BitTorrent spies can jump on P2P pirates in just three hours

People who pirate content can be found and monitored by a program operated by rights holders within as little as three hours of starting to share files, researchers have found.

The finding comes from a University of Birmingham study (PDF) of direct monitoring of file-sharers on BitTorrent, presented on Tuesday at the SecureComm conference in Italy.

"From our experiments, we derived a number of interesting properties of monitoring, as it is currently performed: eg., that monitoring is prevalent for popular content (ie., the most popular torrents on The Pirate Bay) but absent for less popular content," the British researchers said in their paper. "And that peers sharing popular content are likely to be monitored within three hours of joining a swarm."

BitTorrent is a decentralised, multi-peer-to-peer file-sharing protocol. It lets people achieve very high download speeds by breaking files up into chunks that are shared by all members of a BitTorrent 'swarm'. Essentially, it turns large files into jigsaw puzzles, which are broken down and pieced back together by the community of sharers.

The technology is popular with the academic community as well as pirates, as it provides an elegant way to share very large files, such as high-definition movies or academic datasets. As a consequence, rights holders pay close attention to what is being shared via the protocol.

The issues surrounding file-sharing have been known for some time. In 2006, Andrew McLaughlin, then head of Google's global public policy, told MPs: "What is tricky is that technologies like BitTorrent, for example, can be used for copyright infringement absolutely; they can also be used for perfectly good purposes as well.

"For example, on BitTorrent you can find historical speeches, documents, war-time documentaries, old news reels that are out of copyright. It is not that everything available through that service is copyright infringement."

Monitoring the swarm

Because of this, rights holders may use monitoring programs to find out what exactly is being shared via BitTorrent, the researchers suggested.

They found that when they shared files or took part in swarms, their machines would sometimes be monitored by a small subset (0.05 percent) of others in the swarm.

"Peers sharing popular content are likely to be monitored within three hours of joining a swarm"

These peers "superficially appeared to be active, but in fact they were not downloading the shared file; their IP addresses belong to subnets of three hosting companies", the researchers said.

However, the team didn't see this type of behaviour in sharing of content in the public domain. They concluded, then, that the strange peers were in fact monitors operated by content rights holders, who were looking to link IP addresses to the distribution of pirated content.

The researchers identified six companies they believe are hosting 'autonomous systems' that monitor shared content: Speakeasy, Cogent/PSI, Qwest, Net2EZ, TELESP and HEAnet. An earlier study by other academics identified Net2EZ and HEAnet as potential harbourers of monitoring agencies, they noted.

Furthermore, the BitTorrent participants hosted on Qwest were "considerably more active in 2010 than in 2011; it may be that this [autonomous system] was once being used by monitoring agencies but no longer is", they suggested.

Blocklists don't work

Blocklists — lists of suspicious IP addresses associated with monitoring programs, used by pirates to protect themselves from monitors — do not appear to work as well as they should, according to the University of Birmingham report.

During their study, the researchers identified 263 BitTorrent participants with the attributes of a monitoring program, but were not on any kind of blocklist.

"BitTorrent users should therefore not rely solely on such speculative blocklists to protect their privacy, and should instead combine them with blocklists based on empirical research," they wrote.

At the time of writing the Motion Picture Association of America had not responded to a request for information.