Security Laboratory

Security Laboratory

BitTorrent Considered Harmful to Intellectual Property

By Stephen Northcutt
Version 1.1

Not so long ago the major use for the absolutely brilliant technology, BitTorrent, seemed to be the theft of intellectual property. This was resulting in an increase in the attack pressure on the value of intellectual property, especially copyrighted electronic media. They are also putting pressure on networks, about 18% of broadband traffic is a torrent. "Based on the research, conducted by Terry Shaw, of CableLabs, and Jim Martin, a computer science professor at Clemson University, it only takes about 10 BitTorrent users bartering files on a node (of around 500) to double the delays experienced by everybody else. Especially if everybody else is using 'normal priority' services, like e-mail or Web surfing, which is what tech people tend to call best-effort traffic."[1]

BitTorrent itself goes legit
BitTorrent now has their own online store. "BitTorrent is offering movie rentals from Warner Bros., Paramount Pictures, 20th Century Fox, Metro-Goldwyn-Mayer, and Lionsgate as well as a number of television shows from Comedy Central, Fox, MTV, Nickelodeon, Spike, and VH1, among others.

BitTorrent cofounder, Ashwin Navin, told the Associated Press that he believes up to a third of current BitTorrent users would be willing to pay for legit content if it were available and affordable. "Now we have to program for that audience and create a better experience for that content so the audience converts to the service that makes the studios money," he said."[2]

This is not to say that all torrents are legit now
Imagine being an executive and receiving an email like this:
"I tracked down a 2GB torrent that is a load of IT type books. Among them are 2 of our Step by Step guides."[3]

What, pray tell, is a torrent? So I typed "definition: torrent" into Google. A torrent can have two meanings. The first meaning is when you download/share a file via the bittorrent protocol, that file is called a torrent.

A torrent is also a small file that when used with a bittorrent client, tells the client how to find and download the software it corresponds to.[4] Well I suppose I am making progress, it has to do with downloading. After a bit more searching, it became clear the root of this is BitTorrent.

BitTorrent is the name of a peer-to-peer (P2P) file distribution protocol, and is the name of a free software implementation of that protocol. The protocol was originally designed and created by programmer Bram Cohen, and is now maintained by BitTorrent Inc. BitTorrent is designed to distribute large amounts of data widely without incurring the corresponding consumption in costly server and bandwidth resources. CableLabs, the research organization of the North American cable industry, believes that BitTorrent represents 55% of the upstream traffic on the cable companies' access network.[4]

There are specialized search engines to find files in torrents. They include: ( which appears to cater to prurient tastes )

In fact not only is a lot of the material available on torrents copyrighted material, one person, that goes by the name of axxo, has become rip famous, "For those of you who never heard of aXXo, he is responsible for hundreds of DVDrips that find their way to millions of PCs around the world. Most of the rips are 700MB, made to fit on a single CD. Some have criticized his preference for single CD rips because of the inferior video quality, but most pirates agree that he does a great job."[5]

What types of information security documents are on BitTorrent?
Our interest is not in movies or music, but in information security information, I tried a search for "intrusion detection" on isohunt and the number one return from my search was a collection of 500 e-books. When you mouse over this you see the titles including published, commercial books, two of which are shown below:

The Shellcoder's Handbook - Discovering And Exploiting Security Holes (2004).chm
The Tao Of Network Security Monitoring - Beyond Intrusion Detection (2004).chm

Somehow the publishers appear to be losing control of electronic copies of books that take authors hundreds of hours to write. I tried another search, Addison Wesley, a well known publisher of technical books, and found 97 entries. But what about the copyrights, isn't this illegal?

Copyrights have evolved a lot since they were first created. "'To promote the Progress of Science and useful Arts' was the first stated purpose of U.S. copyright. The U.S. Constitution ratified in 1788 proposed to do that "by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries. The first U.S. copyright law, passed in 1790, protected books, maps, and charts if they were created by residents or citizens of the United States. The term of their exclusive right was a mere 14 years, with the right of renewal for 14 more."[6] Of course as time has gone on the protections have increased in time, life of the creator plus 70 years, and legal recourse with the DMCA as the best example of that. You would think with that type of legal protection Addison Wesley would not have 97 books out on the P2P network.

At this point I got another email from Mr. Hamby.

Mr. Hamby had reported the links to the two SANS Step by Step books to isohunt and received the following note back:

"Alleged links to P2P resources have been disabled."
Allen Parker
isoHunt Web Technologies, Inc.
Copyright Team[7]

Great! The links are disabled. So I typed in the search string:

and got a message from isohunt:

Sorry, this link has been disabled due to copyright.

However, according to Mr. Hamby, the file was never taken down and there are a number of other search engines pointing to it. So, our books are still exposed. It seems pretty clear that this technology and these users, who are volunteering their time, disk space and bandwidth to pass copyrighted materials around for free, are going to have a significant impact on every sort of information publisher.

Can we use Digitial Rights Management to protect intellectual property?

"As a general preventive measure against copyright infringements through digital technologies including P2P, copyright owners often use digital rights management (DRM) techniques to encrypt content or otherwise restrict access. Depending on the access or compensation arrangement, content owners may differentiate prices and limit use by the number of plays, duration of access, temporary or partial uses, lending rights, and the number of devices on which the file may be accessed. The potential level of use control may go beyond the expectations of consumers accustomed to a broader range of uses enabled by analog technology. Consequently, many consumer advocates now contend that DRM is harmful to consumers because it tilts the balance of control in favor of copyright holders. For their part, rights owners respond that DRM merely offsets grave dangers made possible by digitization and Internet distribution."[8]

Well, that would be fine if DRM actually worked. "No matter what DRM technology is used to protect the digital media you might receive your documents, music or video on, at some point the information contained in "the box" must come out and present itself in a way that you as a human, flesh and blood receiver must have. Until technology can bypass your eyes and ears and put things directly from digital storage into your brain, there must be a translation of the information into something that not only you can see and hear, but so can a microphone and video camera or scanner."[9] And we know this is true from our own experience. We have been working on a secure courseware electronic delivery system for a long time. People are able to crack all the defensive mechanisms in pretty short order. We believe that as long as the protection time to defeat the application is greater than the amount of time it would take to scan in the courseware as a book there is an overall win.

If material is copied into BitTorrents and other P2P, is there a risk of abandonment?
Abandonment is a principle found in most intellectual property law, but it is poorly understood when it comes to copyrights; most of the case law that exists does not apply well to the current copyright law. Generally we believe it takes an explicit act of the owner to transfer a copyrighted work into the public domain. That is, simply because a work is infringed on and the owner does not respond, it does not mean that the work automatically becomes part of the public domain.[10] However, will this hold up in the bit torrent world? What if the primary way to find a book or music recording is via P2P? What if it is hosted on two hundred sites? What if half of all men, women and children on the planet have a digital copy? Is it still copyrighted? It will be interesting to see the case law unfold in the coming years.

What other options does a copyright holder have?
And, of course, we can always attempt to buy protection. A Finnish company Viralg claims to be able to wipe out 99% of all unauthorized P2P swapping.[11] They appear to be the most sophisticated scheme at the moment. "We make a viable non-working file with a working file hash, so when someone tries to download a working file he/she will receive a random mix of working and non-working file. The final content depends on many things (bandwidth, sources etc.)" they said. "Simply, we can deliver corrupted content with the same hashcode".[12]

"There are a large number of companies offering watermarking products like Digimark, Signum Technologies and many more (for a more comprehensive list see[13]). There are partnerships established between watermark companies and companies delivering image processing applications like Corel with Coreldraw and Photo-Paint and Adobe with Photoshop. These products are delivered with watermarking products included. Benchmark tools like Stirmark, Checkmark and Optimark can help to evaluate and test an actual watermarking product and technique with regard to its robustness to withstand different types of attacks. However it requires fairly good understanding of the different techniques and attack types to perform a benchmark relevant for a potential users application and requirements.

Stirmark is a benchmarking tool for digital watermarking technologies. Given a watermarked input image, Stirmark generates a number of modified images which can then be used to verify if the embedded watermark can still be detected. Stirmark also proposes a procedure to combine the different detection results and compute an overall score ranging between 0 and 1.

Checkmark is a benchmarking suite for digital watermarking technologies. Running on Matlab under UNIX and Windows, it provides tools to evaluate and rate watermarking technologies. Checkmark contains some attacks not present in Stirmark. Moreover, it takes the watermark application into account which means that the scores from individual attacks are weighed according to their importance for a given watermark usage.

Optimark is a benchmarking tool for still image watermarking algorithms that was developed in the Artificial Intelligence and Information Analysis Laboratory at the Department of Informatics, Aristotle University of Thessaloniki, Greece. Optimark was partially supported by EU Projects CERTIMARK and INSPECT."[14]

But buying protection raises cost and takes effort. Digital copyrighted materials will be under increasing stress in the next few years as file sharing technology like BitTorrent becomes more pervasive.

Of course, technology is neither good nor evil; rather, it is how the technology is used. Richard Bejtlich is the author of Tao of Network Monitoring, one of the books we found on P2P. Here is what he had to say:

"Sigh. I've pretty much given up on trying to police that stuff. Addison-Wesley has an abuse department that tries to shut those sites down. That's the primary reason I didn't seek to hold copyright. If I held copyright, I'd have to defend it everywhere.

In some ways I don't mind, since it means people might read my book whom otherwise would not. This is apparently the case in some of the lesser developed parts of the world. On the other hand, sales and royalties are so tiny compared to the level of effort required to write an 800 page book."[15]

"It means people might read my book whom otherwise would not"

Richard's point is very important. In the Long Tail world[16] the author expresses the idea that, for many authors, visibility may be more important than possessing and managing limited monopoly powers on a digital file: "In the course we author and teach, Management 512: SANS Security Leadership Essentials For Managers, we suggest the wise information security manager may want to consider the body of intellectual property that your organization currently has under copyright; and, if you feel that some of it might benefit your organization by favoring authorial exposure rather than authorial control, then consider a test where you mark some of the material with a creative commons mark."[17] There are countermeasures you can take, but buying protection raises cost and takes effort. Digital copyrighted materials will be under increasing stress in the next few years as users become increasingly bent on file sharing and technology like BitTorrent becomes more pervasive.

Appendix: Torrent Terminology
a member of the BitTorrent Peer to Peer (P2P) network that contains the original digital file
Swarm: a number of peers in a P2P that wish to share in one or more digital files, as they receive file chunks, they also share them
Torrent file: A file with a list of checksums created by a cryptographic has where each checksum represents fairly small (64k to 1MB) pieces of an original digital file, such as music, video or a .pdf document.

3. Email message: Charles Hamby to Stephen Northcutt
4. or
7. Forwarded Email message: Charles Hamby to Stephen Northcutt
8. Executive Summary Cato report:
15. Email interview Stephen Northcutt and Richard Bejtlich