Gnutella weakness could incriminate an innocent file sharer

Recent research highlighting security weaknesses in a popular internet file-sharing network has shown that innocent users could in theory be wrongly accused of sharing copyrighted music.The anonymous paper, Entrapment: Incriminating Peer to Peer Network Users, was posted to a free Australian web hosting service and suggests some users could claim that the evidence on which they are brought to trial is flawed. Experts contacted by New Scientist say the paper is a credible piece of work.

The document focuses on the Gnutella file-sharing network that forms the backbone of a number of widely-used file-sharing clients including Morpheus and Bearshare.

It describes various techniques that could be used to make it appear to a third party on the Gnutella network as if an innocent user is hosting or searching for copyrighted files. It also describes methods for tricking users into inadvertently downloading copyrighted files so that they actually host these files.

Some of the methods described are made possible because peer-to-peer networks like Gnutella rely on users passing on requests for files and information about the files stored on users' machines. Manipulating these network messages can make it look as if a user is illegally offering files for download.

"These Gnutella-specific attacks seem reasonable at first glance," says Adam Langley, a UK-based peer-to-peer programmer. But the techniques described are not surprising, he says: "Gnutella was certainly never designed to resist an attack like this."

This paper certainly raises issues about the ongoing legal assault. "The core point the author is making - the unreliability of the 'evidence' used to sue file sharers - is valid," says Ian Clarke, creator of Freenet, a file-sharing network designed to provide anonymity for users. He ought to
know.

Source: newscientist.com

No posts to display