The raids and arrests this week targeting piracy release group SPARKS have caused chaos in The Scene, with members and groups going into hiding and new releases dropping like a stone. The targeting of just one group shouldn't have such a massive effect but it seems probable that in the weeks and months to come, we'll learn that one weak spot can be exploited to undermine a much larger infrastructure. This Tuesday, TorrentFreak received more rapid-fire anonymous tips than we have done in recent memory. Demanding confidentiality is nothing new but tipsters and sources using anonymous mailers, obscured IP addresses, alongside repeat requests that identities aren’t revealed, usually point to something particularly unusual. And indeed, something unusual was definitely underway. Late Tuesday, documents filed under seal in the United States as early as January 2020 were suddenly unsealed, revealing one of the most important piracy-related cases of the past decade. As detailed in our report yesterday, a case brought by the US Government resulted in a Grand Jury charging at least three members of several and related top-tier ‘Scene’ release groups – SPARKS, GECKOS, DRONES, ROVERS and SPLiNTERS – with conspiracy to commit criminal copyright infringement and other crimes. The US case has been ongoing for many months and the investigation certainly longer. Exactly how long was unknown until yesterday when a Swedish prosecutor revealed that it had been underway “for years”. However, What took us by surprise was the volume of reports on Tuesday, the claims of panic and fear in ‘The Scene’ globally, and what now appears to be a significant reduction of releases of all kinds from what is usually a prolific and cascading ‘Piracy Pyramid’ system. Initial Information Proved Correct People closely involved in The Scene are naturally secretive, or at least that’s the mandate. The truth is that some are prepared to talk but everyone is so scared of being caught by the authorities or labeled by fellow members as insecure, that truly verifiable sources are extremely hard to come by. As a result, reporting the finer details becomes a product of overlapping independent sources, none of whom want to be identified, which isn’t ideal. Nevertheless, during Tuesday we were told by multiple sources that topsites and warez-affiliated members and resources were being targeted by law enforcement, anti-piracy groups, or a combination of both in many regions. What they all had in common was that the entities were affiliated with SPARKS and various topsites. Another recurring theme was the focus on Nordic countries as being at the heart of action. Many countries were mentioned, including the Netherlands, Germany, Switzerland and Poland but, again and again, the reports cited both Norway and Sweden as potentially the main ‘problem’ areas. US Department of Justice Began Talking Yesterday In an official announcement Wednesday, following the initial yet unofficial reports of raids 24 hours earlier and after the unsealing of the indictments, the USDOJ revealed the global scale of the operation against SPARKS and its affiliates. “Thanks to the efforts of HSI, the Postal Inspection Service, Eurojust, Europol, and our law enforcement partners in 18 countries on three continents, key members of this group are in custody, and the servers that were the pipeline for wholesale theft of intellectual property are now out of service,” the announcement read. The US revealed that law enforcement authorities in many countries assisted in the investigation against SPARKS including those in Canada, Cyprus, Czech Republic, Denmark, France, Germany, Italy, Republic of Korea, Latvia, Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, and the United Kingdom. SPARKS member George Bridi, 50, was reportedly arrested on Sunday in Cyprus on an INTERPOL Red Notice. Correa (aka ‘Raid’), 36, was arrested Tuesday in Olathe, Kansas, where he will appear in federal court. Umar Ahmad (aka ‘Artist’), 39, was not arrested and as of Wednesday was reportedly still at large, according to the US Government. The Nordic Connection Several pieces of information received by TF during Tuesday indeed placed someone known as ‘Artist’ as a central and important figure in the action taking place. Umar Ahmad is now officially named as that key person but according to his indictment, the US Government is not seeking to prosecute him for SPARKS-related offenses beyond January 2020. That’s also the case for George Bridi, an indicted co-defendant whose alias is currently unknown. The only SPARKS defendant charged with offenses up to August 2020 is Jonatan Correa, aka ‘Raid’. While there is room for speculation as to what may have happened here, it seems somewhat reasonable to conclude (at least given the charges) that Ahmad and Bridi stopped their alleged offending months ago. However, according to records kept by Scene-watching sites (known as pre-databases), SPARKS-related groups continued releasing content online until fairly recently. That aside, what we can confirm today is that Norway’s National Criminal Investigation Service, commonly known as Kripos, carried out raids at several premises this week and seized computer equipment on what is being described as a “large scale”. In addition, three men – who are yet to be named but are in their 30s and 40s – were arrested and charged for breaches of Norway’s Copyright Act. It is not currently known whether 39-year-old Oslo-resident Umar Ahmad is among them. Danish authorities have also confirmed that four men, aged between 35 and 48, had their homes searched and were subsequently charged with copyright infringement offenses. Servers and other pieces of IT equipment were seized. Source: Some Warning Signs Were Spotted a While Ago It’s certainly possible that SPARKS members were absolutely oblivious to the US Government’s investigation but according to one difficult-to-verify source, who insisted on anonymity but spoke with us at length and in considerable detail, this year and “before COVID”, some Scene members were questioning why a particular SPARKS member had suddenly “retired”. We are not publishing that member’s name here (which we believe was provided to us in advance of the unsealing of the US indictment) but according to the same source, another possibly-connected mystery was still lingering. The source alleges that some months earlier an individual connected to a separate yet prominent release group also “went afk” and suddenly stopped providing content. Again, we aren’t publishing the name of that group or the nickname of the person involved but we can confirm that the alleged group stopped releasing several months before the end of 2019. This led to rumors that one or both may have been compromised and hadn’t just taken a break. The relevance is that, according to the same insider, the pair (coincidentally or not) are believed to have shared the same content sources. Again, this is unconfirmed information but the first group has never returned to action and the second has the US Government on the attack after uncovering where it was obtaining its DVD and Blu-Ray discs from. Significant Legal Action in Sweden After receiving initial information, which was later confirmed by the USDOJ, that significant action had taken place in Sweden. On Tuesday, we spoke with Jon Karlung, the owner of ISP Bahnhof, which we were informed may have been visited by the authorities investigating SPARKS. That turned out not to be the case. Karlung told us that nobody had visited the company nor requested information. However, he said that with 400,000 households and 10,000 companies as clients, plus the company’s sale of bandwidth capacity to other ISPs, he couldn’t rule out that someone way down the chain, even a client of someone else, may have been visited. Whether connected to this specific ISP or not, multiple sources informed us that at least one topsite affiliated with multiple groups utilized a high-bandwidth home link in Sweden, with another topsite connected to multiple groups also seized in the country. What we know from official sources is that there were 14 house searches carried out in Sweden on Tuesday, including in Umeå, Malmö, Gothenburg and Stockholm. No one was arrested during the raids but according to prosecutor Johanna Kolga, more servers were seized in Sweden than anywhere else. Netherlands Action and the Existence of MLATs Finding information about what happened in the Netherlands led us to Tim Kuik of anti-piracy group BREIN. We put it to him that if anyone in the country knows anything about the case, it must be him. Like most other people, Kuik wasn’t budging on detail. But he did offer a plausible explanation for the silence. “It is an interesting case indeed. It is entirely possible for so-called MLATs to be carried out on the request of say US law enforcement and the Dutch authorities carrying it out without informing any private stakeholders,” Kuik told us. “In such cases it may be so that stakeholders abroad, who may have filed a criminal complaint for example, have been made aware and would not be at liberty to say anything about it. So nobody is likely to comment I think. But you can always try. I have no comment.” Later, however, Eurojust – the European Union Agency for Criminal Justice Cooperation – confirmed that it “helped transmit and facilitate the execution of over 30 Mutual Legal Assistance requests and Letters of Request necessary for taking down the servers and executing searches..” In all, over 60 servers were taken down in North America, Europe and Asia and “several main suspects” were arrested, the agency added. Interesting Allegations, Few New Releases, and Kevin Bacon Over the past 48+ hours, TF has been provided with a list of topsites and related infrastructure that has either been raided or taken down as a precautionary measure. The dozen-plus platforms will therefore remain unnamed, as we simply cannot determine which of the platforms are offline voluntarily, or down because they have been seized. This leads us to why so many sites and other key pieces of infrastructure have disappeared, apparently just because one group was targeted. The reasons, we are told, are complex but can be boiled down to the number of connections SPARKS had in The Scene. One recurring theme is that one of SPARKS’ members is claimed to have become quite influential and as a result may have “extended his tentacles too far”, as one source framed it. These connections, with many other groups and activities, may go some way to explaining why The Scene all but shut down Tuesday. If we take Bacon’s Law and apply it here, the response makes complete sense. Nevertheless, the scale of the shutdown is unusual, to say the least, and only time will tell if The Scene will fully recover. For the average torrent or streaming site user, a period of reduced new content availability might be on the horizon but history shows us that rarely lasts for long and that the cycle will probably begin again, once people have figured out who they can trust.

Google has reached a new voluntary agreement with copyright holders in Australia. The search engine promises to block proxies and mirrors of pirate sites without a court order. The new agreement aims to fix a loophole that made alternative addresses of blocked pirate sites easy to find. Years ago, Australia was often described as a hotbed for piracy. This was a thorn in the side of copyright holders, who repeatedly asked the Government to help out. On the top of their list was new legislation that would make it possible to compel ISPs to block pirate sites. In 2015 this wish became reality with the passing of Section 115a of Australia’s Copyright Act. Soon after the amendments became law, the first blocking requests were submitted and since then ISPs have been ordered to block hundreds of sites. The entertainment industry was happy with this new enforcement tool. However, they also felt that it wasn’t enough. Village Roadshow’s Graham Burke, in particular, took aim at Google and other search engines, which still indexed these pirate sites and many alternatives. The Proxy and Mirror Loophole To address these and other loopholes, new legislation was passed in 2018 which made it easier for proxies and mirrors to be blocked. In addition, it also opened the door to a new type of measure that required search engines to block pirate sites. Initially, Google fiercely opposed the new plans but in a surprise move last year, the search engine voluntarily agreed to remove hundreds of sites from its Australian search results. This agreement was made without a court order. Instead, Google chose to remove sites that the ISPs were already blocking. This was a step forward in the eyes of the rightsholders, but it was far from perfect. After being blocked, pirate sites would simply switch to new domains which are easy to find through search engines. While these are eventually covered through updated court orders, the process can take weeks. “The pirates are taking advantage of the lag time between their criminal mirror site going up by changing one letter and us taking three or four weeks to go back through the court system,” Burke, who’s also the Chair of Creative Content Australia, told SMH. Google Steps Up its Anti-Piracy Game, Again To fix this ‘loophole’ Google has now agreed to a new arrangement that goes even further. In an agreement with copyright holders, Google promises to de-index mirrors and proxies as soon as they are reported. This will happen before a court order is issued, without any judicial oversight. That said, it only applies to (presumed) alternative locations of domains that have previously been targeted by a blocking injunction. This effectively addresses the mirror and proxy problem while the rightsholders are still in the process of getting an updated court order. By doing so, it will be harder for pirates to find alternative domain names. “This is shutting down that loophole and it’s massive,” Burke said. Did Google Have a Change of Heart? Google’s cooperative stance runs counter to comments that were made earlier by the search engine. The company repeatedly argued that removing full domains from its search results is dangerous. In addition, it actively protested Australia’s blocking plans when they were announced. TorrentFreak asked Google for a comment on the new voluntary agreement and how it differs from its previous statements, but the company didn’t immediately respond. Speaking with SMH, the search engine said that it hopes this measure will help address the piracy problem. “We are hopeful these measures will be a welcome step towards protecting copyright and will provide a faster solution for rightsholders,” Lucinda Longcroft, director of public policy at Google Australia said.

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Nintendo has targeted the developer of an open-source Switch payload injector with a cease and desist notice. Faced with copyright infringement threats, the DragonInjector developer decided to shut the project down. While he doesn't agree with the allegations, an expensive legal battle is not an option. Nintendo is doing everything in its power to stop the public from playing pirated games on the Switch console. Earlier this year, the game company launched several lawsuits against websites that sell Team-Xecuter products. These cases are ongoing. In the meantime, Nintendo has identified other “payload injector” threats as well. This includes the open-source project Dragoninjector, which was developed and sold by MatinatorX. DragonInjector is a small piece of hardware that fits in the Switch game card slot. It allows users to install and load custom firmware on their console. While it’s not advertised as a pirate tool, with third-party code it can be used to play pirated games on older Switch models. Nintendo’s Cease and Desist Notice A few days ago, DragonInjector’s developer formally announced the end of the project. In a message on Discord, a Nintendo cease-and-desist order is cited as the main reason. MatinatorX doesn’t agree with the gaming company’s copyright infringement claims but he doesn’t want to fight them either. “While I don’t believe the project was or is unlawful in any way, I do not have the resources to go to court to prove that for a hobby, especially considering the project netted a loss of a few thousand dollars overall,” he writes. The cease-and-desist notice was sent by Nintendo’s Canadian lawyers a few weeks ago. It accuses the developer of copyright infringement by advertising and selling the DragonInjector. According to the notice, this breaks the Switch’s technical protection measures. “Your unlawful manufacture, advertisement, distribution, offering for sale and sale of the DragonInjector via the Dragon Injector Website infringes our client’s rights,” the lawyers write. “More specifically, your activities amount to copyright infringement, secondary infringement, and the circumvention of technological protection measures in violation of sections 3, 27, and 41.1 of the Copyright Act, RSC 1985, c. C-42,” they add, referring to Canadian copyright law. “$12 million CAD in Damages” The developer was urged to immediately stop any infringing activities. If not, Nintendo reserves the right to take further action, the notice warns, adding that the company previously won $12 million CAD in damages in a ‘similar’ case. The threat comes with a list of additional requests. Among other things, MatinatorX must hand over all related accounting, including the number of devices sold as well as any profits that were made. Down but Not Out After receiving the cease-and-desist, the developer immediately halted DragonInjector’s sales. In addition, he reached out to Nintendo through his lawyer to settle the matter. That request has not been answered yet, but it’s clear that the DragonInjector project is done. MatinatorX is aware of the legal uncertainties but says he’s not looking for legal advice from outsiders. He has discussed and explored all options already over the past weeks and shutting things down came out as the best solution. “I know it sucks, I really do – I’ve poured the better part of two years of my free time into this project – but that’s just how it is. I could let myself be depressed, or I could dive into my other projects and ideas. I’m choosing the latter,” he writes. The old Dragoninjector.com site is now gone. Instead, the developer registered Draconicmods.com where he will continue to do business. He has set up a legitimate company and is moving forward with DragonMMC, which is a custom Switch kickstand. Needless to say, DragonMMC won’t have the payload injection capability that was initially planned, but MatinatorX says he can make it something worthwhile nonetheless. And there’s another project in the pipeline as well; DragonDSI, a micro-HDMI port for the Switch Lite. — A copy of the full cease and desist letter, sent by Nintendo’s Canadian lawyers, is available here (pdf)

Google Translation: New upload contest for members, with bonus points to be won Visit the topic and register, it's as simple as that, good luck to everyone here

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk

Welcome to InviteHawk