Security flaws make innocent users into file-swappers

Security flaws in internet file-sharing networks could incriminate innocent users, according to a research paper.

The anonymous paper - Entrapment: Incriminating Peer to Peer Network Users - detailed several methods that could be used to trick unknowing users into downloading copyrighted files and host them, reported New Scientist.

The Gnutella network would show that the innocent user is sharing copyrighted files, if network messages that usually rely on users to pass on requests for data stored on users' computers are manipulated, said the report.

The Gnutella network is a file sharing network that forms the backbone of a number of popular file-sharing clients including Morpheus and Bearshare.

UK-based P2P programmer Adam Langley said in the report that the Gnutella specific attacks seem reasonable at first glance and the techniques described are not surprising, as Gnutella is not designed to resist such attacks.

Also, it is possible to incriminate an innocent user sending the person a Trojan, as most Windows users would run any old attachment they receive, Langley continued.

Recently, The Recording Industry Association of America (RIAA) withdrew a file-swapping lawsuit after a possible case of mistaken identity.

The RIAA represents the largest US music companies, and has already sued 261 file-sharers who were accused of illegal file swapping through P2P networks, which appear to have reduced activity on the more popular P2P networks, according to a new US research by Nielsen NetRatings, which tracks internet usage.

Leading music file swapping network Kazaa saw a 41 per cent drop in users over the last three months. In the week ending 21 September, traffic fell to about 3.9 million visitors, from 6.5 million in the week that ended on 29 June. Traffic to Morpheus, another network has also dived from 272,000 to 261,000 in the same period, reported news agency Reuters.

On 29 September, several P2P networks unveiled a code of conduct to encourage responsible behaviour among users and asked Congress to find a way record to pay labels and other copyright holders for the data shared online.

Asia-Pacific residents have also been nervously eyeing the recording industry's blitz on file-sharing in the US and asking if this region's users will be the next targets.