What Happened on September 23/24, 2021?

alpha60 logo

During a 24 hour period in late September, peer to peer activity in the USA for certain serial and film streaming media objects got cut by 90%, and continues this way into the future. Take a look at week-by-week data for the media object The Tomorrow War, where the phenomena was first observed.

Is this a kerfuffle, a temporary wrinkle in torrent hosting, or something simple, like an expired certificate? Could this a problem with an upstream certificates expiring? Perhaps something related to Let’s Encrypt root CA X3 expiration? (Some background at the HTTPS Everywhere expiry.) The Let’s Encrypt expiration on September 30th, so a week *after* the data started showing this issue.

Is this evidence of a takedown? Evidence of takedowns for certain release groups, evidence of some country or countries or agents of corporate media owners doing a new kind of piracy prevention?

Is this a new or existing-but-newly-applied type of network block?

The same phenomena shows up for other time quanta in a more dramatic fasion: days.

If one looks at the bittorrent traffic across all torrents for the media property The Tomorrow War, in the 24 hour period between September 23 and September 24th (CEST) the problem is immediately obvious. On the first day, the USA was the top pirating nation for this media property, with 45k peers over the previous 24 hours. On the next day (September 24th), the USA was the #3 pirating nation, with 4.1k peers: a 90% reduction of peer traffic in a 24 hour time period. Peer traffic volume outside of the USA, notably in Russia, India, and the Philippines is within 95% each day.

This is just one example of this phenomena, there are several other media objects under study that have similar sample results curing this exact time period. What’s even worse: USA based peer traffic after this specific point seems to be supressed as well. (Although samples of media objects that came out after this date appear to be fine.) It’s continuing to impact older torrent traffic in the USA through October and into November, 2021. Strangely, seed counts do not drop as “leeching” peer traffic across both days.

What’s going on? Other network monitoring groups show similar data for bittorent. See iknowwhatyoudownload: Day 84, Day 85.

One thing to check is SSL certificate expiry. In terms of certificate issues, are HTTPS torrents. So, for torrents that show up in the logs as encrypted, look to see if they are disproportionately impacted.

As for looking at specific torrent files…

Looking at the detailed results for the first day –day 84– shows the #1 torrent with the largest number of peers (24k) across all regions to be a synthetic torrent that combines multiple torrent files with the same bittorrent info hash into one unified synthetic torrent by the name of:

(multi-btih-2-2x-The.Tomorrow.War.2021.1080p.NewComers.mkv)

The next day –day 85– that same synthetic torrent to be #5 with (9.5k) peers. Guessing that the logs from this torrent or inputs to this synthetic torrent may show explicit errors that shed light on these results.

As an aside, here are the details for the sample of the media objects: The Tomorrow War. There are 275 unique torrent files, and 253 unique BTIH values amongst those 275 files. Of the individual torrent files:

  1. (The Tomorrow War (2021) [1080p] [WEBRip] [5.1] [YTS.MX]), had 22k then 23.7k peers on these days. No impact.
  2. (The Tomorrow War (2021) [720p] [WEBRip] [YTS.MX), had 18k then 17.5k peers on these days. No discernable impact, again.
  3. (The.Tomorrow.War.2021.1080p.AMZN.WEB-DL.DDP5.1.X.264-EVO), 14k peers then 2k peers, bingo. This.
  4. (www.1TamilMV.pw – THE TOMORROW WAR (2021) TRUE WEB-DL – 4K HDR – (DD+5.1 – 640Kbps) [Tam + Tel + Hin + Eng] – ESub.mkv), 10k peers then 926. bingo, This.