bigOfeature

CAN KickassTorrents MAKE A COMEBACK? (Updated July 26, 2016)

July 25, 2016 – 5:49 am

JUST TO LET YOU KNOW
To reduce spamming, the BigO website is going through Cloudflare. What it does is scan your browser to ensure the visitor is not a spam. Do not be alarmed as this usually takes only a few seconds. Email us if you still have difficulty accessing the BigO site; or playing or downloading the tracks. If you know a better way of reducing spam, do let us know.

+ + + + +

On July 20, 2016, the US Government delivered a massive blow to KickassTorrents. With its alleged founder arrested and pretty much the entire site’s operation compromised, it’s not obvious that there will be a Pirate Bay style comeback anytime soon. By Ernesto of TorrentFreak.

Founded in 2009, KickassTorrents (KAT) grew out to become the largest torrent site on the Internet with millions of visitors a day.

As a result, copyright holders and law enforcement have taken aim at the site in recent years. This resulted in several ISP blockades around the world, but on July 20, the big hit came when the site’s alleged founder was arrested in Poland.

Soon after the news was made public KAT disappeared, leaving its users without their favorite site. The question that’s on many people’s minds right now is whether the site will make a Pirate Bay-style comeback.

While it’s impossible to answer this question with certainty, the odds can be more carefully weighed by taking a closer look at the events that led up to the bust and what may follow.

First off, KickassTorrents is now down across all the site’s official domain names. This downtime seems to be voluntary in part, as the authorities haven’t seized the servers. Also, several domains are still in the hands of the KAT-team.

That said, the criminal complaint filed in the U.S. District Court in Chicago does reveal that KAT has been heavily compromised (pdf).

According to the feds, Artem Vaulin, a 30-year-old from Ukraine, is the key player behind the site. Over the years, he obfuscated his connections to the site, but several security holes eventually revealed his identity.

With help from several companies in the United States and abroad, Homeland Security Investigations (HSI) agent Jared Der-Yeghiayan identifies the Ukrainian as the driving force behind the site.

The oldest traces to Vaulin are the WHOIS records for various domains, registered in his name early 2009.

“A review of historical Whois information for KAT… identified that it was registered on or about January 19, 2009, to Artem Vaulin with an address located in Kharkiv, Ukraine,” the affidavit reads.

This matches with records obtained from domain registrar GoDaddy, which indicate that Vaulin purchased three KAT-related domain names around the same time.

The agent further uncovered that the alleged KAT founder used an email address with the nickname “tirm.” The same name was listed as KAT’s “owner” on the site’s “People” page in the early days, but was eventually removed in 2011.

The HSI agent also looked at several messages posted on KAT, which suggest that “tirm” was actively involved in operating the site.

“As part of this investigation, I also reviewed historical messages posted by tirm, KAT’s purported ‘Owner.’ These postings and others indicate that tirm was actively engaged in the early running of KAT in addition to being listed as an administrator and the website’s owner,” the HSI agent writes.

Assisted by Apple and Facebook the feds were then able to strengthen the link between Vaulin, tirm, and his involvement in the site.

Facebook, for example, handed over IP-address logs from the KAT fanpage. With help from Apple, the investigator was then able to cross-reference this with an IP-address Vaulin used for an iTunes transaction.

“Records provided by Apple showed that [tirm at me.com] conducted an iTunes transaction using IP Address 109.86.226.203 on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook Account.”

In addition, Apple appears to have handed over private email conversations which reference KAT, dating back several years. These emails also mention a “kickasstorrent payment,” which is believed to be revenue related.

“I identified a number of emails in the [tirm at me.com] account relating to Vaulin’s operation of KAT. In particular, between on or about June 8, 2010, and on or about September 3, 2010,” the HSI agent writes.

More recent records show that an IP-address linked to KAT’s Facebook page was also used to access Vaulin’s Coinbase account, suggesting that the Bitcoin wallet also assisted in the investigation.

“Notably, IP address 78.108.178.77 accessed the KAT Facebook Account about a dozen times in September and October 2015. This same IP Address was used to login to Vaulin’s Coinbase account 47 times between on or about January 28, 2014, through on or about November 13, 2014.”

As for the business side, the complaint mentions a variety of ad payments, suggesting that KAT made over a dozen million dollars in revenue per year.

It also identifies the company Cryptoneat as KAT’s front. The Cryptoneat.com domain was registered by Vaulin and LinkedIn lists several employees of the company who were involved in the early development of the site.

“Many of the employees found on LinkedIn who present themselves as working for Cryptoneat are the same employees who received assignments from Vaulin in the KAT alert emails,” the complaint reads.

Interestingly, none of the other employees are identified or charged.

To gather further information on the money side, the feds also orchestrated an undercover operation where they posed as an advertiser for “a website purportedly advertising a program to study in the United States.” This revealed details of several bank accounts, with one receiving over US$28 million in just eight months.

“Those records reflect that the Subject Account received a total of approximately €28,411,357 in deposits between on or about August 28, 2015, and on or about March 10, 2016.”

Bank account.

Finally, and crucially, the investigators issued a warrant directed at the Canadian webhost of KickassTorrents. This was one of the biggest scores as it provided them with full copies of KAT’s hard drives, including the email server.

“I observed […] that they were all running the same Linux Gentoo operating system, and that they contained files with user information, SSH access logs, and other information, including a file titled ‘passwd’ located in the ‘etc’ directory,” the HSI agent writes.

“I also located numerous files associated with KAT, including directories and logs associated to their name servers, emails and other files,” he adds.

Considering all the information US law enforcement has in its possession, it’s doubtful that KAT will resume its old operation anytime soon.

Technically it won’t be hard to orchestrate a Pirate Bay-style comeback, as there are probably some backups available. However, now that the site has been heavily compromised and an ongoing criminal investigation is underway, it would be a risky endeavor.

Similarly, uploaders and users may also worry about what information the authorities have in their possession. The complaint cites private messages that were sent through KAT, suggesting that the authorities have access to a significant amount of data.

While regular users are unlikely to be targeted, the information may prove useful for future investigations into large-scale uploaders. More clarity on this, the site’s future, and what it means for the torrent ecosystem, is expected to become evident when the dust settles.

Note: Visit TorrentFreak.com for more updates.

+ + + + +

KickassTorrents’ CONNECTIONS TO THE U.S. DOOMED THE SITE

Perhaps most tellingly, in the first instance KickassTorrents (KAT) failed to learn from the ‘mistakes’ made by Megaupload. While the cases are somewhat dissimilar, both entities chose to have a US presence for at least some of their servers. This allowed US authorities to get involved. Not a great start.

“[Since 2008], KAT has relied on a network of computer servers around the world to operate, including computer servers located in Chicago, Illinois,” the complaint against the site reads. The Chicago server weren’t trivial either.

“According to a reverse DNS search conducted by the hosting company on or about May 5, 2015, that server was the mail client ‘mail.kat.ph’.”

Torrent site mail servers. In the United States. What could go possibly go wrong?

In a word? Everything. In January 2016, DHS obtained a search warrant and cloned the Chicago servers. Somewhat unsurprisingly this gifted investigating agent Jared Der-Yeghiayan (the same guy who infiltrated Silk Road) valuable information.

KAT also ran several servers hosted with Montreal-based Netelligent Hosting Services. There too, KAT was vulnerable.

When pirate sites first launch, few admins expect them to become world leaders. If they did, they’d probably approach things a little differently at the start. In KAT’s case, alleged founder Artem Vaulin registered several of the site’s domains in his own name, information that was happily handed to the DHS by US-based hosting company GoDaddy.

Vaulin also used a Gmail account, operated by US-based Google. The complaint doesn’t explicitly say that Google handed over information, but it’s a distinct possibility. In any event, an email sent from that account in 2009 provided a helpful bridge to investigators.

Forging further connections from his private email accounts to those operated from KAT, in 2012 Vaulin sent ‘test’ emails from KAT email addresses to his Apple address. This, HSI said, signaled the point that Vaulin began using KAT emails for business.

In addition to using an email account operated by US-based Apple, (in which HSI found Vaulin’s passport and driver’s license details, plus his banking info), the Ukranian also had an iTunes account.

Purchases he made there were logged by Apple, down to the IP address. Then, thanks to information provided by US-based Facebook (notice the recurring Stateside theme?), HSI were able to match that same IP address against a login to KAT’s Facebook page. - Andy of TorrentFreak (click here for more)

+ + + + +

UPDATE: JULY 26, 2016

KickassTorrents COMMUNITY RESURRECTS, WITHOUT TORRENTS

KickassTorrents may be down, but the KAT ‘family’ is still very much alive. A group of site admins and moderators have started a new community, bringing back many users of the site under the same roof. The new home doesn’t offer any torrents, however, and it’s still doubtful if the site will ever be restored to its full glory.

Over the past few days, several members of the KAT team have regrouped in an effort to get the community part of the site back up. Since then they have launched Katcr.co, which hosts a forum where several staffers are present. Speaking on behalf of the KAT-team that’s left, Mr.Black says that the criminal investigation won’t be the end of the community.

Click here for more.

+ + + + +