The major movie studios have been fighting piracy for decades, claiming that billions of dollars in losses are at stake.

Increasingly, however, Hollywood has started to bring piracy onto the political agenda by describing it as a broader cybersecurity threat.

Late last week the MPAA submitted its latest call to action, responding to a Department of Commerce Internet Policy Task Force (IPTF) request to identify cybersecurity threats.

In their comments the MPAA stresses that the Internet has proven to be a tremendous tool for creativity and commerce, but that there’s also a downside.

“Unfortunately, criminal enterprises are also using the Internet to hack into networks and computers for the purpose of stealing valuable data-whether personally identifiable information, trade secrets, or content,” the MPAA writes.

Citing an entertainment industry backed report, the Hollywood studios note that pirate sites are using infringing content as bait for various sorts of scams.

“They are also using Internet ads, as well as pirated content and software or other ‘bait,’ to fund their efforts and lure Internet users into revealing sensitive information, inadvertently download malware, or unknowingly becoming a node in a botnet,” MPAA adds.

To help tackle the issue, the movie studios are hoping for “voluntary” cooperation from various stakeholders including Internet providers, search engines, payment processors, advertising networks and the domain name industry.

As an example, the MPAA notes that search engines should promote legitimate sites in their search results, while removing or pushing down pirated content.

The Government can also help these efforts by encouraging cooperation between the various stakeholders, as it did with the Copyright Alert System.

The music industry agrees with Hollywood on most of these issues. In a separate set of comments the RIAA also stresses the importance of tackling the piracy problem in order to keep the public safe.

“…rogue operators use the offer of infringing versions of our members’ sound recordings and music videos as the ‘candy’ to attract users that are necessary for them to create and exploit cyber vulnerabilities,” RIAA writes.

“In light of this, any discussion addressing malvertising or trusted downloads should also address some of the roots of these problems.”

In other words, both the RIAA and MPAA suggest that if the Government wants to increase cybersecurity, it has to help fight piracy.

The question is, however, whether the movie studios and music labels are honestly concerned about people being infected by malware, or if they are simply using the angle to get piracy on the political agenda through the backdoor.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

After a flurry of reports, last week the people behind geo-unblocking software Hola were forced to concede that their users’ bandwidth is being sold elsewhere for commercial purposes. But for the Israel-based company, that was the tip of the iceberg.

Following an initial unproofed report that the software operates as a botnet, this weekend researchers published an advisory confirming serious problems with the tool.

“The Hola Unblocker Windows client, Firefox addon, Chrome extension and Android application contain multiple vulnerabilities which allow a remote or local attacker to gain code execution and potentially escalate privileges on a user’s system,” the advisory reads.

Yesterday and after several days of intense pressure, Hola published a response in which it quoted Steve Jobs and admitted that mistakes had been made. Hola said that it would now be making it “completely clear” to its users that their resources are being used elsewhere in exchange for a free product.

Hola also confirmed that two vulnerabilities found by the researchers at Adios-Hola had now been fixed, but the researchers quickly fired back.

“We know this to be false,” they wrote in an update. “The vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there weren’t two vulnerabilities, there were six.”

With Hola saying it now intends to put things right (it says it has committed to an external audit with “one of the big 4 auditing companies”) the company stood by its claims that its software does not turn users’ computers into a botnet. Today, however, an analysis by cybersecurity firm Vectra is painting Hola in an even more unfavorable light.

In its report Vectra not only insists that Hola behaves like a botnet, but it’s possible it has malicious features by design.

“While analyzing Hola, Vectra Threat Labs researchers found that in addition to behaving like a botnet, Hola contains a variety of capabilities that almost appear to be designed to enable a targeted, human-driven cyber attack on the network in which an Hola user’s machine resides,” the company writes.

“First, the Hola software can download and install any additional software without the user’s knowledge. This is because in addition to being signed with a valid code-signing certificate, once Hola has been installed, the software installs its own code-signing certificate on the user’s system.”

If the implications of that aren’t entirely clear, Vectra assists on that front too. On Windows machines, the certificate is added to the Trusted Publishers Certificate Store which allows *any code* to be installed and run with no notification given to the user. That is frightening.

Furthermore, Vectra found that Hola contains a built-in console (“zconsole”) that is not only constantly active but also has powerful functions including the ability to kill running processes, download a file and run it whilst bypassing anti-virus software, plus read and write content to any IP address or device.[see update]

“These capabilities enable a competent attacker to accomplish almost anything. This shifts the discussion away from a leaky and unscrupulous anonymity network, and instead forces us to acknowledge the possibility that an attacker could easily use Hola as a platform to launch a targeted attack within any network containing the Hola software,” Vectra says.

Finally, Vectra says that while analyzing the protocol used by Hola, its researchers found five different malware samples on VirusTotal that contain the Hola protocol. Worryingly, they existed before the recent bad press.

“Unsurprisingly, this means that bad guys had realized the potential of Hola before the recent flurry of public reports by the good guys,” the company adds.[see update]

For now, Hola is making a big show of the updates being made to its FAQ as part of its efforts to be more transparent. However, items in the FAQ are still phrased in a manner that portrays criticized elements of the service as positive features, something that is likely to mislead non-tech oriented users.

“Since [Hola] uses real peers to route your traffic and not proxy servers, it makes you more anonymous and more secure than regular VPN services,” one item reads.

How Hola will respond to Vectra’s latest analysis remains to be seen, but at this point there appears little that the company can say or do to pacify much of the hardcore tech community. That being said, if Joe Public still can’t see the harm in a free “community” VPN operating a commercial division with full access to his computer, Hola might settle for that.

Update: Vectra have not only published an update to their analysis but have also made a few quiet edits which appear to put Hola in a better light.

They also appear to have retracted their advice to uninstall Hola and are now suggesting that organizations should “determine if Hola is active in their network and decide whether the risks highlighted in this blog are acceptable.”

Following the edits, Hola emailed TF to offer yet more clarity.

“One of the pieces that we wanted to clarify as it relates to your article is that even though there is evidence Hackers has been on the network, there is no evidence that the network was exploited before the 8chan attack,” Hola told TF. “[Vectra] compare it to proof that burglars were trying to copy your key, but not that they got in the house.”

Hola also says that the vulnerabilities in Zconsole have now been fixed.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Fredrik Neij, one of The Pirate Bay’s co-founders, was a key operator of the torrent site during its early years.

In 2012 Fredrik received a 10-month prison sentence for his involvement with the notorious site, which he initially avoided.

Last November he was eventually arrested by Thai immigration authorities and later transferred to a prison in Skänninge, Sweden.

Today, Fredrik’s jail term ended and a few hours ago he was released from prison. After serving two-thirds of his ten month prison sentence the 37-year-old was reunited with family and friends.

TF spoke with a family member who was kind enough to share some pictures of Fredrik enjoying his newly gained freedom. Based on the pictures below, he is doing quite well.

Fredrik is out, enjoying a beer

For a while it was uncertain whether Fredrik would be released today. The Swedish authorities questioned whether the time he spent in Thai custody should count towards his sentence, but this dispute was eventually resolved.

While Fredrik has been doing relatively well in prison, he clashed with the administration a few times. First, because he wasn’t allowed to print and again after a request to play games on an old Nintendo 8-bit console was denied.

In recent months the Pirate Bay co-founder was also accused of hacking and his continued involvement with The Pirate Bay, but these allegations haven’t been made official.

With his release Fredrik can put prison life behind him and focus on the future again. It is expected that he will return to his new home country of Laos, where he lives with his wife and kids.

Today’s release marks the end of a controversial chapter in The Pirate Bay’s history, as Carl Lundström, Gottfrid Svartholm, Peter Sunde and Fredrik have all served their sentences.

Fredrik enjoying his freedom

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

With web-blockades, domain seizures and payment processor interventions making headlines, campaigns to shut down individual sites have been less prominent than usual in the first half of 2015. But that doesn’t mean they’ve stopped.

Just last week the popular BT-Chat was shut down in Canada following pressure from the MPAA and news from Europe suggests that at least two more sites have fallen in recent days following industry action.

After a long investigation, police in Poland report that authorities swooped last week on individuals said to be part of a “criminal group” involved with the unauthorized distribution of video online, movies in particular. In an operation carried out by municipal police and officers from a regional cybercrime unit, several locations were searched including homes, offices and cars.

Three men aged between 24 and 33 years-old were arrested in Wroclaw, the largest city in western Poland. According to police, 14 computers, 13 external drives, 40 prepaid cards, several mobile phones and sundry other items were seized during the raids.

In addition to the images below, police have put together a video (mp4) of one of the targeted locations complete with a horror movie-style audio track for added impact.

While police have not published the names of the domains allegedly operated by the men, two leading sites have disappeared in recent days without explanation. TNTTorrent.info and Seansik.tv were the country’s 160th and 130th most popular sites overall but neither is currently operational.

The men are being blamed for industry losses of at least $1.3m and together stand accused of breaching copyright law which can carry a jail sentence of up to five years in criminal cases. For reasons that are not entirely clear, however, police are currently advising a potential three year sentence.

The latest shutdowns, which also encompass torrent site Torrent.pl, follow police action in May which closed down eKino.tv and the lesser known Litv.info, Scs.pl and Zalukaj.to. With around 324,000 likes on its Facebook page eKino.tv was by far the most popular site but it seems unlikely that it will return anytime soon. Currently displaying “THE END” on its front page, its owner was arrested last month.

Credit:Olsztyn.wm.pl

Local media is connecting the closure to the arrest of a 49-year-old businessman who had been running a company offering “Internet services” and also Poland’s largest pirate site. According to authorities he made millions of dollars from the operation and laundered money by investing in the stock exchange. Those funds have reportedly been frozen.

Also arrested were three accomplices, including a 36-year-old allegedly responsible for creating the database of movies and setting up a US company to assist with the site’s finances. They all stand accused of copyright infringement and money laundering offenses and face ten years in prison.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

This week we have three newcomers in our chart.

Kingsman: The Secret Service is the most downloaded movie for the second week in a row.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are BD/DVDrips unless stated otherwise.

RSS feed for the weekly movie download chart.

Ranking	(last week)	Movie	IMDb Rating / Trailer
torrentfreak.com
1	(1)	Kingsman: The Secret Service	8.1 / trailer
2	(…)	Chappie	7.1 / trailer
3	(…)	San Andreas Quake	2.1 / trailer
4	(5)	Avengers: Age of Ultron (CAM/TS)	8.0 / trailer
5	(4)	Home	6.8 / trailer
6	(6)	Furious 7 (Subbed/cropped HDRip)	8.8 / trailer
7	(2)	Ex Machina	8.0 / trailer
8	(…)	Unfinished Business	5.2 / trailer
9	(3)	Jupiter Ascending	5.8 / trailer
10	(8)	The SpongeBob Movie: Sponge Out of Water	6.3 / trailer

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.