‘BitTorrent’ exploit could be used to stage massive cyber attacks
With the Federal Bureau of Investigations (FBI) treating successful cyber attacks by “Operation Payback” as criminal offenses, a new level of ambiguity is being introduced into the enforcement of cyber crime laws.
The FBI was treating efforts by “Anonymous” and “4chan” as an “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system,” according to a search warrant affidavit published online Thursday.
Not all distributed denial of service (DDoS) efforts are a crime. This is especially true when systems within the networks staging the attack are placed there voluntarily by their users, with thousands of willing individuals simply flooding a server by asking it to do what it’s designed for: loading pages.
Botnets of this nature have been compared to cyber “sit-ins”: a computer-age echo of civil rights-era protests.
However, a newly discovered software exploit in peer-to-peer file sharing networks could allow a single individual, instead of many, the ability to bring down massive Internet operations by marshaling hundreds of thousands of other systems through “BitTorrent” trickery.
On “BitTorrent” networks, swarms of users all share portions of a single file, trading tiny pieces between their computers until each individual client has the complete download.
Millions of people engage in these networks every day, sharing everything from the perfectly legal to the legally ambiguous. Massive quantities of copyrighted material trade hands between users of “BitTorrent” networks regularly, but not much can be done to shut them down since many torrent files do not require a centralized tracker or host.
It is within these tracker-less torrent files that a major attack can be staged, according to a recent chat held by the Chaos Communications Congress, an annual conference of hackers now in its 27th year.
With a tracker-less torrent and a single “malicious node,” “anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud,” the lecture page summarized.
A Chaos Congress presenter under the name “Astro” demonstrated how that entire network’s bandwidth can quickly become marshaled to attack a single domain.
“For example, one could tell tens of thousands of users that an HD version of Inception is available at an address that really is the web server of a corporation,” technology publication Gigaom noted. “All of these users would immediately try to download the file under that address, bombarding the server with requests and possibly taking it down in the process.”
And it’s not just a single deceptive torrent file that can lead such an attack: according to TorrentFreak, this new method can utilize existing torrents already sharing information by hundreds of thousands of people.
The exploit would appear to be a new innovation in the formation of what are known as “botnets,” or computers with malicious software that are at least partially under the control of a remote operator, in many cases a cyber criminal who uses the distributed computer power for nefarious purposes.
The largest botnet on the Internet was said to be “Rustock,” according to an intelligence report released earlier this month by online security firm Symantec Hosted Services. “Rustock” was responsible for over 44 billion spam emails every day, they said.
Utilization of such technology to attack the web operations of companies like MasterCard Worldwide or PayPal — both of which, among others, were brought down earlier this month by “Operation Payback” for their refusal to do business with secrets outlet WikiLeaks — would likely be classified a serious crime.
The FBI has already raided a Dallas-based hosting company and copied the contents of two hard drives in connections with attacks on PayPal, and a 16-year-old Dutch teen was arrested for allegedly running a chat room connected to “Anonymous.” It is reasonable to expect more raids soon.
Given the tactics of “Anonymous,” answering each official escalation against WikiLeaks with increasingly larger attacks, it may be only a matter of time before torrents are used to attack a major bank or even the US government.
While the latest round of DDoS attacks on high-profile corporate entities is certainly notable for their sporadic success at bringing major operations down for brief periods, the latest development in DDoS may pose an even greater problem for small organizations dealing with human rights or issues of political controversy.
Amid the rise of the Internet’s “hypergiants” — the massive Internet service providers (ISPs) and network operators at the core of Earth’s global communications platform — smaller media organizations and human rights groups have found themselves on the network’s outer fringes, and frequently the targets of devastating cyber-attacks.
Network security know-how is often unavailable to these organizations due to the gravity of better paying jobs at major firms. That’s created an unbalance on the Internet, with just 30 firms soaking up over 30 percent of the Internet’s total bandwidth, according to a recent Harvard University study (PDF) carried out by the Berkman Center for Internet & Society.
Researchers found that between August 2009 and September 2010, a collection of just 280 sites run by human rights organizations were hit with 140 different distributed DDoS attacks. There were likely many others that went unnoticed.
The torrent exploit would appear to be a double-edged sword for so-called “hacktivists” who might view it as a new weapon for “Operation Payback.” While this may mean the next wave of DDoS against the opponents of WikiLeaks will potentially be much larger than the DDoS attacks of December 2010, the same tactics could also be used against groups that promote valuable human rights causes.