How Logistep catches file sharers

Posted by Martin in P2p, Security  Tags: , , , , ,

15

Apr



It is no secret that companies like Logistep are monitoring p2p networks to sue file sharers who are offering software from clients like Zuxxez, a German company who recently sued 500 British p2p users claiming that they illegally distributed the game Dream Pinball 3D. The website Torrentfreak got their hands on a copy of one of those letters that have been send out which details the process of how Logistep determines which users are illegally distributing the game.

Logistep uses a software called File Sharing Monitor that targets E-Donkey and Gnutella users. Here is how it works:

  • The software connects to a p2p server and requests a filename recording all IP addresses that offer that name
  • They request to download the file and if the download is permitted record the following information into a database
  • Filename, file size, IP of the distributor, P2P protocol, P2P application, the time and the username
  • When this is inserted the application does a automatic whois and is able to send an infringement letter to the ISP

I think it is interesting to note that this is almost an automatic process which leads to some questions. How do they know which archive has the correct size and is actually their product and not a broken archive ? Is not it only possible to know the exact file size if they downloaded it at least once to verify that is is indeed their product ?

Let us assume that they are not stupid and that they filter out every file below a certain size to prevent that users who do share mods or patches get sued. Let us further assume that a file that is labeled a certain way (with group tags) and shared among many users is the right program. Does this mean that the user that they are suing is responsible ? They will always sue the account holder which could or could not be the person who shared the files.

What possible solutions can I think of that make the Logistep file monitor useless ? Please note that this is hypothetic, I’m not advising anyone to actually use the methods listed below.

  • don’t share files
  • share only files with no plausible filename (3dpd)
  • use encryption to share the files
  • use vpns like Relakks
    to share them
  • switch to Usenet
  • buy the game ;)

Can you think of anything else left to say ?


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

Spread The Article: Digg del.icio.us StumbleUpon Reddit Facebook Slashdot TwitThis YahooMyWeb Fark Mixx NewsVine

4 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Michael Griffin says, April 17th, 2007   

Cox sent a letter regarding use of a torrent downloading/sharing a file to someone I know. This possibily what was used to track him.

Quasimodo says, April 18th, 2007   

Just ENABLE and FORCE protocoll obfuscation in the eMule security options (.47c).

Since Logistep uses a Shareaza derivate, you will avoid ANY communication with those clients !!!!

Quasimodo says, April 18th, 2007   

The same goes for utorrent and Azureus.

Force the protocoll obfuscation.

Eight news stories 17.7 — Bruce On Games says, July 17th, 2008   

[...] Logistep catches peer to peer software thievesby pretending to be a peer. It then has all the IP addresses of users computers that automatically offered a game. Using whois they know how to prosecute. And this is what they are doing with many hundreds of prosecutions. Unfortunately Swiss law is behind the technology which is causing a few problems. But these are bound to be solved and yet more game stealing criminals will feel the long arm of the law. [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.