BitTorrent bypass code could make downloads anonymous
Headache for UK's Internet piracy laws?
By Maxwell Cooter | Techworld | Published: 10:30, 16 April 2010
The recently-passed anti-piracy Digital Economy Act is set to increase the risk that users download dodgy code to disguise their online activities. That's thanks to the piece of code, charmingly referred to as SeedFucker, which purportedly allows users anonymous downloading.
The code, which has been available since last November, is just 48 lines of C# coding. It doesn't make BitTorrent downloads untraceable in itself, but the fear is that the code could be amended to do just that.
Certainly, the blogosphere has been alive with debate about the possibility that the code could be used as a way to bypass the provisions of the Digital Economy Act. Reports suggest the code can be changed to flood a torrent with dozens of fake peers, and by also faking the IP address of a server from where a file is downloaded.
Related Articles on Techworld
However, according to Fraser Howard, principal researcher with security company Sophos, the claims that SeedFucker could mask downloads are pretty far-fetched. Not only that, he warned, the use of the code could actually create opportunities for malware writers to disseminate bad code.
"Historically, there has been a history of malware writers using peer-to-peer networks to spread malware. A lot of these users watch what software is being downloaded and when they see a lot of users downloading software, they think it's safe. Malware writers can create fake users so it looks like there's a lot of interest in the software," he said.
And the publicity around SeedFucker could also make things worse as users look for a way of getting round the Digital Economy Act and will adopt whatever method is available. "Users are still searching for The holy grail of anonymising . The main reason why people want to people anonymise downloads is so they can get illegal content - so there's always going to be a need."
But, Howard said SeedFucker isn't that software. "All that services like this is to flood the peer-to-peer network with fake IP addresses but the people in ISPs who know what they're looking for, won't be fooled by the software, they'll still be able to find it, it will just take longer. Imagine if you're trying to find something in 10 cardboard boxes in a big room and 5m empty cardboard boxes are added. It makes a whole lot harder to find the boxes you want, but it's not impossible," said Howar.