Print 17 comment(s) - last by plowak.. on Jun 23 at 4:24 PM

Scientists demonstrate that it's possible to implicate most anything of piracy

Practically anybody – nay, anything – on the internet can be framed for copyright infringement today. Obvious targets might be another person, but one could choose  innocuous “nonsense” devices like network printers and wireless access points if they wanted to.

Such revelations come compliments of a new, neutral study released by University of Washington students and faculty, titled Challenges and Directions for Monitoring P2P File Sharing Networks, or Why My Printer Received a DMCA Takedown Notice. Published earlier this month by graduate student Michael Piatek and faculty members Tadayoshi Kohno and Arvind Krishnamurthy, the paper outlines a variety of attacks the trio was able to successfully conduct against “arbitrary” network nodes – people, or in a handful of cases, devices – that successfully resulted in a variety of DMCA takedown requests:

By profiling copyright enforcement in the popular BitTorrent file sharing system, we were able to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever.

Further, we were able to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. Our results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.

The group at UW says it was able to bait DMCA enforcers by querying popular BitTorrent trackers “without uploading or downloading any file data whatsoever.” Queries were made every 15 minutes from a collection of 13 “vantage points” at the university, and originally conducted in August 2007. Another survey was conducted in May 2008 with two intentions: to determine how much – if any – enforcement levels had changed, and figure out if it was possible to falsely implicate third parties in enforcement notices.

While the answer to the first question might be obvious, the answer to the second is a bit more intriguing. There are a variety of attacks available to someone with the appropriate know-how and ill intent – and one of them is so simple that all one has to do is send an altered HTTP request to specially-configured trackers.

By taking advantage of trackers configured to record a requesting client’s IP address from the request’s HTTP REQUEST string, as opposed to the source IP address enclosed in the request’s headers, the authors were able to have trackers record any IP address they wanted as an available peer, and subsequently bait the content industry’s DMCA machine into sending a DMCA complaint.

The study also pokes holes in the popular use of IP blacklists by downloaders, which are used in order to inhibit communication with what the study describes as “suspected monitoring agents”. By examining a list of the peers sent to them by trackers for popular torrents, the study’s authors were able to isolate 17 groups of IP addresses (out of a total of 2,866) that appeared to belong to industry monitors like MediaSentry and MediaDefender. “Of the 17 suspicious prefixes, 10 were blocked, and 8 of these, while allocated to a co-location service provider, are attributed in the blacklists to either MediaSentry or MediaDefender, copyright enforcement companies. However, seven of our suspicious prefixes (accounting for dozens of monitoring hosts) are not covered by current lists.”

After repeating the analysis over a period of several days and seeing similar results, the study eventually concludes that popular IP blacklists, such as those published by SafePeer and PeerGuardian, “might not be sufficient to help privacy conscious peers escape detection.”

“On the other hand,” it concedes, “our analysis implies monitoring agents could be automatically detected by continuously monitoring swarm membership and correlating results across swarms.”

With enforcement against piracy at colleges on the rise, and the content industry’s proclivity for filing automated complaints against IP addresses it hasn’t actually downloaded anything from, the UW’s study deals blows to pirates and enforcers alike. The content industry’s enforcement efforts – characterized by its argument of “making available,” which it uses to justify complaints issued without actually downloading anything from the alleged infringer – are potentially vulnerable to abuse, while pirates’ IP blacklists – relied on by many as an effective privacy agent and enforcement countermeasure – are equally flawed.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By LorKha on 6/20/2008 11:00:58 AM , Rating: 3
With everything being right now in America, where you can basically bend the justice system around and sue anything you want, we are damn lucky that CHUCK NORRIS HASN'T sued us (Americans) for his CHUCK NORRIS jokes.

On that note, Don't go googling for Chuck Norris, you won't find him. He'll FIND YOU!

By bighairycamel on 6/20/2008 12:21:45 PM , Rating: 2
Chuck Norris makes crippled people run away in fear.

By BruceLeet on 6/20/08, Rating: -1
By InternetGeek on 6/20/2008 6:50:34 PM , Rating: 2
He did. And took the suit back after he realized how stupid it was. Go to the Chuck norris facts site. The man even chose a few himself.

By maverick85wd on 6/21/2008 5:30:17 AM , Rating: 2
If you misspell Chuck Norris in the google search bar it doesn't say, "did you mean: Chuck Norris?" it tells you to run as fast as possible

Chuck Norris once went to The Virgin Islands. They are now referred to as The Islands.

By plowak on 6/23/2008 4:24:30 PM , Rating: 2
I just read a Chuck Norris biography and if my rating doesn't get bumped up right now you can expect a round house kick as taught by Chuck Norris himself!

Too broad a definition
By mcnabney on 6/20/2008 10:59:04 AM , Rating: 5
Making available is clearly not going to fly legally. If that was the case you couldn't have a photocopier or fax in a library, be allowed to take a camera into an art gallery, and the 'copy' feature in all web browsers would need to be disabled. Just because technology allows a business to be able to police the general public does not mean they should be allowed to.

RE: Too broad a definition
By Chemical Chris on 6/20/2008 4:03:19 PM , Rating: 2
Just because technology allows a business to be able to police the general public does not mean they should be allowed to.


A virus is the solution
By MAIA on 6/20/2008 12:46:40 PM , Rating: 2
Imagine creating a virus that could perform automatic http requests to the P2P trackers, just like this guys did.

No way someone would be to blame for downloading any material. "The virus did it !"

RE: A virus is the solution
By nosfe on 6/20/2008 12:56:20 PM , Rating: 5
haven't you read the article? it clearly states that the printer did it!

Mr Ed, is that you???
By Donkeyshins on 6/20/2008 2:49:28 PM , Rating: 3
Practically anybody – neigh, anything – on the internet can be framed for copyright infringement today.

Tom, it should be 'nay' not 'neigh', unless you are talking about P2P horsemanship.

Otherwise, good post. Huzzah for rogue filesharing printers!

RE: Mr Ed, is that you???
By TomCorelis on 6/20/2008 2:58:45 PM , Rating: 3
Heh, sorry about that. It's been fixed -- heck the whole first paragraph was awkward, in retrospect. Can you tell the piece was originally intentioned to be a blog post (I changed my mind about halfway through writing it)? :-)

By gyranthir on 6/20/2008 10:31:21 AM , Rating: 5
Oh Printer! You got some 'splaining to do!

take that RIAA
By omnicronx on 6/20/2008 10:58:09 AM , Rating: 2
Ill bring the food, you bring the drinks, lets party! Looks like the RIAA might have hit a wall here. Whats to stop anyone from claiming that someone faked transmission of illegal files.

RE: take that RIAA
By Master Kenobi on 6/20/2008 11:16:45 AM , Rating: 2
I think more creatively whats to stop you from spoofing or modifying it so that you can download and if anyone tries to query you they get redirected to some random black hole on the internet.

Better picture
By Indianapolis on 6/20/2008 7:51:06 PM , Rating: 3
This picture from Office Space might look good at the top of the story:

By KaiserCSS on 6/20/2008 11:38:00 AM , Rating: 2

"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki