
An Anomaly in the μTorrent network - flux_w42
http://www.cert.pl/news/5365/langswitch_lang/en
======
guard-of-terra
[http://torrentfreak.com/microsoft-funded-startup-aims-to-
kil...](http://torrentfreak.com/microsoft-funded-startup-aims-to-kill-
bittorrent-traffic-120513/) Maybe we have this thing field testing on great
scale? Titles suggest it may be the case.

Discussion: <http://news.ycombinator.com/item?id=3966774>

~~~
dcornu
"The company doesn’t reveal how it works, but they appear to be flooding
clients with fake information, masquerading as legitimate peers."

"For a month Pirate Pay’s technology protected the film “Vysotsky. Thanks to
God, I’m alive,” (distributed by The Walt Disney Studios Sony Pictures
Releasing company) with moderate success."

Sounds likely to me

------
jakejake
It always seemed to me that the simplest way to protect content is to just
upload a bunch of garbage with the same file name making it impossible to
locate the actual movie, app, etc. It doesn't seem like it would require a lot
of sophistication either. It could probably be done effectively, even showing
a 90-minute repeating trailer for the movie or something similar. I think a
lot of people pirate simply because it's the easiest way to get a movie. If
paying $9.99 becomes the easiest way, then a lot of casual pirates will just
buy it.

Virus writers seem to like this technique, uploading garbage to usenet. (50Kb
files pretending to be a feature film, etc). I've always wondered why movie
studios didn't do more of that.

~~~
repsilat
For films and the like it might be easy to get around this - the release teams
could sign their releases. It might be theoretically difficult for them to get
their public keys out into the ecosystem, but it would be pretty easy in
practical terms.

For arbitrary data you could possibly have a rating/tagging system. I guess
the content industries could fudge the votes, but if the votes were tied to
identity/pseudonyms they'd have to be clever to beat any kind of data
analysis.

The effectiveness would probably depend on how many garbage alternatives you
provided, and how sophisticated/varied their uploading is. Too many bad files
and voting and signing might not be practicable, and you'd have to resort to
some kind of automated spam-detection. White-listed sources are workable in
the worst case, but I'm sure there would be other, better ideas around.

~~~
gcr
Signing pirated media? Would the release teams really want to give the RIAA
the ability to cryptographically prove that they were the ones who released
the material?

~~~
sneak
Last I checked, nobody's requiring government-issued ID for generating RSA
keys.

~~~
dolbz
No but if you're caught with a hard drive full of pirated material AND the
encryption keys for those releases then you're gonna have a hard time in
court. The keys need not be government issued to prove you're responsible.

~~~
sneak
How exactly are they to prove that nobody else has those keys? I think you're
overthinking it.

~~~
TeMPOraL
But the whole idea is for them and only them to have those keys; otherwise the
system is worthless.

------
aw3c2
I have no idea how to interpret those "layered pie chart" diagrams, I guess it
shows something about the trackers?

~~~
sp332
Each layer is a different tracker. The amount of the layer that is blue is the
% of nodes on that tracker that are seeders. The orange part is the % that are
peers (not seeding). Usually the graph looks more like the one for Lost -
mostly orange peers with a few blue seeders. The unusual ones are mostly made
of nodes that are (claiming to be) seeders.

------
WiseWeasel
I wonder if this might have anything to do with more people trying to use
hacked up BT clients in the hopes of avoiding ISP crackdowns supposedly
imminent in the US (and already in effect in other countries):

[http://www.seba14.org/2012/01/03/hacked-sb-innovation-
vuze-e...](http://www.seba14.org/2012/01/03/hacked-sb-innovation-vuze-extreme-
mod-4605_b04-ddj/)

[http://news.cnet.com/8301-31001_3-57397452-261/riaa-chief-
is...](http://news.cnet.com/8301-31001_3-57397452-261/riaa-chief-isps-to-
start-policing-copyright-by-july-1/)

------
Zirro
"uTP on the other hand allows BitTorrent nodes to dynamically adjust bandwith
congestion at the protocol level and also provides some additional functions,
like support clients using low bandwidth or sharing ADSL line with a web
browser."

In other words, this isn't a threat to Bittorrent as a technology alone, yet.
I wonder how much of an impact it makes on uTP-enabled clients and if you'd be
better off disabling it if you connect to an affected swarm.

~~~
johnchristopher
Correct me if I am wrong: won't those uTP forged/bad "datagrams" be dropped by
the client when hash don't match ? And then wouldn't the client ban those
source IPs from its pool of connected peers ?

------
swombat
Skynet? Is that you?

Can anyone translate this article into language that those of us not familiar
with traffic analysis can understand?

~~~
tbundy
I had the same thought. TorrentFreak explains it quite nicely:
[http://torrentfreak.com/anti-piracy-outfits-launch-attack-
on...](http://torrentfreak.com/anti-piracy-outfits-launch-attack-on-
bittorrent-protocol-120519/)

Those guys really are great journalists.

~~~
StevenRayOrr
I do not pretend to understand very much of the original post. The
TorrentFreak "translation" did make it a bit more clear, but I'm pretty much
boiling this down to, "somebody is trying to poison the Internet -- if not
now, then sometime soon".

It's easy to forget how young a medium the Internet is and that there are
going to be a lot of pitfalls along the way that we haven't begun to imagine.
This seems to be one of those. I guess the question that I have is simple:
what happens next?

~~~
tbundy
Maybe the group will be discovered and shamed, maybe it won't. I'm guessing
the vast majority of Bittorrent users will never be affected.

