Hacker News new | past | comments | ask | show | jobs | submit login
An Anomaly in the μTorrent network (cert.pl)
183 points by flux_w42 on May 20, 2012 | hide | past | favorite | 38 comments



http://torrentfreak.com/microsoft-funded-startup-aims-to-kil... Maybe we have this thing field testing on great scale? Titles suggest it may be the case.

Discussion: http://news.ycombinator.com/item?id=3966774


"The company doesn’t reveal how it works, but they appear to be flooding clients with fake information, masquerading as legitimate peers."

"For a month Pirate Pay’s technology protected the film “Vysotsky. Thanks to God, I’m alive,” (distributed by The Walt Disney Studios Sony Pictures Releasing company) with moderate success."

Sounds likely to me



It's probably based on the problem of malicious clients in the network consensus problem. It states that if more than a third of all clients are malicious it is not possible to come to a consensus.

The solution would be to have a trust of clients. Where every clients vouches for another. The most important thing is that it has to use certificates, if not you get the following problem.

I am client 'c'. I heard from client 'a' that client 'b' is dirty. So I tell this to client 'd', but the truth is I'm lying. However now the problem is: Is 'a' lying about 'b' or am I ('c') lying about 'a'? However having the messages signed by the clients solves this problem.


So, Microsoft is funding botnet operator to DDoS P2P network? It is legal? What if tomorrow Apple will fund botnet operator to DDoS Microsoft?


It always seemed to me that the simplest way to protect content is to just upload a bunch of garbage with the same file name making it impossible to locate the actual movie, app, etc. It doesn't seem like it would require a lot of sophistication either. It could probably be done effectively, even showing a 90-minute repeating trailer for the movie or something similar. I think a lot of people pirate simply because it's the easiest way to get a movie. If paying $9.99 becomes the easiest way, then a lot of casual pirates will just buy it.

Virus writers seem to like this technique, uploading garbage to usenet. (50Kb files pretending to be a feature film, etc). I've always wondered why movie studios didn't do more of that.


For films and the like it might be easy to get around this - the release teams could sign their releases. It might be theoretically difficult for them to get their public keys out into the ecosystem, but it would be pretty easy in practical terms.

For arbitrary data you could possibly have a rating/tagging system. I guess the content industries could fudge the votes, but if the votes were tied to identity/pseudonyms they'd have to be clever to beat any kind of data analysis.

The effectiveness would probably depend on how many garbage alternatives you provided, and how sophisticated/varied their uploading is. Too many bad files and voting and signing might not be practicable, and you'd have to resort to some kind of automated spam-detection. White-listed sources are workable in the worst case, but I'm sure there would be other, better ideas around.


Signing pirated media? Would the release teams really want to give the RIAA the ability to cryptographically prove that they were the ones who released the material?


Last I checked, nobody's requiring government-issued ID for generating RSA keys.


No but if you're caught with a hard drive full of pirated material AND the encryption keys for those releases then you're gonna have a hard time in court. The keys need not be government issued to prove you're responsible.


How exactly are they to prove that nobody else has those keys? I think you're overthinking it.


But the whole idea is for them and only them to have those keys; otherwise the system is worthless.


Wht do you mean by signing? Scene groups don't use torrents.


Scene groups provide nfo files with their releases. Those nfo files could contain a cryptographic signature proving the authenticity of the rip.

Essentially, the way it works is that for a given group there are two keys: A private key `P` (that only the group has), and a public key `Q` (that everyone has). For a file `F` the "signature" is the output of some function `sign(P, Q, F)`. The function `sign` is specially chosen so that the output can be validated without access to `P`, but cannot be efficiently forged without it.

As other posters have pointed out, this means that if `P` is kept secret then all signed releases can be authoritatively linked to the people who provided them. Finding `P` on someone's thumb drive is a smoking gun. To be honest, I don't think this would be a big worry, but I'm not in the scene and I don't know how the people in it think.


Classic scene groups are not interested in having their releases spreading on torrent sites, so including any signatures would be helping with what they don't want to happen in the first place.

That said, a third party could add a signature. But in practice a cryptographically secure signature isn't even needed. It boils down to a reputation system, so that you can associate a torrent file with quality and this has already existed since forever on sites like the piratebay in the form of uploader usernames. A lot of torrents are uploaded by the same users, users who have a history of quality torrents. In contrast, a hollywood uploader would never have any actual quality torrents in the account history. So in conclusion, this problem was already solved ages ago.


The warez group CORE sign their releases with CRCs in their NFO files. They distribute a checker program called core10k.exe which ironically often turns up with malware injected into it on p2p sites.


Yeah but that is to check the file integrity, that's something entirely different. Anyone can calculate a CRC checksum for any garbage files they want, upload it and label it as a CORE release. There is no way to verify that the release is genuine. And if you temper with an authentic release, for example introduce some malware, you can simply recalculate the checksum itself. This would be impossible if the release would be cryptographically signed because you would need COREs private key to generate a valid signature.


Reminds me of the time madonna flooded kazaa with mp3s of herself swearing like an entitled 14 year old girl. It was pretty funny.

http://news.bbc.co.uk/1/hi/2962475.stm

I still have a copy of the file somewhere.


they used to. back when p2p networks like Limewire, Kazaa, so forth were in their heyday


A lot of the time there is no option to even buy it, especially if you're not in the US.


> If paying $9.99 becomes the easiest way, then a lot of casual pirates will just buy it.

That's half the story. Piracy is a hard habit to break - even when it does get easy to get content cheaply, some people take a while to come around.


Been done many times, and that stuff is gradually purged from indexes by user feedback.


This doesn't work on sites like The Pirate Bay where trusted uploaders make it easy to find what you're looking for. If my torrent was uploaded by eztv then I know what I'm getting.


Definitely wouldn't change anything for people who are determined. But it probably would reduce casual pirating & it's so simple I just am surprised we don't see more of it. Not saying that I want it to happen, just surprised.

It definitely works on usenet - virus spam can make some things impossible to find.


Not too many 'casual' pirates download from usenet. They just go to The Pirate Bay and the comments will always tell you a file is fake before you hit the download link. These fake torrents do exist in large numbers but they're trivial to avoid.


I have no idea how to interpret those "layered pie chart" diagrams, I guess it shows something about the trackers?


Each layer is a different tracker. The amount of the layer that is blue is the % of nodes on that tracker that are seeders. The orange part is the % that are peers (not seeding). Usually the graph looks more like the one for Lost - mostly orange peers with a few blue seeders. The unusual ones are mostly made of nodes that are (claiming to be) seeders.


I wonder if this might have anything to do with more people trying to use hacked up BT clients in the hopes of avoiding ISP crackdowns supposedly imminent in the US (and already in effect in other countries):

http://www.seba14.org/2012/01/03/hacked-sb-innovation-vuze-e...

http://news.cnet.com/8301-31001_3-57397452-261/riaa-chief-is...


"uTP on the other hand allows BitTorrent nodes to dynamically adjust bandwith congestion at the protocol level and also provides some additional functions, like support clients using low bandwidth or sharing ADSL line with a web browser."

In other words, this isn't a threat to Bittorrent as a technology alone, yet. I wonder how much of an impact it makes on uTP-enabled clients and if you'd be better off disabling it if you connect to an affected swarm.


Correct me if I am wrong: won't those uTP forged/bad "datagrams" be dropped by the client when hash don't match ? And then wouldn't the client ban those source IPs from its pool of connected peers ?


Skynet? Is that you?

Can anyone translate this article into language that those of us not familiar with traffic analysis can understand?


I had the same thought. TorrentFreak explains it quite nicely: http://torrentfreak.com/anti-piracy-outfits-launch-attack-on...

Those guys really are great journalists.


In other words, the techniques these anti-piracy outfits appear to be using to prevent people from sharing copyrighted movies could be illegal. If that is the case then the movie companies who hire these anti-piracy outfits may be complicit in cybersecurity crimes.

I'm sure the DoJ will be handing out indictments in the very near future. <sarcasm/>

It's unfortunate that the only data that really gets protected in the US is Hollywood's.


I do not pretend to understand very much of the original post. The TorrentFreak "translation" did make it a bit more clear, but I'm pretty much boiling this down to, "somebody is trying to poison the Internet -- if not now, then sometime soon".

It's easy to forget how young a medium the Internet is and that there are going to be a lot of pitfalls along the way that we haven't begun to imagine. This seems to be one of those. I guess the question that I have is simple: what happens next?


Maybe the group will be discovered and shamed, maybe it won't. I'm guessing the vast majority of Bittorrent users will never be affected.


Being stereotypically in favor of one side doesn't make you a great journalist.


I'd agree, that alone would not indicate that someone is a great journalist.


Somebody's up to something and it's most likely not good. Who that somebody is, no one is sure. To be honest, they're not even entirely sure what it is they're up to.

But, strictly speaking, somethin' ain't right.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: