Torrent poisoning
Encyclopedia
Torrent poisoning is the act of intentionally sharing corrupt data or data with misleading file names using the BitTorrent protocol. This practice of uploading fake torrents is sometimes carried out by anti-piracy
organisations as an attempt to prevent the peer-to-peer (P2P) sharing
of copyrighted content, and to gather the IP addresses
of downloaders. It can also be carried out by BitTorrent users in order to "free-ride", using clients such as BitThief
. Using this method, users are able to download content via BitTorrent without contributing reciprocal uploads.
). In order to entice users to download the decoys, malicious users may make the corrupted file available via high bandwidth connections. This method consumes a large amount of computing resources since the malicious server must respond to a large quantity of requests. As a result, queries return principally corrupted copies such as a blank file or executable files infected with a virus.
have written their own program which directs users to non-existent locations via bogus search results. As users typically select one of the top five search results only, this method requires users to persevere beyond their initial failed attempts to locate the desired file. The idea is that many users will simply give up their search because of frustration.
Voluntary Collective Licensing
and the Open Music Model
are theoretical systems where users pay a subscription fee for access to a file-sharing network, and are able to legally download and distribute copyright content. Selective content poisoning could potentially be used here to limit access to legitimate and subscribed users, by providing poisoned content to non-subscribed users who attempt to illegitimately use the network.
message, followed by a message advertising that they have a number of available chunks. Not only does the attacker never provide any chunks, they also repeatedly resend the handshake and message. These attacks prevent downloads as, essentially, the peer wastes time dealing with the attacker, instead of downloading chunks from others.
The methods of attack described above are not particularly effective on their own. These measures must be combined in order to have a significant impact on illegal peer-to-peer filesharing on BitTorrent. Additionally, BitTorrent is highly resistant to content poisoning (as opposed to index poisoning), as it is able to verify individual file chunks. Overall, BitTorrent is one of the most resistant P2P filesharing methods to poisoning.
, Overpeer, Loudeye, MediaSentry
and others, claiming that their spoofing services violated Altnet's patent for a file identification method called TrueNames.
In 2005 the Finnish anti-piracy organisation Viralg
claimed that their software, which uses a similar approach to spoofing, could be used to bring an end to illegal P2P file sharing. The firm offered "total blocking of peer 2 peer sharing for your intellectual property" and claimed that its "patented virtual algorithm blocks out all illegal swapping of your data". as well as claiming that their approach was 99% effective. Despite these claims, the algorithm has not yet been tested with BitTorrent. A group of Finnish musicians requested an investigation into the company, arguing that their software was effectively a virus and was in violation of Finnish law. The investigation was declined by Finnish police, and later by the Finnish parliamentary ombudsman
.
In some jurisdictions, there have been concerns that content providers and copyright holders engaging in poisoning activities may be held liable for damages to user's computers. In the USA in 2002, Representative Howard Berman
proposed the Peer To Peer Privacy Prevention Act, which would have granted immunity to copyright holders for taking steps to prevent the illegal distribution of their content (i.e. poisoning activities) on P2P networks, as long as they did not go as far as to harm the damage files stored on a P2P user's computer. However, the Bill died later in 2002 when the Congressional Term
ended and has not been reintroduced.
by providing chunks of garbage data to users. HBO were also reported to have sent cease-and-desist letters to the Internet Service Providers
(ISPs) of downloaders they believe have illegally downloaded episodes of The Sopranos
Although not targeted specifically at BitTorrent, Madonna's
American Life
album was an early example of content poisoning. Before the release of the album, tracks that appeared to be of similar length and file size to the real album tracks were leaked by the singer's record label. The tracks featured only a clip of Madonna saying "What the f**k do you think you're doing?" followed by minutes of silence.
Similarly, the band Barenaked Ladies
released a number of tracks online in 2000 that appeared to be legitimate copies of tracks from the band's latest album. Each file contained a short sample of the song, followed by a clip of a band member saying, "Although you thought you were downloading our new single, what you were actually downloading is an advertisement for our new album.”
After a pirated copy of Michael Moore’s movie Sicko was uploaded online, it became a hit on P2P websites such as Pirate Bay. MediaDefender was hired to poison torrents using decoy insertion.
In an example of internet vigilantism
, anti-piracy vigilantes have been known to create viruses that are distributed exclusively via P2P networks, and are designed to attack mp3s and other music files stored on a user's PC. The Nopir-B worm, which originated in France, poses as a DVD copying program and deletes all the mp3 files on a user's computer, regardless of whether or not they were legally obtained.
On October 19, 2007 Associated Press
(AP) released information accusing the broadband service provider Comcast
of “hindering” P2P file sharing traffic. Tests conducted by AP have shown that Comcast hindered the uploading of complete files to BitTorrent. The Federal Communications Commission
conducted public hearings in response to the allegations. Comcast argued that it was regulating network traffic to enable reasonable downloading times for the majority of users. On August 21, 2008 the FCC issued an order which stated that Comcast's network management was unreasonable and that Comcast must terminate the use of its discriminatory network management by the end of the year. Comcast complied with the order and appealed. On June 6, 2010, the District Court of Appeals for the Columbia vacated the FCC order in Comcast Corp. v. FCC
.
Anti-piracy
Anti-piracy is a term used to describe countermeasures against maritime piracy but moreoften by some to describe the attempt to prevent copyright infringement, counterfeiting, and other violations of intellectual-property rights....
organisations as an attempt to prevent the peer-to-peer (P2P) sharing
Peer-to-peer file sharing
P2P or Peer-to-peer file sharing allows users to download files such as music, movies, and games using a P2P software client that searches for other connected computers. The "peers" are computer systems connected to each other through internet. Thus, the only requirements for a computer to join...
of copyrighted content, and to gather the IP addresses
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of downloaders. It can also be carried out by BitTorrent users in order to "free-ride", using clients such as BitThief
BitThief
BitThief is a Java-based BitTorrent client designed to download from, but not upload to, BitTorrent networks. It is freeware and cross-platform...
. Using this method, users are able to download content via BitTorrent without contributing reciprocal uploads.
Decoy Insertion
Decoy insertion (or content pollution) is a method by which corrupted versions of a particular file are inserted into the network. This deters users from finding an uncorrupted version and also increases distribution of the corrupted file. A malicious user pollutes the file by converting it into another format that is indistinguishable from uncorrupted files (e.g. it may have similar or same metadataMetadata
The term metadata is an ambiguous term which is used for two fundamentally different concepts . Although the expression "data about data" is often used, it does not apply to both in the same way. Structural metadata, the design and specification of data structures, cannot be about data, because at...
). In order to entice users to download the decoys, malicious users may make the corrupted file available via high bandwidth connections. This method consumes a large amount of computing resources since the malicious server must respond to a large quantity of requests. As a result, queries return principally corrupted copies such as a blank file or executable files infected with a virus.
Index Poisoning
This method targets the index found in P2P file sharing systems. The index allows users to locate the IP addresses of desired content. Thus, this method of attack makes searching difficult for network users. The attacker inserts a large amount of invalid information into the index to prevent users from finding the correct resource. Invalid information could include random content identifiers or fake IP addresses and port numbers. When a user attempts to download the corrupted content, the server will fail to establish a connection due to the large volume of invalid information. Users will then waste time trying to establish a connection with bogus users thus increasing the average time it takes to download the file. The index poisoning attack requires less bandwidth and server resources than decoy insertion. Furthermore, the attacker does not have to transfer files nor respond to requests. For this reason, index poisoning requires less effort than other methods of attack.Spoofing
Some companies that disrupt P2P file sharing on behalf of content providers create their own software in order to launch attacks. MediaDefenderMediadefender
MediaDefender, Inc. is a company that offers services designed to prevent alleged copyright infringement using peer-to-peer distribution. They are controversial because of their use of unusual tactics such as flooding peer-to-peer networks with decoy files that tie up users' computers and...
have written their own program which directs users to non-existent locations via bogus search results. As users typically select one of the top five search results only, this method requires users to persevere beyond their initial failed attempts to locate the desired file. The idea is that many users will simply give up their search because of frustration.
Interdiction
This method of attack prevents distributors from serving users and thus slows P2P file sharing. The attacker’s servers constantly connect to the desired file, which floods the provider’s upstream bandwidth and prevents other users from downloading the file.Swarming
Swarming (or the fake-block-attack) is another method that aims to slow down user downloads. The attacker advertises to the swarm that they have all or the majority of the file pieces. As a result, users overestimate the ease with which they can download a file quickly. The swarm is also compromised because seeders may quit the swarm, believing that there are enough seeders to satisfy the request. Instead of providing legitimate file pieces, attackers provide pieces that are empty or contain static. If a user downloads one or more pieces from the attacker, the download will fail and the user will be forced to repeat the process again. The network will usually discard useless data but this method succeeds because it slows user downloads.Selective Content Poisoning
Selective content poisoning (also known as proactive or discriminatory content poisoning) attempts to detect pirates while allowing legitimate users to continue to enjoy the service provided by an open P2P network. The protocol identifies a peer with its endpoint address while the file index format is changed to incorporate a digital signature. A peer authentication protocol can then establish the legitimacy of a peer when they download and upload files. Using identity based signatures, the system enables each peer to identify pirates without the need for communication with a central authority. The protocol then sends poisoned chunks to detected pirates requesting a copyright protected file only. If all legitimate users simply deny download requests from known pirates, pirates could usually accumulate clean chunks from colluders (paid peers who share content with others without authorization). However, this method of content poisoning forces pirates to discard even clean chunks, prolonging their download time.Voluntary Collective Licensing
Voluntary Collective Licensing
VCL is the framework by which most Reproduction Rights Organisations in the English speaking world operate. In voluntary collective licensing, the RRO issues licenses to copy protected material on behalf of those rights holders who have given it a mandate to act on their behalf...
and the Open Music Model
Open Music Model
The Open Music Model is an economic and technological framework for the recording industry based on research conducted at the Massachusetts Institute of Technology...
are theoretical systems where users pay a subscription fee for access to a file-sharing network, and are able to legally download and distribute copyright content. Selective content poisoning could potentially be used here to limit access to legitimate and subscribed users, by providing poisoned content to non-subscribed users who attempt to illegitimately use the network.
Eclipse Attack
The eclipse attack (also known as routing-table poisoning), instead of poisoning the network, targets requesting peers directly. In this attack, the attacker takes over the peer’s routing table so that they are unable to communicate with any other peer except the attacker. As the attacker replicates the whole network for the targeted peer, they can manipulate them in a number of ways. For example, the attacker can specify which search results are returned. The attacker can also modify file comments. The peer’s requests can also be directed back into the network by the attacker and can also be modified.It also checks data randomly for any errors found in that.Uncooperative-Peer Attack
In this attack, the attacker joins the targeted swarm and establishes connections with many peers. However, the attacker never provides any chunks (authentic or otherwise) to the peers. A common version of this attack is the "chatty peer" attack. The attacker establishes connection with targeted peers via the required handshakeHandshaking
In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins...
message, followed by a message advertising that they have a number of available chunks. Not only does the attacker never provide any chunks, they also repeatedly resend the handshake and message. These attacks prevent downloads as, essentially, the peer wastes time dealing with the attacker, instead of downloading chunks from others.
Barriers to Torrent Poisoning
There are several reasons why content providers and copyright holders may not choose torrent poisoning as a method for guarding their content. First, before injecting decoys, content providers will normally monitor the BitTorrent network for signs that their content is being illegally shared (this includes watching for variations of files and files in compressed formats). This process can be expensive and time-consuming. As a result, most poisoning is only continued for the first few months following a leak or release. Second, it is also unlikely that torrent poisoning can be successful in disrupting every illegal download. Instead, the aim of content providers is to make illegal downloads statistically less likely to be clean and complete, in the hope that users will be discouraged from illegally downloading copyright material. Content providers and copyright holders may decide that the financial outlay is not worth the end result of their efforts.The methods of attack described above are not particularly effective on their own. These measures must be combined in order to have a significant impact on illegal peer-to-peer filesharing on BitTorrent. Additionally, BitTorrent is highly resistant to content poisoning (as opposed to index poisoning), as it is able to verify individual file chunks. Overall, BitTorrent is one of the most resistant P2P filesharing methods to poisoning.
Legal Issues
In September 2004, Altnet sued the Recording Industry Association of AmericaRecording Industry Association of America
The Recording Industry Association of America is a trade organization that represents the recording industry distributors in the United States...
, Overpeer, Loudeye, MediaSentry
MediaSentry
MediaSentry was a United States company that provided services to the music recording, motion picture, television, and software industries for locating and identifying IP addresses that are engaged in the use of online networks to share material in a manner said organizations claim is in violation...
and others, claiming that their spoofing services violated Altnet's patent for a file identification method called TrueNames.
In 2005 the Finnish anti-piracy organisation Viralg
Viralg
Viralg is a Finnish company, which won the 2003-2004 Venture Cup with their business plan for anti file sharing technologies. In April 2005 they claimed to be able to stop 99% of illegal file sharing. Their web site stated that their technique was enabled by use of an in-house developed virtual...
claimed that their software, which uses a similar approach to spoofing, could be used to bring an end to illegal P2P file sharing. The firm offered "total blocking of peer 2 peer sharing for your intellectual property" and claimed that its "patented virtual algorithm blocks out all illegal swapping of your data". as well as claiming that their approach was 99% effective. Despite these claims, the algorithm has not yet been tested with BitTorrent. A group of Finnish musicians requested an investigation into the company, arguing that their software was effectively a virus and was in violation of Finnish law. The investigation was declined by Finnish police, and later by the Finnish parliamentary ombudsman
Ombudsman
An ombudsman is a person who acts as a trusted intermediary between an organization and some internal or external constituency while representing not only but mostly the broad scope of constituent interests...
.
In some jurisdictions, there have been concerns that content providers and copyright holders engaging in poisoning activities may be held liable for damages to user's computers. In the USA in 2002, Representative Howard Berman
Howard Berman
Howard Lawrence Berman is the U.S. Representative for , serving since 2003. He is a member of the Democratic Party. He earlier served in the California State Assembly from 1974 to 1982, and as the U.S...
proposed the Peer To Peer Privacy Prevention Act, which would have granted immunity to copyright holders for taking steps to prevent the illegal distribution of their content (i.e. poisoning activities) on P2P networks, as long as they did not go as far as to harm the damage files stored on a P2P user's computer. However, the Bill died later in 2002 when the Congressional Term
United States Congress
The United States Congress is the bicameral legislature of the federal government of the United States, consisting of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C....
ended and has not been reintroduced.
High Profile Cases
In 2005 it emerged that HBO was poisoning torrents of its show RomeRome (TV series)
Rome is a British-American–Italian historical drama television series created by Bruno Heller, John Milius and William J. MacDonald. The show's two seasons premiered in 2005 and 2007, and were later released on DVD. Rome is set in the 1st century BC, during Ancient Rome's transition from Republic...
by providing chunks of garbage data to users. HBO were also reported to have sent cease-and-desist letters to the Internet Service Providers
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
(ISPs) of downloaders they believe have illegally downloaded episodes of The Sopranos
The Sopranos
The Sopranos is an American television drama series created by David Chase that revolves around the New Jersey-based Italian-American mobster Tony Soprano and the difficulties he faces as he tries to balance the often conflicting requirements of his home life and the criminal organization he heads...
Although not targeted specifically at BitTorrent, Madonna's
Madonna (entertainer)
Madonna is an American singer-songwriter, actress and entrepreneur. Born in Bay City, Michigan, she moved to New York City in 1977 to pursue a career in modern dance. After performing in the music groups Breakfast Club and Emmy, she released her debut album in 1983...
American Life
American Life
American Life is the ninth studio album by American singer-songwriter Madonna. It was released on April 22, 2003 by Maverick Records and distributed by Warner Bros. Records. The album produced in its entirety by Madonna and Mirwais Ahmadzaï featured references to many parts of American culture...
album was an early example of content poisoning. Before the release of the album, tracks that appeared to be of similar length and file size to the real album tracks were leaked by the singer's record label. The tracks featured only a clip of Madonna saying "What the f**k do you think you're doing?" followed by minutes of silence.
Similarly, the band Barenaked Ladies
Barenaked Ladies
Barenaked Ladies is a Canadian alternative rock band. The band is currently composed of Jim Creeggan, Kevin Hearn, Ed Robertson, and Tyler Stewart. Barenaked Ladies formed in 1988 in Scarborough, Ontario, then a suburban municipality outside the City of Toronto...
released a number of tracks online in 2000 that appeared to be legitimate copies of tracks from the band's latest album. Each file contained a short sample of the song, followed by a clip of a band member saying, "Although you thought you were downloading our new single, what you were actually downloading is an advertisement for our new album.”
After a pirated copy of Michael Moore’s movie Sicko was uploaded online, it became a hit on P2P websites such as Pirate Bay. MediaDefender was hired to poison torrents using decoy insertion.
In an example of internet vigilantism
Internet vigilantism
Internet vigilantism is the phenomenon of vigilantic acts taken through the Internet or carried out using applications that depend on the Internet...
, anti-piracy vigilantes have been known to create viruses that are distributed exclusively via P2P networks, and are designed to attack mp3s and other music files stored on a user's PC. The Nopir-B worm, which originated in France, poses as a DVD copying program and deletes all the mp3 files on a user's computer, regardless of whether or not they were legally obtained.
On October 19, 2007 Associated Press
Associated Press
The Associated Press is an American news agency. The AP is a cooperative owned by its contributing newspapers, radio and television stations in the United States, which both contribute stories to the AP and use material written by its staff journalists...
(AP) released information accusing the broadband service provider Comcast
Comcast
Comcast Corporation is the largest cable operator, home Internet service provider, and fourth largest home telephone service provider in the United States, providing cable television, broadband Internet, and telephone service to both residential and commercial customers in 39 states and the...
of “hindering” P2P file sharing traffic. Tests conducted by AP have shown that Comcast hindered the uploading of complete files to BitTorrent. The Federal Communications Commission
Federal Communications Commission
The Federal Communications Commission is an independent agency of the United States government, created, Congressional statute , and with the majority of its commissioners appointed by the current President. The FCC works towards six goals in the areas of broadband, competition, the spectrum, the...
conducted public hearings in response to the allegations. Comcast argued that it was regulating network traffic to enable reasonable downloading times for the majority of users. On August 21, 2008 the FCC issued an order which stated that Comcast's network management was unreasonable and that Comcast must terminate the use of its discriminatory network management by the end of the year. Comcast complied with the order and appealed. On June 6, 2010, the District Court of Appeals for the Columbia vacated the FCC order in Comcast Corp. v. FCC
Comcast Corp. v. FCC
Comcast Corp. v. FCC, 600 F.3d 642, is a 2010 United States Court of Appeals for the District of Columbia case holding that the Federal Communications Commission does not have ancillary jurisdiction over Comcast’s Internet service under the language of the Communications Act of 1934...
.
See Also
- Legal issues with BitTorrentLegal issues with BitTorrentThe BitTorrent protocol's wide use for copyright infringement has led to legal issues with BitTorrent. The technology itself is perfectly legal, but it has been debated if its implementation in connection with copyrighted material or otherwise illegal material makes the issuer of the BitTorrent...
- BitTorrent (protocol)
- Peer-to-peer file sharingPeer-to-peer file sharingP2P or Peer-to-peer file sharing allows users to download files such as music, movies, and games using a P2P software client that searches for other connected computers. The "peers" are computer systems connected to each other through internet. Thus, the only requirements for a computer to join...
- Privacy in file sharing networksPrivacy in file sharing networksPeer-to-peer file sharing systems like Gnutella, KaZaA, and eDonkey/eMule, became extremely popular in recent years, with estimated user population of millions. Measurements show that about 50% of the file exchanges are illegal copies of multimedia files like AVI, MP3 etc.An academic research...