43

CHAPTER 3

PROBLEM ANALYSIS

Peer-to-peer technology has evolved from the first generation until the fourth generation.

P2P technology has been widely used by many people for many purposes. People use it

mainly for downloading files such as software, games, music, and videos.

Figure 3-1 Number of Files Shared with BitTorrent [44]

From the picture above, we can see that audio files are on the top rank followed by

Movies, and then software. Basically software and game they download are the pirated

ones. So, they need cracks or key generator to use those pirated files. Cracks and key

generator usually may have been bundled with viruses or malicious codes. Other use is

for messenger and streaming videos. The two pictures from two different study show

that P2P is still the king in the internet traffic.

22.30%

21.24%

15.04%

11.25%

7.90%

7.11%

6.74%

4.45%3.97%

BitTorrent Files Sharing

Audio: Music

Video: Movie

Video: Porn

Video: TV Series

Other

Software: Games

E-Books

Software: Applications

Audio: Audiobooks

44

Figure 3-2 Internet Protocol Trends from 1993 to 2006 [33]

Figure 3-3 Distribution of Protocol Classes on the Internet 2008/2009 [42]

45

There are many P2P applications that are free to be downloaded such as BitTorrent,

LimeWire, etc. Those applications basically run in the background of users‟ PCs. They

enable the users to take role as downloaders, uploaders, hosting servers, and even the

malicious ones. P2P surely brings huge impact to the network in office, campus, and

other organizations. Because of doing downloading and uploading at the same time, it

surely absorbs high bandwidths. The following figures are the data from file sharing

activities of top 100 Financial Times Stock Exchange (FTSE 100) in UK and Fortune

100 companies.

Figure 3-4 BitTorrent Activity in FTSE 100 Index [72]

The activity in FTSE 100 was quite significant. It showed that about 35% participated in

the file sharing (30% illegal and 5% legal). The next figure is to show the classification

of the companies which are vulnerable to P2P file sharing.

46

Figure 3-5 The Vulnerability in FTSE 100 By Business Type [72]

The figure above showed that health, shipping, and hospitality are the most vulnerable

industries. Now, take a look at Fortune 100 as a comparison below.

Figure 3-6 BitTorrent Activity in Fortune 100 [72]

47

In Fortune 100 companies, the activity was much higher in doing the file sharing. The

data revealed that more than 52% of file sharing activity. The most vulnerable business

industries as shown in the figure below are Technical / Communications, Manufacturing,

and Shipping.

Figure 3-7 The Vulnerability in Fortune 100 By Business Type [72]

Although P2P has existed for more than 10 years and has been widely used nowadays,

many people are still not aware with the threats by using P2P applications and they do

not know what to do to prevent against these threats based on the survey that was

conducted by the author. The following sections will discuss about the threats that the

organizations may face that caused by the using of P2P file sharing programs.

48

3.1 Malicious Codes

According to Bruce Hughes [37], the director of malicious code research at TruSecure,

45 % of the executable files that are downloaded from Kazaa contain malicious codes

such as viruses, malwares, and spywares. The codes were designed to infect the

directory of the users where they put the files that they download. The purpose from the

attacker is to steal private data and also take over the control of the computer. Hughes

also said that the code could get into files in three ways:

A malicious user embedded the malicious codes in files on purpose.

The code was a worm, so it designed to search the network and get into the

shared directories by itself.

In a case when user has finished downloading the infected files, the malicious

code will infect other files. The problem will become worse if those infected files

are shared to other people in the network.

Figure 3-8 Dowloaded Key Generators and Cracks [34]

49

From the figure above, it is clear that the downloaded keys and cracks from the P2P

applications contain much more malicious files rather than from the web sites. It is not

cheap to fix the system if it has infected with the malicious files. For the user, it will cost

them such as the loss of data, or even it can cost much higher for the identity theft. For a

company, the cost can be even higher. Below is the figure of the survey that was

conducted by IT security professionals In USA. It demonstrates the cost of having

malicious code installed on the system.

Figure 3-9 The Costs of Malicious Code [34]

The figure above shows about the cost needed in one incident. The loss of private

information surely is the biggest loss that cost the highest for the company. According to

Mr. Andi Budiman (from the interview of IT Supervisor in Vayatour), Vayatour suffers

50

a big problem caused by P2P. Their systems got infected by the viruses. He said that it

really wasted their time to clean up all viruses and also cost them a lot of money. In the

following section, the author will give example of other real world cases.

3.1.1 Trojan horse - AS.MW2004

In 2004, Intego got a notification from Macworld (UK) that was discovered by their

users who downloaded an application from Gnutella network [35]. Intego which is the

specialist of Macintosh security responded to that notification by carrying some tests.

They found a type of Trojan horse - AS.MW2004.Trojan that affected Mac OS X. What

this Trojan did was whenever the user double-clicked it; it would delete all files in the

home folder permanently. Intego later forwarded this issue to Apple, Microsoft, and

Computer Emergency Response Team (CERT) to collaborate together to solve the issue.

The Trojan itself was 108 KB in size and its icon was similar to the Microsoft Office

2004 installer for Mac OS X. It would not show any alert messages after it has been

executed. So, if the users have already double-clicked the file, their files in the home

folder would be deleted permanently. The overcome for this Trojan was the update of

VirusBarrier X software from Intego. The software update was successfully in

destroying the Trojan. Intego keeps updating its software so if in the future there is any

kind of viruses that use the same technique, the software will be able to destroy them.

So, the users must keep their virus definitions up to date by keep udating the software

regulary.

51

3.1.2 Trojan - Brisv.A

Another case happened in 2008 which infected music files were being shared over the

P2P network. Symantec reported that there were many number of audio files were

infected by a Trojan name Trojan Brisv.A [38] [40]. Trojan Brisv.A is not the same way

in infection as other Trojan that infects an executable file. Trojan Brisv.A infects the file

in Windows audio format such as .mp3, .wma, .wmv, etc. Kaspersky considers it as

Worm.Win32.GetCodec.a [41]. According to them, this is the first such case. The effect

of that Trojan is when the users open the file with Windows Media Player, it will

connect to malicious URL that may result to more malware are being downloaded to the

computer. So, this case is a good example to remind users that it is not just executable

files that can be infected with virus, they must be careful of any types of files especially

the files from the unknown or untrusted sources.

3.2 Network Problems

The other threat that posed by P2P system is related network problems. By using P2P to

share files, it will consume a lot of bandwidth of the network. It will slow down the

network and surely will disrupt the business of a company. Even several users only can

cause that problem, because most P2P application make the users (peers) who download

the file also become the uploaders as well. So, just imagine if there are many users on

the network who download the files via P2P, it will result to a huge amount of uploads

as well. In the following sections the author will discuss about the attack to the network

via P2P that related to the availability.

52

3.2.1 Distributed Denial of Service (DDOS)

Distributed Denial of Service (DDoS) is an attack that is performed by the attacker by

using others‟ computers or resources to attack the target [39] [43]. The concept of

DDOS is the same as Denial of Service (DoS), the difference is only DDoS attack comes

from many computers to a target while DoS is only from one computer. Basically what

the first step that the attacker does is to build enough networks of computers to launch

DDoS. So, the attacker will get enough volume of traffic needed to deny the service of

computer‟s target. The attacker can easily build this network by sharing a malicious file

through P2P network. Through the help of decentralized system in P2P, the infected files

can be spread widely and quickly. The computers that have been infected by malicious

file become the „zombies‟ for the attacker to be used to attack the target under the

control of the attacker [43].

In a case in P2P, the attacker hijacks the P2P networks to launch the DDOS attack. The

users do not realize that they are tricked to request the file from the intended DDOS

target by the attacker [36]. So, how do we know that we have become the victim of

DDoS? According to US CERT there are some symptoms that may indicate as a DDoS

attack. Here are the following symptoms [39]:

Network performance becomes slow

Particular website becomes unavailable

Unable to access website

The increase amount of spam to our account.

53

Figure 3-10 The DDOS Attack in P2P Network [46]

3.2.2 Bandwidth Usage

The use of peer-to-peer applications in an organization will significantly affect its

network, because in P2P the users act both as the ones who make the request and the

ones who also serve the resources. Imagine if there are a hundred people both doing

download and upload simultaneously, it would lead to a slower network for the

organization. If the network becomes slow, the business operation will also be affected.

It may cost more to the network infrastructure and also the possibility of revenue loss.

Other loss for the organization may come from the productivity of the students or

employees. Their works may get distracted because of busy searching and clicking for

the file. The figure below is a study done by students from University of California.

They monitor the internet traffic in nine days period.

54

Figure 3-11 The Bandwidth Analysis [59]

From the figure above, we can see that in the first day (Tuesday 12 PM) WWW

consumed about 100 Mbps, P2P consumed about 200 Mbps, and non HTTP TCP

consumed about 300 Mbps, so it means P2P consumes more than 30% of bandwidth in

total. As stated in [66], there many universities which also experience the problems

because of high amount of P2P traffic. For example, University of Florida has

experienced of 90% usage of the university bandwidth, Louisiana State University

experienced about 60-80% usage of the university bandwidth, and University of

California network staff found that more than 50% of outbound traffic came from P2P

applications.

The author also conducted an experiment in PLN Pusdiklat to know the effect of the use

of P2P file sharing on the PLN network. The author downloaded five torrents at the

same time for ten minutes and got all the bandwidth spaces allocation on the network.

Below is the figure of the downloading of five torrents in 08:41 AM.

55

Figure 3-12 The Downloading of Five Torrents Simultaneously

Now let us see the result of the bandwidth analysis result:

Figure 3-13 The Downloading Started at 08.41 AM (Source: PLN PRTG)

As we can see, the bandwidth suddenly increased dramatically and reached the

maximum spaces. Below is the figure of the next ten minutes situation:

56

Figure 3-14 The Situation During the Downloading Process (Source: PLN PRTG)

It is shown that all available bandwidth was all used by the P2P file sharing. Now, we

will take a look the situation after the downloading stopped at 08:52 AM:

Figure 3-15 The Download Stopped at 08:52 AM (Source: PLN PRTG)

The network traffic went back to the normal state again.

3.3 Law Suits

Another issue that the organization may also face is that if they found out guilty

downloading illegal content from the network. The organization can be sued by the

recording industry such as RIAA. For example, Taipei District Court found the largest

P2P operator in Taiwan guilty of copyright infringement. The result was the three

executives (Presiden, CEO, and General Manager) were given two and three years in jail

57

[65]. Another example that just happened was the force to the LimeWire to be shut

down after having 10 years of existence.

3.4 Data Breaching

Data and information in the organization are private things to be kept secretly from

outside. Unfortunately, one mistake from one employee can cost a lot to the

organization. Sometimes the employees carelessly put the important files in the shared

folders. So, whenever they join the P2P network, the data can be exploited by other

users that join the network. There are a lot of cases about data breaching caused by P2P.

The first example came from Pfizer Inc. There were about 17.000 employees‟ personal

data that were downloaded by unknown people in the P2P network [67] [69] [70] [76] .

Another case was the data leak of more than 5.000 Citigroup customers [67] [71] [76].

P2P network also caused the presidential in United States big problems in 2009.

Obama‟s safe house location was leaked by the Gnutella network. Some of the files also

contain detailed of nuclear facilities, FBI photo of mafia, data belonging to 24,000

patients, and confidential data that belong to Fortune 500 company [78]. It also

happened in Police Department in Tokyo that its information about 12.000 people

related to criminal investigation and 6.600 documents has been leaked because of its

former policeman (fired as a result of his action) use the Winny P2P software on his PC

[73]. The policeman was not aware that after installing the application, the data was

being made available to others in the P2P network.

In the United States, Federal Trade Commission (FTC) has warned and notified almost

100 organizations that their data have been shared by P2P applications on their computer

58

networks [68]. A research done by Tiversa found that more than 13 million breached

files were within one year period (May 1 2008 – May 1 2009) from the P2P file sharing

networks [75]. So based on the data that have been provided above, it is clear that there

are many organizations and even government agencies that still have difficulty to

address the P2P file sharing risk effectively Even Phylyp Wagner the founder of Wagner

Resource Group never heard about P2P. He said that “To me, this was devastating. I

didn‟t even know what peer-to-peer was, I do now” [74]. So, why actually these private

files can be exposed within the P2P network? There are some causes that make the files

can be exposed [77]:

Misplaced Files – Users sometimes may accidentally place the important files in

the wrong folders (such as shared folders).

Confusing Interface Design – A study done by Good and Krekelberg found that

Kazaa interface design made the users confused about what files they actually

shared.

Reward – Some programs will reward the users if they share more files. So,

sometimes users mistakenly share their entire hard disks to gain more rewards.

Laziness – Users tend to share the main folders rather than selectively choose the

sub folders. For example, rather than selecting many sub folders in “My

Documents”, they directly share the main document itself.

Media Folders Wizard – Some P2P programs have wizard that is able to scan

our computer and recommend the media folders to be shared. Whenever there is

important file in that folder, it can be exploited by that wizard.

59

Bad Organization Habits – Certain users might be lazy to organize their

computers. Sometimes all files are placed in the same folders (music, documents,

pictures, etc)

This issue is surely a big concern for every people especially in the organizations. The

organizations have to look seriously to this problem and take actions to protect their

sensitive files from leaking.