[...] These keyservers are computers which store and index OpenPGP keys over the Internet. This helps users who rely on encrypted email, for example. The servers generally share the keys amongst each other in a pool and uploaded keys generally can’t be removed.

The permanent storage of keys generally isn’t an issue. However, when the system is used as a stealth resource to store magnet links to pirated content, this resilience is put in a different light.

This is exactly what happened.

A few weeks ago a series of rather odd, but valid, PGP keys were uploaded to SKS keyservers. These keys were not meant to encrypt email though, but as a safe storage for torrent magnet links.

As a result, popular keyservers, including the ones hosted by research university MIT and Surfnet, have transformed into pirate sites.

The magnet links, most of which point to pirated content, were added in the UID field. In examples we’ve seen, sometimes there were a hundred magnet links added to a single key entry. And with the search functionality of the keyservers, these are easy to find.