It can happen to anyone - a security flaw in a website as large and complex as The Pirate Bay is easy to overlook. And when that happens, adventurous hackers such as Ch Russo can attack. But luckily for The Pirate Bay, and many BitTorrent users, Ch Russo isn't the nefarious hacker that's typically stereotyped. Instead of causing chaos, his intentions simply appeared dedicated to pointing out the flaw - and perhaps his 15 minutes of fame.

According to KrebsOnSecurity.com, an individual hacker from Argentina named Ch Russo hacked into the popular BitTorrent tracker/website The Pirate Bay. It seems the hacker managed to infiltrate the site's SQL database and access to the admin panel. This allowed him to retrieve a treasure trove of information. With the user database at his disposal, the hacker had total "ability to create, delete, modify or view all user information, including the number and name of file trackers or torrents uploaded by users."

Included in the successful hack was access to 5 administrator's user information. As we can see from this picture, it appears Ch Russo could have done tremendous damage, but chose not to. Mr. Russo used a technique called an SQL injection in his successful hack. Ch Russo has published a video on how he accomplished this feat, however, it seems to be bogged down considering the attention.

Ch Russo told KrebsOnSecurity.com that while pro-copyright groups would probably love to have the information he gathered, "...Instead we wanted to tell people that their information may not be so well protected."

In response to this incident, The Pirate Bay closed voluntarily for several hours earlier today, ostensibly to plug up the security hole.

Share

Date: 2010-07-08 Source: http://www.slyck.com/news.php?story=1996