Anti-Piracy Technology For Sale On eBay For $1m
Written by enigmax on September 25, 2007In 2005, anti-piracy company Viralg burst onto the file-sharing scene promising to end 99% of all online piracy. Today, if you need a top secret piracy solution, have an eBay account, can collect in person and have $1,000,000 burning a hole in your pocket, you’re in luck.
Imagine the scenario - you’re the head of a multi-million dollar label, someone has convinced you that your business is losing money due to file-sharing. What do you do? Call in the Ghostbusters? Or do what lots of companies do and call in the likes of MediaDefender to help them. As no anti-piracy system can do anything other than make a very small impact on file-sharing, it’s a far from satisfactory solution.
Early in 2005, established anti-piracy company Viralg of Finland burst onto the P2P scene with a staggering claim: With their technology it was possible to end 99% of all file-sharing.
In 2004, Viralg listed Electronic Arts, Vivendi, Microsoft Game Studios, Sony Computer Entertainment, Atari, Nintendo, Codemasters and THQ as just some of their customers. They were among the nominees for the ICT Prize 2005 and the winner of the Venture Cup business plan competition.
The portfolio certainly made them appear impressive at the time, so when an eBay auction caught the eye today offering to sell Viralg’s technology for a cool $1,000,000, TorrentFreak became a little curious.
So what’s on offer? Looks like Viralg’s ‘intellectual property’ in the form of some patent applications:
Viralg supplies technology aimed at preventing sharing of illegal content such as music, movies, GPS maps, games and software from being shared over P2P networks such as Gnutella. Viralg technology is in widespread use by record companies in Finland (90% of customers) and in the other Scandinavian countries. Technology has generated turnover of over 500.000 US dollars. The patent applications for sale cover the necessary key technology for the only possible effective protection against illegal P2P sharing. Depending on the source illegal P2P causes damages of 4 to 12 billion US dollars to media companies per year.
So should likely buyers (unhappy MediaDefender customers perhaps?) invest in this technology?
Viralg claimed to be able to create a corrupted file but with a working hash, giving it the appearance of a genuine file. As people downloaded they got a selection of genuine and corrupt parts sent to them rendering the final file useless. Although partially effective on the FastTrack network (KaZaA [R.I.P] )years ago, Viralg’s offer of 40 hours of training to use the system still doesn’t cut it in today’s BitTorrent dominated file-sharing world.
Before Prince gets any fancy ideas about buying this for the Web Sheriff to use against The Pirate Bay, this outdated system is pretty useless against BitTorrent, which renders its ‘Patented Virtual Algorithm’, well - useless.
TorrentFreak spoke to Dr. Ir. Johan Pouwelse, researcher on P2P technology at Delft University of Technology, who explained why: “Bittorrent uses a separate hash for every 1-4 MByte. This means you can still exploit the weakness in the protocol by sending bad data. However, clients are now generally so smart that they only accept maximum 1 fake 1-4MB block from an IP address.”
Of course to corrupt lots of files, you need lots of presence on file-sharing networks (servers, accounts, the whole MediaDefender-style setup) so the $1m tag is just the tip of an enormous iceberg.
Maybe some of the sales statistics will tempt prospective buyers? The system has been running since 2003, and in that time it generated a turnover of $500,000. Potential buyers are likely to be more interested in the bottom line, especially now that the bottom has fallen out of the FastTrack network.
Anyone with a bulging bank balance needing a guarantee of being able to corrupt files on the FastTrack network (and is unaware that MediaDefender’s tools are available for free) should hurry over to the eBay auction right now, there’s not long left to go - for the auction or Viralg
Previously: IsoHunt Takes Down BitTorrent Trackers in the US
Next: Demonoid Shut Down by the CRIA?
37 Responses
Pages: [1] 2 » Show All
[quote]This means you can still exploit the weakness in the protocol by sending bad data. However, clients are now generally so smart that they only accept maximum 1 fake 1-4MB block from an IP address.[/quote]
If someone was to create a piece with a valid hash and start sending it out, the client would not be able to tell whether it was a valid piece or not.
The only information they have about the piece is its final hash, and as long as that matches what is listed in the torrent file it’s considered valid.
Clients drop connections from peers where the pieces they’re sending do not match that hash. A system aimed at generating fake pieces with valid hashes will have no problems with this at all.
[quote comment="173187"]If someone was to create a piece with a valid hash and start sending it out, the client would not be able to tell whether it was a valid piece or not.
The only information they have about the piece is its final hash, and as long as that matches what is listed in the torrent file it’s considered valid.[/quote]
The problem is that the piece has to be the equal length and have a specific hash.. such a fake piece isn’t easy to generate
[quote comment="173187"]Clients drop connections from peers where the pieces they’re sending do not match that hash. A system aimed at generating fake pieces with valid hashes will have no problems with this at all.[/quote]
Even if a falsely-valid piece gets into a movie it will be only a small gap in the movie.
One can also defend against that by adding hashes for the whole file or for bigger blocks in the file to the torrent (that would require an extension to the .torrent-file specification)
That would make an attack even more difficult, because on has to create a piece of a fixed length wich has a given hash and together with some other given data another given hash.
So even if they can generate fake-pieces the BitTorrent-Hydra can adapt fast :)
-Breeze
“Technology has generated turnover of over 500.000 US dollars.”
Is that a decimal point? the technology has generated over $500?
My point wasn’t that it can’t be defeated, it was more that the quote above is wrong.
Current clients cannot mark a piece with a matching size and hash as invalid and so will not drop a connection from that peer.
The pieces may be hard to generate, but if you can generate them as claimed by viralg, your client will not be banned by other peers.
It only gets banned when sending pieces whose hash does not match (for which you don’t need these patents :P )
I like your idea for extra hashes though.
[quote]
Of course to corrupt lots of files, you need lots of presence on file-sharing networks (servers, accounts, the whole MediaDefender-style setup) so the $1m tag is just the tip of an enormous iceberg.
[/quote]
Nahh, they give another example on the auction site:
[quote]
3. If your business is involved in developing and/or selling a P2P program, you can make it better and avoid any problems that this technology can give to your network.
[/quote]
Funny Guys^^
Isn’t this why there are md5’s or sfv’s included? I always verify my sfv’s before I do anything.
A little clicking around eBay confirms that this seller is also a buyer. He must have been wearing this t-shirt when he listed the Viralg IP for auction, lol:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146257667
AHAHAHA… Ebay should just pull it lol.
Is this for real ? I mean , c’mon
I don’t see why they don’t leave us alone.
it’s not like were causing any harm to anyone, to those big companies the p2p community is like a group of flies.
Anyone wanna chip in to buy it? Or maybe we should torrent it to try it before we buy it ;)
Do they ship to nigeria?
I used to have one of these. I have a factory in Nigeria and will ship these out cheap!
There is only one catch..
Toilet Finger!!
those pictures look like a pic of ed2k and a pic of azureus swarm.
thats hilarious.
Uh okay… I hate to be the one to break it to you folks, but Bittorrents uses SHA1 hashes. The odds of finding a collisions with the same length are zero.
It is possible to find a collision in 2^63 with SHA1, but that means this software is going to have to try every single combination in 2^63, or 1 in 9,223,372,036,854,775,808. You can read more about this at:
http://www.rsa.com/rsalabs/node.asp?id=2927
This attack the company is talking about is because older filesharing systems used much weaker hashes. BT just isn’t going to fall victim to this type of attack. Total snake oil.
Also, for a bunch of people going to a site called ‘torrentfreak’ - you could all do yourself a favor and read up on the protocol specification:
http://www.bittorrent.org/protocol.html
Thanks!
In the early eDonkey period, these poisoners could be very effective at stopping the spread of a targeted file when ed2k hashed 9500KB blocks - 30 times the size of the current hashed block.
Maybe because movies can take a long time to download in ed2k, these companies would sabotage the download without first checking to see if it was the actual film they were contracted for. There were a few legitimate downloads that got nuked this way, like whenever someone released an ancient B&W original of a movie at the same time as the ‘hot’ movie comes out (the Fast and the Furious in 2002 comes to mind) since these companies will attack everything they find with a similar-sounding name.
Maybe the studios should consider that the anti-p2p efforts of MediaDefender are a waste of time and money. MediaDefender have been running for years. They don’t halt the spread. Despite their efforts they don’t slow it either. Stuff spreads and spreads fast. Now MediaDefender have been linked to illegal practices like DDOS and spreading illegal porn. Let’s not forget their incompetent security either. They’re a waste of money.
Isn’t it time the MPAA took a step back and found another way? It’ll be an industry shakeup, but one is overdue.
Same for the RIAA. Make stuff cheap, and people won’t copy. It’s easy, and you’d make lots on the volumes. Apple have already proven the viability of online selling, but they’re still too expensive especially when format shifting is involved.
The both of you: make stuff cheap and legal and people will buy it.
Yes it is a decimal point, but in many countries that is used as a demarkation. In Mexico and Central and Southern America, 500.000 equals US 500,000.
If there are 3 zeros after a period, assume it’s foreign numbering.
The the addition of ’salt’ to such hashes would make this worthless, right?
The rainbow tables stop working, and pretty much results in this product no longer functioning, right?
I am very worried about this, because people who write P2P code are stupid and wouldn’t be able to implement that in a couple hours. God forbid people be required to update their client.
If anyone isn’t paying attention to history. If they completely block off, or make Torrents useless. Other forms of P2P would arise, often being better and more efficient than the previous.
I think it would be interesting to make a complete P2P webpage server, making an internet, within an internet. (Except each home user could have their own web page, searchable by P2P browsers.)
[quote comment="174235"]The the addition of ’salt’ to such hashes would make this worthless, right?
The rainbow tables stop working, and pretty much results in this product no longer functioning, right?
I am very worried about this, because people who write P2P code are stupid and wouldn’t be able to implement that in a couple hours. God forbid people be required to update their client.[/quote]
Dude, coming up with rainbow tables for just one block size of BT SHA1 hashes would require, um… 2^160 slots, and then a block size’s worth of data for each. There’s not going to be enough mass storage space for that kind of data on the Earth all together for the next, what, fifty years? Make that 150 years to be safe.
Now, there are algorithms out there that can be used to spoof a SHA1 checksum… but most of them rely on being able to add data at the end of the “message”, i.e. that the checksum is computed over a section that is different from the content. Spoofing an arbitrary message with a fixed length is exponential piles harder.
Viralg’s shit was pertinent back in 2002 or so, when naïve P2P protocols used a per-file hash. So you could send null blocks and they’d propagate just like valid blocks. This hasn’t been the case for even ed2k in years.
Even in the company’s youth we got a hearty giggle from their marketing. “Secret virtual algorithm”. That’s conman speak for “we haven’t got anything -algorithm”. But hey, the media companies will pay about anyone for a little “protection”, so why not exploit that… it just pisses me off that they got a state-funded award for that horsecrap.
To clarify spoofing a SHA1 checksum: I was referring to the cryptologist’s definition of “cracked” in the context of hash functions, i.e. that the attack takes less time than the trivial brute-force. This definition doesn’t require that the attack could be performed in practice before humanity’s sand runs out.
In practice naming a file by its content hash has far, far less of a chance of collision than naming them by hand. There’s no need to beef up the torrent metafile format just yet.
Oh-Oh Leet alert…RijilV is telling us all we must study more, as he is considerably more intelligent than us…..I bow to your superior knowledge
You’ve heard of sarcasm right….?
You my friend are a 1st rate nob-jockey and need to get yourself a life (maybe try getting laid too, you know, with a female…..intercourse…..Oh of course you’ve only read about such wonders!!)
2 references to this post
Pages: [1] 2 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.