The Darker Side of Cloud Computing


Internet piracy is a major problem that costs the software, movie and music industries billions of dollars each year. Many people download copyrighted content because it is seen as being socially acceptable, but the most compelling reason is simply that it is very easy to do. This is thanks to, or the fault of (depending on which side you’re on), torrent websites which make finding and obtaining this content easier and of course cheaper than the alternative legal methods.

One of these websites and arguably the most notorious of the lot is ‘The Pirate Bay’. The Pirate Bay launched in September 2003 and quickly grew to become the go-to place for all your digital content needs. The website does not actually store any copyrighted content that its users are trying to download, but it is providing an easy way for people to share these files in the form of torrents and does not remove or filter out copyrighted content. This is why the website is deemed “illegal”.

After ignoring numerous requests by copyright holders to remove certain content from the site, on the 31st of May 2006, 65 police officers raided the data centre in Stockholm where it was hosted and brought the website down. It only took The Pirate Bay 3 days to find new servers and bring it back online, but it was still vulnerable to being raided again. So, how do you make a website ‘raid proof’?

This is where the cloud comes in. The company moved the site onto cloud hosted virtual machines scattered around the globe. These machines sit behind a load balancer which means none of their IP addresses are publicly visible. No one other than The Pirate Bay themselves know where these machines are hosted. The cloud providers hosting them don’t even know they are doing so. The load balancer sits behind a transit router which is in a different country. The entry point for the site is US based CloudFlare, a content delivery network. To get the actual IP address of the transit router police would need to first subpoena CloudFlare to give it up.

If law enforcement does this, finds where the transit router is, follows the trail to the next country to find the load balancer which in turn can tell them where in the cloud the website is actually hosted, they will be able to shut the site down in its entirety. This is not a quick process though, (i.e. hopping between the legal procedures of different countries to organise raids or have demands sent to cloud providers to terminate their hosting). By the time they get to the end of the trail, the site would have been redeployed to different cloud providers with the load balancer and transit router sitting in two new countries with a different government that needs to be told to take them down. The time it takes to find and shut down the site is far greater than the time it takes for the Pirate Bay team to fire up a new copy.

Why not just shut down the domain name then? Well this has happened. A lot. Starting with their main domain, ‘.se’, but there are a lot of domains that are controlled by a lot of different governments and organisations and The Pirate Bay owns a significant number of them. As soon as one gets shut down they just let everyone know about the next one on external forums. Alternatively, a simple google search will let you know where to go.

The Pirate Bay’s resilience, although bad in the eyes of governments and copywriters, is undeniably impressive, but this ability to keep a site running even though it is deemed illegal in many jurisdictions becomes scary when you think about it being applied to websites that have been previously restricted to the less easily available dark web, such as child porn sites or the now shut down drug market place, Silk Road. The only difference that sites like these would face would be that search engines wouldn’t list them in their results, but just like it happened to The Pirate Bay on the public web and to Silk Road on the dark web, all it takes is one mainstream media story about the site and then suddenly everyone knows about it.