New Tool Promises To Passively ldentify BitTorrent Files

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

hmm

[Anonymous Coward]

More restrictions on content? More encryption.

Better cracking techniques? Better encryption.

Tyrannical government? Revolution.

Completely Biased and Worthless

[RingDev]

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

If you make breathing illegal, only criminals with breath.

-Rick

Yawn

[happyemoticon]

From the article:

Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.

I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.

Re:Encryption?

[jandrese]

TFA specifially says that it doesn't work on encrypted traffic. In fact the whole thing seems to have some rather bogus qualities to it.

It uses a FPGA, but is stuck at a rather pokey 100Mbps. All it does is compare the encoded hash value in the Bittorrent header against a list of known illegal hashes. Hashes you have to program manually.

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

Re:Carrier Status?

[click2005]

How would you start lobbying congress about making it reality? Common Carrier status in exchange for Net Neutrality.

When the phone companies switch to a fully IP based network like BT is doing over here in the UK, will they lose the common carrier status?
The difference between Telco & ISP is so thin these days already that i'm surprised the law has never been updated.

I'm not asking you specifically, just anyone who might know.

Re:Carrier Status?

[Anonymous Coward]

ISPs have no interest in being considered common carriers, because they already get all the same legal protections, without needing to meet the requirements or possibly lose the protection if they fail to meet them.

Re:Carrier Status?

[Anonymous Coward]

"...then they have some very heavy legal liability issues that common carriers do not have to deal with."

I've always wondered how Earthlink, RR, etc. can get away with all the warez, music, movies, and porn hosted on their own usenet servers, and made available to their subscribers.

Re:Encrypted traffic...

[Sloppy]

That's a lot of "we could"s. How about just using the global OpenPGP WoT, and stopping the problem in its tracks?

Once you have a distributed authentication system (which is what lets you exchange keys safely), email is just one of the applications you can build on it. Sounds like you guys have another. Whatever. The more things it's used for (the more people who connect to the WoT) the better it works for everyone.

Quit building a redundant but also specialized infrastructure, and instead, join the original.

Re:Carrier Status?

[Jane Q. Public]

This is a very good point and part of what I was saying. I see no ACTUAL difference between what were once known as "common carriers" and ISPs, EXCEPT that they seem to want to provide content.

However, here in the U.S., the government (the FCC in particular) has historically been adamant about keeping carriers and content separate, largely because of the danger of monopolistic practices on the part of a corporation that was both the content carrier and the content provider. Another concern was that if carriers (which tend to be large and centric) controlled content as well, there would be too much control over services like news, for example. And I see no logical reason that policy should change, considering that the concerns are at least as valid today as back when the policy was first formulated, decades ago.

Re:Encryption?

[Dreadneck]

Right, because we all know that this technology couldn't possibly be used to analyze anything other than bittorrent traffic. It would be totally impossible to use it to inspect emails, right? That's just crazy science fiction - no way could it happen in the real world. Besides, we all know that only criminals use bittorrent. Who would possibly think of using it to distribute political documentaries [mininova.org] or leaked government documents [wikileaks.org]?

Re:Encryption?

[nemesisrocks]

Similar to police speed traps: red light cameras.

Both of these devices assume that you're guilty until proven innocent. There can be legitimate reasons for crossing the white line when the light is red -- for example, to move out of the way for an emergency services vehicle.

I had a friend who was booked for running a red for this exact reason. He had to take it all the way to court to have the fine (and demerit points) dismissed.

Re:Encryption?

[thePowerOfGrayskull]

-Roadside cameras reading every license plate to find stolen cars and people with warrants on them.

Alright, I know this won't be a popular view, but is that a Bad Idea?

I don't mean the theoretical slippery slope arguments about loss of privacy - if you're out driving, you don't have it to begin with. Who loses in this scenario? The guy who gets his car back... guess not him. The people driving legal cars? Nuh uh. The people driving who have no outstanding warrants? Nope, not them either. Seems the list of people who actually lose is pretty narrow (ie, those who have stolen or have warrants out for them).

Naturally, it can be abused - Anything designed to aid law enforcement can be abused and it would be a lie to say that such tools are /not/ ever abused. But is that enough to make it a bad idea?

Re:Encryption?

[mochan_s]

I was wondering, would this defeat this scheme?

Let bittorrent deliberately make errors in the data transmitted. Hashing is very sensitive to small changes.

Also, transmit it with error correcting codes so that it can be put back together by the receiver but the hasher gets garbage.

Finally, so that the hasher doesn't do the error correcting themselves, send the parity encrypted with the keys exchanged beforehand.

I suppose it's still open to man in the middle attack though.