Cyber Incident Victim: ExtraTorrent
Date:
Dec 2016
Location:
United States of America
Summary
ExtraTorrent experienced significant DDoS attacks following its ban on unofficial proxy services, overwhelming its infrastructure with up to 50 million hourly requests from the US and bypassing Cloudflare's protection. The site mitigated the attacks by disabling user logins to prevent new torrent uploads, removing anti-proxy encryption, and temporarily limiting certain functionalities to conserve resources. Operators attributed the attacks to proxy service administrators, citing a prior threat email demanding the removal of encryption measures to allow proxy operations. Despite sustained high server load, the site maintained availability using additional resources while seeking solutions to halt the ongoing disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
ExtraTorrent, a prominent torrent site, experienced multiple distributed denial-of-service (DDoS) attacks over a three-day period in December 2016 following its decision to prohibit unofficial proxy services. The attacks generated extreme traffic volumes, with the site reporting 40 to 50 million hourly requests originating from the United States aloneāa scale that overwhelmed Cloudflare's mitigation capabilities. Site administrators responded by implementing operational restrictions to conserve resources, including disabling user login functionality to prevent new torrent uploads and removing technical protections against unofficial mirror and proxy sites. These measures were necessary to maintain basic site availability despite continued bombardment. A spokesperson attributed the attacks to operators of proxy services affected by ExtraTorrent's ban, noting the timing aligned with recent policy enforcement against such services.
The attacks followed an explicit threat received via email, wherein an unidentified party demanded ExtraTorrent remove encryption measures blocking proxy operations, warning of extended downtime if demands weren't met. The email referenced a prior 6-7 minute outage as a demonstration of capability, threatening prolonged attacks lasting "hours, days." Despite these pressures, ExtraTorrent maintained partial functionality through server load management, though systems remained under significant strain. Administrators confirmed possessing sufficient infrastructure resources to sustain online operations during the attacks while investigating mitigation strategies. No attribution was conclusively established, though site operators circumstantially linked the attacks to proxy service interests based on the threat's content and temporal proximity to the proxy ban implementation.