Investigating Cybercrimes that Occur on Documented P2P Networks

Investigating Cybercrimes that Occur on Documented P2P Networks

Mark Scanlon, Alan Hannaway, Mohand-Tahar Kechadi
DOI: 10.4018/978-1-4666-2041-4.ch010
(Individual Chapters)
No Current Special Offers


The popularity of Peer-to-Peer (P2P) Internet communication technologies being exploited to aid cybercrime is ever increasing. P2P systems can be used or exploited to aid in the execution of a large number of online criminal activities, e.g., copyright infringement, fraud, malware and virus distribution, botnet creation, and control. P2P technology is perhaps most famous for the unauthorised distribution of copyrighted materials since the late 1990’s, with the popularity of file-sharing programs such as Napster. In 2004, P2P traffic accounted for 80% of all Internet traffic and in 2005, specifically BitTorrent traffic accounted for over 60% of the world’s P2P bandwidth usage. This paper outlines a methodology for investigating a documented P2P network, BitTorrent, using a sample investigation for reference throughout. The sample investigation outlined was conducted on the top 100 most popular BitTorrent swarms over the course of a one week period.
Chapter Preview


Based on global bandwidth usage, BitTorrent is the most popular P2P network in use today. Erman (2005) measured BitTorrent traffic was to account for over 60% of the world’s bandwidth usage. The BitTorrent protocol is designed to easily facilitate the distribution of files to a potentially large number of interested parties, i.e., other peers, with minimal load on the original file source, as outlined in the BitTorrent protocol specification. This is achieved through the following steps:

  • 1.

    The file is split up into a number of uniformly sized pieces or chunks – with typical chunk sizes generally ranging from 128kB to 4MB.

  • 2.

    The initial source of the file creates a UTF-8 encoded “.torrent” metadata file, which includes unique SHA-1 hash values for the entire file and each of the file chunks, along with other required file information, e.g., filenames, chunk size, total file size, path information, client information, comments etc.

  • 3.

    This metadata file is then shared by the creator with other users interested in acquiring the original content – either through direct distribution, e.g., email, instant messaging etc., or through the much more common method of uploading onto a torrent indexing website, such as

  • 4.

    Users interested in downloading the available content must then download this metadata file and open it using a BitTorrent client, such as Azureus/Vuze or µTorrent.

  • 5.

    The BitTorrent client is then tasked with identifying other peers who are sharing the file uniquely identified in the metadata file, i.e., other peers in the swarm. This includes identifying seeders, i.e., peers with complete copies of the content shared in the swarm, and other leechers, i.e., peers who are currently downloading the content, but are sharing the completed chunks with others. This peer discovery is achieved through a variety of methods including tracker communication, distributed hash tables and peer exchange.

The success of the BitTorrent protocol can be attributed to uploaders incurring no additional cost besides their Internet connectivity costs to share a file with many users. In practice, the original uploader need only stay connected to the swarm until a sufficient number of leechers have one full copy of the file between them. This is made possible through the leechers uploading their completed chunks of the entire file to other downloaders. Due to BitTorrent’s ease of use, minimal bandwidth requirements and perceived Internet anonymity, it lends itself well as an ideal platform for the unauthorised distribution of copyrighted material, which typically has a single original source for sharing large sized files between many downloaders.

Complete Chapter List

Search this Book: