OPS: The Storm they are under

[Rupel89yt]

With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker on Thursday.

The unknown actor has downloaded the majority of our torrent files and corresponding peer lists.

This means the malicious third party is now in possession of most of our users' torrent client information (seeding IP, client port, torrents seeded).

As far as we can observe their immediate goal is downloading a huge part of our library, but we do not know if they have further plans with the collected data.

As a mitigation, we recommend that users change their torrent client ports, or seeding IP (for example users seeding from behind a VPN) if possible to thwart whatever (further) intentions the attacker has.

We detected the attack about six hours after the peer scraping had been carried out. Unfortunately there is nothing we can do about this incident at this point, other than preventing the malicious user's further access to our site and tracker.

This attack should have been prevented by code we have in place, but for a yet unknown reason was not. Since the moment we noticed the incident we have devised, and in parts already implemented, further protection mechanisms. However, this whole incident is most dissatisfying for us, as we recognize the sensitive nature of the data. We strive to do better.

Source: OPS Tracker Staff


So someone just pulled an IPT on OPS, and hope that is the only thing they did, if this was done by legal counsel for some illegal hosting and stuff, that is one greater rabbit hole.

And if not, freeleech for life for that person I suppose.

On another note, I think cheating with some fake upload right now could be easier. Dont take my word on it though.

[Blocker]

Update 1: changing the ports of your bittorrent is to stop the actor from being able to find you in the swarm and download from you. We doubt they are interested in your identity, only the data.

Some update haha

[buttnudge]

This is probably some really intrusive archiving effort. i honestly wonder if it was first attempted on RED or on other trackers as I've seen other people reporting spikes in their upload traffic on places like GGN. At this point I'm wondering what's stopping some dedicated team under contract with some big copyright kingpin from running a more sophisticated attack similar to this on PTP under legal pretense ?

So someone just pulled an IPT on OPS, and hope that is the only thing they did, if this was done by legal counsel for some illegal hosting and stuff, that is one greater rabbit hole.

Can you expand on this ? I"m not aware of anything similar happening to IPT.

[anon]

The implications and consequences of this depend greatly on the intent and motivation of the attacker(s).

Best case scenario: one person or a small group has freeleech for life on the affected torrents as Rupel89yt mentioned, or at least until the peer lists go stale.

Worst case scenario: all scraped torrents are leaked to DHT and essentially become public, or the entire dataset is made publicly available. This person/group runs peers that act as a "bridge" to OPS members (this does not require storing the actual files nor is it affected by said members having DHT and PEX disabled), and uses Zmap to continuously track down those on residential connections who have changed listen ports but not ASNs, as well as seedbox and VPN users who may be unable or unwilling to switch IPs. Anti-cheat scripts go haywire because everyone who's being ghostleeched appears to be reporting fake upload to the tracker. Copyright agencies are now able to easily infiltrate these swarms, and will likely do so automatically. The only solution would be purging all compromised torrents and reuploading them with a different info_hash - wholly unrealistic considering they're described as being a "majority" of the 1.5+ million available at the moment.

While the worst is highly unlikely to happen, let this be yet another warning (precedents were set by Archivist and the 32pag.es breach) that the people in charge of these sites can and do fuck up. If I lived in a country like the United States or Germany and had chosen OPS because "you don't need a VPN on private trackers", I'd be rethinking my membership. Although at least they were upfront and transparent about this instead of keeping their mouth shut and hoping it blows over.

what's stopping some dedicated team under contract with some big copyright kingpin from running a more sophisticated attack similar to this on PTP under legal pretense ?

Statistically speaking, private sites like PTP only make up a tiny fraction of torrenters, and thus aren't currently worth the time and money of copyright agencies. Nonetheless, anti-scraping measures became a thing after staff realized something like this was possible and potentially dangerous, and OPS was among those who implemented them (see https://old.reddit.com/r/trackers/comments/fixq6k/)... but not very well, it seems.

Can you expand on this ? I"m not aware of anything similar happening to IPT.

IPT's sysop reportedly scraped peers from some trackers years ago to perform the bridging I mentioned above. It's partly the reason why adding a source tag on .torrent files to deliberately make their info_hash unique is now commonplace.