This week we saw the proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ?10). Past years had seen the release of plenty of novel and groundbreaking research, so expectations were high.
A group of researchers from I.N.R.I.A. in France published an impressive paper on new techniques for identifying and tracking users of the BitTorrent protocol titled, "Spying the World from Your Laptop: Identifying and Profiling Content Providers and Big Downloaders in BitTorrent" (Abstract, Full paper, Slides). From their website, I.N.R.I.A. is the French national institute for research in computer science and control.
In the paper, the researchers describe a series of experiments they performed to identify and profile BitTorrent users. In particular, the researchers tested methods to identify two important classes of BitTorrent user: "Content Providers" and "Big Downloaders".
A content provider is a user who provides the initial seed (i.e. complete copy) of a particular item of content (e.g. a video file). The researchers report that they were able to successfully identify the content provider for 70% of contents monitored by their system. Their findings conclude that relatively few content providers insert most of the content. Of the top 20 content providers identified, half were using the IP addresses of machines hosted by two French and German providers. However, further analysis showed that the content providers were probably not French or German nationals, and further, that the nationality of a content provider is difficult to extrapolate from the physical location of the computer they use.
Like many networking technologies, the BitTorrent protocol may be used both legally and illegally (e.g. to illegally share copyrighted content). While parties using BitTorrent for illegal purposes obviously have a vested interest in avoiding identification, legitimate users also have reason to be concerned by these findings. With a better understanding of the ease at which they may be identified and tracked, legitimate users may want to weigh the privacy risks involved in sharing their content over BitTorrent.
Today's Security Strategy Must be Future-Proof
CTU Research Incident Response and Management Information Security Intelligence Risk Management