I am writing a paper on file sharing and I am trying to understand more about how the RIAA bots function. In particular how the bots identify (1) the IP address of a user and (2) the content that users have on their computer

Do the bots actually access the end user's computer? Is this information obained by using the file sharing software itself? Is this done while the songs are being transferred?

Any information, or links articles pertaining to this topic would be greatly appreciated. Thank you.

Originally posted by my name
shouldnt you do your own work?
Dude, he just wants some information on the topic. Give him a break.

Anyway cryuff, I think they work by scanning popular file networks using edited programs so that instead of the persons username, they get an IP address. When they start downloading the file, they record the IP address and send a letter to your ISP saying that they caught you sharing this file. The ISP is ordered to force you to stop sharing the file, or to discontinue your service.
Some popular bots:
MediaForce
OverPeer

PM me for more info

my theory:

you're on kazaa... you start dl'ing a file that is hosted by a 'bot' as you call it. some program they have, notcies you're dl'ing that file, and does netstat to see the open connections. any connections that are not 'legal' (as in, a connection to a time server or whatever) are caught by ip. then they can track you down...

Perhaps more information on the purpose of original post will elicit more constructive responses. I am a law student writing an article criticizing the D.C. District Court’s decision in RIAA v. Verizon. I am arguing that the lower court’s interpretation of the DMCA is unconstitutional, and distends the logical scope of the subpoena authority of §512. I am trying to fully understand the technical issues in order to craft more informed and persuasive arguments. Unfortunately, there are not many articles that explain the technical aspects of this process.

In short, I have done a great deal of "my own work", and the information I seek ultimately will be used to benefit those who participate in this forum. But I am a law student, not a programmer, engineer, or a network wonk. I am glad other users such as [NK] Mutant and isus perceive BBS’s as inclusive communities where information exchange is promoted and not discouraged.

To this end, I have another question based on [NK] Mutant's repsonse. To what extent do the edited programs actually use the P2P's property or software during a "raid" of a user's computer? Do these programs actually use the P2P software, networks or any other property in any capacity?

Thanks.

Originally posted by [NK]Mutant
Dude, he just wants some information on the topic. Give him a break.

Anyway cryuff, I think they work by scanning popular file networks using edited programs so that instead of the persons username, they get an IP address. When they start downloading the file, they record the IP address and send a letter to your ISP saying that they caught you sharing this file. The ISP is ordered to force you to stop sharing the file, or to discontinue your service.
Some popular bots:
MediaForce
OverPeer

PM me for more info

Ehhhh... close. Except the bots are actually trying to DL from *you* more often than watching what you DL. Remember: the RIAA is after people with large *shares* -- the people who populate the networks with content. People who download might only have a handful of MP3s -- they're not the probelm. They're really after the guy with 40,000 MP3s in his shared directory...

Originally posted by frickingfrack
Ehhhh... close. Except the bots are actually trying to DL from *you* more often than watching what you DL. Remember: the RIAA is after people with large *shares* -- the people who populate the networks with content. People who download might only have a handful of MP3s -- they're not the probelm. They're really after the guy with 40,000 MP3s in his shared directory...
Yeah, your right. My bad. They really go after the people who are sharing, not downloading. And cryuff, I'm not exactly sure what the exact extent these bots change the original programs, but I think they just make it display IP's rather then username's. These bots begin downloading the suspected file, then record the IP adress into a log file. I don't beleive they actually finish downloading the file, because that would be illegal. So, they only use P2P programs to find users who are sharing files. And yes, most of the information I know about filesharing I got from members of this site, and and glad to help anyone who needs it. However, I do not know as much as som of the "regulars" of this site, and I hope that they also come to help you on yuor noble cause.

I wish we knew for sure exactly how they work, because then we could find ways to ensure that we circumvent them ;-). But I think a lot of people on here have got some good theories. Now finding out what files a user is sharing and what their IP is does not take any extra or special software. For the files, most clients have an option in which you are able to browse what files a user is sharing. For the IP, you can use a number of different programs to view your open connections (and thus see who you are downloading from/who is downloading from you) or even if you don't have another program you can just go to the command prompt and type "netstat" to view your open connections. So if I was a real jerk I could download a copyrighted file from someone, find their IP during the transfer, then see what else they've got and report it all to the RIAA.

Based on what I read about the case of the Verizon customer who shared 600 files, here is how I think the bots get their information. They use a modified version of a file sharing client, maybe even a basic commandline version. They use special code in this client to search for specific strings - "Britney Spears", "Warcraft", "warez", whatever. When the automated process gets a search result that matches the string and probably some other parameters like size, the client downloads a portion of the file. From what I understand, at least in the case of music they don't need to download the entire file, just a portion of it to verify that it is indeed a copyrighted file. During this process I am supposing automated code is used to find the IP of the individual who has the file, probably not a lot different than "netstat". If it is copyrighted, the IP is logged and a "find more from this user" (or it's equivalent) is done on the user. If more files they are sharing match search strings they have, they download more from you and verify you are sharing more copyrighted files. Then, they send a list of this information to your ISP with a request that you stop sharing it.

This is all speculation on my part, but I think I am at least pretty close. To the best of my knowledge, the bot does not access your PC without your permission or without your knowledge, they find the information they want through the client you keep open and so are within their rights to access this information. Also, I'm not sure if they have a way to circumvent it if you disable other users from browsing your files. In my opinion if they can and do circumvent this, then they are accessing your computer unlawfully. If you want to know for SURE how it is these companies work, I would contact them directly - Overpeer, BayTSP, and Mediaforce are some you could try and contact. If you make sure you tell them what you are doing is educational and maybe if you act sympathetic towards their purposes, they might tell you something (but not likely). Also, look at any documentation you can get your hands on with the Verizon user case. I remember when that first came out there was some info being released as to how they obtained their information.

And if you find out anything new, post it so we can all learn!

cryuff-

Probably nobody really knows the exact technology used by the spybots except for the people running them. However, a few observations as related to Kazaa ( I'm only familiar with this P2P ).

1. I would guess that to "legally" show a user was actually uploading on the network, the evidence would need to show that the user was actually connected to the network and an upload took place. As such, the spybot would HAVE to actually be connected as a participant. If someone merely hacked my computer and showed that I had MP3s in a folder named "download", that doesn't prove that I was actually connected to the P2P network, and/or that I was offering them for upload. Even if I am connected to the network, I may choose to disable uploads. So to actually show that I was offering an upload, one would have to actually upload a file from me. And to do so, they must actually be connected as part of the network ( to maintain the fact of a connection between the upload and the P2P network ). Unless, of course, there is some way to monitor exactly what and where information moves thru my computer without actually being a part of that stream. I don't know the technologies available, but would guess that this is not too likely, given the nature of a digital transmission. It must be "intercepted" to be seen and read.

2. If #1 is true (the spybot must actually use the P2P software itself- or a modified version of it), this would be no problem, technically. Grab the P2P software and have someone add some code to filter the results you are looking for.

3, As far as the actual IP addresses of the users involved. This info is contained in a ".dat" file which is placed on the receiving computer when a download is started. The ".dat" file contains all types of info about the file being downloaded- including the ISP addresses of the users supplying the file as well as related supernodes. If a spybot needed further "real time" proof, use of tracer programs, such as netstat, mentioned above, could be utilized in conjunction with a download to confirm that the ISP contained in the ".dat" file was in fact the same ISP which was performing the upload. For further info on the .dat file, look on Zeropaid for "dat_view" which is a utility program which will read the ".dat" file used on Kazaa. It has associated help files which explain it much better than my limited understanding.

3. As far as identifying the contents of a users "shared folder"... this is a part of the Kazaa program itself. Once connected to the P2P, you can click on any user found during a search and further look at that user's actual directory(s) of shared files. In fact, since a user can specify what directories, if any, are to be shared on the network... it would seem that a spybot would HAVE to be a participant on the network itself to "prove" that the shared folder(s) were, in fact, available to others on the P2P.

4. The ".dat" file is established at the beginning of a download. Thus a spybot would not need to complete the download ( thus "break" the law ) to get the info from the ".dat" file.

An interesting point would be the question: Is downloading a file a "crime" by itself... or only IF the copyright owner lodges a complaint? If so, all downloads would be legal except when (if) a copyright holder claims a violation. I.E. if someone "steals" from me, I don't think anybody else, except myself, can claim a crime has taken place. If I fail to claim this, the transaction is legal. This should be especially enforceable in the arena of fair use laws which allow such use unless explicitly defended by the copyright owner.

Another question is: If a download is started, but not completed, has a crime taken place? Is just initiating a transfer enough evidence to prove "intent? I don't know- just wonder. Because if so, and a spybot needed to actually download, or start a download, to obtain evidence, then the act of the spybot itself would be an illegal act. The same act they are claiming to be illegal. As a technical legality, would it be possible for a copyright holder to give "permission" to a spybot to download a file on a P2P, yet at the same time not allow others to download that same file legally? Again, then how would one "prove" that anyone else (except the legally authorized spybot download) downloaded the file? Would such "permission" need to be legally on file ( in the Verizon case ) to counter the claim of the evidence itself being obtained illegally?

Even though a directory list of files may show the names of certain songs, people can freely name files anything they want. To actually show a copyrighted file was uploaded, I would think the evidence would have to be the file itself, not just the name. Reverse is true. A copyrighted file may be named anything you want. But if the file itself is the one you're looking for, the content, and not the name, would seem to be what carries weight.

A final thought just struck me regarding the question about the RIAAs use of the actual P2P software itself as the tool to get evidence. It seems that nobody really knows the "workings" of the software except its authors. All encrypted etc. If such is the fact, a spy would HAVE to use the P2P software to be a part of the data exchange process. If they hacked the software and built their own version to gain access, they would probably be in violation of the DMCA themselves for hacking protected code. Then the question is: Is evidence gained during an illegal breakin ( ala Watergate ) allowed to be used? Since the P2P software is freely distributed, it would seem that use of it to obtain evidence would be perfectly legal as far as the tool being used to gather evidence. Where and how extensive they may pry with that tool is a different matter.

I would guess that court records in the Verizon case would specify exactly how their information was obtained. Maybe this info is not available to public yet since the trial is in progress?

Sorry for the excess length of this. I'm just an interested "onlooker" who sees all of our ( US ) freedoms and rights being drained away by such sweeping laws as the DMCA. Left unchecked, I would not be surprised to see rulings come forth which could define the mere fact of visiting Zeropaid website as being enough "evidence" to prove that someday, somewhere, a user intended to "violate a copyright" and is therefore guilty of a crime. The absurdity is endless.

This is a pretty interesting conversation. While going through my Explorer on XP Pro, I noticed a a file in my downloaded program files:
Mediaproj.VerizonMediaControl
Code base:http://a1040.g.akamai.net/f/1040/759/1h/pic.infospace.com/vzn.dsl/broadband/mc/cab/vznmcplayer.cab
Comapny: infospace, inc

There's also a folder in my programs files named "Verizon".

Anyone has a clue as to what it is before I delete it and anything that starts with a "V" ??

Thanks in advanced !

I didn't know that I was putting a link up there. If you click on it, it's going to as you if you want to download something. (???????)

Marco Polo- Off the top of my head (though I could go and check if you really want) and at least from a UK/European perspective (though it's largely the same worldwide)...

Copying (downloading included) is an infringement of copyright. This is a crime, though of course it's up to the holder of the copyright or someone acting on the behalf of them to pursue this.

As to the start of a download, infringement is only an issue if a substantial part of the work is copied. The law's a little hazy as to what actually is a substantial amount, though.

The owner of the copyright can authorise the making of copies of the work, so it is possible that verizon/overpeer etc. could have the authority to do this. Though if they haven't they can't use this 'evidence' (in a court, anyway) as it would be illegally obtained.

You'll have to look in the Kazaa EULA (and other P2P apps) to see if it forbids reverse engineering/altering the code. If it is and verizon et. al are doing this without permission from sharman, then the evidence is obtained illegally (though you'd have to prove this). ... i think.

Not sure about the "intent" question.....

There are also laws against aiding and abetting infringers (secondary infringement) so possibly just sharing the material, even if you do hold a legally made copy, could be a crime...

Sorry if any of this is garbled. I've just finished a 48 hour essay stint, so am really tired and my brain has melted.....

Just remember, it's entirely possible that they are not using an edited program, but are using the regular file-sharing program and using a netstat command to find out other people's IP adresses. However, I do beleive that do use an edited program, but I have no real proof to prove this.

Krell, cpugeniusmv, I would like to hear your views on this.

I don't know how these "RIAA bots" work, but they would have to be connected to the network to get information on users. It's not too hard to get the IP address of a user.

Regardless of whether the RIAA is using bots, you can do the same thing yourself by being a regular user on a p2p network. Do a search for a file that you feel is copyrighted, and then get the person's IP address by downloading anything from that user. Afterwards send a letter to the person's ISP complaining about him having copyrighted material. Better yet, why not run your own server or act as a hub, making you have easier access to the files of people?

If the RIAA were using "bots", it would be to make their job easier.

Verizon is using the case to fight against the constitutionality of the DMCA, which allows for subpoenas to be issued without the normal scrutiny of a judge. John Thorne of Verizon has expressed concern that the bots sometimes turn up false information, and the RIAA should not be given such broad powers of subpoena.

http://www.internetnews.com/bus-news/print.php/1577111

Thorne said Thursday Verizon will expand its legal defense to a constitutional review of the DMCA, particularly the subpoena power provision of the DMCA. Unlike a usual subpoena, which requires some underlying claim of a crime and must be signed by a judge or magistrate, under the DMCA a subpoena can be issued by a court clerk without presenting evidence of a crime being committed.

As an example, Thorne presented a letter sent to UUNet Technologies from the Mediaforce DMCA Enforcement Center, purporting to represent Warner Bros. The letter asks UUNet to terminate the account of a user who allegedly downloaded a copy of the popular movie Harry Potter and the Sorcerer's Stone. Under the "infringement detail" portion of the letter, it notes the file size of the download was 1k and the file name was "harry potter book report.rtf."

The technical means to obtain shared files and associated IP addresses is a somewhat moot point. As expressed, it is straightforward for anyone to obtain shared files, verify that they are the file in question, and verify the source's IP address. This is all pretty much open and available to the public - and the RIAA too. However, the source is identified only by an ISP address, and only the ISP provider can associate this with an actual user. Verizon is opposing the contention that they MUST turn this info over to the RIAA on constitutional grounds-which is what the fight is about.

Verizon, like any corporate entity, is much more concerned about their own bottom line rather than some moral reason like protecting users' rights. If this case is ruled in favor of the RIAA, it throws the doors wide open for corporate entities to dictate what can, and cannot, travel over the internet. As such, Verizon would be FORCED, merely at the whim of the RIAA or any other organization (representing a copyright holder), to drop users by the thousands. I don't think that Verizon cares to have some other corporation dictate to them who they may, and may not, have as paying subscribers.

At the heart is the contention that an ISP has control over what passes thru their network. Napster was closed down due to "secondary infringement" violation which FriedSpam mentioned. As a technical provision of the DMCA, Napster was guilty because they had "control" over that network ( files resided on their own central servers) which met a requirement of responsibility in the crime of copyright violation. Since P2P networks have no such centrally controlled hub ( or at least if we assume this to be the case here ), the RIAA is now approaching the case from a different angle claiming that the ISP providers themselves have the same, or similar, control ( and associated secondary responsibility ) over content that passes THRU their network- just like Napster's central STORAGE servers. If this is ruled to be valid, then any and all ISP providers can be held legally liable in any claimed action unless they respond as directed by the outside (infringed parties) subpoena. AND THE SUBPOENA IS ISSUED OUTSIDE THE (formerly) LEGAL PROCESS.

This line of thinking is identical to holding the US Postal Service as an accomplice in the anthrax attacks because the letters passed thru the US mail system!

The DMCA has been utilized in numerous cases ( not related to P2P at all) to stop free speech on the internet by merely CLAIMING infringement, without any legal, court oriented, process. It takes rights and freedoms away from the people and hands them over to corporate interests. Corporate intersts ( RIAA for example in the case of music sharing ) become the accuser, judge and jury all wrapped into one. Jump as they dictate... or else. This is actually being utilized against websites and other agents which store information.

With the Verizon case, the door would be widely opened to allow corporate/government interests to much more fully control EVERYTHING which passes thru the net, not just stored on a server. It may start with "copyright" music sharing, but, once a precedent is set, it slowly migrates to all other areas of information exchange. It's bad enough, as a user, to see how the prevailing powers legally manipulate the laws ( which they essentially wrote) to further their own interests. But with this latest advance, individual privacy and free exchange moves all the more into history books.

Don't like what someone is saying on a website... or even on a forum? Want to find out that person's real name and address? Want to shut that person up for good? Simply search their files and find a copyright song - or poem - or picture - or ANYTHING and lodge a subpoena against their ISP. With a precedent set, the ISP MUST comply and disconnect that user, or face legal action. They must hand over the persons name and address too- information that once was protected under privacy laws. With automated bots, the process can continue, invisibly, 24 hour a day, right out of your corporate computer. Don't even have to pay some secretary to go file at the local courthouse. It would be as automatic as printing postage without going to the post office. With the proliferation of spyware, worms, trojans etc. it would not be too difficult to have a "forbidden" file suddenly appear in someone's computer ( if it were needed ).

Guilty until proven innocent. In the court system of the corporate, by the corporate and for the corporate.

Oh. A note to MOAB...
Have no idea what that vznmcplayer.cab file does, but I did download it and it is a zipped file containing an exe file and a setup INF file. Possibly its connected to some type of ring tone for a cellphone?? That was as close as I could guess from a Google search. Do you use Verizon? If so- might check with them.

Wow !@!! Thank you Marco Polo for that explaination of the Verizon deal that's going down. It all makes sense. I've deleted the Verizon folder (since I found out that it has an un-install) and I cleaned out my registry.
Now, the thing about "bots"...
whatever that can be done, can it not be undone ? Do you think that someone, soon, will (can) write a program that counters the bots?
I don't know. I'm not a programmer.
Would that not be a way to fight this whole mess..build a better mouse trap???... a bot for a bot???

Hep me (James Brown) LOL

I agree with Marco Polo's argument that permitting content owners to unmask internet users without benefit of a hearing or in the absence of filing a formal suit would be a very dangerous precedent. There are serious constitutional deficiencies, which the appellate court will hopefully consider during the appeal. The lower court completely ignored the constitutional dimension of this case.

Thanks to all for the great comments. Keep them coming. The more we know about their methods the better. Know your enemy.

All I know is that in England and Wales you can commit a crime to prevent another (usually larger) using "reasonable force" to do so, Criminal Justice Act, 1977.

I haven't read the whole thread yet, but thanks to marco polo, we could harm the plan of these bots without great effort.... all while remaining legal.

As marco polo said, the file name does not provide any evidence that the file is real, and that it is in fact copyrighted. A name itself is not copyrighted, therefore if one named a file "eminem - song for the moment.mp3", but the file is legal, then that person has no legal concerns.

Therefore, let's all share renamed files.

To prevent actual users from being confused, one could insert the text "fake" in the ID3 comment field. The bots will not filter the word "fake", because some copyrighted files contain comments that read "not fake". However, a human could easily identify that the file is fake, and in turn only the bots will be harmed.

This operation would be similar to the efforts of Overpeer and other companies that flood the network with fake files, but unlike them, the fake files that the aforementioned plan would use have comments that alert users that they are fake.

I would love to see this plan in action, because it's one thing that we can do.

If there is any fault in this plan, let me hear it, so that it can be corrected if possible.


Hep me (James Brown) LOL
If that isn't odd... the one time I see James Brown mentioned in a p2p forum, I happen to be listening to him as well (which is a RARE occurance).