The Next Big DDOS Attack May Come via BitTorrent

Thought BitTorrent was just about downloading movies and TV shows? Think again: The BitTorrent protocol can be abused to initiate massive denial of service attacks, which could be used to take down large-scale websites, according to a talk given at Germany’s annual Chaos Communications Congress hacker conference. The exploit detailed during a talk titled “Lying to the neighbors” is based on BitTorrent’s ability to download data without the help of any centralized server, also known as trackerless BitTorrent.

BitTorrent was originally designed with a central server dubbed tracker in mind which would help users interested in the same file find each other to facilitate downloads. However, these tracker servers have become a kind of Achilles heel of the P2P protocol. Once a tracker server goes down, the whole network goes down. BitTorrent programmers came up with a way to discover users without such a server that’s based on the Kademlia DHT technology.

This technology is based on individual BitTorrent clients randomly introducing themselves to each other to establish a kind of distributed directory. However, the presenter, going by the name Astro, showed that one can manipulate some of the data exchanged by BitTorrent clients for trackerless torrenting to introduce oneself to many more clients in the network than necessary and then tell those clients that a popular file is available under a certain IP address.

Astro said that nefarious users could utilize publicly available data from torrent sites like The Pirate Bay to find DHT hashes for some of the most popular files and essentially trick some of these downloaders into attacking a certain target. For example, one could tell tens of thousands of users that an HD version of Inception is available at an address that really is the web server of a corporation. All of these users would immediately try to download the file under that address, bombarding the server with requests and possibly taking it down in the process.

Distributed denial of service (DDOS) attacks were most recently used to take down the sites of major credit card companies as part of the Anonymous revenge for actions taken against WikiLeaks. However, users tend to actively take part in a DDOS attack. In the case of this type of exploit, users may not even be aware that they’re bombarding a bank server with bogus requests while they’re trying to download a movie file.

Astro said that some BitTorrent developers have proposed security measures to prevent this kind of exploit. However, the proposed idea includes a transition period to allow all clients to switch to a more secure version of BitTorrent. Astro said “malicious people” could still use this transition period to initiate DDOS attacks via BitTorrent.

Image courtesy of Flickr user kthypryn.

Related GigaOM Pro Content (subscription required):