As reported by torrentfreak, new research from Florian Adamsky of City University London has demonstrated illegal downloads of movies and software is not the limit to the criminal capabilities of the popular torrent software. His research shows BitTorrent can also be used for cybercrime.

Adamsky’s paper titled ‘P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks’ reveals how various features can be used in a DOS (Denial Of Service) attack.

DOS attacks are used by many cyber activists, including the famous group Anonymous, to remove a target’s website presence. By flooding the server, they cause a similar effect to a traffic jam at the website and prevent any legitimate use of the site.

Adamsky has shown that, by misuse of a BitTorrent protocols, it is possible to increase the amount of traffic to a target website by up to 120 times the initial bandwidth. This type of DOS is called an ADDOS or amplified distributed denial of service, as the traffic is increased or amplified and comes from a number of zombie computers, not a single attacker.

Some small sites will experience what appears to be a DDOS just by being linked to by a far more popular site and having a legitimate increase in traffic. This can make it very hard to distinguish between an ADDOS or natural traffic growth. Larger sites with more robust security and servers are much harder to take down, so the spike in traffic is clearly an attack.

While BitTorrent was the most effective torrent program to exploit with an amplification factor of 120 times initial bandwidth, other popular programs could also be exploited. Vuze would multiply traffic by 54 times and uTorrent increased the original bandwidth by 39.

The research shows that, the protocols of uTP, BitTorrent Sync, Message Stream Encryption and DHT were all vulnerable. With so many of the popular torrent clients vulnerable to exploitation, it is possible that your home computer has been involved in cyber crime.

The research done by City University London suggests, to perform such an attack is technically very simple. The attacker would need a current hash then they can use millions of unsuspecting people’s personal computers as amplifiers. It is easy to find the exploitable computers with trackers PEX or DHT. Then they need only send a BitTorrent Sync message and amplify the traffic 120 times.

Since the release of this paper BitTorrent Inc have released a patch to the beta client to remove the vulnerability but this will not help the majority of users who wait for main releases or who do not regularly update their client. What is more worrying is that the other popular torrent clients have not yet been updated. uTorrent is still open to exploit using DHT to attack and Vuze has not yet had any patch released.

Until this exploit has been dealt with it may be wise to turn off your torrent software. Or at the very least keep your client up to date and monitor you outgoing traffic to look for any suspicious activity.

Leave a comment

Your email address will not be published. Required fields are marked *