the largest torrent site on the Internet with millions of visitors a day.

As a result, copyright holders and law enforcement have taken aim at the site in recent years. This resulted in several ISP blockades around the world, but yesterday the big hit came when the site’s alleged founder was arrested in Poland.

Soon after the news was made public KAT disappeared, leaving its users without their favorite site. The question that’s on many people’s minds right now is whether the site will make a Pirate Bay-style comeback.

While it’s impossible to answer this question with certainty, the odds can be more carefully weighed by taking a closer look at the events that led up to the bust and what may follow.

First off, KickassTorrents is now down across all the site’s official domain names. This downtime seems to be voluntary in part, as the authorities haven’t seized the servers. Also, several domains are still in the hands of the KAT-team.

That said, the criminal complaint filed in the U.S. District Court in Chicago does reveal that KAT has been heavily compromised (pdf).

According to the feds, Artem Vaulin, a 30-year-old from Ukraine, is the key player behind the site. Over the years, he obfuscated his connections to the site, but several security holes eventually revealed his identity.

With help from several companies in the United States and abroad, Homeland Security Investigations (HSI) agent Jared Der-Yeghiayan identifies the Ukrainian as the driving force behind the site.

The oldest traces to Vaulin are the WHOIS records for various domains, registered in his name early 2009.

“A review of historical Whois information for KAT….identified that it was registered on or about January 19, 2009, to Artem Vaulin with an address located in Kharkiv, Ukraine,” the affidavit reads.

This matches with records obtained from domain registrar GoDaddy, which indicate that Vaulin purchased three KAT-related domain names around the same time.

The agent further uncovered that the alleged KAT founder used an email address with the nickname “tirm.” The same name was listed as KAT’s “owner” on the site’s “People” page in the early days, but was eventually removed in 2011.

Tirm on KAT’s people page

The HSI agent also looked at several messages posted on KAT, which suggest that “tirm” was actively involved in operating the site.

“As part of this investigation, I also reviewed historical messages posted by tirm, KAT’s purported ‘Owner.’ These postings and others indicate that tirm was actively engaged in the early running of KAT in addition to being listed as an administrator and the website’s owner,” the HSI agent writes.

Assisted by Apple and Facebook the feds were then able to strengthen the link between Vaulin, tirm, and his involvement in the site.

Facebook, for example, handed over IP-address logs from the KAT fanpage. With help from Apple, the investigator was then able to cross-reference this with an IP-address Vaulin used for an iTunes transaction.

“Records provided by Apple showed that tirm@me.com conducted an iTunes transaction using IP Address 109.86.226.203 on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook Account.”

In addition, Apple appears to have handed over private email conversations which reference KAT, dating back several years. These emails also mention a “kickasstorrent payment,” which is believed to be revenue related.

“I identified a number of emails in the tirm@me.com account relating to Vaulin’s operation of KAT. In particular, between on or about June 8, 2010, and on or about September 3, 2010,” the HSI agent writes.

More recent records show that an IP-address linked to KAT’s Facebook page was also used to access Vaulin’s Coinbase account, suggesting that the Bitcoin wallet also assisted in the investigation.

“Notably, IP address 78.108.178.77 accessed the KAT Facebook Account about a dozen times in September and October 2015. This same IP Address was used to login to Vaulin’s Coinbase account 47 times between on or about January 28, 2014, through on or about November 13, 2014.”

As for the business side, the complaint mentions a variety of ad payments, suggesting that KAT made over a dozen million dollars in revenue per year.

It also identifies the company Cryptoneat as KAT’s front. The Cryptoneat.com domain was registered by Vaulin and LinkedIn lists several employees of the company who were involved in the early development of the site.

“Many of the employees found on LinkedIn who present themselves as working for Cryptoneat are the same employees who received assignments from Vaulin in the KAT alert emails,” the complaint reads.

Interestingly, none of the other employees are identified or charged.

To gather further information on the money side, the feds also orchestrated an undercover operation where they posed as an advertiser. This revealed details of several bank accounts, with one receiving over $28 million in just eight months.

“Those records reflect that the Subject Account received a total of approximately €28,411,357 in deposits between on or about August 28, 2015, and on or about March 10, 2016.”

Bank account

Finally, and crucially, the investigators issued a warrant directed at the Canadian webhost of KickassTorrents. This was one of the biggest scores as it provided them with full copies of KAT’s hard drives, including the email server.

“I observed […] that they were all running the same Linux Gentoo operating system, and that they contained files with user information, SSH access logs, and other information, including a file titled ‘passwd’ located in the ‘etc’ directory,” the HSI agent writes.

“I also located numerous files associated with KAT, including directories and logs associated to their name servers, emails and other files,” he adds.

Considering all the information U.S. law enforcement has in its possession, it’s doubtful that KAT will resume its old operation anytime soon.

Technically it won’t be hard to orchestrate a Pirate Bay-style comeback, as there are probably some backups available. However, now that the site has been heavily compromised and an ongoing criminal investigation is underway, it would be a risky endeavor.

Similarly, uploaders and users may also worry about what information the authorities have in their possession. The complaint cites private messages that were sent through KAT, suggesting that the authorities have access to a significant amount of data.

While regular users are unlikely to be targeted, the information may provide useful for future investigations into large-scale uploaders. More clarity on this, the site’s future, and what it means for the torrent ecosystem, is expected to become evident when the dust settles.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

With millions of unique visitors per day KickassTorrents (KAT) has become the most-used torrent site on the Internet, beating even The Pirate Bay.

Today, however, the site has run into a significant roadblock after U.S. authorities announced the arrest of the site’s alleged owner.

The 30-year-old Artem Vaulin, from Ukraine, was arrested today in Poland from where the United States has requested his extradition.

In a criminal complaint filed in U.S. District Court in Chicago, the owner is charged with conspiracy to commit criminal copyright infringement, conspiracy to commit money laundering, and two counts of criminal copyright infringement.

The complaint further reveals that the feds posed as an advertiser, which revealed a bank account associated with the site.

It also shows that Apple handed over personal details of Vaulin after the investigator cross-referenced an IP-address used for an iTunes transaction with an IP-address that was used to login to KAT’s Facebook account.

“Records provided by Apple showed that tirm@me.com conducted an iTunes transaction using IP Address 109.86.226.203 on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook,” the complaint reads.

In addition to the arrest in Poland, the court also granted the seizure of a bank account associated with KickassTorrents, as well as several of the site’s domain names.

Commenting on the announcement, Assistant Attorney General Caldwell said that KickassTorrents helped to distribute over $1 billion in pirated files.

“Vaulin is charged with running today’s most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials.”

“In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice.”

KAT’s .com and .tv domains are expected to be seized soon by Verisign. For the main Kat.cr domain and several others, seizure warrants will be sent to the respective authorities under the MLAT treaty.

At the time of writing the main domain name Kat.cr has trouble loading, but various proxies still appear to work. KAT’s status page doesn’t list any issues, but we assume that this will be updated shortly.

TorrentFreak has reached out to the KAT team for a comment on the news and what it means for the site’s future, but we have yet to hear back.

Breaking story, in-depth updates will follow.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.