Hey Kaitlyn, I've been trying off and on to get back into reporting on the piracy scene, and, thanks to a tip from a reader, I learned about a pretty interesting attack carried out on one of the larger private music torrenting sites recently. If you know anything more about this or other things going on with modern piracy/filesharing, let me know. -Jason Orpheus Network, a popular and private music torrent tracker, experienced a “massive peer scraping attack” that may have exposed the IP addresses, files shared, and other information about users earlier this month, site administrators told its roughly 19,000 users. “With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker on Thursday,” a note from admins posted to the site on September 18 read. “The unknown actor has downloaded the majority of our torrent files and corresponding peer lists. This means the malicious third party is now in possession of most of our users' torrent client information (seeding IP, client port, torrents seeded). As far as we can observe their immediate goal is downloading a huge part of our library, but we do not know if they have further plans with the collected data.”
This segment is a paid ad. If you’re interested in advertising, let's talk.
Although GenAI technologies drive innovation, they also attract bad actors—child predators, terrorist organizations, and hate groups—who are exploiting these tools for malicious purposes.
To help companies combat these threats, ActiveFence is hosting an upcoming webinar, Designing Your AI Safety Tool Stack: What to Build, Buy, and Blend, featuring Frost & Sullivan’s Global Vice President & AI Program Leader, Nishchal Khorana.
Together, we will break down the key elements of a secure AI safety tool stack—including analytics, incident management, prompt filtering, and red teaming. Attendees will also learn which tools are best built in-house, bought from specialized vendors, and when a hybrid approach is the most effective.
Whether building from scratch or optimizing existing systems, this webinar will help you make informed decisions and ensure the safe, responsible use of AI tech. Register now.
The attack is notable because it comes against a private torrent tracker that requires users to be invited or to pass through an interview process. The fallout or reason for the attack is currently unclear—in the past, major ISPs and the music industry (through the Recording Industry Association of America) have trawled torrent sites in order to gather information about and file lawsuits against people who are pirating music. Because of this history, most people who use torrents take steps to disguise their IP address through the use of VPNs and other privacy software. Several years ago, leaked chat logs from the Discord of The Eye, a community that archives various large datasets, showed people in that community discussing various attacks on private torrent trackers that would allow users to download the files being seeded on those trackers (there is no evidence that The-Eye is involved in what happened to Orpheus). A moderator for Orpheus told 404 Media in an IRC chat that site management believes the attack was the work of a single person, and in its message to users, the site said it believes their motive was to get access torrents en masse, not to identify users. The moderator told 404 Media the attacker “appears to be a single person who studied our code which is open source and spotted a flaw. Rather than inform us, they chose instead to exploit the flaw. The consequences were spotted fairly quickly, but not fast enough.” The site told users: “We doubt they are interested in your identity, only the data.” 💡 Do you know anything else about the Orpheus Network scrape or the modern piracy scene in general? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +1 202 505 1702. Otherwise, send me an email at jason@404media.co. Users of Orpheus Network told me it is one of the best currently active music-focused torrent trackers, though it is smaller than another very popular private torrent tracker, called Redacted. Orpheus grew out of a tracker that was once called Apollo.rip, and it is one of the main music-focused torrenting sites that have succeeded the once very popular but now defunct OiNK and What.cd, both of which were shut down by law enforcement. “I think the general consensus is that Orpheus is A tier, maybe just under S,” one former user said. “It seems like for each type of media (music, movies, tv, etc) there is usually 1 top tracker. Redacted has been the top music tracker but I think that is fading a bit. A handful of the s tier trackers are known as ‘the cabal’ or ‘cabal trackers’ this comes from the fact that they share information on users, so if you get banned from one you will get banned from all. I’ve seen people speculate that Orpheus is part of that but if you read up on the cabal, Orpheus doesn’t come up as much as the others.”
We can only do these sorts of investigations with the direct support of our paying subscribers. If you found this article interesting or helpful, and you want us to keep producing journalism like it, please consider subscribing below. You’ll get unlimited access to our articles ad-free and bonus content.
In its message to members, Orpheus Network’s admins said that they detected the attack six hours after it happened. “Unfortunately there is nothing we can do about the incident at this point, other than preventing the malicious user’s further access to our site and tracker.” Another user told me that they are happy with how the site handled the attack, and that many of its users seemed to understand that these things happen. “The initial comments were often unsure about the impact on them in regards to possible legal/privacy issues, and of course many were a bit unhappy,” they said. “But no big drama. Overall the consensus seems to be that the transparency is appreciated, and shit happens.”
|