Researchers find most BitTorrent users being monitored




Researchers from Birmingham University in the UK have found that users who frequent BitTorrent file sharing sites such as The Pirate Bay, risk having their IP address logged by monitors as quickly as within three hours of getting on. The team, led by Tom Chothia, discovered the extent to which monitors are tracking users on such sharing sites by monitoring activity themselves over a two year period. They found as they note in their paper presented this week at the SecureComm conference, that virtually all users of such sites wind up having their IP address noted and recorded at some point.


BitTorrent file sharing sites work by means of a Peer to Peer sharing scheme. Users log in and download chunks of a file they want from several different other users at the same time who share the load as a swarm. At the same time, files that they've already downloaded are shared with others. The protocol and hosting sites, known as trackers don't differentiate between files that are traded legally, or illegally, hence the presence of monitors, which are "users" or clients that log in for the express purpose of finding out who is downloading illegal content. The very nature of the protocol makes it very easy for such monitors to note which users are downloading which files as it's all tracked via IP addresses.



One way to get around having an IP address cataloged by a monitor is to block their IP address; disallowing them from joining the swarm that is sending pieces of files. Users who frequent BitTorrent sites generally become aware of what are known as blocklists (lists of the IP addresses of known monitors); unfortunately, the researchers found such lists to include many false positives and negatives, making them generally useless in preventing monitoring.

To figure out which clients were real users and which were monitors, the researchers noted several characteristics of the monitors that make them stand out. One was the fact that monitors tend to hold a large number of the subnets that access sharing sites. Other ways were that they tend to stay connected a lot longer than regular clients and to connect to a lot more swarms and also generally fail to report actually ever completing downloads. In short, they are simply much busier and active, though with little to show for it, than users who generally tend to only log on when they want a certain file and then go away for a period of time after they get it.

After compiling lists of IP addresses they suspected of belonging to monitors, the team compared them against other known information about such IP holders and were able to verify that many of them were indeed known BitTorrent monitoring entities. They conclude by making it clear that virtually everyone that uses such sites to download files will have their IP address cataloged at some point, but add that the information gathered by such monitors likely wouldn't withstand legal scrutiny.


Research by computer scientists at the University of Birmingham has found that the monitoring of online file sharing is more prevalent than previously thought. They also conclude that in many cases, the evidence gathered through monitoring is not admissible in court. This research will be presented tomorrow at the SecureComm Conference in Padua.

To provide legal evidence of file sharing, a monitoring company must make a direct connection to a suspected file sharer and log their activity. This three-year study is the first to look at the behaviour of monitors that make direct connections.

The researchers' findings include:

Massive monitoring of all of the most popular illegal downloads from the PirateBay has been taking place over the last 3 years.
On average an illegal file sharer, using BitTorrent to download the most popular content, will be connected to and have there IP address logged within 3 hours of starting a download.
Poor collection methods mean the evidence collected by monitors may not stand up in court.

The research was carried out by developing software that acted like a BitTorrent file sharing client, and logged all the connections made to it. Careful analysis of the logs revealed the presence and behaviour of file-sharing monitors.

Most large-scale monitors hide their identity by using third party hosting companies to run the searches for them, but other monitors are identifiable as copyright enforcement organisations, security companies and even government research labs. The researchers also found that the use of third party hosting companies allowed the monitors to avoid 'block lists',that attempted to stop known monitors from connecting to file sharers.


Dr Tom Chothia, researcher at the University of Birmingham's School of Computer Science, says, "This work reveals the full scale of the monitoring of illegal file sharers. Almost everyone that shares popular films and music illegally will be connected to by a monitor and will have their IP address logged. What is done with this information in the long term only time will tell".

With the number of prosecutions of file sharers increasing there is a legitimate concern of the standard of evidence used in these cases. Dr Chothia continued: 'All the monitors observed during the study would connect to file sharers believed to be sharing illegal content and verify that they were running the BitTorrent software, however they would not actually collect any of the files being shared. Therefore, it is questionable whether the monitors observed would actually have evidence of file sharing that would stand up in court.'

This work was carried out by Tom Chothia, Marco Cova, Chris Novakovic, and Camilo Gonzalez Toro at the University of Birmingham's School of Computer Science.


Provided by University of Birmingham










Comments

Popular posts from this blog

TOP SECRET DUMBS (Deep Underground Military Bases)

Highway of death

Imperialism and its agents