It would have to be the tracker, not the client, and at best it could somewhat reduce the number of other clients' IP addresses available to suspicious clients, since the classification is based on how they interact with other clients, whose IP addresses they of course have to know.
Link to 18-page scientific article by University of Birmingham. This is the actual meat behind the BBC article.
Not an alarmist paper, just boring work with Bittorrent download progress bitmap monitoring.
Some juicy bits on their usage of Tor, from the paper:
"we created our own indirect monitoring client that gathers newly-published torrent files from the Top 100 in each category on The Pirate Bay, and continually contacts each
of the trackers and stores (IP address, port number, infohash, time) tuples from the peer lists that are returned; it then attempts to establish a TCP connection
with each host and sends a handshake message to ensure that the host is in fact a BitTorrent peer. [..]
We collected data from July 21–28, 2009, routing our traffic through the Tor anonymity network."
I was interested in how they were detecting monitors and whether they were just picking out any anomalous peers (say ones that don't accept connections). I was also wondering if the paper was going to be obviously flawed and funded by some copyright agency with the aim of articles such as the one we just read being created. I still wouldn't rule it out, but I feel that the methodology was sound.
To summarize for others indicators were:
"""
1. The proportion of a subnet that has been seen in BitTorrent swarms. Monitoring agencies may use a large proportion of their subnet for monitoring.
2. The length of time a peer spends in a swarm. Monitors may spend more
time in the swarm than regular file-sharers.
3. The number of different (IP, port, infohash) combinations per IP address.
Monitoring agencies may operate many clients from a single IP address.
4. Whether a peer reported by a tracker accepts incoming connections. Monitors may block all incoming connection attempts. (((This was discarded as an unreliable indicator)))
5. The number of swarms in which IP addresses from a particular subnet appear. Monitoring agencies may monitor many torrents from their subnet.
6. The number of times the same (IP, port) pair is observed concurrently in different swarms.
...
we found 1,139 IP addresses that were in the top first percentile for all four features (((1,2,3 and 5)))
IP addresses assigned to a company named
Checktor [3], which offers commercial BitTorrent monitoring services, and 16 addresses assigned to a medium-sized computer security consultancy company that
does not publicly acknowledge monitoring BitTorrent. Another subnet, which we
saw in over 500 swarms, belongs to a company that advertises itself as providing
“intellectual property advice”
...
We also found two subnets assigned to hosting companies
...
We speculate that copyright enforcement companies are using
these hosting companies as a front to disguise their identities. We also identified
a number of IP addresses allocated to large ISPs, such as Vodafone, Etisalat and
SingNet.
...
This feature (((6))) found IP addresses assigned to Peer Media Technologies [16] (a well-known copyright enforcement agency) monitoring seven Harry
Potter ebook and movie torrents, and the INRIA research institution [10], which
had been overlooked by features 1–5 because so few torrents were being monitored, and because a very small proportion of INRIA’s subnet was being used
for monitoring
"""
I didn't read too much further into their methodology for detecting "direct monitoring" other than to see a pretty graphic showing peer lying about their download completion.
They could simply send out a few million or so letters, maybe costing a million £ or so. Offer everyone a settlement of a few hundred £ to cover all past transgressions with the threat of suing for a much greater sum if there is a repeat offence or if they do not comply.
If you work on the basis that about 50% just pay up straight away that's quite a lot of money. This money can be used to subsidize going thermonuclear on at least a few thousand of those who don't.
Besides, they don't need to sue everyone to make people scared enough to avoid pirate sites.
Don't forget all (well nearly all) Bit Torrent downloaders are also (by default) uploaders - seeding back to the pool while their file downloads.
MAFIAA and others don't care about downloaders (as yet I don't believe a single user who downloads only, has been sued successfully), but they DO care about those sharing their material. The fines levied so far are not for downloading tracks, but for sharing them.
The key word in the article is "popular" content. It is well known that (a) relatively new and (b) relatively mainstream + popular content (especially movies) is heavily monitored.
The article title is misleading. They logged only popular, public torrent content. I'm certain that many, many other file sharers were not even seen by their study. It's all just scare tactics.
It's a little know fact, but all telcos here in Croatia monotor and store all torrent traffic info of their customers. They have massive rooms with monotors dediated to showing which customer in which building is currently using torrents.
And all of this data is stored for once the Gov decides to "crack-down" on illegal file downloads, they will have massive amounts of evidence.
This strikes me as unlikely. Perhaps they can track some of it, but IIRC many torrent clients will use random ports and end to end encryption which is there to evade traffic shaping.
My router has various features to block P2P traffic, as an experiment I tried enabling these features and then downloading torrents (Linux distro ISOs). Every time I enabled these the data rate on the torrent client would start to drop, but then within minutes it would be right back to full power again. At the end of the day you can just make a bunch of connections to port 443 on a remote host, start an SSL session and you are now indistinguishable from HTTPS traffic.
The only way I could effectively block it was to disable NAT and force everything to go through an HTTP proxy.
This shouldn't be a surprise. It is trivial to capture that kind of data from large bittorrent clouds like piratebay, and that data may have some useful applications. For example, getting statistics on what movies, tv shows, and music people are interested in (often before commercial release) with really precise geographic information.
This should not come as a surprise to anyone who has been following the developments within the P2P-world. If you still care about privacy while you connect to a large amount of computers, a proper VPN or a similar service to mask your origin is the way to go.
My personal choice is privateinternetaccess.com: $40/year, unlimited bandwidth (cloak and many others limit bandwidth), multiple platforms (Windows/MAC/*nix/iOS/Android), multiple protocols (PPTP, OpenVPN and IPSEC/L2TP), multiple gateways (US/UK/Switzerland), and most importantly, NO user activity logs.
"Most" does not seem to mean much here, while it probably is correct. According to the paper they only used thepiratebay as originating tracker. Right now the homepage lists 30 million peers. what.cd shows 9 million peers. I do not know how many peers Demonoid had, probably a similar or higher number. Some smaller trackers I checked all had around 100k peers. So just think of 60 smaller trackers like that and poof, the "most" is not true anymore.
This also only covers Bittorrent, not "most file-sharers".
All the monitors were checking whether the file sharer used BT software? Why? I mean, there's not much of a reason to connect to a swarm if you're not seeding or leeching. Then again, does that mean that spoofing the name/id/whatever of the software gets you off the monitors radar?
Actually webjunkie appears to be correct. From the paper:
> Average time before monitors connect. 40% of the monitors that communicated with our clients made their initial connection within 3 hours of the client joining the swarm; the slowest monitor took 33 hours to make its first connection.
The average time decreases for torrents appearing higher in the Top 100, implying that enforcement agencies allocate resources according to the popularity of the content they monitor.
I was being entirely sarcastic. Where I live, people have been getting stung by honeypots for at least the last five years. I figured everyone (here on HN) either used private trackers or a VPN.
A lot of it is definitely for consulting purposes. I thought of going into that line - seeing how what movies, TV, and music wouldn't be taken even for free would be interesting to the producers of that content.
Looking at activity on torrents gives you a really good idea of relative interest in something, and in addition, on membership torrent sites, it could be cross referenced with the other interests of the downloader simply by using their history to give you some idea of demographic and to guide marketing strategies.
I mean more like "People who pirate your show also pirate Breaking Bad and Sons of Anarchy, but of the people who pirate Breaking Bad and Sons of Anarchy, there's more pirating of Futurama than your show." or "Though you think your show appeals to Friends fans, the people who pirate your show tend to pirate 2 Broke Girls more significantly than they pirate Friends."
Even more interesting to me are the surprising highly trafficked music and movies that are long out of print. Might be a good indicator of when to bring them back, and what fora to announce that in.
I read something a while ago from an IP lawyer, he said that in such an occurrence they would instead just sue you for negligence.
There don't seem to be many wireless LANs using WEP anymore anyway because of the obvious security flaws. Perhaps some grandma with an old router could get away with claiming ignorance as a defence but the average HN reader probably couldn't.
As for the car analogy perhaps this would be similar to leaving your car unlocked knowing full well that it was likely to be stolen by criminals.
I don't lock my car, my house or my wifi. This isn't negligence, I do it on purpose. If somebody steals my car and runs over people with it, THEY are at fault, not me. And if somebody downloads "infringing" material over my internet connection, they are at fault. I really don't understand how this could be otherwise.
Suppose I invited a friend over to my house, and while I was asleep, they taped TV movies onto my VCR. Am I the one at fault because I didn't lock up my VCR? Is there any other place in the law where I am considered at fault when somebody else breaks a law? I'm not talking about "the getaway car", but more like "the guy who parked across the street from the bank and had his car taken by the robbers".
IANAL , but this depends if we are talking about criminal or civil law.
AFAIK in a civil case there would be more onus on you to prove that you didn't know what other people were doing with your stuff.
Also this would be affected by your circumstances, so if you work in tech/IT you might have a job arguing that you didn't know that running an unsecured wireless AP was a bad idea.
> Also this would be affected by your circumstances, so if you work in tech/IT you might have a job arguing that you didn't know that running an unsecured wireless AP was a bad idea.
Pointing to a renowned security expert saying he does the same might help, though:
If I were to leave my car unlocked in a high-crime neighborhood, my insurance may turn me down, but I still would not be liable for any crimes the thieves committed while using my car.
Then again, it's just an analogy, which holds little sway in a court of law.
An IP still isn't a person as your computer could be remotely controlled. Maybe grandma shouldn't have been so negligent when updating her Java package when a known zero day exists.. Expecting anyone besides a HN dork to know WEP is outdated shows how closed minded some of us are.
My point is that it's usually down to the ISP or whoever provides to router to make it secure. From what I have observed WEP routers are very rare in the wild so it would seem that they are doing their diligence here.
I'm also not sure how far ignorance goes as an excuse although this could well depend on whether we are talking about civil or criminal law. For example in pretty much any country there are literally thousands of laws that you are expected not to break. I doubt even veteran lawyers know all of these down to the letter , yet if I am charged with one of them that I have no knowledge of I cannot get away with saying that I didn't know it existed. In theory I guess it could be argued that you should never do anything without first consulting a legal professional.
Possibly a lawyer could say to grandma "If you didn't know anything about routers or Java updates, why didn't you hire an IT expert to configure your computer for you?"
> My point is that it's usually down to the ISP or whoever provides to router to make it secure.
Which ISP configures wifi routers? And I always see unsecured connections from default routers. Don't tell me you're never connected to the unsecured "Linksys" network..
Most ISPs in the UK do. Personally I use my own router but I have helped friends set up their connections.
Usually what happens is that they send a box with a router + modem + filters etc and instructions as to how to plug it all together.
They also give you a piece of paper telling you the SSID and key with strict instructions not to tell it to anybody.
I imagine the router also calls home at a regular interval and downloads updates automatically, so if there is a security issue it should be rectified relatively quickly.
Eircom, the largest teleco in Ireland shipped routers for ages where the wep key was easily derived from the ssid. There are 3 of these on the street where I live.
Not sure what is meant by a "default router".
AFAIK you can plug in any router you like without committing a crime, but if somebody believes that they suffered as a result of you choosing an unsecured router they might have grounds to take a civil case against you.
As far as I can tell in my googling none of these negligence claims so far have been successful but there has been no clear judgement on this matter to be sure one way or another what might happen in future cases. Also bare in mind that these judgements might differ between jurisdictions.
I simply think that saying "open up your wifi, now you're no longer liable for anything that happens on your internet connection!" is very dangerous advice to be spreading.
I agree with you in principle but I don't think legal doctrine in most countries where filesharing ligitation happens does. If your computer is compromised while used to torrent a movie, you'll have a hard time convincing a court of that ten months later.
It is also possible to crack WPA-2 networks, quickly and easily if WPS is enabled (mere hours), longer (or more costly) if it is not. I think it would be trivial to argue in court that if you have wifi its a reasonable argument that your wifi might have been hacked and hijacked.
Citation needed here I feel.
All of the WPA attack methods I can find work on the basis of using precomputed SSID/Password combinations, sniffing the handshake and comparing against the list.
I've personally seen this used to crack a WPA2 network in < 2 hours. However this isn't a problem with WPA, and disabling WPS renders this attack vector useless. Thou as noted in the white-paper some routers are intelligent enough to slow the attack down.
yes the 4-way handshake needs to be captured, and can be compared to a rainbow table (fast) however (and if i understand correctly) if it is not in the table you can then throw computing power at it to bruteforce it (slowly)
Yes its really slow, and would take practically forever for any reasonably long/secure passkey, but it is possible and only going to get easier as time goes on. I think it gives anyone with a wireless network an 'out' by being able to say they must have been hacked, either because they left WPS on or used a simple short passkey.
However i really have no idea if that would actually hold up in court.
In other parts of the world that's not a viable argument.
It was my local ISP the one who installed the WiFi with WEP and they don't provide the option to manage the router and disable it, even if I requested WAP2 explicitly.
The issue is that physical security (such as cars and houses) just works in different ways to information security. Although cars are starting to use secure ECUs etc.
For example , someone with enough brute force is always going to be able to break into your house and someone with enough patience and sneakyness is always going to be able to find an opportunity to steal your car keys.
You can always improve you physical security, but after a while the costs and inconvenience start to become unrealistic. You probably can't afford to fit your home out with bulletproof glass and bank vault style doors for example.
With computer security you can make the brute force (for example deriving an RSA private key from the public key) entry nearasdammnit impossible without spending really any money at all (just implement openSSL).
Of course the downside is that sidechannel type attack can render this security effectively useless. Even a crappy lock or a glass window provides some protection against thieves especially in the sense that they might be spotted when trying to bypass it.
On the other hand, having an information security system that uses strong encryption provides 0 protection against somebody who can use metasploit if the software itself is full of exploitable and publically known bugs.
Which raises the question often brought up in various forms:
Is a person responsible if someone has been using his or her router for file-sharing because they were able to crack its WEP-encryption, while the accused in question hardly knows what a router is?
Most non tech people are just using an ISP provided router, every ISP that I know of provides a router with WPA2 and went around replacing old WEP routers a few years ago. I can't remember the last time a WEP network showed up on my smartphone.
Of course there are other ways someone may have broken into your network.
Actually, many routers have easily predicable WPA2 passwords. Based on the MAC address or the access point name, it is often possible to deduce the default key (which many/most people don't change).
It's not like WPA2 would be terribly secure either. One minute of googling directs you to a step-by-step tutorial using aircrack. WiFi is nice to have but one has to be aware of the security issues that arise with it.
All of the WPA2 attacks I've seen assume predictable SSIDs and Passwords.
Again , ISPs seem to be ahead of this. Looking in my local area most of the APs have names like "BThub543897534895" and I assume that the passwords are randomly generated.
aircrack-ng assumes pre-shared keys. Cracking long passwords is quite time-consuming (read: takes a VERY long time). They actually explicitly state that in their wiki. I'm not exactly sure but I think I read something about using GPUs to accelerate bruce-force times with a speedup of 100x. That's quite substantial, however even with that brute-forcing is not an option here, which gets us back to the fact that an attacker will hope for a weak password, possibly in a dictionary.
You're right about ISPs being on the safe side with their SSIDs and passwords, but I think you're underestimating the users here. For the sake of it I've spent an hour and a half driving around town a year ago, logging locations of access points. I never did anything with the data except for looking at how access points are distributed across my town. Most of the AP names where common words or a combination of such. Concerning passwords, I've used wifi at friends and coworkers places quite a few times and most of them had weak passwords.
An attacker might just go and do some wardriving and randomly attack access points and I believe he'll find one weak enough without much of a hassle.
Bottom line it's the same as always: In the real world security isn't as depended on technology as it is on how much the user is concerned with it. How that works out in a lawsuit is a different question though.
In Austria it is since the introduction of data retention. Every time someone is assigned an IP address by his or her ISP, an entry is made so IP addresses can be mapped back to the person at any given time. It's pretty much the same across the EU, I reckon. I haven't heard of any cases yet where this data was used in a court of law though, but it is theoretically possible. Why would there be a law to oblige ISPs to do that if not for using this data in lawsuits? Back in 2006 when the EU guideline was made the official version was the usual terrorism bullshit (data is only usable for the prosecution of severe criminal action). In April this year the EU decided that file sharing is severe enough.
A side fact: Data retention hasn't proven to be very successful yet.
That would log an IP to a computer that is it. If I'm at your house and jump on your computer and download the latest and greatest movie. That would be logged as you doing that not me. The ISP would only have one piece of the puzzle, hence the problem with just tracking IP address.
> "All the monitors observed during the study would connect to file-sharers and verify that they were running the BitTorrent software, but they would not actually collect any of the files being shared," he said.
> "It is questionable whether the monitors observed would actually have evidence of file-sharing that would stand up in court."
However, it’s not really that much more work to verify if that peer is sharing the file in question. Just request/offer few random blocks. There’s no mechanism in place to assign peers in BT network varying degree of trust.
Depending on where you live, being the owner (or responsible, or whatever you may call it) of an IP used to pirate things can be enough to be condemned.
