http://www.newscientisttech.com/article.ns?id=dn11949 By Mason Inman 30 May 2007 NewScientist.com news service Peer-to-peer (P2P) file-sharing networks, which let users trade movies, music and software online, are increasingly being used to trick PCs into attacking other machines, experts say. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted." A large number of computers can easily overwhelm the servers of even large companies with data, in a so-called "distributed denial of service" (DDoS) attack. In the past, such attacks have been used by criminals to extort money from large firms. In May 2007, DDoS attacks were used to take down web servers belonging to banks, government agencies, and newspapers across Estonia, in coordinated, and apparently politically-motivated, strikes. Database poisoning However, mounting a DDoS attack normally involves exploiting software bugs to break into systems, often using a computer virus, and creating an army of remotely controlled machines, or a "botnet". Early in 2006, Keith Ross and Naoum Naoumov at the Polytechnic University, in Brooklyn, New York, demonstrated that P2P networks could be used to launch an attack without hijacking any PCs, in a published study of the eDonkey P2P network. "In all file-sharing systems, you need a database to locate where these files are," Ross says. "The trick is to poison the database, to put bogus entries in that say that a very popular file is located at some target address that you want to attack." Thousands of computers will then start contacting the target computer requesting, for example, the latest Britney Spears song or episodes of The Office. A more recent study shows that BitTorrent, one of the most popular file-sharing networks, can be misused the same way. BitTorrent splits files up for sharing, which dramatically increases download speeds and also has a more centralised database than networks such as eDonkey. But Athina Markopoulou and colleagues at the University of California in Irvine, US show that it can still be used to mount a DDoS attack. Client hacking They created modified versions of BitTorrent files, and their own "tracker" a computer, which stores the databases that peers use to find one another on the network. Then, using 25 bogus files, they were able to trick more than 50,000 computers into cooperating within a few hours. "We needed to do some hacking in the BitTorrent code," says Karim El Defrawy, a member of Markopoulou's group. "But anyone with some small programming experience could do this." Bram Cohen, creator of BitTorrent, points out that there are far simpler ways to launch similar attacks: "Anyone with a popular website can put lots of tags for hidden versions of an image on somebody else's website, have some JavaScript get those images to reload once every few seconds, and completely denial of service a medium-size or even large website." However, other experts maintain that the popularity of P2P networks makes the issue important. "As P2P networks become more successful, this will become more of a problem," says Sanjay Rao of Purdue University, US, who has also studied the issue. "I think it's going to have the potential to be much worse than the botnet problem." "One reason for the shift in strategy, is that these attacks are harder to defend and track down than traditional botnet-based DDoS," adds Richard Miller, of UK internet monitoring firm Netcraft. "They represent a new attack vector, and it will take a while before the internet security community is widely aware of the new technique, and how best to defend against it." _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 30 2007 - 22:26:47 PDT