BTJunkie.org - Leaking Your Private Tracker Accounts?
February 13, 09 by sharky 15,454 viewsIt’s never a good idea to use a public torrent site to login to your private trackers. While it may seem convenient to use one central site to manage all of your private accounts (for searching purposes / downloading external torrents), this means you’re trusting them with your account details - and also with your passkey from the torrrents. Very popular BTJunkie.org is one such torrent website that allows for registered users to create an account, setup your private trackers (by submitting your username and password for each), and proceed to search for & download torrents.
According to at least one private tracker owner, BTJunkie is "actually harvesting your private ID (passkey) from your .torrent files". Not only can your accounts be compromised, but it can have adverse effects on your ratio - since your torrent passkeys are being shared & used publicly.
A Warning From CartoonChaos…
Yesterday, CartoonChaos sent out PMs to all of its members, which pertained to a warning about using BTJunkie and private tracker accounts. It said,
Cartoonfans,
If you use BT Junkie and have noticed your ratio behaving weirdly, or someone leeching something under your name that you aren’t, please be aware that they actually harvest your private ID (PID) from your .torrent files if you sign up an account with them for remote torrent downloading.
What that translates to is that if you upload a torrent from here to BTJunkie..or use them to index or download torrents from private trackers you are a member of, your passkey or Private ID will become PUBLIC - anyone who goes and downloads that .torrent can then connect to our tracker via your account ID and abuse YOUR ratio!!
Now it is always up to you the user to protect your PID (if you know this applies to you go to your My Panel and change it now) - see our rules.
If you use BT Junkie we recommend you stop doing so and change your passkey now. You will then need to redownload the .torrents for every file you had active in your client to continue seeding/leeching them.
This has affected users on other private trackers - we’ve had one case so far so please make sure you aren’t affected if you use the service.
- CC Staff
There’s no word on what the motive could be for BTJunkie to use private passkeys in their public torrents, but one obvious reason would be to increase the download speed on those torrents (for public users). We were able to download at least a few private torrents (with passkeys) at BTJunkie, but all of them generated an error message in uTorrent: Failure….unregistered torrent pass.
Aside from the obvious reasons (insecure private tracker account; a butchered ratio), this also opens the door to DMCA / Cease & Desist - Takedown notices that the MPAA has recently been sending out to users of Mininova, IsoHunt and other public sites. Seemingly, this makes it too easy for anti-piracy groups such as BayTSP to join in the torrent swarms of private trackers to log IP addresses, without even needing an account at one.
©2009 • XHTML • 
01 • Squire Says: 13.02.09 at 2:34 am
To be honest, is this really post worthy? 95%+ users keep their same combo (user:password) for all sites anyway. Their Filesharefreak combo is likely to work on any tracker they use, it doesn’t take them entering their info into BTJunkie to figure that out. This is crack 101. I’m sure FSF doesn’t harvest this information but always expect for your combo to be harvested. Even if site owners encrypt by default, plan to get ripped.
Always use different passwords and make them more than 8 characters long (beyond the usual range of most rippers). Throw in a special char for good measure.
02 • Squire Says: 13.02.09 at 2:44 am
Some people trade for access. Some people up for access. Some just access. Private trackers operate under the same old concepts.
03 • Diji1 Says: 13.02.09 at 3:57 am
“Their Filesharefreak combo is likely to work on any tracker they use, it doesn’t take them entering their info into BTJunkie to figure that out. This is crack 101. I’m sure FSF doesn’t harvest this information but always expect for your combo to be harvested. Even if site owners encrypt by default, plan to get ripped.”
I agree with what your saying however this is a different situation: BTJunkie (allegedly) is grabbing torrents that have passkeys, not logging in to accounts to grab the torrents. Or I hope not anyhow :\
04 • Squire Says: 13.02.09 at 4:30 am
@4
I understand what they are doing and it is indeed fucked up from the client’s point of view. But you also have to remember that the purpose of private trackers is to build like minded communities, not gain access to rare material. If you are a member of so many private trackers that you need a meta search to find “what you want”, you need to reevaluate your memberships; otherwise you are fair game to leech off of; even in the pirate world.
Disclosure: I do not use BT.
05 • Dogboy Says: 13.02.09 at 4:48 am
TB issued a similar warning…..
06 • Chris Says: 13.02.09 at 4:08 pm
wow!
oh btw guys, don’t signup for that first post bullshit, I have a feeling its a phishing attempt
07 • btjunkie Says: 25.04.09 at 8:34 pm
This story is bogus, CartoonChaos tracker is not even listed as an option for automatic login at btjunkie. CartoonChaos & other newbie tracker admins that suggest btjunkie leaks login credentials are referring to the general public uploading of private tracker torrents with passkeys included. Since btjunkie has the automatic login I guess they thought to blame it on btjunkie even though they are not included on the site.
08 • BT NOT SECURE Says: 15.06.09 at 10:29 pm
Bittorrent is not secure. Don’t rely on it. Mirroring a tracker is simple and you can thus “steal” its cloud too.
You guys are really silly to assume there is any security whatsoever in a private tracker. It is like having a poker game in a remote part of the park. People can see you.