Security threats Toolkit

Innocent surfers can appear guilty of song-swapping

Tags:
Kazaa,
Innocent,
Lawsuit,
Riaa

Staff, CNETAsia CNETAsia

Published: 03 Oct 2003 09:25 BST

Security flaws in Internet file-sharing networks could incriminate innocent users, according to a research paper.

The anonymous paper -- Entrapment: Incriminating Peer to Peer Network Users -- detailed several methods that could be used to trick unknowing users into downloading copyrighted files and host them, reported New Scientist.

The Gnutella network would show that the innocent user is sharing copyrighted files, if network messages that usually rely on users to pass on requests for data stored on users' computers are manipulated, said the report.

The Gnutella network is a file-sharing network that forms the backbone of a number of popular file-sharing clients including Morpheus and Bearshare.

UK-based P2P programmer Adam Langley said in the report that the Gnutella specific attacks seem reasonable at first glance and the techniques described are not surprising, as the Gnutella is not designed to resist such attacks.

Also, it is possible to incriminate an innocent user by sending the person a Trojan, as most Windows users would run any old attachment they receive, Langley continued.

Recently, the Recording Industry Association of America (RIAA) withdrew a file-swapping lawsuit after a possible case of mistaken identity.

The RIAA represents the largest US music companies, and has already sued 261 file-sharers who were accused of illegal file swapping through P2P networks, which appear to have reduced activity on the more popular P2P networks, according to a new US research by Nielsen NetRatings, which tracks Internet usage.

Leading music file swapping network Kazaa saw a 41 percent drop in users over the last three months. In the week ending 21 September, traffic fell to about 3.9 million visitors, from 6.5 million in the week that ended on 29 June. Traffic to Morpheus, another network has also dived from 272,000 to 261,000 in the same period, reported news agency Reuters.

On 29 September, several P2P networks unveiled a code of conduct to encourage responsible behaviour among users and asked Congress to find a way record to pay labels and other copyright holders for the data shared online.

Asia Pacific residents have also been nervously eyeing the recording industry's blitz on file-sharing in the US and asking if this region's users will be the next targets.