music torrenting website suffers peer scraping attack

Photo Credit: Microsoft Copilot

A private music torrent tracker has experienced an attack that could reveal the identities of said music pirates. Orpheus Network reported the intrusion to its user base of 19,000.

Orpheus Network is a private music torrenting site that requires an invite to join—so the community who utilizes the service is somewhat close knit. 404 Media reports that administrators for the website posted a message on the site on September 18 that disclosed the intrusion.

“With great displeasure we need to inform you that a malicious actor has successfully carried out a massive peer scraping attack on our tracker on Thursday,” the note reads. “The unknown actor has downloaded the majority of our torrent files and corresponding peer lists. This means the malicious third party is now in possession of most of our users’ torrent client information (seeding IP, client port, torrents seeding). As far as we can observe their immediate goal is downloading a huge part of our library, but we do not know if they have further plans with the collected data.”

The scraping attack against Orpheus Network is an interesting one because of just how close knit the community is. It requires a user be invited by someone who is already a member, or an interview with the site administrators to gain access. It’s unclear who the attacker is at this point, but major industry bodies like the Recording Industry Association of America (RIAA) often trawl torrent sites. A private tracker is a treasure trove of people who are sharing music amongst themselves illegally.

As Digital Music News covered just a few months ago, major labels are cracking down on the source of leaks. Job postings seeking people knowledgeable with the dark corners of the internet suggest they’re seeking out talent to help root out where music leaks originate or proliferate—sometimes from private music trackers such as Orpheus.

Orpheus Network admins who spoke to 404 Media said they believe the attack is the responsibility of a single person seeking access to the torrented music. The admins claim to have detected the attack within six hours of it happening. It’s also worth noting that AI scraper bots like OpenAI deploys are notorious for hoovering up massive amounts of data—whether the data was released legally onto the internet or not.

For now, the Orpheus Network is still active, but this could be the beginnings of a case built against what many consider one of the more popular music-dedicated torrenting sites. Defunct sites like Oink’s Pink Palace and What.cd were shut down. OiNK’s demise came in 2007 after an investigation by the International Federation of the Phonographic Industry (IFPI) and the British Phonograph Industry (BPI). What.cd was shut down in 2016 when French authorities seized twelve servers belonging to the site’s operators.