Torrent poisoning

Last updated

Torrent poisoning is intentionally sharing corrupt data or data with misleading file names using the BitTorrent protocol. This practice of uploading fake torrents is sometimes carried out by anti-infringement organisations as an attempt to prevent the peer-to-peer (P2P) sharing of copyrighted content, and to gather the IP addresses of downloaders. [1]

Contents

Methods of attack

Decoy insertion

Decoy insertion (or content pollution) is a method by which corrupted versions of a particular file are inserted into the network. This deters users from finding an uncorrupted version and also increases distribution of the corrupted file. [2] A malicious user pollutes the file by converting it into another format that is indistinguishable from uncorrupted files (e.g. it may have similar or same metadata). In order to entice users to download the decoys, malicious users may make the corrupted file available via high bandwidth connections. [3] This method consumes a large amount of computing resources since the malicious server must respond to a large quantity of requests. [4] As a result, queries return principally corrupted copies such as a blank file or executable files infected with a virus. [5] There were known cases when a company had created a special version of a game and published it on file sharing services advertising it as cracked, having undocumented hidden functionality, making it impossible to win this variant of the game.

Index poisoning

This method targets the index found in P2P file sharing systems. The index allows users to locate the IP addresses of desired content. Thus, this method of attack makes searching difficult for network users. The attacker inserts a large amount of invalid information into the index to prevent users from finding the correct resource. [3] Invalid information could include random content identifiers or fake IP addresses and port numbers. [5] When a user attempts to download the corrupted content, the server will fail to establish a connection due to the large volume of invalid information. Users will then waste time trying to establish a connection with bogus users thus increasing the average time it takes to download the file. [3] The index poisoning attack requires less bandwidth and server resources than decoy insertion. Furthermore, the attacker does not have to transfer files nor respond to requests. For this reason, index poisoning requires less effort than other methods of attack. [4]

Spoofing

Some companies that disrupt P2P file sharing on behalf of content providers create their own software in order to launch attacks. MediaDefender has written their own program which directs users to non-existent locations via bogus search results. As users typically select one of the top five search results only, this method requires users to persevere beyond their initial failed attempts to locate the desired file. [6] The idea is that many users will simply give up their search through frustration.

Interdiction

This method of attack prevents distributors from serving users and thus slows P2P file sharing. The attacker's servers constantly connect to the desired file, which floods the provider's upstream bandwidth and prevents other users from downloading the file. [6]

Selective content poisoning

Selective content poisoning (also known as proactive or discriminatory content poisoning) attempts to detect copyright violators while allowing legitimate users to continue to enjoy the service provided by an open P2P network. The protocol identifies a peer with its endpoint address while the file index format is changed to incorporate a digital signature. A peer authentication protocol can then establish the legitimacy of a peer when she downloads and uploads files. Using identity based signatures, the system enables each peer to identify infringing users without the need for communication with a central authority. The protocol then sends poisoned chunks to these detected users requesting a copyright protected file only. If all legitimate users simply deny download requests from known infringers, the latter can usually accumulate clean chunks from colluders (paid peers who share content with others without authorization). However, this method of content poisoning forces illegitimate users to discard even clean chunks, prolonging their download time. [7]

Voluntary Collective Licensing and the Open Music Model are theoretical systems where users pay a subscription fee for access to a file-sharing network, and are able to legally download and distribute copyright content. [8] Selective content poisoning could potentially be used here to limit access to legitimate and subscribed users, by providing poisoned content to non-subscribed users who attempt to illegitimately use the network. [9]

Eclipse attack

The eclipse attack (also known as routing-table poisoning), instead of poisoning the network, targets requesting peers directly. In this attack, the attacker takes over the peer's routing table so that they are unable to communicate with any other peer except the attacker. As the attacker replicates the whole network for the targeted peer, they can manipulate them in a number of ways. For example, the attacker can specify which search results are returned. The attacker can also modify file comments. The peer's requests can also be directed back into the network by the attacker and can also be modified. It also checks data randomly for any errors found in that. [10]

Uncooperative-peer attack

In this attack, the attacker joins the targeted swarm and establishes connections with many peers. However, the attacker never provides any chunks (authentic or otherwise) to the peers. A common version of this attack is the "chatty peer" attack. The attacker establishes connection with targeted peers via the required handshake message, followed by a message advertising that they have a number of available chunks. Not only does the attacker never provide any chunks, they also repeatedly resend the handshake and message. These attacks prevent downloads as, essentially, the peer wastes time dealing with the attacker, instead of downloading chunks from others. [11]

Barriers to torrent poisoning

There are several reasons why content providers and copyright holders may not choose torrent poisoning as a method for guarding their content. First, before injecting decoys, content providers have to normally monitor the BitTorrent network for signs that their content is being illegally shared (this includes watching for variations of files and files in compressed formats).

This process can be expensive and time-consuming. As a result, most poisoning is only continued for the first few months following a leak or release. [6] Second, it is also unlikely that torrent poisoning can be successful in disrupting every illegal download.

Instead, the aim of content providers is to make illegal downloads statistically less likely to be clean and complete, in the hope that users will be discouraged from illegally downloading copyright material. Content providers and copyright holders may decide that the financial outlay is not worth the end result of their efforts.

Countermeasures

The methods of attack described above are not particularly effective on their own, as for each measure effective countermeasures have evolved. These measures must be combined in order to have a significant impact on illegal peer-to-peer filesharing using BitTorrent protocols and Torrent files.

In September 2004, Altnet sued the Recording Industry Association of America, Overpeer, Loudeye, MediaSentry and others, claiming that their spoofing services violated Altnet's patent for a file identification method called TrueNames. [13] [14]

In 2005 the Finnish anti-infringement organisation Viralg claimed that their software, which uses a similar approach to spoofing, could be used to bring an end to illegal P2P file sharing. [13] The firm offered "total blocking of peer 2 peer sharing for your intellectual property" and claimed that its "patented virtual algorithm blocks out all illegal swapping of your data". [15] as well as claiming that their approach was 99% effective. [13] Despite these claims, the algorithm has not yet been tested with BitTorrent. [16] A group of Finnish musicians requested an investigation into the company, arguing that their software was effectively a virus and was in violation of Finnish law. The investigation was declined by Finnish police, and later by the Finnish parliamentary ombudsman. [17]

In some jurisdictions, there were concerns that content providers and copyright holders engaging in poisoning activities may be held liable for damages to users' computers. In the US in 2002, Representative Howard Berman proposed the Peer To Peer Piracy Prevention Act, which would have granted immunity to copyright holders for taking steps to prevent the illegal distribution of their content (i.e. poisoning activities) on P2P networks, as long as they did not go as far as to harm the files stored on a P2P user's computer. [18] [19] However, the bill died later in 2002 when the Congressional Term ended and has not been reintroduced. [20]

High-profile cases

In 2005, it was reported that HBO was poisoning torrents of its show Rome by providing chunks of garbage data to users. [21] HBO were also reported to have sent cease-and-desist letters to the Internet service providers (ISPs) of downloaders they believe have illegally downloaded episodes of The Sopranos .

Although not targeted specifically at BitTorrent, Madonna's 2003 album American Life was an early example of content poisoning. Before the release of the album, tracks that appeared to be of similar length and file size to the real album tracks were leaked by the singer's record label. The tracks featured only a clip of Madonna saying "What the fuck do you think you're doing?" followed by minutes of silence. [22] [23]

Similarly, the band Barenaked Ladies released a number of tracks online in 2000 that appeared to be legitimate copies of tracks from the band's latest album. Each file contained a short sample of the song, followed by a clip of a band member saying, "Although you thought you were downloading our new single, what you were actually downloading is an advertisement for our new album.” [24]

After an unauthorized copy of Michael Moore's movie Sicko was uploaded online, it became a hit on P2P websites such as Pirate Bay. MediaDefender was hired to poison torrents using decoy insertion. [25]

In an example of Internet vigilantism, anti-infringement vigilantes have been known to create viruses that are distributed exclusively via P2P networks, and are designed to attack mp3s and other music files stored on a user's PC. The Nopir-B worm, which originated in France, poses as a DVD copying program and deletes all the mp3 files on a user's computer, regardless of whether or not they were legally obtained. [13] [26]

On 19 October 2007 Associated Press (AP) released information accusing the broadband service provider Comcast of "hindering" P2P file sharing traffic. [27] Tests conducted by AP have shown that Comcast hindered the uploading of complete files to BitTorrent. The Federal Communications Commission conducted public hearings in response to the allegations. Comcast argued that it was regulating network traffic to enable reasonable downloading times for the majority of users. [28] On 21 August 2008 the FCC issued an order which stated that Comcast's network management was unreasonable and that Comcast must terminate the use of its discriminatory network management by the end of the year. Comcast complied with the order and appealed. On 6 June 2010, the District Court of Appeals for the Columbia vacated the FCC order in Comcast Corp. v. FCC.

See also

Related Research Articles

<span class="mw-page-title-main">Peer-to-peer</span> Type of decentralized and distributed network architecture

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of nodes.

Uploading refers to transmitting data from one computer system to another through means of a network. Common methods of uploading include: uploading via web browsers, FTP clients], and terminals (SCP/SFTP). Uploading can be used in the context of clients that send files to a central server. While uploading can also be defined in the context of sending files between distributed clients, such as with a peer-to-peer (P2P) file-sharing protocol like BitTorrent, the term file sharing is more often used in this case. Moving files within a computer system, as opposed to over a network, is called file copying.

eDonkey2000

eDonkey2000 was (is) a peer-to-peer file sharing application developed by US company MetaMachine, using the Multisource File Transfer Protocol. It supported both the eDonkey2000 network and the Overnet network.

BitTorrent, also referred to as simply torrent, is a communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a decentralized manner. The protocol is developed and maintained by Rainberry, Inc., and was first released in 2001. A 2004 study by Cachelogic found that one third of all internet traffic was BitTorrent traffic.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

Broadcatching is the downloading of digital content that has been made available over the Internet using RSS.

MediaDefender, Inc. was a company that fought copyright infringement that offered services designed to prevent alleged copyright infringement using peer-to-peer distribution. They used unusual tactics such as flooding peer-to-peer networks with decoy files that tie up users' computers and bandwidth. MediaDefender was based in Los Angeles, California in the United States. As of March 2007, the company had approximately 60 employees and used 2,000 servers hosted in California with contracts for 9 Gbit/s of bandwidth.

The eDonkey Network is a decentralized, mostly server-based, peer-to-peer file sharing network created in 2000 by US developers Jed McCaleb and Sam Yagan that is best suited to share big files among users, and to provide long term availability of files. Like most sharing networks, it is decentralized, as there is no central hub for the network; also, files are not stored on a central server but are exchanged directly between users based on the peer-to-peer principle.

A BitTorrent tracker is a special type of server that assists in the communication between peers using the BitTorrent protocol.

<span class="mw-page-title-main">Peer-to-peer file sharing</span> Data distribution using P2P networking technology

Peer-to-peer file sharing is the distribution and sharing of digital media using peer-to-peer (P2P) networking technology. P2P file sharing allows users to access media files such as books, music, movies, and games using a P2P software program that searches for other connected computers on a P2P network to locate the desired content. The nodes (peers) of such networks are end-user computers and distribution servers.

<span class="mw-page-title-main">Tribler</span> Peer-to-peer filesharing software and protocol

Tribler is an open source decentralized BitTorrent client which allows anonymous peer-to-peer by default. Tribler is based on the BitTorrent protocol and uses an overlay network for content searching. Due to this overlay network, Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use instead of diversity of features. Tribler is available for Linux, Windows, and OS X.

The following is a general comparison of BitTorrent clients, which are computer programs designed for peer-to-peer file sharing using the BitTorrent protocol.

This is a glossary of jargon related to peer-to-peer file sharing via the BitTorrent protocol.

File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia, program files, documents or electronic books/magazines. It involves various legal aspects as it is often used to exchange data that is copyrighted or licensed.

<span class="mw-page-title-main">Legal issues with BitTorrent</span>

The use of the BitTorrent protocol for the unauthorized sharing of copyrighted content generated a variety of novel legal issues. While the technology and related platforms are legal in many jurisdictions, law enforcement and prosecutorial agencies are attempting to address this avenue of copyright infringement. Notably, the use of BitTorrent in connection with copyrighted material may make the issuers of the BitTorrent file, link or metadata liable as an infringing party under some copyright laws. Similarly, the use of BitTorrent to procure illegal materials could potentially create liability for end users as an accomplice.

File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia, documents or electronic books. Common methods of storage, transmission and dispersion include removable media, centralized servers on computer networks, Internet-based hyperlinked documents, and the use of distributed peer-to-peer networking.

In the BitTorrent file distribution system, a torrent file or meta-info file is a computer file that contains metadata about files and folders to be distributed, and usually also a list of the network locations of trackers, which are computers that help participants in the system find each other and form efficient distribution groups called swarms. Torrent files are normally named with the extension .torrent.

File sharing in the United Kingdom relates to the distribution of digital media in that country. In 2010, there were over 18.3 million households connected to the Internet in the United Kingdom, with 63% of these having a broadband connection. There are also many public Internet access points such as public libraries and Internet cafes.

Copyright Alert System (CAS) was a voluntary industry effort to educate and penalize internet users who engage in the unauthorized and unlawful distribution of copyrighted works via peer-to-peer file sharing services. The program was operated by the Center for Copyright Information, a consortium consisting of the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and the internet service providers AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon.

File sharing in Japan is notable for both its size and sophistication.

References

  1. Cuevas, R. et al. (2010) Is Content Publishing in BitTorrent Altruistic or Profit-Driven? Archived 5 February 2022 at the Wayback Machine . Proceedings of the 6th International Conference on emerging Networking EXperiments and Technologies (ACM CoNEXT 2010). Philadelphia, USA. 30 November - 3 December 2010.
  2. Luo et al (2009). An Effective Early Warning Scheme against Pollution Dissemination for Bittorrent Archived 5 February 2022 at the Wayback Machine . In: Global Telecommunications Conference, 2009. Honolulu, 30 November – 4 December. New Jersey: IEEE. pp. 1 -7.
  3. 1 2 3 Kong, J. et al (2010). A Study of Pollution on Bittorrent Archived 5 February 2022 at the Wayback Machine . In: The 2nd International Conference on Computer and Automation Engineering. Singapore, 26–28 February 2010. New Jersey: IEEE. pp. 118-122.
  4. 1 2 Kong, J. et al (2010) The Evaluation of Index Poisoning in BitTorrent. In: D. Wen. et al (eds). Proceedings of the Second International Conference on Communication Software and Networks. Singapore. 26–28 February 2010. New Jersey: IEEE. pp. 382-386.
  5. 1 2 Santos et al (2010). Choking Polluters in Bittorrent File Sharing Communities Archived 5 February 2022 at the Wayback Machine . Network Operations and Management Symposium (NOMS) 2010. Osaka, 19–23 April 2010. New Jersey: IEEE. pp. 559-566.
  6. 1 2 3 Anderson, N. (2007). Peer-to-peer poisoners: A tour of MediaDefender Archived 5 May 2012 at the Wayback Machine . Ars Technica. Retrieved 2011-03-30.
  7. 1 2 Lou, X. and Hwang, K. (2009) Collusive Piracy Prevention in P2P Content Delivery Networks Archived 5 February 2022 at the Wayback Machine . IEEE Transactions on Computers. 58 (7) pp. 970-983.
  8. von Lohmann, F. (2008) A Better Way Forward: Voluntary Collective Licensing of Music File Sharing Archived 19 January 2022 at the Wayback Machine . Electronic Frontier Foundation. Retrieved 2011-04-22.
  9. Lou, X., Hwang, K. and Zhou, R. (2007) Integrated Copyright Protection in Peer-to-Peer Networks Archived 5 February 2022 at the Wayback Machine . In: 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07). Toronto, Canada. 22–29 June 2007. p. 28
  10. Locher, T. et al. (2010) Poisoning the Kad Network Archived 5 February 2022 at the Wayback Machine . In: Kant, K. et al (eds). Distributed Computing and Networking. Heidelberg: Springer. pp. 195-206.
  11. Dhungel, P. et al. (2008) A Measurement Study of Attacks On Bittorrent Leechers. In: Proceedings of the 7th International Conference on Peer-To-Peer Systems (IPTPS ’08). Tampa Bay, Florida. 25–26 February 2008. Berkeley: USENIX. p.7.
  12. Lou, X. & Hwang, K. (2006). Adaptive Content Poisoning To Prevent Illegal File Distribution in P2P Networks Retrieved 2011-03-21.
  13. 1 2 3 4 Bruno, A. (2005) Viralg Touts P2P Solution. Billboard. 117 (20). p. 10. Retrieved 2011-04-23
  14. Cowley, S. (2004) Altnet Fights Back, Sues RIAA [ permanent dead link ]. PCWorld. Retrieved 2011-04-23.
  15. Viralg homepage Archived 2 February 2011 at the Wayback Machine . Retrieved 2011-04-23
  16. Ingram, M. (2005) Slyck News - Claim to End 99% of Illegal Trading Archived 10 June 2011 at the Wayback Machine . Slyck. Retrieved 2011-04-23.
  17. Viralg
  18. Berman, H.L. (2002) The Truth About the Peer to Peer Piracy Prevention Act: Why Copyright Owner Self-Help Must Be Part Of The P2P Piracy Solution Archived 3 June 2011 at the Wayback Machine . FindLaw. Retrieved 2001-04-23.
  19. Garrity, B. (2003) Spoofing Continues To Grow. Billboard. 115 (20). p. 7. Retrieved 2011-04-23.
  20. 33 Sw. U. L. Rev. 397 (2003-2004). The Piracy Prevention Bill, H.R. 5211: The Second Generation's Answer to Copyright Infringement over Peer-to-Peer Networks. Pesta, Kristine
  21. Torkington, N. (2005). HBO Attacking BitTorrent Archived 23 July 2008 at the Wayback Machine . O'Reilly Radar. Retrieved 2011-03-31
  22. BBC News (2003). Madonna swears at music pirates Archived 5 February 2022 at the Wayback Machine . Retrieved 2011-03-30.
  23. The Smoking Gun (2003). Hacked: Madonna's Web Site Defaced Archived 3 March 2016 at the Wayback Machine . Retrieved 2011-03-30.
  24. Murray, B.H. (2004) Defending the brand: aggressive strategies for protecting your brand in the online arena. AMACOM Books. p. 119. Retrieved 2011-04-23.
  25. Brodesser-Akner, C. (2007) After pirates steal "Sicko," Weinsteins deploy decoys; people hunting for new Moore movie might find advertising instead Archived 14 July 2011 at the Wayback Machine . Advertising Age. 18 June 2007. p. 3. Retrieved 25 April 2011.
  26. Sophos. (2005) Nopir worm fights pirates by wiping MP3 music files, Sophos reports Archived 23 June 2011 at the Wayback Machine . retrieved 2011-04-23.
  27. Associated Press. (2007) Consumer groups ask FCC to fine Comcast Archived 23 September 2020 at the Wayback Machine . msnbc.com. Retrieved 25 April 2011.
  28. Roth, D. (2009) The dark lord of broadband. Wired. 17 (2) p.54.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.