×
  • remind me tomorrow
  • remind me next week
  • never remind me
Subscribe to the ANN Newsletter • Wake up every Sunday to a curated list of ANN's most interesting posts of the week. read more

Forum - View topic
NEWS: Crunchyroll's Website Redirected to Server With Malicious Software


Goto page Previous  1, 2, 3, 4, 5

Note: this is the discussion thread for this article

Anime News Network Forum Index -> Site-related -> Talkback
View previous topic :: View next topic  
Author Message
mglittlerobin



Joined: 28 Aug 2008
Posts: 1071
PostPosted: Sat Nov 04, 2017 9:36 pm Reply with quote
Primus wrote:
Can't help but notice this happened the same week a semi-viral video went up encouraging people to pirate anime. I doubt the creator had anything to do with it but I wouldn't be surprised if someone watched it and felt "inspired."

It was the most excuse-laden entitled video I've watched regarding anime piracy, he said that if we all pirated it would force official sites to "innovate". It was the stupidest thing I've heard in awhile, if fans started mass piracy, Crunchyroll, Funimation, Sentai, etc, would just start hiring teams to take down illegal stream links. Netflix has a team and that's all they do.
Back to top
View user's profile Send private message
Nagsura



Joined: 28 Aug 2016
Posts: 66
PostPosted: Sun Nov 05, 2017 1:22 am Reply with quote
I love how people are pointing out one must be some kind of fool to run a program out of nowhere, but it happens. Hasn't happened to me (nor apparently to some of the people posting here), but we could fall for it someday for all we know.

The fact of the matter is that, regardless of whether you fell for the trick and ran the file or not, CR compromised people's computers and all their official statementes said was that they "had issues". What kind of incompetence is that? Let people know what the hell happened so they can make sure they haven't been compromised or they can take measures to secure their data, don't just blow it off without explanations for several hours after the fact so you can keep posting dank memes on twitter as if nothing happened.

I don't expect them to do anything outside of aplogizing, let alone give premium months away for free like someone was expecting them to (they can't even fix their video quality and it's been months since that), but this is seriously a red flag for them.

mglittlerobin wrote:
It was the most excuse-laden entitled video I've watched regarding anime piracy, he said that if we all pirated it would force official sites to "innovate". It was the stupidest thing I've heard in awhile, if fans started mass piracy, Crunchyroll, Funimation, Sentai, etc, would just start hiring teams to take down illegal stream links. Netflix has a team and that's all they do.

And it sure has helped erradicate piracy, hasn't it? Oh wait...

Either way, that's a topic for another day and has nothing to do with the thread we're in right now.
Back to top
View user's profile Send private message
TheAncientOne



Joined: 06 Oct 2010
Posts: 1892
Location: USA (mid-south)
PostPosted: Sun Nov 05, 2017 3:39 am Reply with quote
CatSword wrote:

Are you sure? Multiple people said the file automatically downloaded when you went to CR's home page.

It would depend on the configuration of your browser. The browser I normally use for CR prompts me to select the download directory first, which also allows me to cancel any download.

Even if the download was automatic for a user's browser, it still required the user to run the file to do anything.
Back to top
View user's profile Send private message
SageModeKakarot



Joined: 15 Dec 2014
Posts: 302
PostPosted: Sun Nov 05, 2017 5:33 am Reply with quote
it's a good thing i DON'T allow my browser to automatically download things because i tried accessing the site yesterday and it tried to get my to download the player but i'm always dubious of these things and as i had NO word from Cruncyroll about a player app i declined it

good thing i did but it still hasn't stopped my running about 5 scans and cleaning my system twice

i'll be doing it a few more times before i start to use certain sites again too

better safe than sorry

still it really bugs me when people do stuff like this, don't they have better things to do
Back to top
View user's profile Send private message
leafy sea dragon



Joined: 27 Oct 2009
Posts: 7163
Location: Another Kingdom
PostPosted: Sun Nov 05, 2017 12:52 pm Reply with quote
TheAncientOne wrote:
Frankly, the people that downloaded the file are probably the same ones that would fall for a "You need to update your Flash/Java" prompt inserted on a legit website by malicious advertising.


These people also employ psychological tricks that won't work on the savvy but has a good chance of working on those who are not. They know people think the least rationally when they are emotionally overwhelmed, which is why there have been a lot of robocalls as of late with a threatening tone or saying something is their "final notice" or whatnot: They're trying to get people to panic, which is when someone is least capable of thinking rationally.

That being said, people are saying this thing downloads itself automatically and installs itself automatically.

DRosencraft wrote:
One, this is a sad event by a sad individual or group of individuals. More likely than not if they are ever heard from, they will profess to being some sort of social justice seekers, decrying some wrong they feel Crunchyroll is guilty of, and this being their way of bringing attention to it/ hurting Crunchy for it.

Second, asking for compensation is a terrible idea, liable to be a reason someone would do this in the first place, and generally an inspiration for others to take similar actions. I believe that it is bad policy for any company to make such payments. Part of the reason these hackers want to do these sort of things, much like the reason a number of criminals look to commit their various crimes, is the notoriety it gets them; the fame and fortune and glory they're not only able to get from the victim, but the amount they can make the victim bleed - literally and metaphorically. It's a feather in their cap to say, "I made 'Company X' lose this much money when i hacked/DNS/DDoS their website." Unless the company has some actual wrongdoing, I don't think it's appropriate for them to make any compensation or be expected to give compensation, in this sort of situation.


When long-distance scammers are identified and found in person by the police, they always surrender without a fight. This is what happened to Lulz Security in the UK and what happened to the guy behind the deluge of robocalls last year when he was found in Russia. It's not like the Hollywood Hacker, who's ready to push a button and make something bizarre happen to the cops. Of course, finding them in the first place is an incredibly difficult task as these guys hide behind many layers of disguises.

Since this is ransomware, there is undoubtedly a financial incentive for it, though to target Crunchyroll suggests to me some sort of revenge. Crunchyroll has many enemies, from the people they laid off to anime fans bitter about them going legit to people who loathe official localization in general enough to attack it. While there are some in the hacker community who treat these stunts as achievements, I am pretty sure the person behind this wanted Crunchyroll and/or its users to suffer.

DRosencraft wrote:
I think CatSword is right, from everything I've read, and my reading of the ANN article, suggests that the malware is of a particularly aggressive variety that will automatically download, regardless of the user's input. If that really is the case, that would suggest this wasn't just some "random" upset novice, as the terrible grammar and spelling in the fake message suggests. No to go too far down the rabbit hole, but it is entirely possible part of the planning was precisely to use such bad grammar and spelling so as to make people believe the culprit was unsophisticated or not familiar with the English language - perhaps a ploy to cast the blame on someone else.


If that's true, that'd make this a distant relative of that worm distributed by e-mails back in the 90's that spoke about someone's "first game" and that "I hope you will like it." I don't think the perpetrator was ever caught, but the worm itself was too sophisticated to be someone's first attempt at anything.

TheAncientOne wrote:
It would depend on the configuration of your browser. The browser I normally use for CR prompts me to select the download directory first, which also allows me to cancel any download.

Even if the download was automatic for a user's browser, it still required the user to run the file to do anything.


I've had people tell me that the file would automatically download itself while disguised as an error message that won't let you do anything else until the download finishes, which then restarts your computer automatically in order to encrypt the hard drive. Maybe it DOES depend on how you configure your browser. I'm not as adept at computer stuff as you are, but it sounds like you have prioritized security on your browser.

SageModeKakarot wrote:
still it really bugs me when people do stuff like this, don't they have better things to do


If this attack is emotionally motivated, and I am 95% sure it is, then to them, it really IS more important than anything else. People will go to the ends of the earth to do things if it concerns someone or something they love (or hate, but hatred implies love for something else).
Back to top
View user's profile Send private message
Heishi



Joined: 06 Mar 2016
Posts: 1346
PostPosted: Sun Nov 05, 2017 9:58 pm Reply with quote
This is just sickening.

I haven't used my old account in more than a year since I seemed to forget my password or something.

I just hope it doesn't affect everyone that badly. I have to wonder why people hack sites like CR or ANN. Myanimelist would be the first site that comes to my mind when talking about an anime site getting hacked.
Back to top
View user's profile Send private message
TheAncientOne



Joined: 06 Oct 2010
Posts: 1892
Location: USA (mid-south)
PostPosted: Sun Nov 05, 2017 11:06 pm Reply with quote
leafy sea dragon wrote:

That being said, people are saying this thing downloads itself automatically and installs itself automatically.

An automatic download is possible with some browser configurations, but automatically installing is not.

While it is possible in some browsers to immediately run a file (it effectively downloads it to a temporary location and runs it), that requires user interaction. As would the UAC prompt that would pop up on any OS since Vista (at least where the user didn't do something silly like disabling User Access Control).
Back to top
View user's profile Send private message
Zalis116
Moderator


Joined: 31 Mar 2005
Posts: 6900
Location: Kazune City
PostPosted: Mon Nov 06, 2017 1:23 am Reply with quote
Heishi wrote:
I just hope it doesn't affect everyone that badly. I have to wonder why people hack sites like CR or ANN. Myanimelist would be the first site that comes to my mind when talking about an anime site getting hacked.
Probably because these hackers come from the anti-industry segment of the anime viewerbase, which is very well-represented on MAL. ANN and CR are either part of the legitimate industry or vocal advocates of it. Especially with the aforementioned pro-piracy video saying that Crunchyroll needs to be "forced to innovate" through punishment -- it's stochastic terrorism. "Oh, won't someone rid me of this priest?"

Because what better way to turn people away from CR/legal sites and towards bootleg streaming sites (which certainly don't lack for malware issues themselves!), then to hack CR and keep a Big Lie about CR and malware oozing through the anti-industry fever swamps for the foreseeable future? Just look how effective that seventhstyle speculatio-ganza blog post a few years ago was at convincing people of the alleged insignificance of CR's contributions to the industry.
Back to top
View user's profile Send private message My Anime My Manga
Kadmos1



Joined: 08 May 2014
Posts: 13615
Location: In Phoenix but has an 85308 ZIP
PostPosted: Mon Nov 06, 2017 6:23 am Reply with quote
Crunchyroll started out at as fansub streaming site. The great purge of them removing their fansub links happened between mid-November 2008 to 12/31/2008. As pirated streaming sites often have malware, there is some irony that this happened to CR.
Back to top
View user's profile Send private message
leafy sea dragon



Joined: 27 Oct 2009
Posts: 7163
Location: Another Kingdom
PostPosted: Mon Nov 06, 2017 2:39 pm Reply with quote
TheAncientOne wrote:
An automatic download is possible with some browser configurations, but automatically installing is not.

While it is possible in some browsers to immediately run a file (it effectively downloads it to a temporary location and runs it), that requires user interaction. As would the UAC prompt that would pop up on any OS since Vista (at least where the user didn't do something silly like disabling User Access Control).


Could that user interaction be disguised, as something like a prompt to click "OK"? I haven't used Crunchyroll since the hack and I'm on a Mac so I haven't seen it myself, but I've seen some other cases of malware in which they create a fake message for the user (like an error message or a loading message), and I've seen on previous Windows computers I've used something that looks very suspicious and shady but has no cancel option (or it's invisible or behind something that I couldn't find)

Zalis116 wrote:
Probably because these hackers come from the anti-industry segment of the anime viewerbase, which is very well-represented on MAL. ANN and CR are either part of the legitimate industry or vocal advocates of it. Especially with the aforementioned pro-piracy video saying that Crunchyroll needs to be "forced to innovate" through punishment -- it's stochastic terrorism. "Oh, won't someone rid me of this priest?"

Because what better way to turn people away from CR/legal sites and towards bootleg streaming sites (which certainly don't lack for malware issues themselves!), then to hack CR and keep a Big Lie about CR and malware oozing through the anti-industry fever swamps for the foreseeable future? Just look how effective that seventhstyle speculatio-ganza blog post a few years ago was at convincing people of the alleged insignificance of CR's contributions to the industry.


That was one of the reasons I had thought of behind why this would've happened. For those people, they must have some pretty deep grudges against Crunchyroll as it was a former pirate site that went legit--that is, Crunchyroll would be a traitor to them. And if it weren't for how it's the only one to have gone legit so far, I'm sure there would've been lingering feelings of worry of Crunchyroll setting a precedent.
Back to top
View user's profile Send private message
TheAncientOne



Joined: 06 Oct 2010
Posts: 1892
Location: USA (mid-south)
PostPosted: Mon Nov 06, 2017 9:18 pm Reply with quote
leafy sea dragon wrote:

Could that user interaction be disguised, as something like a prompt to click "OK"? I haven't used Crunchyroll since the hack and I'm on a Mac so I haven't seen it myself, but I've seen some other cases of malware in which they create a fake message for the user (like an error message or a loading message), and I've seen on previous Windows computers I've used something that looks very suspicious and shady but has no cancel option (or it's invisible or behind something that I couldn't find)

The browsers I am aware of that allow running a file rather than downloading it are Internet Explorer and Microsoft Edge, and I don't know of any way to present a dialog from the website that could trigger the "run" action instead of download, much less bypass a UAC prompt (which is part of the OS, not the browser).
Back to top
View user's profile Send private message
leafy sea dragon



Joined: 27 Oct 2009
Posts: 7163
Location: Another Kingdom
PostPosted: Mon Nov 06, 2017 10:25 pm Reply with quote
TheAncientOne wrote:
The browsers I am aware of that allow running a file rather than downloading it are Internet Explorer and Microsoft Edge, and I don't know of any way to present a dialog from the website that could trigger the "run" action instead of download, much less bypass a UAC prompt (which is part of the OS, not the browser).


So there's no way for something like this to even be covertly downloaded, even in a way as to trick the user into thinking the permission to download it is something else? (I don't mean tricking the user into thinking the malware is something else, but that clicking "OK" on a dialogue box would start downloading the file.)

I remember seeing a really fishy error message on a computer I used in a previous job. I don't remember how it read, but it had grammatical and spelling mistakes not typical for an error message. It spoke of how there was some malware on the computer and I was asked if I wanted to clean it. Everything but this box was disabled, and clicking "No" just brought up the same dialogue box. I was effectively blocked from doing anything but clicking "Yes," so I hard-restarted the computer.

That's what I mean about the possibility of disguising the permission from the user as something else. For a case like that, would clicking "Yes" start the download and/or running the nasty stuff, or did it already have to be on the computer to do it? It was only a couple of weeks into beginning that job, so it may have been let into the computer from the previous person, but I never saw it again.
Back to top
View user's profile Send private message
TheAncientOne



Joined: 06 Oct 2010
Posts: 1892
Location: USA (mid-south)
PostPosted: Tue Nov 07, 2017 7:20 am Reply with quote
leafy sea dragon wrote:

So there's no way for something like this to even be covertly downloaded, even in a way as to trick the user into thinking the permission to download it is something else? (I don't mean tricking the user into thinking the malware is something else, but that clicking "OK" on a dialogue box would start downloading the file.)

Download, yes. Run, no.
Back to top
View user's profile Send private message
KH91



Joined: 17 May 2013
Posts: 6176
PostPosted: Wed Jan 03, 2018 2:50 pm Reply with quote
Unfortunate that this happened. Hope CR can prevent this better in the future.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Anime News Network Forum Index -> Site-related -> Talkback All times are GMT - 5 Hours
Goto page Previous  1, 2, 3, 4, 5
Page 5 of 5

 


Powered by phpBB © 2001, 2005 phpBB Group