BitTorrent spies can jump on P2P pirates in just three hours

BitTorrent spies can jump on P2P pirates in just three hours

Summary: Sharers of copyrighted content could be found by monitoring programs within three hours of circulating popular pirated movies and music, researchers have found, and methods to avoid the monitors may be ineffective.

TOPICS: Piracy

People who pirate content can be found and monitored by a program operated by rights holders within as little as three hours of starting to share files, researchers have found.


The finding comes from a University of Birmingham study (PDF) of direct monitoring of file-sharers on BitTorrent, presented on Tuesday at the SecureComm conference in Italy.

"From our experiments, we derived a number of interesting properties of monitoring, as it is currently performed: eg., that monitoring is prevalent for popular content (ie., the most popular torrents on The Pirate Bay) but absent for less popular content," the British researchers said in their paper. "And that peers sharing popular content are likely to be monitored within three hours of joining a swarm."

BitTorrent is a decentralised, multi-peer-to-peer file-sharing protocol. It lets people achieve very high download speeds by breaking files up into chunks that are shared by all members of a BitTorrent 'swarm'. Essentially, it turns large files into jigsaw puzzles, which are broken down and pieced back together by the community of sharers.

The technology is popular with the academic community as well as pirates, as it provides an elegant way to share very large files, such as high-definition movies or academic datasets. As a consequence, rights holders pay close attention to what is being shared via the protocol.

The issues surrounding file-sharing have been known for some time. In 2006, Andrew McLaughlin, then head of Google's global public policy, told MPs: "What is tricky is that technologies like BitTorrent, for example, can be used for copyright infringement absolutely; they can also be used for perfectly good purposes as well.

"For example, on BitTorrent you can find historical speeches, documents, war-time documentaries, old news reels that are out of copyright. It is not that everything available through that service is copyright infringement."

Monitoring the swarm

Because of this, rights holders may use monitoring programs to find out what exactly is being shared via BitTorrent, the researchers suggested.

They found that when they shared files or took part in swarms, their machines would sometimes be monitored by a small subset (0.05 percent) of others in the swarm.

"Peers sharing popular content are likely to be monitored within three hours of joining a swarm"

These peers "superficially appeared to be active, but in fact they were not downloading the shared file; their IP addresses belong to subnets of three hosting companies", the researchers said.

However, the team didn't see this type of behaviour in sharing of content in the public domain. They concluded, then, that the strange peers were in fact monitors operated by content rights holders, who were looking to link IP addresses to the distribution of pirated content.

The researchers identified six companies they believe are hosting 'autonomous systems' that monitor shared content: Speakeasy, Cogent/PSI, Qwest, Net2EZ, TELESP and HEAnet. An earlier study by other academics identified Net2EZ and HEAnet as potential harbourers of monitoring agencies, they noted.

Furthermore, the BitTorrent participants hosted on Qwest were "considerably more active in 2010 than in 2011; it may be that this [autonomous system] was once being used by monitoring agencies but no longer is", they suggested.

Blocklists don't work

Blocklists — lists of suspicious IP addresses associated with monitoring programs, used by pirates to protect themselves from monitors — do not appear to work as well as they should, according to the University of Birmingham report.

During their study, the researchers identified 263 BitTorrent participants with the attributes of a monitoring program, but were not on any kind of blocklist.

"BitTorrent users should therefore not rely solely on such speculative blocklists to protect their privacy, and should instead combine them with blocklists based on empirical research," they wrote.

At the time of writing the Motion Picture Association of America had not responded to a request for information.

Topic: Piracy

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • At the time of writing the Motion Picture Association of America had not re

    Hmmm, you are suggesting they talk to you about how to perpetuate an illegal activity that is undermining their revenue? Really? I think you don't know Jack...
    • Monitoring software

      @happyharry_z thanks for writing in - we contacted them to find out whether they used monitoring software. They are yet to reply, but the report indicates that they and other rights holders do.
      Jack Clark
    • He does know Jack... and you're a dick.

      Speaking of criminal organizations: The MIAA is high up on the list, just below the RIAA the ringleader of the gangsters stealing money from the artists that create the media and do all the work. The MIAA and RIAA are just sucking parasites stealing from artists, they add ZERO value and cost everyone.
      Reality Bites
    • speak of not knowing Jack

      It's a journalistic imperative to seek comment from the probable originators of the monitoring activity. Even if you know they're not going to answer. Good thing you don't work for a news agency, they'd be wanting their payroll money back.
  • Bittorrent is approaching end of life, time for the next mesh sharing tool.

    I think we'll start seeing new technology sometime next year. There are lots of places to squirrel away content on the internet, as always the challenge is how to publish the links without compromising the parties hosting or sharing. Some of the ideas for how to do this are brilliant, but will take time to become widespread. As always, it's a kind of arms race between the file sharers and the media cartels. I don't place any bets on the latter ...
    terry flores
  • spies

    Perhaps this is a convenient way for the riaa/mpaa and other parties to spy on your activities even if you are using bittorrents legitimately. Kind of like G.W. homeland security wire snooping and then a few years later we find out he used them to snoop on non violent activists and other groups his constituents were against.
    • Dubya isn't alone in this regard

      Stop kidding yourself. Obama and his gang of merrymakers pull the same crap. The folks on the left are just as quick to trample on privacy rights and concerns as those on the right. It's not a political issue per se as much as it's one of POWER and leverage.

      Those with the power - which almost always equates to MONEY in uber capitalist systems like ours - don't want you infringing upon it (it being THEIRS). They prefer, and work hard at, keeping you the powerless and pwnd peon that you are. Yuo simply have to know your place.

      The sooner you get used to that reality, the sooner you can get back to your usual, impotent, sheeple-like ways.
      • Interesting ...but

        The last time it took 3 hours to download a single mp3 an album or even a complete film was about 10 years ago. You can now take a DVD sized amount of data in well under an hour ... or minutes if you're lucky.

        So is this type of monitoring aimed at catching those still on dial up, or perhaps living miles from reliable exchanges?
        • That maybe true...

          But Seeders are online for significantly longer. So they are putting themselves at risk. If they come offline sooner, no seeds, little chance of a complete copy of an avi, the share fails. Just saying.
        • ditto on what mountjl said...

          it is not the downloaders they are monitoring... I believe there was a supreme court case in the USA in the last 18 months where they determined it was not against the law to download a copywritten file, only to provide it to others.

          The reasoning (again, if I remember correctly) was that it was possible for the person downloading to not be aware of the license agreement of the title. (I know somethings are a wee bit obvious...) However, it is your responsibility to verify you have the appropriate licensing to provide copywritten material to others, before doing so.

          That said, I avoid both ends of the stick. Netflix and Red Box are my friends.
      • Sheeple

        Amen, brother. I can hear them all bleating now....
  • Quickie

    What if takes way way less than 3 hours to download. Can they still track you?
    Not The One
  • don't worry

    even if they tracked me i'd jst say my dog was using the pc, not me
  • Copyright law is the problem

    I'd have a lot more sympathy for the MPAA / RIAA if they weren't corporations, not because I hate corporations, but a corporation is a legal person that never dies. Originally copyright was to give protection to content originators for their lifetime. Now it seems that they want it to be forever... I might be willing to spend a little more money on current offerings if old stuff was free.
    • Also Usenet: every single provider, every single search engine

      I forgot to add..... Usenet is no exception.

      its still LEGALLY protected.

      But they still target usenet articles. They maintain dozens of subscriptions to all of the different (distinct) providers and 3rd party services like Sheme's search tool or the (now dead/defunct) NGindex (all of which are paid services).

      then, when/if a client desires usenet takedowns, these contractors will mass-email/snail-mail DMCA takedowns to every single provider/service.

      The only ones that are immune are those that are hosted in countries like Sweden.

      there are some notable examples..... Argo and The Hobbit were VERY effectively DMCA'd on Usenet, to an extent that I have literally never seen in nearly 12 years.

      every single post, repost, "fake-filename" post, random group (alt.binaries.WHOOPEEDEEDOOP or something equivalent), password protected post (with the password supplied by spotting forums).....

      all were DMCA'd. EVENTUALLy, they gave up.... but it was very interesting.
  • Spies who are effectively identical in "appearance" to normal downloaders

    These companies have guys using normal residential internet connections, associated with a residential address or some random person's name (with no conection to an anti-piracy organization/contractor via Linkedin or background check).

    These guys sit on their computer all day.

    they lurk IRC, have accounts on VCDQ, RLSLog, Slyck, Torrent Freak, every single public and private torrent tracker, every single private forum dedicated to posting DDL links, every single "spotting" forum, etc.

    These guys don't just run automated IP logging software, host "fake" DRM-format files like WMV/WMA with hidden "call home" features to track downloaders.

    They even use "authorized" content (authorized by clients like MPAA) to ingratiate themselves into scene groups.

    Spies like this have infiltrated absolutely every single community, at every single level of the warez pyramid.

    private trackers? check
    usenet spotter forums? check
    scene ftp/irc-server/forum/bbs? check
    open/public registration forums, aggregators, etc.? check
    subscribers to twitter feeds from crackers, hackers, and release groups? check


    the absolute ONLY exception are communities even more exclusive than the private IRC servers, forums, and FTP/DDLs that supply "the scene"

    the communities that are PURELY populated by release/cracking groups that actually know each and every member; the scene communities are small..... but way too large to possess accurate/truthful knowledge about every member.

    Why, for the love of logic, could anyone possibly think that you have to be "special" to have direct/explicit knowledge of the warez organization that would PRECLUDE you from getting a job working for anti-piracy groups?

    Why, for the love of logic, could anyone possibly assume that their experiences are somehow "unavailable" to people who eventually end up working in this capacity?

    anyone can do it. and "everyone" DOES IT.