快猫短视频

File-sharing sites are being subverted for web attacks

Websites which let users trade movies, music and software online, are increasingly being used to trick users' PCs into attacking other machines

Peer-to-peer (P2P) file-sharing networks, which let users trade movies, music and software online, are increasingly being used to trick PCs into attacking other machines, experts say.

Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself.

Now, security experts are warning that P2P networks are increasingly being used to do just this. 鈥淯ntil January of this year we had never seen a peer-to-peer network subverted and used for an attack,鈥 says Darren Rennick of internet security company Prolexic in an advisory released recently. 鈥淲e now see them constantly being subverted.鈥

A large number of computers can easily overwhelm the servers of even large companies with data, in a so-called 鈥渄istributed denial of service鈥 (DDoS) attack. In the past, such attacks have been used by criminals to extort money from large firms.

In May 2007, DDoS attacks were used to take down web servers belonging to banks, government agencies, and newspapers across Estonia, in coordinated, and apparently politically-motivated, strikes.

Database poisoning

However, mounting a DDoS attack normally involves exploiting software bugs to break into systems, often using a computer virus, and creating an army of remotely controlled machines, or a 鈥渂otnet鈥.

Early in 2006, Keith Ross and Naoum Naoumov at the Polytechnic University, in Brooklyn, New York, demonstrated that P2P networks could be used to launch an attack without hijacking any PCs, in a published study of the eDonkey P2P network.

鈥淚n all file-sharing systems, you need a database to locate where these files are,鈥 Ross says. 鈥淭he trick is to poison the database, to put bogus entries in that say that a very popular file is located at some target address that you want to attack.鈥

Thousands of computers will then start contacting the target computer requesting, for example, the latest Britney Spears song or episodes of The Office.

A more recent study shows that BitTorrent, one of the most popular file-sharing networks, can be misused the same way. BitTorrent splits files up for sharing, which dramatically increases download speeds and also has a more centralised database than networks such as eDonkey. But Athina Markopoulou and colleagues at the University of California in Irvine, US show that it can still be used to mount a DDoS attack.

Client hacking

They created modified versions of BitTorrent files, and their own 鈥渢racker鈥 a computer, which stores the databases that peers use to find one another on the network. Then, using 25 bogus files, they were able to trick more than 50,000 computers into cooperating within a few hours. 鈥淲e needed to do some hacking in the BitTorrent code,鈥 says Karim El Defrawy, a member of Markopoulou鈥檚 group. 鈥淏ut anyone with some small programming experience could do this.鈥

Bram Cohen, creator of BitTorrent, points out that there are far simpler ways to launch similar attacks: 鈥淎nyone with a popular website can put lots of tags for hidden versions of an image on somebody else鈥檚 website, have some JavaScript get those images to reload once every few seconds, and completely denial of service a medium-size or even large website.鈥

However, other experts maintain that the popularity of P2P networks makes the issue important. 鈥淎s P2P networks become more successful, this will become more of a problem,鈥 says Sanjay Rao of Purdue University, US, who has also studied the issue. 鈥淚 think it鈥檚 going to have the potential to be much worse than the botnet problem.鈥

鈥淥ne reason for the shift in strategy, is that these attacks are harder to defend and track down than traditional botnet-based DDoS,鈥 adds Richard Miller, of UK internet monitoring firm Netcraft. 鈥淭hey represent a new attack vector, and it will take a while before the internet security community is widely aware of the new technique, and how best to defend against it.鈥

Topics: Hacking