How Do You Hijack a Popular Streaming Movie Site? With Ease, Apparently
August 18, 2013
Earlier this week we published an article on the quite puzzling situation surrounding one of the world’s largest streaming movie sites.
In a nutshell, some time ago LetMeWatchThis changed its name to 1Channel. Then more recently it changed back again after the 1Channel domain was hijacked. After more shenanigans the site changed its domain to PrimeWire.ag and then this week, reportedly changed to Vodly.to
After receiving lots of emails on the topic, mostly asking which is the real site, we have now unraveled the mystery. We can confirm that of the domains currently operating, PrimeWire.ag and LetMeWatchThis.ch are ‘real’ and the others should all be disregarded as either dead or fake.
So what on earth has been going on?
On Friday, TorrentFreak managed to get in touch with the admin of the real sites who told us a quite astonishing story of how his domains were stolen from under his nose – not once, not twice, but an amazing three times.
It all started off a year ago when the site was operating from LetMeWatchThis.com, a domain that was hijacked and now diverts to WatchFreeMovies.com, a clone site presumably operated by the hijackers.
Then in May, after the site had moved to the replacement 1Channel.ch, that domain was also hijacked. LetMeWatchThis.ch, yet another replacement, suffered the same fate. This week PrimeWire.ag, the latest substitute domain, was hijacked too but is now back in safe hands.
So is poor security on the admin’s side to blame here or are there other factors at play? Apparently, domain name registrars are very easy to fool if you know how.
“The state of domain registrars is simply terrible,” the PrimeWire admin explains.
“We have had three domains hijacked from three separate registrars in the past two years. Every single registrar was given very specific instructions to prevent these hijackings, however every single one simply handed over the domain based on badly doctored ‘proof’, completely disregarding the warning given to them in regards to scenarios exactly like this.”
So how exactly are the registrars being convinced to hand over domains to impostors?
“This is actually a scary thing, since you can pretty much gain control (at least temporarily) of any domain you choose by pretending to be the owner of the domain,” our admin reveals.
“You don’t have to have access to any emails, passwords, or any other credentials. You simply grab the information from the WHOIS, write a letter with an attached photo-shopped ID with the same name, send it from a random email address, and the domain will be handed to you fairly quickly.”
So what can be done to avoid having your domain taken?
“Domains with no WHOIS at all (.to .so, etc) or protected WHOIS would probably do the trick, however after seeing how registrars just hand over domains without warning to random people, I wouldn’t bet on this 100% either,” the admin says.
“I think the best thing to do is build a strong community on the site, which cannot be stolen, and they will always keep the site alive no matter how many name changes it goes though,” he concludes.
So finally, the wrap up users of the sites have been waiting for:
LetMeWatchThis.com – Hijacked in 2012, still hijacked – AVOID
LetMeWatchThis.ch – Hijacked in 2013, now retrieved – BACK IN SAFE HANDS
1Channel.ch – Hijacked in 2013, now frozen – FROZEN
Vodly.to – Owned by hijackers – AVOID
PrimeWire.ag – Hijacked in 2013, now retrieved – BACK IN SAFE HANDS (Official site)