p2pnet news view Freedom | P2P:- “Sniffing Out Illicit BitTorrent Files”.

Does that strike terror into your heart?

It’s the title of an MIT Technology Review article which says »»»

A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers.

Contraband files might include pirated movies, music, or software, and even child pornography. When the tool detects such a file, it keeps a record of the network addresses involved for later analysis, says Major Karl Schrader, who led the work at the Air Force Institute of Technology, in Kettering, OH.

Do it yourself?

Surfer is a frequent p2pnet poster who, we’re really glad to say, has agreed to be p2pnet’s tech editor.

That means in addition to writing special articles such as the P2P and File Sharing 101 series he’s just started, he’ll also be talking about, and analysing, events and technologies of interest to the P2P community — which is to all intents and purposes just about everyone with an online account.

Here’s how he describes himself:

“By day an Ivy league graduate and senior SQL architect / engineer / mathametician working for the Health Care Industry. By night, a nemesis of the movie / music/software/font/ebook/tv industries who’s been supporting the file sharing community for more than to 12 years to the tune of 250gb/mo. Share The Wealth!”
heh.

And his first break-down centers on the new Air Force tool that’s able to sniff BitTorrent networks, according to the MIT piece.

But, “The initial analysis of the tool looks like anything anyone can get freely in open source software on the net and compile themselves,” says Surfer, continuing »»»

I’m unable to access this tool for analysis. However, I can propose an  easy route to duplicate it.

Download Bittorrent Open Source and engineer a client to connect, but not download: you can either build a GUI (Graphical User Interface) overlay in Codewarrior for Linux, Solaris, Windows, PPC, or UNIX platforms, or in Xcode for OSX that’ll display the IP TCP packet trace to the torrent. And while others are downloading it, you can see the IP TCP packets that reach out and look for other torrent users that are sharing the file in question.

‘..by first spotting files that bare the hallmark of the BitTorrent protocol by examining the first 32 bits of the files’ header data,’ says Major Karl Schrader in the MIT article.

Sure, with a custom client, this is the ONLY way to get the ‘header data’ they reference in the article.

This isn’t to be confused with packet sniffing which looks at EVERY chunk of data moved. Instead, this is designed to piggy-back on the bittorrent protocol to capture IPs that are leeching the torrent.

‘Then the system looks at the files’ hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved,’ Schrader goes on.

And I can see why for two reasons:

• First, the MPAA have been seeding the torrents with virus files for years. So, of course they have the ‘hash’ files.
• Secondly, they can now feed that ‘database’ of offending files automatically by adding them via what the custom client picks up for hash files. And the MPAA/PIAA/ CRTC/IFPI consider EVERY torrent file a ‘lost sale’ and infringement on the part of all those “devastating” pirates.

Also, the reason the process is automated is: with this type of setup, they could effectively archive 100,000+ hash files, and document 10x that in IP addresses accessing those hash files.

If this tool is what I think it is, they can begin to push the theory of 1 IP = 1 person and send a massive amount of litigation pressure on ISPs to curtail this behavior.

So pray the US Air Force doesn’t give the MAFIAA access to this tool.

Now does not sound like a good time to be ‘BitTorrent’in’.

You heard it here first here on p2pnet.

Surfer – p2pnet

MIT Technology Review – Sniffing Out Illicit BitTorrent Files, February 12, 2009

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Saturday, February 14th, 2009 at 12:44 pm and is filed under Freedom, P2P. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3268 times