Torrent poisoning is the act of intentionally sharing corrupt data or data with misleading file names using the BitTorrent protocol. This practice of uploading fake torrents is sometimes carried out by anti-piracy organisations as an attempt to prevent the peer-to-peer (P2P) sharing of copyrighted content, and to gather the IP addresses of downloaders.[1] It can also be carried out by BitTorrent users in order to "free-ride", using clients such as BitThief. Using this method, users are able to download content via BitTorrent without contributing reciprocal uploads.[2]
Contents |
Decoy insertion (or content pollution) is a method by which corrupted versions of a particular file are inserted into the network. This deters users from finding an uncorrupted version and also increases distribution of the corrupted file.[3] A malicious user pollutes the file by converting it into another format that is indistinguishable from uncorrupted files (e.g. it may have similar or same metadata). In order to entice users to download the decoys, malicious users may make the corrupted file available via high bandwidth connections.[4] This method consumes a large amount of computing resources since the malicious server must respond to a large quantity of requests.[5] As a result, queries return principally corrupted copies such as a blank file or executable files infected with a virus.[6]
This method targets the index found in P2P file sharing systems. The index allows users to locate the IP addresses of desired content. Thus, this method of attack makes searching difficult for network users. The attacker inserts a large amount of invalid information into the index to prevent users from finding the correct resource.[4] Invalid information could include random content identifiers or fake IP addresses and port numbers.[6] When a user attempts to download the corrupted content, the server will fail to establish a connection due to the large volume of invalid information. Users will then waste time trying to establish a connection with bogus users thus increasing the average time it takes to download the file.[4] The index poisoning attack requires less bandwidth and server resources than decoy insertion. Furthermore, the attacker does not have to transfer files nor respond to requests. For this reason, index poisoning requires less effort than other methods of attack.[5]
Some companies that disrupt P2P file sharing on behalf of content providers create their own software in order to launch attacks. MediaDefender have written their own program which directs users to non-existent locations via bogus search results. As users typically select one of the top five search results only, this method requires users to persevere beyond their initial failed attempts to locate the desired file.[7] The idea is that many users will simply give up their search because of frustration.
This method of attack prevents distributors from serving users and thus slows P2P file sharing. The attacker’s servers constantly connect to the desired file, which floods the provider’s upstream bandwidth and prevents other users from downloading the file.[7]
Swarming (or the fake-block-attack) is another method that aims to slow down user downloads. The attacker advertises to the swarm that they have all or the majority of the file pieces. As a result, users overestimate the ease with which they can download a file quickly. The swarm is also compromised because seeders may quit the swarm, believing that there are enough seeders to satisfy the request. Instead of providing legitimate file pieces, attackers provide pieces that are empty or contain static.[7] If a user downloads one or more pieces from the attacker, the download will fail and the user will be forced to repeat the process again.[4] The network will usually discard useless data but this method succeeds because it slows user downloads.
Selective content poisoning (also known as proactive or discriminatory content poisoning) attempts to detect pirates while allowing legitimate users to continue to enjoy the service provided by an open P2P network. The protocol identifies a peer with its endpoint address while the file index format is changed to incorporate a digital signature. A peer authentication protocol can then establish the legitimacy of a peer when they download and upload files. Using identity based signatures, the system enables each peer to identify pirates without the need for communication with a central authority. The protocol then sends poisoned chunks to detected pirates requesting a copyright protected file only. If all legitimate users simply deny download requests from known pirates, pirates could usually accumulate clean chunks from colluders (paid peers who share content with others without authorization). However, this method of content poisoning forces pirates to discard even clean chunks, prolonging their download time.[8]
Voluntary Collective Licensing and the Open Music Model are theoretical systems where users pay a subscription fee for access to a file-sharing network, and are able to legally download and distribute copyright content.[9] Selective content poisoning could potentially be used here to limit access to legitimate and subscribed users, by providing poisoned content to non-subscribed users who attempt to illegitimately use the network.[10]
The eclipse attack (also known as routing-table poisoning), instead of poisoning the network, targets requesting peers directly. In this attack, the attacker takes over the peer’s routing table so that they are unable to communicate with any other peer except the attacker. As the attacker replicates the whole network for the targeted peer, they can manipulate them in a number of ways. For example, the attacker can specify which search results are returned. The attacker can also modify file comments. The peer’s requests can also be directed back into the network by the attacker and can also be modified.It also checks data randomly for any errors found in that.[11]
In this attack, the attacker joins the targeted swarm and establishes connections with many peers. However, the attacker never provides any chunks (authentic or otherwise) to the peers. A common version of this attack is the "chatty peer" attack. The attacker establishes connection with targeted peers via the required handshake message, followed by a message advertising that they have a number of available chunks. Not only does the attacker never provide any chunks, they also repeatedly resend the handshake and message. These attacks prevent downloads as, essentially, the peer wastes time dealing with the attacker, instead of downloading chunks from others.[12]
There are several reasons why content providers and copyright holders may not choose torrent poisoning as a method for guarding their content. First, before injecting decoys, content providers will normally monitor the BitTorrent network for signs that their content is being illegally shared (this includes watching for variations of files and files in compressed formats). This process can be expensive and time-consuming. As a result, most poisoning is only continued for the first few months following a leak or release.[7] Second, it is also unlikely that torrent poisoning can be successful in disrupting every illegal download. Instead, the aim of content providers is to make illegal downloads statistically less likely to be clean and complete, in the hope that users will be discouraged from illegally downloading copyright material. Content providers and copyright holders may decide that the financial outlay is not worth the end result of their efforts.
The methods of attack described above are not particularly effective on their own. These measures must be combined in order to have a significant impact on illegal peer-to-peer filesharing on BitTorrent. Additionally, BitTorrent is highly resistant to content poisoning (as opposed to index poisoning), as it is able to verify individual file chunks.[13] Overall, BitTorrent is one of the most resistant P2P filesharing methods to poisoning.[8]
In September 2004, Altnet sued the Recording Industry Association of America, Overpeer, Loudeye, MediaSentry and others, claiming that their spoofing services violated Altnet's patent for a file identification method called TrueNames.[14][15]
In 2005 the Finnish anti-piracy organisation Viralg claimed that their software, which uses a similar approach to spoofing, could be used to bring an end to illegal P2P file sharing.[14] The firm offered "total blocking of peer 2 peer sharing for your intellectual property" and claimed that its "patented virtual algorithm blocks out all illegal swapping of your data".[16] as well as claiming that their approach was 99% effective.[14] Despite these claims, the algorithm has not yet been tested with BitTorrent.[17] A group of Finnish musicians requested an investigation into the company, arguing that their software was effectively a virus and was in violation of Finnish law. The investigation was declined by Finnish police, and later by the Finnish parliamentary ombudsman.[18]
In some jurisdictions, there have been concerns that content providers and copyright holders engaging in poisoning activities may be held liable for damages to user's computers. In the USA in 2002, Representative Howard Berman proposed the Peer To Peer Privacy Prevention Act, which would have granted immunity to copyright holders for taking steps to prevent the illegal distribution of their content (i.e. poisoning activities) on P2P networks, as long as they did not go as far as to harm the damage files stored on a P2P user's computer.[19][20] However, the Bill died later in 2002 when the Congressional Term ended and has not been reintroduced.[21]
In 2005 it emerged that HBO was poisoning torrents of its show Rome by providing chunks of garbage data to users.[22] HBO were also reported to have sent cease-and-desist letters to the Internet Service Providers (ISPs) of downloaders they believe have illegally downloaded episodes of The Sopranos
Although not targeted specifically at BitTorrent, Madonna's American Life album was an early example of content poisoning. Before the release of the album, tracks that appeared to be of similar length and file size to the real album tracks were leaked by the singer's record label. The tracks featured only a clip of Madonna saying "What the f**k do you think you're doing?" followed by minutes of silence.[23][24]
Similarly, the band Barenaked Ladies released a number of tracks online in 2000 that appeared to be legitimate copies of tracks from the band's latest album. Each file contained a short sample of the song, followed by a clip of a band member saying, "Although you thought you were downloading our new single, what you were actually downloading is an advertisement for our new album.”[25]
After a pirated copy of Michael Moore’s movie Sicko was uploaded online, it became a hit on P2P websites such as Pirate Bay. MediaDefender was hired to poison torrents using decoy insertion.[26]
In an example of internet vigilantism, anti-piracy vigilantes have been known to create viruses that are distributed exclusively via P2P networks, and are designed to attack mp3s and other music files stored on a user's PC. The Nopir-B worm, which originated in France, poses as a DVD copying program and deletes all the mp3 files on a user's computer, regardless of whether or not they were legally obtained.[14][27]
On October 19, 2007 Associated Press (AP) released information accusing the broadband service provider Comcast of “hindering” P2P file sharing traffic.[28] Tests conducted by AP have shown that Comcast hindered the uploading of complete files to BitTorrent. The Federal Communications Commission conducted public hearings in response to the allegations. Comcast argued that it was regulating network traffic to enable reasonable downloading times for the majority of users.[29] On August 21, 2008 the FCC issued an order which stated that Comcast's network management was unreasonable and that Comcast must terminate the use of its discriminatory network management by the end of the year. Comcast complied with the order and appealed. On June 6, 2010, the District Court of Appeals for the Columbia vacated the FCC order in Comcast Corp. v. FCC.