It's pretty much what you'd expect, though: The web site is now running on VMs on two unnamed cloud providers, accessed through a load balancer. All traffic is still routed through servers they control. The cloud providers apparently don't know that they're hosting the pirate bay, or pirate cloud as it were. If a cloud provider goes away, they can move to the VMs to another one. If their own transit routers go down, no data is lost and it's easy to get back and running.
I wonder how vulnerable this approach is to timing attacks similar to the ones you can use to smoke out onion routed machines.
If you know the physical and network location of their routing boxes and you keep polling some (e.g. static) resource on their servers you can eliminate all cloud providers that are further away than the response time as being the hidden backend.
Let's say you narrow it down to 10 candidates and 5 of them experience some sort of network issue that gets reflected in the response times of TPB, you've now narrowed it to 5.
I wonder what they're doing to mitigate these sort of timing attacks meant to discover their hidden backend.
Or you could just look at the network traffic that the load balancers are generating to see where the majority of it is going.
I wouldn't bother just taking the load balancers down. I'd go upstream of them to see where the traffic is going, and then take down those hosts at the same time as the load balancers.
First you would need to find the load balancer, which means you would first need to go after their router, then get the cooperation of a second country. Then you would need the cooperation of two more countries to get at the cloud providers...
... only for The Pirate Bay to spin up more instances elsewhere and point a domain or two at it.
I was just pointing out a method that would be considerably more simple to pull off than a timing attack. I recognise that there are still numerous steps that would need to be taken to pull it off.
The point is your still not taking anything of value, the site could be up on different servers and load balancers in a couple of hours, if not minutes. For the record, torrent sites have been doing this for years.
Now? Now we've gotten rid of the servers. Slowly and steadily we are getting rid of our earthly form and ascending into the next stage, the cloud.
The cloud, or Brahman as the hindus call it, is the All, surrounding everything. It is everywhere; immaterial, yet very real.
If there is data, there is The Pirate Bay.
Our data flows around in thousands of clouds, in deeply encrypted forms, ready to be used when necessary. Earth bound nodes that transform the data are as deeply encrypted and reboot into a deadlock if not used for 8 hours.
All attempts to attack The Pirate Bay from now on is an attack on everything and nothing. The site that you're at will still be here, for as long as we want it to. Only in a higher form of being. A reality to us. A ghost to those who wish to harm us.
Adapt or be forever forgotten beneath the veils of maya.
A note to those using Tor, though. Getting your .torrent files and magnet links over Tor is fine, but please don't route your P2P traffic over Tor. Bittorrent wasn't designed for anonymity, so you'll be sending all sorts of data that makes it possible to identify you anyway, but, more importantly, it makes the Tor network slow as hell.
Yeah, if you're going to use Bittorrent over Tor, you have to assume that the Bittorrent client will leak everything it knows about you, and therefore work to make sure it knows nothing about you.
If you're using a Linux box, you can use iptables to force all TCP traffic through Tor, dropping everything else. Then make sure the box doesn't know it's "public" IP address, only it's NAT'ed one. Even if it does a call out to something like http://whatismyip.com/ in order to determine it's external IP address, it wont get the real one because that traffic will have been forced out through Tor.
Speed wise, Tor appears to be slow, but that is just latency. For throughput it's fine. Especially if you're connecting to lots of different hosts over lots of different Tor circuits, as happens with Bittorrent.
But yes, the Tor Project doesn't want you to be using Bittorrent over Tor.
Every packet passing to Tor is passed through a few hosts, this effectiviely multiplies the traffic, so with your throughput you'll be hogging everyone out.
I think this all goes to underscore the fact that TPB doesn't actually HOST anything anymore. Not .torrent files, and not trackers. Not sure on what grounds authorities would have to raid them in 2012. There are no files there any more, just HTML web pages containing magnet links (which are specially coded URLs). The entire site can be downloaded in a few hundred MB...
It's like TPB has achieved Nirvana. It no longer has a physical presence...
I don't think they will have much of a problem from the cloud providers. To the provider, this just looks like a steady stream of traffic from one of their instances to another server somewhere on the Internet: something they see from so many of their customers. It will attract very little attention so long as they pay their bills.
The transit and load balancer servers are another story. It will become a game of cat and mouse with colocation providers, the same game that spam purveyors played in the days before botnets. They will get raided and have to set up a new server at some provider elsewhere. Eventually they will run out of decent providers and have to move somewhere on the fringes of the hosting industry and performance will suffer.
A better approach, in my opinion, is to take the whole thing into the cloud and to come up with some sort of P2P protocol that is capable of determining where the transit server(s) live entirely without the aid of centralized DNS.
Aren't the cloud providers capable of simply hibernating a VM on their machine to get VM's RAM contents and salvage all the config and keys/passwords/network topology info they want from this dump?
Only if they get to them within 8 hours, per the TorrentFreak article - after which they shut down and require an encryption key to restart. Add in any level of geographic distribution and it would take more than 8 hours to find, subpoena and confiscate rendering that technique useless.
I was rather thinking about an over-cautious (or over-curious) cloud provider that would more or less accidentally make a persistent copy of TPB machine's RAM.
This is obviously quite an unlikely scenario, but still possible.
I'm sorry, am I the only one that isn't impressed by this? I'm actually quite stunned that they are treating this like some new discovery. Pop onto HN any day and see thousands of people talking about cloud. Hell, some local IT staffing agency in my area has a billboard about cloud servers.
Cloud is mainstream now, why did it take TPB so long to catch up?
You missed the interesting bit. It's not that they're hosting on a cloud service that is interesting, it's how they've set up a completely transient hosting solution. Non of their cloud hosts know what they're hosting. There is no traceable connection between the IP number of www.thepiratebay.se and the cloud host. Any single cloud hosting service can kick them off their servers without it affecting the web site. If the connection between cloud host and load balancer is lost the cloud image encrypts itself and becomes useless.
Sure nothing they're doing is particularly novel, but if you're the sort of person who wants to host in the cloud, but needs to keep a website responding even when cloud hoster goes down (or decides to ban you), you should find something interesting about their setup.
We see lots of stories about people running on EC2 and similar services, but the big players are all pretty straight-laced; witness the speed with which Amazon kicked off Wikileaks [1] - within about three days.
I don't know how many cloud hosing providers there are - to judge from the way people talk here there's only EC2 and maybe Linode. You'd need a lot of providers if you need a new one every 3 days!
But then if the traffic between the loadbalancer and the actual server is vpn'ed, you can just sign up using another credit card with another person, and the host will be none-the-wiser again. That is, until they get another C&D letter. The game then repeats.
I think eventually, something has to give tho, but hopefully, it will be a while before that happens.
There are quite a few. Many offer "private clouds" too. If you additionally consider "hardware clouds" like softlayer, Hertzner, etc... there are even more possibilities.
It doesn't have to be completely new to be interesting.
TPB's case is slightly different from most cloud setups, in that their primary need is mobility not scalability. So, where most cloud backends will try to be as tight as availability and pricing allows, TPB wants and needs to spread across (or be ready to move to) as many different providers, datacenters and countries as possible.
basically seems like they've got a virtual setup now that lets them essentially deploy "the pirate bay" on anything that runs virtual machines.
Now if they had distributed user run VMs running this private server VPN they might have something to talk about, but is basically just a hosting change. Makes it easier for them to move around as hosting get wise and shuts them off (as it will inevitably do).
The real question is, are they doing something sneaky like having VMs running on known clouds using encrypted vpn traffic to hide the fact that those machines are pirate bay VMs, and relays to feed info in and out. ;) Just speculating...
The description on torrentfreak says their archictecture is basically:
1. Border router handling inbound traffic, connecting via encrypted VPN to their load balancer in a different country.
2. Load balancer which is a disk-less server with all configuration in RAM that connects via encrypted VPN to two separate sets of VMs at two separate cloud providers in two different countries.
3. Said VMs using encrypted disk images, and set up to automatically shut down if they are out of contact with the load balancer for more than 8 hours, at which point a keyphrase would need to be entered to unlock the disk images.
I would assume they probably has more routers and load balancers in other locations ready in case they need to switch over.
They can keep this shell game up forever as long as the people operating it are able to get online - adding more layers if necessary.
> 1. Border router handling inbound traffic, connecting via encrypted VPN to their load balancer in a different country.
To reduce cost this "border router" is probably also running an in-memory cache such as memcached or varnish. So they simply re-created what SuprNova.org did in 2003.
9 years ago this was really novel. SuprNova was the first to introduce a load balancer for both HTML and .torrent hosting.
According the Wikipedia, Suprnova shutdown due to legal threats, but never was taken to court. Basically, they just caved to the pressure. On the other hand, ThePirateBay has survived police raids and criminal proceedings.
Aside from that, it doesn't sound like SuprNova's setup was quite as intricate as this. I think that the post above was suggesting that the "caching border router + encrypted VPN" setup was what SuprNova used, but that's not everything that ThePirateBay seems to be using. Also, ThePirateBay only has to host magnet links, which didn't exist (IIRC) back when SuprNova was active. SuprNova had to host all of the .torrent files.
Indeed, Suprnova shutdown due to legal proceedings. Real jailtime is now coming to Piratebay founders, they are even on record as begging for reduced jailtime, after the verdict.
It's simple: the exist node in both Tor and Piratebay has all the legal exposure. That server/caching router/proxy could become impossible to host anywhere. Move it to USA? Expect 1 hour of uptime:-) Russia? Expect 10seconds page load times.
Any experience hosting people out there? Are Sweden and The Netherlands the only few-questions-asked options on town?
It would be matter of hours, maybe minutes, before a new domain and IP were up and running and thousands of blogs and news sites all over the internet would report on TBP's new location.
In the end, I think it will fall on the dns system to decide if the site will survive or not. Currently, most TLD's just redirect any request of censoring by saying "go where the server is and solve the issue at the source". When that is no longer an option, the political pressure will increase.
Hopefully, TLD's like .se will stand fast and refuse to use the DNS system for censoring.
Although it's not an option for most sites, I don't think DNS is an issue for TPB. They can just register a new domain name and publicize it, and the word will get out pretty quickly.
I suspect that it is easier to teach people tor than to teach them how to change the host file. Not that we need to, there are plenty of anti-censor browser plugins nowdays.
I would have preferred fully distributed solution. This one is easy to take down. Also memory snapshots can be take from servers, so disk encryption doesn't help. Not best possible solution afaik.
Disk encryption helps if the load-balancer is taken down before the back-end servers. Unless they are all taken down without 8 hours, then the servers shutdown and require a password to unlock FDE.
I live in Belgium, where the Pirate Bay has been banned, and ISPs have to redirect request for TPB to a government notice page through DNS.
Nobody uses the old domains, but there are many mirrors, and people still use TPB, maybe even more than before. A lot of people just know the IP by heart, too.
It's a nice advance and all, but I still think it was cooler when they were talking about putting masses of micro-servers into orbit to make their hosting truly impossible to take down :)
There are many failure modes for a site like TPB. This move removes many, not all, of them. One important failure mode that has been removed is the one where the servers are seized and information on them is used to go after users.
Lessened, but not removed. Cloud-providers could be forced to take memory snapshots of the servers as they are running rather than just shutting them down, which negates the "shuts down to password-protected FDE" and "only operates with everything in memory" aspects. It would be much more difficult to capture memory on a stand-alone machine, but a VM makes it easy.
If authorities are able to figure out the topology of the network, they could coordinate this.
I think the point is that they can recover extremely quickly after any take downs. Much more quickly than it takes to organise the take down in the first place. Making it pretty much pointless to do.
Couldn't TPB do something like Silk Road with Tor and a .onion domain? I'm not exactly sure how that works, but from the limited knowledge I do have, it seems like that sort of approach would be slightly more difficult to access but also more difficult to take down...
It's pretty much what you'd expect, though: The web site is now running on VMs on two unnamed cloud providers, accessed through a load balancer. All traffic is still routed through servers they control. The cloud providers apparently don't know that they're hosting the pirate bay, or pirate cloud as it were. If a cloud provider goes away, they can move to the VMs to another one. If their own transit routers go down, no data is lost and it's easy to get back and running.