Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Frame a Printer For Copyright Infringement

Posted by timothy on from the point-the-finger-point-it-well dept.

An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."

6 of 325 comments (clear)

  1. Re:Glad it's in a reputable media source by Hyppy · · Score: 5, Informative

    Somewhat offtopic, but related to your post. The EFF maintains a mailing list for technologists who would be willing to assist as witnesses or in other ways for cases such as this. When an attorney needs an expert witness for, say, a defense case against the RIAA, the EFF happily forwards it to this list. http://www.eff.org/about/opportunities/volunteer

  2. Re:Too flimsy by Anonymous Coward · · Score: 3, Informative

    Did you miss the part where any malicious client can send an alternate client IP address to a tracker which supports the appropriate protocol extensions; the tracker will then report that IP address as participating in the swarm?

    Also, consider this: As commonly compressed, each reported peer takes up essentially 6 bytes; 4 for the IPv4 address, 2 for the port, because the less data the trackers have to push out during a scrape, the better.

    That gives a two-third chance that any corruption (undetected by the embarrassingly small IP checksum) of any single byte in that packet would falsely implicate an IP address.

    Look at how often your client gets bad data owing to something corrupting it on the way or faulty network gear; corruption that BT itself detects through piecewise SHA-1 hashing.

    But the scrape is not protected against this, and given the number of automated requests issued, it's highly likely that many innocent IP addresses have been targeted (and indeed, ask around; all the anecdotal evidence strongly supports that hypothesis).

    Further, this is solid evidence that the same enforcement companies providing data used for RIAA and MPAA lawsuits have a methodology which is not only flawed, but falls far short of what might be considered due diligence; they are believing the responses of servers which could very well detect that these are so-called "Judas nodes", and deliberately provide responses seeded with bogus requests... ...or servers set up by other monitoring organisations as malicious trackers, which are, amongst other things, deliberately reporting non-existent clients to attempt to frustrate their malicious torrents.

    Even worse if they're believing peer exchange or DHT inserts. This is actually pretty damning evidence against their reliability.

    It also contains easily enough information for just about anyone with enough resources (for example, The Pirate Bay) to identify with a high probability all of the IP addresses currently used by reporting agencies. And block them, and maybe even tell us what they are, because the agencies are rapidly running out of blocks (especially if they're going to launch synfloods from them and risk getting their transit cut off).

    Thanks, guys. Nice work there. I hope one of you springs for the printer's bail bonds. :-)

  3. Re:Sweet! by despe666 · · Score: 3, Informative

    Ding ding ding! You figured it out. I'm guessing these guys will be very busy being expert witnesses in upcoming trials.

  4. Re:PC LOAD MUSIC by Anonymous Coward · · Score: 4, Informative

    From God^H^H^HWikipedia:

    The term was popularized by the comedy cult film Office Space. Michael Bolton (David Herman), one of the three main characters, reads the error message from the LCD status display on a fax machine, after which he asks, "'PC Load Letter'? What the fuck does that mean?"

  5. I have been getting these five years ago by guacamole · · Score: 3, Informative

    I used to work as a sysadmin in academia and we used to get such false infringement notices on a regular basis. Here is a typical story. Some professor, let's call him Smith, puts some tar and zip files on this webpage or on his ftp site, which naturally has a URL like ftp:somehost.edu/pub/users/smith/bundle.zip

    Eventually we get emails some trade association: "We are asking you in good faith to remove the material that infringes on out IP rights. The site in question is such and such and it contains a copy of a Nintendo game "Mr. Smith's Day Out"" or some other non-sense like that. I found those amusing.

  6. Re:Sweet! by mysidia · · Score: 5, Informative

    Sorry, I have to debunk the theory that it is only technically possible to spoof a source address on your local subnet, it's just not true.

    First of all, you can send people in your local subnet messages with any fake outside source IP you want, and there are various techniques to convince your local subnet's router to send _you_ the response traffic instead of the rightful recipient, so you can have full socket connectivity in both directions.

    (I.E. ICMP redirect packets sent to the default gateway, static routes, etc)

    Also, there are methods to spoof source IPs outside your subnet, even when sending to destinations outside your subnet, unless your provider is specifically using techniques to block spoofed traffic (which possibly, some are now).

    If you can guess the right sequence numbers and port numbers (very hard), then you can even inject data into someone else's live TCP connection, or just force that connection to close (by sending a RST)

    Use of technologies such as SSL or TLS protect against sending unauthorized commands or allowing corrupt data to be transmitted, but don't protect against a third party forcibly closing the connection.

    Spoofing outside the subnet is just extremely difficult, and fairly improbable for targets utilizing modern TCP stacks -- but theoretically possible; IRC networks used to have problems with script kiddies generating spoofed clone floods.

    (This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)

    Receiving traffic in both directions over a spoofed connection is also possible, but hard, I.E. requires hijacking the legitimate equipment's IP, and fooling network equipment into sending traffic to the wrong place (the spoofer's computer).

    I'm not saying it's easy, safe, invisible, non-destructive, or you won't easily get caught, but I must say that such spoofing is 100% possible.