CERT: BitTorrent uTP Protocol Under Attack

The Computer Emergency Response Team (CERT) in Poland says that BitTorrent’s uTP protocol is under serious attack from unknown forces in Russia, Canada, China, Australia and the USA. The group, which monitors cyber attacks around the world, says that attacks on the BitTorrent protocol are up substantially from 2011.

The attacks work by sending fake data packages that appear to be legitimate, but use IP-addresses that are forged. CERT also notes that these attacks seem to be targeting specific BitTorrent swarms that are sharing Russian movie releases.

Some of those attacks may be coming from companies like the Microsoft-funded Russian start-up Pirate Pay, who use this sort of technique to "protect" its clients' intellectual property.

"At least one interest group that would benefit from uTP poisoning is easy to point at: multimedia companies and their subcontractors," notes CERT. "Conduction of this kind of campaign by these institutions wouldn’t be precedent. It’s also possible that generated traffic is used for BitTorrent network mapping and data gathering for later use in other projects."

The security group also points out that this practice may in fact violate current cybersecurity laws in various countries.

"[The attacks] produce visible disruption in IT systems and large amounts of our false-positive high-level alerts is a good proof," the group says. "In terms of Polish law, European Convention on Cybercrime and U.S. Codes (and probably many other sources of domestic law) legality of process producing the anomaly is questionable."

Source: TorrentFreak

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone


  1. 0
    Neeneko says:

    It is also possible the attacks are coming from groups that run pay-piracy sites, many of which are run out of Russia…. so we might be seeing a case of criminals getting tired of potential customers getting stuff for free rather then pay them to steal it ^_^

  2. 0
    SeanB says:

    If i've got all this straight, uTP poisoning is used to invalidate a file in a torrent, but is only effected against a specific torrent, and takes some time to figure out (fake hashtags and all). I really don't think anyone would spend time trying to poison a legitimate torrent file. It's usually used to piss of people trying to get illegal movies. The "russian movies" they are refering to are R5's, which is usually the first step to decent rips of movies.

    Little research goes a long way…..

Leave a Reply