Slashdot Mirror
New Tool Promises To Passively ldentify BitTorrent Files
QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.
So, if for instance, Verizon or AT&T start using this tool, does that mean they lose common carrier status?
Those who believe the Internet is private,
find their privates are on the Internet.
I'm assuming this has no chance of defeating encrypted connections?
Reviewing just the first hour of video games.
For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)
Till they come up with a good way to figure out whats going across the network encrypted, they will just be wasting their time.
I came, I conquered, I coredumped
According to the article the method is currently too slow to be implemented and fails for encrypted traffic. So not quite the BT killer yet.
Passive? Big deal. Sounds obvious.
Er... does it work with encrypted transfers?
Upward mobility is a slippery slope - the higher you climb the more you show your ass.
Just one more reason to encrypt my traffic.
And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?
Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
More restrictions on content? More encryption.
Better cracking techniques? Better encryption.
Tyrannical government? Revolution.
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
If you make breathing illegal, only criminals with breath.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
No surprise there. Air Force calls itself the "Ivy League" of armed forces, but they have their own methods of treating their own like shit. A guy I know had his computer yanked by OSI because he was suspected of possessing Cee Pee, but nothing ever came of it and the bastards didn't even return his computer.
;)
The Gestapo-like OSI recruit airmen with special skills or college credit out of techschool to become professional rats. See that guy in your dorm party pretending to drink the same beer all night? That's the one. A guy in my unit walked free from drug use punishment because the OSI coerced an interrogation of out him without reading him his rights.
For those of you in the Air Force, don't believe the OSI hype. All they do is bust airmen for underage drinking and minor drug offenses when they're not sitting on Limewire all day looking for Cee Pee. Should they pull you in for questioning, simply be as vague as possible or say nothing at all. They pulled me in(just like in the movies - Mutt and Jeff interrogation with one-way mirror) to question me about others' drug use, but luckilly I was drunk at the time the alleged use occurred so I didn't remember
From the article:
Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.
I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.
Bit torrent isn't illegal, downloading copyrighted material is. If I use bit torrent to share ubuntu CDs, does that mean I'm as evil to this piece of software as a person who is uploading a Motion Picture?
It depends on how they're identifying the illegal content.
If its by checking for known checksums/hashes for certain blocks then its not too hard to defeat.
But wouldn't it be possibly to catch them 'sniffing' your transfers & prosecute them.
If you create some content and grant everyone except the RIAA/MPAA and it's investigators a license to copy & use the media,
they'd be guilty of copyright infringement if they downloaded any part of it.
I'm off to start writing the script for 'Bilbo Potter and the Prizoner of the Two Crystal Towers'.
So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!
Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.
I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.
Great. An article about a technology that can't be used not only for legal reasons but because of technological ones as well.
By the time this is fast enough to detect things at the speeds it needs to today, we'll be transferring stuff way faster... will it ever be able to catch up? And that's not even taking into account encryption.
I can't tell from the summary. Good being, good for us pirates, not good for law-abiding citizens who realize stealing is stealing, and you'd burn in hell forever, so if us pirates want to, to go right ahead.
So... they invented packet sniffing?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Fuck Cheney
They use packet sniffing and maintain a database of hashes of "bad" files. Does this qualify as new technology? So this is where the air force (Air Force Institute of Technology) spends their R&D budget.
I can hardly wait for this software to hit Demoniod!
We're all doomed
At least, I'm sure that's what the copyright holding associations would argue / propagandize.
This reminds me - is anyone here using I2P? I had a go the other day and it's actually not that bad. At one point, I forgot to turn off my web proxy and was only mildly aware of things being slower than usual. Torrents go pretty fast too: I was getting about 28KBps overall with IPSnark.
This is nothing new and it's just meaningless marketing drivel. It's impossible to tell that *any* network is being monitored. It's not like you could buy an electronic device in a spy shop that can detect network monitoring. Throttling and "traffic management" are different since that is changing the network traffic.
There is only one type of network that can prevent a 3rd party from being able to copy the network traffic. Quantum communications provides that type of infrastructure by making it *impossible* to read the traffic without destroying it.
It's not like network monitoring is really a problem anyways. If you want privacy then just use encryption.
Ohhh, you mean it's useless right? Everyone involved knows that a large amount of torrent traffic is infringing on various copyrights. The goal of the ISPs is to protect their profit margins. They sell unlimited but expect limited. They don't care whether traffic is illicit or not, just that it does not interfere with their business models. The MAFIAA is interested in the contents of the traffic and could care less about network congestion and bandwidth issues. Until the ISPs actually start caring about content, the goals of these two groups are not the same.
Enter Net Neutrality. Only when it is in the financial interests of ISPs to care about content will they start to listen to the MAFIAA. Obviously they could not reach an agreement since the MAFIAA is going to the whores in various legislatures to trade our freedoms for the protection of a few group's business models.
Note, that I don't support piracy on principle. However, I will not give up my rights to privacy and anonymity to protect someone else's copyrights either.
That sounds really easy doesn't? Of course there are only a few dozen really popular public trackers out there they can scrape the thousands and thousands of new torrents each day to update their tables. Don't forget about all the private trackers either that add a file or two that changes the hash to be different from the public torrents containing some of the same files.
Yep. This should be really easy. I can't possibly see how this task could not be reasonably accomplished with just a few salaried personnel on daily basis.
I laughed so hard I almost peed myself at this point. Legal viewpoints change more frequently than the weather. If there is enough pressure from private interests in the U.S and abroad I don't think a little thing like privacy will stop them.
I just knew there was a p
Then you won't have any problems whatsoever!!
There used to be a program called P2PWatchdog that passively identified P2P content and could name the content. They could even do this with encrypted streams. However, the DMCA put them out of business because they were decrypting the streams and someone objected. I still have a copy of the program. Using it back then we caught several child ponographers.
This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).
This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.
The only notable thing about this article is that it points out how clueless tech journalists really are.
All you'd have to do is come of with some system for changing the hash on a peer-specific basis.
The hash is how data is verified. You can't just change the hashing mechanism on a peer-specific basis because you're sharing the same data with thousands of different peers. That would require every single peer to host a specific hash for each other peer, or worse, convert between hashes on the fly.
The flaw in this method is the hashes themselves; the only way to detect the so-called illicit content is by knowing the specific encoding. This stops camcorder films and screener rips because they are encoded by well-seeded individuals. This does NOT stop your standard DVD or TV rip. For example: Joe and Bob go and buy a DVD, splitting the cost. Each of them have the exact same model of computer and even the same versions of all their software. Joe encodes the DVD to a nice 700mb h264 MP4 file, then gives it to Bob. Bob encodes the DVD in the exact same manner before giving it to somebody else. Despite this, Joe and Bob's resulting files have different hashes. They're damn close to the same data (bit for bit!), but there is an ever-so-slight difference which makes the hash differ. You can't tell they're similar (by the hashes) at all.
The only way to automate such policing would be to combine this simple method with a more complex one, such as participating in the p2p, downloading the media, and comparing it to a massive archive. This sort of thing is already available; check out Shazam, a free iPhone (et al) audio fingerprinting service, for example. Note it would need a longer sample time to account for fair use, and it would need some video equivalent to effectively detect movies (which is almost certainly being developed for YouTube). In fact, it's this use of that concept that scares me so much of it ... it's only a matter of time.
(also: why is every post I reply to these days titled "Yawn" ? can't we be more creative?)
Use my userscript to add story images to Slashdot. There's no going back.
There's a well-known technique for dealing with dictionaries of hashes - add some meaningless bits to the content before computing the hash, so that the number of possible hashes increases. This is cheap for everyone except a person trying to keep a dictionary of all possible hashes.
It requires a database of "illicit" files' hashes. How does a file get onto this blacklist? By the time they know the hash, they've had to have already actively acquired it from someone.
"Another drawback is that the system cannot cope with encrypted files."
Even the article mentions that anyone doing something they want to hide is more likely to check the "encrypted only" checkbox. I work on NetSpective WebFilter, which has been passively identifying encrypted protocols that try to hide themselves like encrypted BitTorrent (both standard and Azureus), Skype, and UltraSurf for years. It also lets you choose to block any of these protocols you don't want on your network.
"If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved."
Maintaining a list of hashes is not a new idea, as they seem to claim. It was abandoned because the list is insanely painful to manage, and it is insanely easy to get around. These guys aren't even trying to provide a list, which might be worth something (until the hackers put in the time to work around it). They're just sniffing/logging the hashes, which is child's play and worth almost nothing.
I'm not sure how the info hash is derrived, but if its based on the contents of the torrent, could'nt you just pad the contents to change the hash as well? This whole thing seems like a waste of time and resorces, and really easy to circumvent.
I like the way the summary tries to equate torrent with illicit. Interesting, on a site full of linux people who have probably torrented more than one distro in their lives.
Anyway - good luck with that.
Seven puppies were harmed during the making of this post.
i was thinking that the definition of a hash pretty much guarantees that a false positive is possible. but, then again, if you receive a hundred hashes that all match packets from the same file, then you're pretty well screwed ...
So the US military wants all our ISP's to install a chip to monitor all network traffic and then store all those connection locations so it can later analyze this data. All under the guise of protecting our beloved copyrighted content.
Anyone see the possibility of other uses/motivations here?
I believe that this US agency may be attempting to disprove their working theory that file sharing correlates to terrorism. ... Na... even they cant stomach that sort of crap anymore.
FYI: Yes I DID READ the article.
I wonder if it can specifically identify legal content, too.
Ask any government official or *IAA lawyer... NONE of it is legal. EVAR.
I am thoroughly amused by articles like this that essential start out as:
"Hey, look we got! Yackkity, yakkity, yak, yak..." ...And end with something along the lines of...
"...Well, its pretty damn useless considering xxxxx and xxxx are already in use and defeat it completely."
Why do people even bother printing such useless information, much less invest millions of dollars into such a product?
I wonder if it can specifically identify legal content, too.
So why would the likes of the RIAA and MPAA want to do that?
They're interested in finding criminals, not showing that people are innocent.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
isn't it a packet sniffer? Isn't that illegal tech for these purposes?
They're using their grammar skills there.
I can see two immediate flaws in this.
Firstly, it picks up the IP addresses from what would have to be unencrypted, obviously untrusted nodes. It makes no attempt whatsoever to verify that data. That makes it inadmissible in court - even as probable cause.
Secondly, it does so using a rudimentary parser that's triggered by the first 4 bytes (32-bits) of the "file's header data", and it checks to see if it's an infohash it recognises as being "illegal". This is hardly likely to be secret; one could simply visit The Pirate Bay's top100 and download a few torrent files for yourself and be fairly certain of hitting that list at least once, and quite possibly at least 90 times!
And it writes that data to a Flash card. Flash cards have a limited number of writes and a generally low capacity, yet this is designed to work at 100Mbit. A few properly designed packets would hit the buffer every single time with fake IP addresses.
Rinse and repeat for a few hours, and the device will bake itself.
Conclusion: This is dumb, and digital forensics should be embarrassed.
Someone mentioned be before that the technology hasn't been tested for false positives. I would like to indicate that their system will inherently generate false positives. A hash is derived from an irreversible function performed on the file that is being transfered. This is often used to test the integrity of transfered data. This would protect against corruption that occurs in the data stream. The major issue with hashing is that the hash is not a continuous function. Continuous means that for every input there is one output. This means that there could easily be a false positive when a duplicate hash occurs. The fact the team developing this technology mentions it means they understand there might be false positives means that they understand this limitation and this technology is only a proof of concept.
Blah, It's just scare tactics. How you gonna stop 3 billion Chinese pirates?
Can someone please explain to me how they plan to view the files of encrypted traffic without it being illegal?
...or, you know, just be plain illegal due to attempting to access people's personal files.
One would think that if they happen to decrypt anything with copyright protection that it would then violate the DCMA, as per various ridiculous recent rulings of the sort.
DNA -- National Dyslexic Association
I feel much safer knowing that US tax dollars are being spent to keep us all safe from copyright infringers.
Hey, maybe they could get Bin Hideninplainsight for copyright infringement the same way they got Al Capone for tax evasion.
Newsflash: revolutionary new tech allows a network probe.... to classify traffic by matching TCP/IP profile and protocol inspection
How is this different to, er, any sniffer or monitoring tool out there. Or any Cisco router with NBAR turned on. Solarwinds, statseeker, ntop, you name it (network monitoring suite) and they ALL have features that allow probes (or use netflow or both) to gather traffic info including by protocol.
Slashdot's standards are slipping greatly, esp. anything NOT to do with servers, dev and/or coding, apparently all the real network techs have gone on holidays or something
Music is free for the taking and there is nothing that can stop that. If you don't understand that, you are missing one of the essential points of the 21st Century.
Movies are just about as free. Nobody is going to pay unless they believe the wrapper in the DVD case is work $20. Or they are worried about missing out on all those ads for previously upcoming movies. Download as much as you want, there is no way the tap can be turned off now.
Software? Well, count how many pirated copies of Photoshop and Office there are and then come back and tell mw how it is viable to build a new consumer-oriented software product today. If there are not specific platform prohibitions against "sharing", it is going to be "shared". In the 1980s it was assumed that an Apple product would sell two copies, one on the East coast and one on the West coast. We are pretty much there today except for a relatively few niche products. Some companies try to avoid the avalanche of pirated software and a few get burned by the BSA. But at home sales are pretty low and usage pretty high.
Block BitTorrent? Sure. It will take a week to have a completely new protocol that will sweep across the planet which will once again make everything freely downloadable.
It is a matter of ethics, responsibility and morality. We have taught an entire generation that on the Internet there is no need for quaint concepts like these and we are seeing the results. Things like teenage girls being tricked into assisting with their own rape. Things like lossing in the millions due to scams and cons. Sorry, but this is indeed the result. Actions on the Internet do not have consequences. That is taught to people online every day - I think it is working.
If you read the article, you know the answer to these questions.
They plan to sniff for the hash, of course, and compare it to a list of hashes for "forbidden files".
It's not new technology - the same approach is used in China (according to the article).
And no, I don't think this is legal in the EU (not yet at least), and certainly not in the U.S., as it requires sniffing through everybody's stuff, regardless of what they're downloading.
encrypt... Absolutely... EVERYTHING!
...makes me glad I live in a technologically backward country.
Azureus (and many other bit torrent clients), have this magical tool called "view peers"
Oh my god! I just identified dozens of people to sue, and if I put a logger into the client, which is open source, i can identify practically everyone!
In other news, there are millions of torrent files and a couple p2p snitch firms. I guess its time to take a paddle and start trying to beat back the ocean.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
More encryption? Better cracking techniques!
Better encryption? Tyranny!
Revolution? Martial law!
Ahh, the gubbiment, always one step ahead, except when it comes to economic crises.
disclaimer: I do not believe the gubbiment is organised enough to blow a gay hooker in a bathroom safely, let alone run a conspiracy
There is nothing new about this to anyone with any familiarity with the BitTorrent protocol. The hash is available whenever peers negotiate connections for a torrent. Snort rules have existed for this forever. Encryption is only a problem if you don't know the encrypted hash...which SURPRISE is available as long as the torrent is still being served from the tracker. Peers use the same encrypted hash to communicate.
Using packet sampling and Snort you can do this on over 150 1gig links TODAY. What do these people think a copysense appliance does with a 100Mbit mirror port? 1Gbit isn't even that difficult with today's commodity hardware.
Nothing pisses me off more then a bogus "new development". Should expect it from Slashdot I guess.
--"It's Bradford Company, slash your last name, dot your first name"
I call B.S.
Just because they SAY that they have this doesn't mean they do. It's just FUD to try to get people to stop file sharing.
From TFA
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
/ducks for reading TFA
I encrypt everything I can as a matter of course, weather I "need" to or not. Largely because I can, but also because it's good policy in general to preemptively defeat stupid crap like this.
Kicking off the start to the more widespread use of encryption also has to begin someplace, so I figure I may as well encrypt everything I can. All current Bittorent clients support encryption, and in most (like uTorrent and Deluge) it's simply a matter of checking a single checkbox to make it happen.
Ain't nobody's business what comes and goes from my computer or yours, regardless of its legality.
What would they do? force us to decrypt it? that's a violation of human rights.