[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"After Being Cut From Norway, The Pirate Bay Returns From North Korea" or is it just BGP Tricks

The Pirate Bay have released a press release that they are now hosted
out of North Korea:

"The Pirate Bay has been hunted in many countries around the world.
....This is truly an ironic situation. We have been fighting for a
free world, and our opponents are mostly huge corporations from the
United States of America, a place where freedom and freedom of speech
is said to be held high......
...We believe that being offered our virtual asylum in Korea is a
first step of this country's changing view of access to


But there is a lot of debate on Reddit that they are not really in
North Korea and just doing some BGP trickery:

"Anyone can hijack an AS number and not cause any issues for the real
user ? In this case The Pirate Bay set up a Sat dish in Phenom Penh,
Cambodia ? Intelsat gives them a BGP session there.

The peer net for BGP handoff is, .216 is Intelsats
side and .217 is The Pirate Bay?s.
One can use ANY IP they wish for these handoffs, internal, their own,
?hijacked? ? In this case The Pirate Bay ?hijacked? 2 IPs from the
North Korean network which does not matter for them as this is only
acessible from their side, not from the internet.

TBP then injected AS131279 as peer in the upstream table ? so it does
not look like this:

 AS22351 ? AS51040

But instead:

 AS22351 ? AS131279 ? AS51040

This is possible because either Intelsat does not filter BGP
announcements (unlikely) or TBP wrote a fake LOA for this AS (likely).

Now as we traceroute the TBP IP we see the /30 subnet used for the
handoff in Phenom Penh, which is why TPB says it is in North Korea ?
The ICMP (ping) reply from the IP makes it seem legit but does
actually come from and entirely different network (aka the real
Star-KP network).

(Theres some more but i spare you that as it is pretty technological ?
for example that AS131279 does not hand over AS51040 routes to


Anybody have an input on this and able to confirm or deny the claims
of BGP Hijacking?



LOAD "*",8,1