Forensic Investigator Outlines BitTorrent Detection Technology

← Back to Stories (view on slashdot.org)

Forensic Investigator Outlines BitTorrent Detection Technology

Posted by timothy on Saturday July 7, 2012 @07:27AM from the vee-simply-attach-ziss-collar-to-each-bit dept.

NewYorkCountryLawyer writes "In one of the many BitTorrent download cases brought by pornographic film makers, the plaintiff — faced with a motion to quash brought by a "John Doe" defendant — has filed its opposition papers. Interestingly, these included a declaration by its 'forensic investigator' (PDF), employed by a German company, IPP, Limited, in which he makes claims about what his technology detects, and about how BitTorrent works, and attaches, as an exhibit, a 'functional description' of his IPTracker software (PDF)."

6 of 193 comments (clear)

Min score:

Reason:

Sort:

Re:IPTracker Based on Shareaza 2.4.0.0 by JoshuaZ · 2012-07-07 07:40 · Score: 5, Informative

My understanding is that one is only required to give the source if one is distributing the product to other people. As long as the individual keeps the software for themselves, there's no requirement to make the source available.
Re:I2P/Freenet by girlintraining · 2012-07-07 07:53 · Score: 4, Informative

Try tracking us there.
Encrypt all you want. Traffic analysis still screws you every time. The network tries to keep latencies low, so it forwards whatever it receives onto the next hop as soon as it gets it. If you're monitoring the source and the destination, then when it gets decrypted at the destination, you can correlate that with the traversal time through the 'black box' of Tor, Freenet, or whatever... and viola, you know who sent it, when, and what it was.
This is a known problem. It's discussed at length on EFF's website. If your connections are made in bulk, at regular intervals, instead of interactively, then it's a lot harder to do traffic analysis if all the other nodes exhibit the same behavior. But as long as you're trying to be anonymous by simply using a series of proxies that are set to store-and-forward... you're still screwed.

--
#fuckbeta #iamslashdot #dicemustdie
Re:I2P/Freenet by nurb432 · 2012-07-07 08:00 · Score: 5, Informative

Read up on how Freenet works and you will see its not just about data encryption. Due to how it routes, and that data chunks are scattered about It also hides the source and requestors to the point that even if you are on the same LAN and sniffing packets directly you wont know for sure. Sure you can be caught using it which could be a legal problem for you depending on where you live, but they wont know if you are doing the requesting of file parts or you are just passing requests along.
I2P i believe has something similar in place but i'm still learning how their stuff works.

--
---- Booth was a patriot ----
Re:I2P/Freenet by lister+king+of+smeg · 2012-07-07 08:08 · Score: 5, Informative

that is why there is garlic routing. garlic routing is a modification of onion routing used by tor, what it does is bundle packets together so as to make traffic analysis useless. it does have greater latency but should not be a problem unless you are streaming

--
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Re:GUID by Jahava · 2012-07-07 08:26 · Score: 4, Informative

It is not possible that an allocated GUID is allocated to another user again.
I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).
He is technically correct, assuming that the act of "GUID allocation" involves the correct use of a valid GUID generation algorithm by the software in question. That said, as you noted, it's remarkably easy to spoof such a GUID (in this case). His statement implies that a GUID positively identifies a user, which it does not, and is thus a misleading statement.
Re:Well by Grumbleduke · 2012-07-07 09:00 · Score: 4, Informative

Indeed. My understanding of the situation (having followed some of these cases etc., including attending court hearings) is that the tech companies get paid by the IP. Most other parties involved (the copyright owner, the legal team, the holding company that brings the case) get either a percentage of net profit, or a fixed fee. As such, it's in the tech. groups interests to provide as many IPs as they can, as cheaply as possible.
This is why they have been known to cut corners (such as just scraping a list of IPs from a tracker, rather than checking that any given IP is actually sharing the file at the particular time), or spend too much time actually looking into the technology. Interestingly, an "expert witness" in a recent English case noted that he"did not have [the software he was testifying with regard to] installed on his computer, and did not concern himself with how it worked").
In the ACSLaw leaked emails, one thing that was noted was that around 1 in 4 IP addresses that had been identified as infringing weren't even assigned by the ISP at the time when the alleged infringement occurred. That statistic, to me, suggests that something is pretty screwed up is going on with data gathering.