A worrying site which claims to allow users to search BitTorrent networks for IP addresses being used to share torrents has appeared in recent days. The site, which has a very paranoid feel, also contains numerous security-related documents from ISPs and other sources. An apparently related video being mailed to studios is even more creepy. But is all as it seems?

While many BitTorrent users operate their clients without a second thought, many are well aware that everything they can do has the potential to be monitored by someone, somewhere. The data available in BitTorrent swarms is necessarily public – if it wasn’t, no-one would be able to share anything with anyone.

The open nature of this amazing file-sharing system certainly has its benefits, but for many its greatest strength is also its greatest weakness. Organizations like the IFPI, RIAA, MPAA and others have spent a great deal of money over the years monitoring BitTorrent and other file-sharing networks. But what if that same feature was available to anyone right now via any browser?

That appears to be one of the functions behind a new and slightly unsettling website. After clicking past the title page, one is confronted by a message about the user’s IP address and location which is derived from a standard traceroute (we used a commercially available VPN for tests) but it is the note at the bottom that provokes the most interest.

View report

“View Complete Report” ? – Here goes….

Recorded BitTorrent downloads

Gulp. Apparently this interface provides the ability to monitor BitTorrent swarms (we don’t know and couldn’t find out which ones) for the IP addresses on the subnet of the accessing user’s IP address and show torrents that have been shared at some point.

After jumping onto a few legal torrents tracked by public trackers, we used the interface to try and find our test IP address in the reports but failed to locate it. There could conceivably be some sort of time delay but we were simply unable to confirm the exact mechanism of operation or, indeed, if the results are ‘real’ at all.

However, if the results are real (and they do look very convincing), then there is an even more worrying feature. Not only is it possible to search for torrents being shared on the user’s IP address, but also any IP address of the user’s choosing by simply reforming the end of the tracking URL to include /?host=X.X.X.X.

But it doesn’t stop there. At the bottom of one the pages is a link for the ‘Auditor Console’…

Auditor Console

This CLI-type affair accepts a few common commands. Typing ‘ls’ brings up a list of available directories, while the ‘cd [directory name here]’ command allows access to them.

One of the folders provides monitoring of a few select IRC channels while others appear to be non-functioning. Others contain lots of documents about monitoring and surveillance including wire-tapping requests for certain ISPs.

Having looked around this site and done quite a bit of research trying to find out who is behind it, TorrentFreak found some rather interesting links back to several individuals which leads us to go “Hmmmmm……”. We won’t reveal them here right now, but instead show you this very creepy video we found while digging around.

But enough of the chit-chat, you should try this for yourselves. We’d also like to see if you find what we found (hint: it’s not as scary at it looks). Have fun, and feel free to email us at [email protected] with anything interesting you may find, or go ahead and write about your discoveries in the comments.