Massive hack cracks open underground source repository, breaking many popular anime and manga scrapers
8 views
Skip to first unread message
ad...@reviews.wox.org
Sep 5, 2024, 8:07:23 PM9/5/24
to 2600-au...@googlegroups.com
Trust rating: Educated Rumours, reddit and anonymous sources:
This month a massive attack, suspected to have been funded
by a group working unofficially for the interests of
companies /like/ (but not necessarily these exact
organisations) Warner Group, netflix, Apple, Prime and
crunchyroll infiltrated and hacked the underground source
repository hosting numerous code repositories, scrappers and
aggregators used by potentially hundreds of underground
manga and anime sites, and to a lesser degree some
underground pirate movie sharing sites to automatically
update their library of titles to link to latest video
stream/manga sources as they are released. Most of these
scrappers were almost entirely automatic, and never actually
pirated any copyrighted content, instead simply updated a
series of databases linking DIRECTLY to the original server
openly serving out the videos and manga used to by
legitimate websites, allowing many anime/manga sites to add
new material essentially the moment it is released.
This was problematic for companies like crunchy roll, toomic
etc who charge a fee to view such content (and reportedly
don't pay the anime/manga authors a cent, beyond their
initial "one off payment" to be given the link) selling
access to unlisted and essentially free sources of the
original source material. Because these sites used the same
sources as the so called "legitimate" streaming sites, and
never actually physically hosted any IP material they had
little to no legal basis to take these sites down, and such
sites had exited essentially bulletproof for years (a decade
in the case of anix). this also meant pay-to-view sites
felt they were losing business, as many viewers opted
instead to use a free portal, instead of a corporate one.
The hack nicknamed "The long day" hack after the Wiz Khalifa
"See you Again" video on youtube the defaced page links
users to (likely licenced to the organisation funding the
hack! But a nobody video is now quite popular, thanks to the
free advertising) first replaced the script in the
repository that formats the page listing episodes, and
linking to video streams.
This initial hack broke dozens of anime sharing sites such
as aniwave, 9anime and anix as they shared a common
underground repository used to update their script to
current sources, this left the entry page script, most
viewed and update history log of the sites still functional
for a while, suggesting the attack was progressive, and
multi stage then in further hacks the attackers may have
tainted the DNS records of the domain itself, possibly even
gaining control of the domain keys so that even the root
page directed users to the defaced page on some sites.
(anix.to for instance)
The attack initially surfaced about a month ago, numerous
manga sharing sites suddenly finding their sources missing
or blocked, but the otaku community being the hardcore
diehard fans they are were quick to act, manually updating
scripts and links to bring most websites back online within
a week. Because of the way the manga scrapers work, this did
not necessarily display a defaced page, as the script
expecting a graphic file failed when presented with a html file.
The next stage of the attack gained access to the
underground source repository (The unnamed site, favoured by
the otakus managing the sites as it was not under the
oversight of corporately ruined sites like github or source
forge) that hosted the main scrapper used by anime sharing
sites, initially causing the script that formats links to a
given anime title to display an earlier version of the "Long
day" defacement page, suggesting users can still go to
their "profile" to download their playlists/viewing
history.. something for many anime otaku's that was
considered the most important as it allowed them to keep
track of what titles they had already watched, and what
titles they had not seen yet, but in reality it was
suspected that attempting to sign into the profile, simply
exposed the users personal details to the hackers - likely
logged for a third stage where the Lawyers working for the
group funding the hackers may attempt to send legal letters,
or content platform spam out to the viewers.
A few weeks later, sites like aniwave and anix have spun up
new domains and/or reverted to a backup of the script with
earlier sources still recorded, but this has left them in
the awkward position that entire titles and seasons are no
longer visible in their database, or such as in the case of
titles like "that time i reincarnated as a slime" only the
original japanese sources and older seasons are available -
the latest seasons, although listed by the sites, cannot be
linked to currently - essentially leaving most sites
timewarped to the titles available several months prior to
the attack, but listing newer titles that can not be
currently viewed as the scraper is out of sync with the home
page.
The Anime otaku community is slowly recovering, sites that
used their own version of the scraper and did not update
from the underground repository were quick to update their
video links where the link was tainted, and changed their
domain keys, and sites impacted by the hack have either spun
up new domains, or manually started updating titles again,
instead of depending on the automatic scraper leaving many
anime fans gnashing their teeth in withdrawal from their
favourite titles, and ironically enough possibly even pushed
a few users to actually access them from corpo sites like
crunchyroll, who conveniently have an ad supported tier to
view the same titles.
This incident appears to represent one of the first times
that IP holders and corporate price gouging video sharing
platforms have abandoned legal avenues of attack on content
sharing sites, instead allegedly collaborating( if off the
record ) to actively engage in illegal
insertion/modification/deletion of data via rogue actors to
attack the sites directly.
This is unusual, as in the case of legitimate takedowns, the
IP holders or relevant anti-piracy organisation typically
display an official notice.. but because in this case sites
were taken down they had no legal right to interfere with,
no such official notice has been thus far displayed.
This was particularly cruel, as in the case of anix.to in
particular, they had been one of the largest "vintage
animation" preservation sites on the internet, some out of
copyright and otherwise lost titles being almost exclusively
hosted and preserved by anix, titles which they HAD every
right TO host.
This legally dubious if effective approach may even be
considered criminal conduct in the jurisdictions where many
of these anime sites are actually hosted. Internic
certainly would likely take a dim approach to large
corporations stealing dozens of website domains via 3rd
parties outside of legal avenues.
Time will tell how this plays out, but this seemed to be a
major arms escalation between money grabbing content
platforms and the historic animation preservation community
trying to keep otherwise lost titles available for future
generations.
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
This month a massive attack, suspected to have been funded
by a group working unofficially for the interests of
companies /like/ (but not necessarily these exact
organisations) Warner Group, netflix, Apple, Prime and
crunchyroll infiltrated and hacked the underground source
repository hosting numerous code repositories, scrappers and
aggregators used by potentially hundreds of underground
manga and anime sites, and to a lesser degree some
underground pirate movie sharing sites to automatically
update their library of titles to link to latest video
stream/manga sources as they are released. Most of these
scrappers were almost entirely automatic, and never actually
pirated any copyrighted content, instead simply updated a
series of databases linking DIRECTLY to the original server
openly serving out the videos and manga used to by
legitimate websites, allowing many anime/manga sites to add
new material essentially the moment it is released.
This was problematic for companies like crunchy roll, toomic
etc who charge a fee to view such content (and reportedly
don't pay the anime/manga authors a cent, beyond their
initial "one off payment" to be given the link) selling
access to unlisted and essentially free sources of the
original source material. Because these sites used the same
sources as the so called "legitimate" streaming sites, and
never actually physically hosted any IP material they had
little to no legal basis to take these sites down, and such
sites had exited essentially bulletproof for years (a decade
in the case of anix). this also meant pay-to-view sites
felt they were losing business, as many viewers opted
instead to use a free portal, instead of a corporate one.
The hack nicknamed "The long day" hack after the Wiz Khalifa
"See you Again" video on youtube the defaced page links
users to (likely licenced to the organisation funding the
hack! But a nobody video is now quite popular, thanks to the
free advertising) first replaced the script in the
repository that formats the page listing episodes, and
linking to video streams.
This initial hack broke dozens of anime sharing sites such
as aniwave, 9anime and anix as they shared a common
underground repository used to update their script to
current sources, this left the entry page script, most
viewed and update history log of the sites still functional
for a while, suggesting the attack was progressive, and
multi stage then in further hacks the attackers may have
tainted the DNS records of the domain itself, possibly even
gaining control of the domain keys so that even the root
page directed users to the defaced page on some sites.
(anix.to for instance)
The attack initially surfaced about a month ago, numerous
manga sharing sites suddenly finding their sources missing
or blocked, but the otaku community being the hardcore
diehard fans they are were quick to act, manually updating
scripts and links to bring most websites back online within
a week. Because of the way the manga scrapers work, this did
not necessarily display a defaced page, as the script
expecting a graphic file failed when presented with a html file.
The next stage of the attack gained access to the
underground source repository (The unnamed site, favoured by
the otakus managing the sites as it was not under the
oversight of corporately ruined sites like github or source
forge) that hosted the main scrapper used by anime sharing
sites, initially causing the script that formats links to a
given anime title to display an earlier version of the "Long
day" defacement page, suggesting users can still go to
their "profile" to download their playlists/viewing
history.. something for many anime otaku's that was
considered the most important as it allowed them to keep
track of what titles they had already watched, and what
titles they had not seen yet, but in reality it was
suspected that attempting to sign into the profile, simply
exposed the users personal details to the hackers - likely
logged for a third stage where the Lawyers working for the
group funding the hackers may attempt to send legal letters,
or content platform spam out to the viewers.
A few weeks later, sites like aniwave and anix have spun up
new domains and/or reverted to a backup of the script with
earlier sources still recorded, but this has left them in
the awkward position that entire titles and seasons are no
longer visible in their database, or such as in the case of
titles like "that time i reincarnated as a slime" only the
original japanese sources and older seasons are available -
the latest seasons, although listed by the sites, cannot be
linked to currently - essentially leaving most sites
timewarped to the titles available several months prior to
the attack, but listing newer titles that can not be
currently viewed as the scraper is out of sync with the home
page.
The Anime otaku community is slowly recovering, sites that
used their own version of the scraper and did not update
from the underground repository were quick to update their
video links where the link was tainted, and changed their
domain keys, and sites impacted by the hack have either spun
up new domains, or manually started updating titles again,
instead of depending on the automatic scraper leaving many
anime fans gnashing their teeth in withdrawal from their
favourite titles, and ironically enough possibly even pushed
a few users to actually access them from corpo sites like
crunchyroll, who conveniently have an ad supported tier to
view the same titles.
This incident appears to represent one of the first times
that IP holders and corporate price gouging video sharing
platforms have abandoned legal avenues of attack on content
sharing sites, instead allegedly collaborating( if off the
record ) to actively engage in illegal
insertion/modification/deletion of data via rogue actors to
attack the sites directly.
This is unusual, as in the case of legitimate takedowns, the
IP holders or relevant anti-piracy organisation typically
display an official notice.. but because in this case sites
were taken down they had no legal right to interfere with,
no such official notice has been thus far displayed.
This was particularly cruel, as in the case of anix.to in
particular, they had been one of the largest "vintage
animation" preservation sites on the internet, some out of
copyright and otherwise lost titles being almost exclusively
hosted and preserved by anix, titles which they HAD every
right TO host.
This legally dubious if effective approach may even be
considered criminal conduct in the jurisdictions where many
of these anime sites are actually hosted. Internic
certainly would likely take a dim approach to large
corporations stealing dozens of website domains via 3rd
parties outside of legal avenues.
Time will tell how this plays out, but this seemed to be a
major arms escalation between money grabbing content
platforms and the historic animation preservation community
trying to keep otherwise lost titles available for future
generations.
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
ad...@reviews.wox.org
Sep 5, 2024, 8:43:35 PM9/5/24
to 2600-au...@googlegroups.com
Further comments on this:
As of this post, nobody has claimed responsibility for the
hack/crack either - Neither IP holder nor '1337' group has
owned up to it, and given they would be considered corporate
sell outs, and complete scum since one of the victims was an
animation preservation society I can't blame them.
It is suspected that at least one or more insiders were
involved; given the repository involved was known only to a
small community of otakus (likely an unlisted dark/deep web
site/repository). So far nobody has been outed. Although
given how angry this has made the otaku community, the
individual involved most likely justifiably fears for their
life.
After all, they did just attempt to do the digital
equivalent of burning down the louvre. Deliberately. For money.
As of this post, nobody has claimed responsibility for the
hack/crack either - Neither IP holder nor '1337' group has
owned up to it, and given they would be considered corporate
sell outs, and complete scum since one of the victims was an
animation preservation society I can't blame them.
It is suspected that at least one or more insiders were
involved; given the repository involved was known only to a
small community of otakus (likely an unlisted dark/deep web
site/repository). So far nobody has been outed. Although
given how angry this has made the otaku community, the
individual involved most likely justifiably fears for their
life.
After all, they did just attempt to do the digital
equivalent of burning down the louvre. Deliberately. For money.
Reply all
Reply to author
Forward
0 new messages