By Mason Inman
30 May 2007
NewScientist.com news service
Peer-to-peer (P2P) file-sharing networks, which let users trade movies,
music and software online, are increasingly being used to trick PCs into
attacking other machines, experts say.
Computer scientists have previously shown how P2P networks can be
subverted so that several connected PCs gang up to attack a single
machine, flooding it with enough traffic to make it crash. This can work
even if the target is not part of the P2P network itself.
Now, security experts are warning that P2P networks are increasingly
being used to do just this. "Until January of this year we had never
seen a peer-to-peer network subverted and used for an attack," says
Darren Rennick of internet security company Prolexic in an advisory
released recently. "We now see them constantly being subverted."
A large number of computers can easily overwhelm the servers of even
large companies with data, in a so-called "distributed denial of
service" (DDoS) attack. In the past, such attacks have been used by
criminals to extort money from large firms.
In May 2007, DDoS attacks were used to take down web servers belonging
to banks, government agencies, and newspapers across Estonia, in
coordinated, and apparently politically-motivated, strikes.
However, mounting a DDoS attack normally involves exploiting software
bugs to break into systems, often using a computer virus, and creating
an army of remotely controlled machines, or a "botnet".
Early in 2006, Keith Ross and Naoum Naoumov at the Polytechnic
University, in Brooklyn, New York, demonstrated that P2P networks could
be used to launch an attack without hijacking any PCs, in a published
study of the eDonkey P2P network.
"In all file-sharing systems, you need a database to locate where these
files are," Ross says. "The trick is to poison the database, to put
bogus entries in that say that a very popular file is located at some
target address that you want to attack."
Thousands of computers will then start contacting the target computer
requesting, for example, the latest Britney Spears song or episodes of
A more recent study shows that BitTorrent, one of the most popular
file-sharing networks, can be misused the same way. BitTorrent splits
files up for sharing, which dramatically increases download speeds and
also has a more centralised database than networks such as eDonkey. But
Athina Markopoulou and colleagues at the University of California in
Irvine, US show that it can still be used to mount a DDoS attack.
They created modified versions of BitTorrent files, and their own
"tracker" a computer, which stores the databases that peers use to find
one another on the network. Then, using 25 bogus files, they were able
to trick more than 50,000 computers into cooperating within a few hours.
"We needed to do some hacking in the BitTorrent code," says Karim El
Defrawy, a member of Markopoulou's group. "But anyone with some small
programming experience could do this."
Bram Cohen, creator of BitTorrent, points out that there are far simpler
ways to launch similar attacks: "Anyone with a popular website can put
lots of tags for hidden versions of an image on somebody else's website,
and completely denial of service a medium-size or even large website."
However, other experts maintain that the popularity of P2P networks
makes the issue important. "As P2P networks become more successful, this
will become more of a problem," says Sanjay Rao of Purdue University,
US, who has also studied the issue. "I think it's going to have the
potential to be much worse than the botnet problem."
"One reason for the shift in strategy, is that these attacks are harder
to defend and track down than traditional botnet-based DDoS," adds
Richard Miller, of UK internet monitoring firm Netcraft. "They represent
a new attack vector, and it will take a while before the internet
security community is widely aware of the new technique, and how best to
defend against it."
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com