Advertisement
Piracy

Major Private Music Torrenting Site Suffers ‘Massive Peer Scraping Attack’

Orpheus Network tells users: "With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker."
Major Private Music Torrenting Site Suffers ‘Massive Peer Scraping Attack’
Image: Mattias Megapixel via Unsplash

Orpheus Network, a popular and private music torrent tracker, experienced a “massive peer scraping attack” that may have exposed the IP addresses, files shared, and other information about users earlier this month, site administrators told its roughly 19,000 users. 

“With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker on Thursday,” a note from admins posted to the site on September 18 read. “The unknown actor has downloaded the majority of our torrent files and corresponding peer lists. This means the malicious third party is now in possession of most of our users' torrent client information (seeding IP, client port, torrents seeded). As far as we can observe their immediate goal is downloading a huge part of our library, but we do not know if they have further plans with the collected data.”

The attack is notable because it comes against a private torrent tracker that requires users to be invited or to pass through an interview process.

“With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker on Thursday,” a note from admins posted to the site on September 18 read. “The unknown actor has downloaded the majority of our torrent files and corresponding peer lists. This means the malicious third party is now in possession of most of our users' torrent client information (seeding IP, client port, torrents seeded). As far as we can observe their immediate goal is downloading a huge part of our library, but we do not know if they have further plans with the collected data.”

The fallout or reason for the attack is currently unclear—in the past, major ISPs and the music industry (through the Recording Industry Association of America) have trawled torrent sites in order to gather information about and file lawsuits against people who are pirating music. Because of this history, most people who use torrents take steps to disguise their IP address through the use of VPNs and other privacy software. Several years ago, leaked chat logs from the Discord of The Eye, a community that archives various large datasets, showed people in that community discussing various attacks on private torrent trackers that would allow users to download the files being seeded on those trackers (there is no evidence that The-Eye is involved in what happened to Orpheus).

A moderator for Orpheus told 404 Media in an IRC chat that site management believes the attack was the work of a single person, and in its message to users, the site said it believes their motive was to get access torrents en masse, not to identify users.

The moderator told 404 Media the attacker “appears to be a single person who studied our code which is open source and spotted a flaw. Rather than inform us, they chose instead to exploit the flaw. The consequences were spotted fairly quickly, but not fast enough.” The site told users: “We doubt they are interested in your identity, only the data.”

💡
Do you know anything else about the Orpheus Network scrape or the modern piracy scene in general? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +1 202 505 1702. Otherwise, send me an email at jason@404media.co.

Users of Orpheus Network told me it is one of the best currently active music-focused torrent trackers, though it is smaller than another very popular private torrent tracker, called Redacted. Orpheus grew out of a tracker that was once called Apollo.rip, and it is one of the main music-focused torrenting sites that have succeeded the once very popular but now defunct OiNK and What.cd, both of which were shut down by law enforcement.

“I think the general consensus is that Orpheus is A tier, maybe just under S,” one former user said. “It seems like for each type of media (music, movies, tv, etc) there is usually 1 top tracker. Redacted has been the top music tracker but I think that is fading a bit. A handful of the s tier trackers are known as ‘the cabal’ or ‘cabal trackers’ this comes from the fact that they share information on users, so if you get banned from one you will get banned from all. I’ve seen people speculate that Orpheus is part of that but if you read up on the cabal, Orpheus doesn’t come up as much as the others.”

In its message to members, Orpheus Network’s admins said that they detected the attack six hours after it happened. “Unfortunately there is nothing we can do about the incident at this point, other than preventing the malicious user’s further access to our site and tracker.” 

Another user told me that they are happy with how the site handled the attack, and that many of its users seemed to understand that these things happen. “The initial comments were often unsure about the impact on them in regards to possible legal/privacy issues, and of course many were a bit unhappy,” they said. “But no big drama. Overall the consensus seems to be that the transparency is appreciated, and shit happens.”

Advertisement