• United States
by Ann Harrison

Spy on my machine? No way man!

May 22, 20033 mins
Enterprise Applications

* Some P2P users find ways to thwart Internet spies

In an effort to protect themselves from Internet snooping programs used by the recording industry, some P2P users have developed a number of countermeasures to safeguard their machines.

The newest such application, called PeerGuardian, is a firewall program which blocks the originating IP addresses of Internet spies. The program still allows interlopers to view the names of music files, but they can’t download the file to see whether it is copyrighted.

Of course it may not matter if the file is copyrighted or not. The Recording Industry Association of America recently sent a false cease and desist letter to Penn State complaining about a file named “Usher” which was named for a professor, not the music group.

But PeerGuardian could frustrate other efforts by the RIAA to use attack programs that freeze PCs and delete MP3s directly off your hard drive. The application, developed by a 23-year-old English software developer named Tim Leonard, blocks more than four million IP addresses.

PeerGuardian targets the IP addresses of a number of companies including the RIAA, the Motion Picture Association of America, the Warner Music Group and network monitoring company BayTSP. The user can update the list and treat those who run these spy programs as unwanted and potentially lethal spammers, crackers and criminals.

Leonard says he developed PeerGuardian as a form of revenge after the P2P service AudioGalaxy shut down last June to avoid RIAA litigation threats. But like antispam IP blocking strategies, AudioGalaxy must be constantly updated to include the many IP addresses used by would-be snoopers. This is the same cat and mouse scenario already played by those who try to avoid commercial spammers.

Sharman Networks, which distributes the Kazaa file sharing software, has already pointed out that building automatic firewall update features directly into the file sharing networks could impact the functionality of e-mail and browser applications. It could also compromise the pop-up ads that some P2P services depend on for revenue.

Instead, P2P users could start swapping rapidly updated IP address blacklists of Internet snoops. The most valuable such lists would include IP addresses used by companies preparing attack operations. There is also much discussion of filtering would-be attackers using collaborative reputation systems. These system have been used to rank the trustworthiness of say, encryption key holders, and eBay sellers.

Under this system, P2P users exhibiting characteristics of attackers – such as downloading large numbers of files without offering uploads or sending lots of instant messages – would get a lower rating. Of course clever attackers could mask their behavior. And such a system might inadvertently target nonattacking file traders. But it would be one way of identifying IP addresses that you might want to block.

I have no doubt that outraged file traders will develop ever more sophisticated programs to outwit companies hired to scan their hard drives and attack their machines. The aggressive actions of the RIAA have unleashed a cyberwar of measures and countermeasures that will ultimately come back to haunt the music industry. The actions have provided power motivation for people like Leonard to develop the means to defend, and ultimately counterattack litigious copyright holders.