by: Tom Corelis
Scientists demonstrate that it's possible to implicate most anything of piracy
Practically anybody – nay, anything – on the internet can be framed for copyright infringement today. Obvious targets might be another person, but one could choose innocuous “nonsense” devices like network printers and wireless access points if they wanted to.
Such revelations come compliments of a new, neutral study released by University of Washington students and faculty, titled Challenges and Directions for Monitoring P2P File Sharing Networks, or Why My Printer Received a DMCA Takedown Notice. Published earlier this month by graduate student Michael Piatek and faculty members Tadayoshi Kohno and Arvind Krishnamurthy, the paper outlines a variety of attacks the trio was able to successfully conduct against “arbitrary” network nodes – people, or in a handful of cases, devices – that successfully resulted in a variety of DMCA takedown requests:
By profiling copyright enforcement in the popular BitTorrent file sharing system, we were able to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever.
Further, we were able to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. Our results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.
The group at UW says it was able to bait DMCA enforcers by querying popular BitTorrent trackers “without uploading or downloading any file data whatsoever.” Queries were made every 15 minutes from a collection of 13 “vantage points” at the university, and originally conducted in August 2007. Another survey was conducted in May 2008 with two intentions: to determine how much – if any – enforcement levels had changed, and figure out if it was possible to falsely implicate third parties in enforcement notices.
While the answer to the first question might be obvious, the answer to the second is a bit more intriguing. There are a variety of attacks available to someone with the appropriate know-how and ill intent – and one of them is so simple that all one has to do is send an altered HTTP request to specially-configured trackers.
By taking advantage of trackers configured to record a requesting client’s IP address from the request’s HTTP REQUEST string, as opposed to the source IP address enclosed in the request’s headers, the authors were able to have trackers record any IP address they wanted as an available peer, and subsequently bait the content industry’s DMCA machine into sending a DMCA complaint.
The study also pokes holes in the popular use of IP blacklists by downloaders, which are used in order to inhibit communication with what the study describes as “suspected monitoring agents”. By examining a list of the peers sent to them by trackers for popular torrents, the study’s authors were able to isolate 17 groups of IP addresses (out of a total of 2,866) that appeared to belong to industry monitors like MediaSentry and MediaDefender. “Of the 17 suspicious prefixes, 10 were blocked, and 8 of these, while allocated to a co-location service provider, are attributed in the blacklists to either MediaSentry or MediaDefender, copyright enforcement companies. However, seven of our suspicious prefixes (accounting for dozens of monitoring hosts) are not covered by current lists.”
After repeating the analysis over a period of several days and seeing similar results, the study eventually concludes that popular IP blacklists, such as those published by SafePeer and PeerGuardian, “might not be sufficient to help privacy conscious peers escape detection.”
“On the other hand,” it concedes, “our analysis implies monitoring agents could be automatically detected by continuously monitoring swarm membership and correlating results across swarms.”
With enforcement against piracy at colleges on the rise, and the content industry’s proclivity for filing automated complaints against IP addresses it hasn’t actually downloaded anything from, the UW’s study deals blows to pirates and enforcers alike. The content industry’s enforcement efforts – characterized by its argument of “making available,” which it uses to justify complaints issued without actually downloading anything from the alleged infringer – are potentially vulnerable to abuse, while pirates’ IP blacklists – relied on by many as an effective privacy agent and enforcement countermeasure – are equally flawed.
