BitTorrent Files Sharing
Transcript of BitTorrent Files Sharing
43
CHAPTER 3
PROBLEM ANALYSIS
Peer-to-peer technology has evolved from the first generation until the fourth generation.
P2P technology has been widely used by many people for many purposes. People use it
mainly for downloading files such as software, games, music, and videos.
Figure 3-1 Number of Files Shared with BitTorrent [44]
From the picture above, we can see that audio files are on the top rank followed by
Movies, and then software. Basically software and game they download are the pirated
ones. So, they need cracks or key generator to use those pirated files. Cracks and key
generator usually may have been bundled with viruses or malicious codes. Other use is
for messenger and streaming videos. The two pictures from two different study show
that P2P is still the king in the internet traffic.
22.30%
21.24%
15.04%
11.25%
7.90%
7.11%
6.74%
4.45%3.97%
BitTorrent Files Sharing
Audio: Music
Video: Movie
Video: Porn
Video: TV Series
Other
Software: Games
E-Books
Software: Applications
Audio: Audiobooks
44
Figure 3-2 Internet Protocol Trends from 1993 to 2006 [33]
Figure 3-3 Distribution of Protocol Classes on the Internet 2008/2009 [42]
45
There are many P2P applications that are free to be downloaded such as BitTorrent,
LimeWire, etc. Those applications basically run in the background of users‟ PCs. They
enable the users to take role as downloaders, uploaders, hosting servers, and even the
malicious ones. P2P surely brings huge impact to the network in office, campus, and
other organizations. Because of doing downloading and uploading at the same time, it
surely absorbs high bandwidths. The following figures are the data from file sharing
activities of top 100 Financial Times Stock Exchange (FTSE 100) in UK and Fortune
100 companies.
Figure 3-4 BitTorrent Activity in FTSE 100 Index [72]
The activity in FTSE 100 was quite significant. It showed that about 35% participated in
the file sharing (30% illegal and 5% legal). The next figure is to show the classification
of the companies which are vulnerable to P2P file sharing.
46
Figure 3-5 The Vulnerability in FTSE 100 By Business Type [72]
The figure above showed that health, shipping, and hospitality are the most vulnerable
industries. Now, take a look at Fortune 100 as a comparison below.
Figure 3-6 BitTorrent Activity in Fortune 100 [72]
47
In Fortune 100 companies, the activity was much higher in doing the file sharing. The
data revealed that more than 52% of file sharing activity. The most vulnerable business
industries as shown in the figure below are Technical / Communications, Manufacturing,
and Shipping.
Figure 3-7 The Vulnerability in Fortune 100 By Business Type [72]
Although P2P has existed for more than 10 years and has been widely used nowadays,
many people are still not aware with the threats by using P2P applications and they do
not know what to do to prevent against these threats based on the survey that was
conducted by the author. The following sections will discuss about the threats that the
organizations may face that caused by the using of P2P file sharing programs.
48
3.1 Malicious Codes
According to Bruce Hughes [37], the director of malicious code research at TruSecure,
45 % of the executable files that are downloaded from Kazaa contain malicious codes
such as viruses, malwares, and spywares. The codes were designed to infect the
directory of the users where they put the files that they download. The purpose from the
attacker is to steal private data and also take over the control of the computer. Hughes
also said that the code could get into files in three ways:
A malicious user embedded the malicious codes in files on purpose.
The code was a worm, so it designed to search the network and get into the
shared directories by itself.
In a case when user has finished downloading the infected files, the malicious
code will infect other files. The problem will become worse if those infected files
are shared to other people in the network.
Figure 3-8 Dowloaded Key Generators and Cracks [34]
49
From the figure above, it is clear that the downloaded keys and cracks from the P2P
applications contain much more malicious files rather than from the web sites. It is not
cheap to fix the system if it has infected with the malicious files. For the user, it will cost
them such as the loss of data, or even it can cost much higher for the identity theft. For a
company, the cost can be even higher. Below is the figure of the survey that was
conducted by IT security professionals In USA. It demonstrates the cost of having
malicious code installed on the system.
Figure 3-9 The Costs of Malicious Code [34]
The figure above shows about the cost needed in one incident. The loss of private
information surely is the biggest loss that cost the highest for the company. According to
Mr. Andi Budiman (from the interview of IT Supervisor in Vayatour), Vayatour suffers
50
a big problem caused by P2P. Their systems got infected by the viruses. He said that it
really wasted their time to clean up all viruses and also cost them a lot of money. In the
following section, the author will give example of other real world cases.
3.1.1 Trojan horse - AS.MW2004
In 2004, Intego got a notification from Macworld (UK) that was discovered by their
users who downloaded an application from Gnutella network [35]. Intego which is the
specialist of Macintosh security responded to that notification by carrying some tests.
They found a type of Trojan horse - AS.MW2004.Trojan that affected Mac OS X. What
this Trojan did was whenever the user double-clicked it; it would delete all files in the
home folder permanently. Intego later forwarded this issue to Apple, Microsoft, and
Computer Emergency Response Team (CERT) to collaborate together to solve the issue.
The Trojan itself was 108 KB in size and its icon was similar to the Microsoft Office
2004 installer for Mac OS X. It would not show any alert messages after it has been
executed. So, if the users have already double-clicked the file, their files in the home
folder would be deleted permanently. The overcome for this Trojan was the update of
VirusBarrier X software from Intego. The software update was successfully in
destroying the Trojan. Intego keeps updating its software so if in the future there is any
kind of viruses that use the same technique, the software will be able to destroy them.
So, the users must keep their virus definitions up to date by keep udating the software
regulary.
51
3.1.2 Trojan - Brisv.A
Another case happened in 2008 which infected music files were being shared over the
P2P network. Symantec reported that there were many number of audio files were
infected by a Trojan name Trojan Brisv.A [38] [40]. Trojan Brisv.A is not the same way
in infection as other Trojan that infects an executable file. Trojan Brisv.A infects the file
in Windows audio format such as .mp3, .wma, .wmv, etc. Kaspersky considers it as
Worm.Win32.GetCodec.a [41]. According to them, this is the first such case. The effect
of that Trojan is when the users open the file with Windows Media Player, it will
connect to malicious URL that may result to more malware are being downloaded to the
computer. So, this case is a good example to remind users that it is not just executable
files that can be infected with virus, they must be careful of any types of files especially
the files from the unknown or untrusted sources.
3.2 Network Problems
The other threat that posed by P2P system is related network problems. By using P2P to
share files, it will consume a lot of bandwidth of the network. It will slow down the
network and surely will disrupt the business of a company. Even several users only can
cause that problem, because most P2P application make the users (peers) who download
the file also become the uploaders as well. So, just imagine if there are many users on
the network who download the files via P2P, it will result to a huge amount of uploads
as well. In the following sections the author will discuss about the attack to the network
via P2P that related to the availability.
52
3.2.1 Distributed Denial of Service (DDOS)
Distributed Denial of Service (DDoS) is an attack that is performed by the attacker by
using others‟ computers or resources to attack the target [39] [43]. The concept of
DDOS is the same as Denial of Service (DoS), the difference is only DDoS attack comes
from many computers to a target while DoS is only from one computer. Basically what
the first step that the attacker does is to build enough networks of computers to launch
DDoS. So, the attacker will get enough volume of traffic needed to deny the service of
computer‟s target. The attacker can easily build this network by sharing a malicious file
through P2P network. Through the help of decentralized system in P2P, the infected files
can be spread widely and quickly. The computers that have been infected by malicious
file become the „zombies‟ for the attacker to be used to attack the target under the
control of the attacker [43].
In a case in P2P, the attacker hijacks the P2P networks to launch the DDOS attack. The
users do not realize that they are tricked to request the file from the intended DDOS
target by the attacker [36]. So, how do we know that we have become the victim of
DDoS? According to US CERT there are some symptoms that may indicate as a DDoS
attack. Here are the following symptoms [39]:
Network performance becomes slow
Particular website becomes unavailable
Unable to access website
The increase amount of spam to our account.
53
Figure 3-10 The DDOS Attack in P2P Network [46]
3.2.2 Bandwidth Usage
The use of peer-to-peer applications in an organization will significantly affect its
network, because in P2P the users act both as the ones who make the request and the
ones who also serve the resources. Imagine if there are a hundred people both doing
download and upload simultaneously, it would lead to a slower network for the
organization. If the network becomes slow, the business operation will also be affected.
It may cost more to the network infrastructure and also the possibility of revenue loss.
Other loss for the organization may come from the productivity of the students or
employees. Their works may get distracted because of busy searching and clicking for
the file. The figure below is a study done by students from University of California.
They monitor the internet traffic in nine days period.
54
Figure 3-11 The Bandwidth Analysis [59]
From the figure above, we can see that in the first day (Tuesday 12 PM) WWW
consumed about 100 Mbps, P2P consumed about 200 Mbps, and non HTTP TCP
consumed about 300 Mbps, so it means P2P consumes more than 30% of bandwidth in
total. As stated in [66], there many universities which also experience the problems
because of high amount of P2P traffic. For example, University of Florida has
experienced of 90% usage of the university bandwidth, Louisiana State University
experienced about 60-80% usage of the university bandwidth, and University of
California network staff found that more than 50% of outbound traffic came from P2P
applications.
The author also conducted an experiment in PLN Pusdiklat to know the effect of the use
of P2P file sharing on the PLN network. The author downloaded five torrents at the
same time for ten minutes and got all the bandwidth spaces allocation on the network.
Below is the figure of the downloading of five torrents in 08:41 AM.
55
Figure 3-12 The Downloading of Five Torrents Simultaneously
Now let us see the result of the bandwidth analysis result:
Figure 3-13 The Downloading Started at 08.41 AM (Source: PLN PRTG)
As we can see, the bandwidth suddenly increased dramatically and reached the
maximum spaces. Below is the figure of the next ten minutes situation:
56
Figure 3-14 The Situation During the Downloading Process (Source: PLN PRTG)
It is shown that all available bandwidth was all used by the P2P file sharing. Now, we
will take a look the situation after the downloading stopped at 08:52 AM:
Figure 3-15 The Download Stopped at 08:52 AM (Source: PLN PRTG)
The network traffic went back to the normal state again.
3.3 Law Suits
Another issue that the organization may also face is that if they found out guilty
downloading illegal content from the network. The organization can be sued by the
recording industry such as RIAA. For example, Taipei District Court found the largest
P2P operator in Taiwan guilty of copyright infringement. The result was the three
executives (Presiden, CEO, and General Manager) were given two and three years in jail
57
[65]. Another example that just happened was the force to the LimeWire to be shut
down after having 10 years of existence.
3.4 Data Breaching
Data and information in the organization are private things to be kept secretly from
outside. Unfortunately, one mistake from one employee can cost a lot to the
organization. Sometimes the employees carelessly put the important files in the shared
folders. So, whenever they join the P2P network, the data can be exploited by other
users that join the network. There are a lot of cases about data breaching caused by P2P.
The first example came from Pfizer Inc. There were about 17.000 employees‟ personal
data that were downloaded by unknown people in the P2P network [67] [69] [70] [76] .
Another case was the data leak of more than 5.000 Citigroup customers [67] [71] [76].
P2P network also caused the presidential in United States big problems in 2009.
Obama‟s safe house location was leaked by the Gnutella network. Some of the files also
contain detailed of nuclear facilities, FBI photo of mafia, data belonging to 24,000
patients, and confidential data that belong to Fortune 500 company [78]. It also
happened in Police Department in Tokyo that its information about 12.000 people
related to criminal investigation and 6.600 documents has been leaked because of its
former policeman (fired as a result of his action) use the Winny P2P software on his PC
[73]. The policeman was not aware that after installing the application, the data was
being made available to others in the P2P network.
In the United States, Federal Trade Commission (FTC) has warned and notified almost
100 organizations that their data have been shared by P2P applications on their computer
58
networks [68]. A research done by Tiversa found that more than 13 million breached
files were within one year period (May 1 2008 – May 1 2009) from the P2P file sharing
networks [75]. So based on the data that have been provided above, it is clear that there
are many organizations and even government agencies that still have difficulty to
address the P2P file sharing risk effectively Even Phylyp Wagner the founder of Wagner
Resource Group never heard about P2P. He said that “To me, this was devastating. I
didn‟t even know what peer-to-peer was, I do now” [74]. So, why actually these private
files can be exposed within the P2P network? There are some causes that make the files
can be exposed [77]:
Misplaced Files – Users sometimes may accidentally place the important files in
the wrong folders (such as shared folders).
Confusing Interface Design – A study done by Good and Krekelberg found that
Kazaa interface design made the users confused about what files they actually
shared.
Reward – Some programs will reward the users if they share more files. So,
sometimes users mistakenly share their entire hard disks to gain more rewards.
Laziness – Users tend to share the main folders rather than selectively choose the
sub folders. For example, rather than selecting many sub folders in “My
Documents”, they directly share the main document itself.
Media Folders Wizard – Some P2P programs have wizard that is able to scan
our computer and recommend the media folders to be shared. Whenever there is
important file in that folder, it can be exploited by that wizard.
59
Bad Organization Habits – Certain users might be lazy to organize their
computers. Sometimes all files are placed in the same folders (music, documents,
pictures, etc)
This issue is surely a big concern for every people especially in the organizations. The
organizations have to look seriously to this problem and take actions to protect their
sensitive files from leaking.