The security experts have observed a massive spike in activity compared to 2011, mostly originating from locations in Russia, Canada, China, Australia and the USA.
The CERT group operates a system that scans for online threats and the attack on BitTorrent triggered several of their honeypot sensors. These attack sources send data packages that appear to be legitimate, but the IP-addresses they send are forged.
The security researchers, who say these poisoning attacks are happening on a massive scale, observe that they are targeted at specific BitTorrent swarms sharing Russian movie releases.
One of the likely explanations for these poisoning attacks is that anti-piracy outfits are utilizing them to “protect” their clients’ movies. For example, these outfits could overload BitTorrent swarms with corrupt data or “disconnect” messages while masquerading as legitimate downloaders.
This is exactly what the Microsoft funded startup Pirate Pay appears to be doing although other companies may also use similar methods. A company called ICM is currently listed as “protecting” the Russian film that was the subject of the attacks identified by CERT.
The security researchers don’t make any conclusive claims about the origins of the attacks, but they do note that anti-piracy groups are a possible source.
“At least one interest group that would benefit from uTP poisoning is easy to point at: multimedia companies and their subcontractors. Conduction of this kind of campaign by these institutions wouldn’t be precedent. It’s also possible that generated traffic is used for BitTorrent network mapping and data gathering for later use in other projects,” CERT comments.
Perhaps of even more interest, CERT also notes that the poisoning attack, or anomaly as they call it, may very well breach cybersecurity law.
“[The attacks] produce visible disruption in IT systems and large amounts of our false-positive high-level alerts is a good proof. In terms of Polish law, European Convention on Cybercrime and U.S. Codes (and probably many other sources of domestic law) legality of process producing the anomaly is questionable,” the security experts note.
In other words, the techniques these anti-piracy outfits appear to be using to prevent people from sharing copyrighted movies could be illegal. If that is the case then the movie companies who hire these anti-piracy outfits may be complicit in cybersecurity crimes.
That would be a problem.
TorrentFreak contacted the CEO of the Microsoft-funded Pirate Pay for a comment on the legality of his service, but we are yet to receive a reply. More details about the specifics of the attacks are available on the CERT website.