July 22,
2015
Why You Should Never Use Peer-to-Peer
For those of
you who don’t already know, peer-to-peer file sharing is a big deal, not only
for “legitimate” purposes (i.e., trading of non-contraband files), but also for
more nefarious purposes such as trading in illicit images and videos. This has become big business for law
enforcement because the growing use of peer-to-peer (p2p) networks has made the
searching for, downloading, collecting and trading of child exploitation images
much easier and more prolific than it ever was before these networks
existed. But that’s not all they’re used
for. Arguably, the majority of traffic
across p2p networks is for bootlegged music, movies, TV shows, etc. This slightly more “legitimate” use of p2p
services is not quite as damaging (or grotesque), but still opens users up to a
myriad of potential problems.
What is Peer-to-Peer (p2p)?
Simply put, p2p
is an internet-based service that allows other users (peers) to trade files
across an open global network. For
example, if you’re a big fan of Beyonce, you can download one of several p2p
software utilities (Shareaza, Limewire, Ares, etc.), which are generally free
of charge and, once it’s installed, simply connect to the internet and search
for “Beyonce” and voila! You will immediately receive hundreds of hits from
other users all over the world sharing files with the title bearing the name “Beyonce”. This sounds great, right? Easy, fast and free. Almost sounds too good to be true!
The Good
So the good
things about p2p are that it’s free, fast and easy. That’s about it. And while that may be enough to convince you
that you’ll log on right now and download a p2p utility and start your library
exploding exponentially, please keep reading… Because free, fast and easy
usually comes with a price. This is true
in p2p and in life.
The Bad
So what’s so
bad about p2p? We’ll get into the REALLY
bad parts in the next section, but here’s some pretty bad side-effects for
starters:
1) You don’t know where
your files are coming from
While you
may be able to see an IP address and/or a country of origin of the files you’re
downloading, that’s about it. And unless
you have subpoena power (and even that won’t help you in a foreign country), you
have absolutely no idea where your files are coming from. In fact, they could be coming from one of
several different sources. This is a
common default setting in p2p software to speed up the downloads.
2) You don’t know what you’re
downloading
I’ll talk
about this a little bit more later, but best-case scenario is you may be
downloading files that contain malware, viruses, spyware, or any other of a
number of digital “bugs” that could slowly (or quickly) destroy your computer
system. The fact is, these files aren’t
verified and they aren’t authentic much of the time, so just because the file
name says “Beyonce” doesn’t mean that’s what you’re getting. Even if it is what you’re getting, the
potential for some malicious code to be inserted that will log all of your
keystrokes or save and send all of your passwords is fairly high. Why take the risk for a free song or movie?
3) You’re allowing others on
the internet an open door into your computer system
As you may
have been able to figure out by now, p2p isn’t all about getting files from
others. In order to get more downloads
quicker, you have to share your files too.
Think about all the valuable information that may be on your computer –
Banking records, website history, important documents… do you want all of that
available to a savvy user of p2p in China?
Plus, sharing is turned on by default upon installation of these
programs and these default settings sometimes go as far as naming what types of
files will be shared on your system.
Again, more on sharing later.
The Ugly
So here’s
why you really don’t want to ever use p2p software: Most of the content that
you’ll find on p2p networks is illegal.
Sure, people sometimes share a PowerPoint deck they created or a story
they wrote, but those are the exception.
More often, p2p users are sharing bootlegged copies of TV shows, music
and movies. You can download entire
seasons of TV shows with one click.
Problem is, all of that material is copyrighted and therefore illegal to
obtain for free.
The other
thing that p2p is routinely used for is pornography in all of it’s forms. As former police detective who investigated
the trafficking of illegal images, I’ll just tell you to think of some of the
worst, most disgusting images you can imagine and go about 10 levels higher and
that’s what is trafficked on p2p. Sure, there’s “normal” pornography on there,
too, but anyone can get that from any number of websites. Those who are interested in truly dark niche
images turn to the p2p networks to download it because legitimate websites won’t
post that material.
So let’s say
you’re not into any of that stuff and you just want to download bootleg
movies. I said before that you never
know what you’re getting, right? Well
when you search for files on a p2p network, the search hits are returned by
file name. Problem is, anyone can name a
file anything they want, regardless of the actual content. So if you’re looking for a movie starring
Denzel Washington, you may get some legitimate hits, but you may also get hits
from files that have people in them that look
like Denzel Washington and someone inserted his name into the file name and
threw it up on the p2p network and it happens to contain illegal images. Guess what, you just broke more than
copyright law!
The other
problem has more to do with the underlying motive for even using p2p in the
first place: laziness. In many cases
that I’ve worked, the target or client claims that they just performed a search
for “normal” porn using the key word of “teen” (because they’re allegedly
interested in 18 and 19 year-olds). They
get several dozen hits, click the top hit, scroll to the bottom and hit SHIFT +
click and download the entire list. This
also happens with bit torrent files (google it). Now they’ve just grabbed an entire library of
potentially illegal material, whether it was intentional or not. They do this because it’s quick, free, easy
and they’re lazy.
Finally, the
sharing comes into play. It’s one crime
to possess illegal images, it’s wholly another to distribute them. The way the criminal justice system views it
is that the victims in those illegal images are being victimized all over again
every time someone views them, so to distribute them is much worse. But as I said before, sharing is turned on by
default and law enforcement targets those who are sharing illegal files. It’s also quite possible to download an
illegal file and be sharing it before you’ve even had a chance to view it and
determine it’s something you really don’t want on your system. Next thing you know, the police are knocking on
your door. That’s a bad day.
Advice is
free and it’s always up to the receiver to take or leave it. But speaking as one who has seen many, many
cases come before the courts and many defenses attempted and failed, I’m forced
to ask ‘why would anyone use peer-to-peer?’
It’s a bad idea, even if your motives are mostly legitimate. The internet is the wild west -- it’s not
regulated and seldom policed. But my
advice is don’t put yourself in the potential position to get caught up in
something that could wind you up in prison.
When the digital media evolution happened, I decided that it’s worth the
$1.00 or so you pay Apple or Google for a song.
It’s worth it to rent or buy movies legitimately from legitimate,
verified sources. It’s not worth it
getting caught up in something you don’t ever want to be a part of… Trust me on this one.
Author:
Patrick J.
Siewert, SCERS, BCERT, LCE
Principal
Consultant
Professional
Digital Forensic Consulting, LLC
Based in
Richmond, Virginia
Available
Globally
About the Author:
Patrick Siewert is the Principal Consultant
of Pro Digital Forensic Consulting, based in Richmond, Virginia. In 15 years of law enforcement, he
investigated hundreds of high-tech crimes, incorporating digital forensics into
the investigations, and was responsible for investigating some of the highest
jury and plea bargain child exploitation cases in Virginia court history. A graduate of both SCERS and BCERT (among
others), Siewert continues to hone his digital forensic expertise in the
private sector while growing his consulting business marketed toward
litigators, professional investigators and corporations.
Twitter: @ProDigital4n6
