A number of popular BitTorrent programs can be hacked to let a single user bring down a big website with a DDoS attack, new research has found.
uTorrent, Mainline, and Vuze are all vulnerable to the new attack, dubbed a Distributed Reflective Denial of Service (DRDoS), as Ars Technica reported.
Hundreds of millions of people use BitTorrent to make it easier to share big files. The system distributes the workload across everyone on the network, known as peers, making it quicker to move large quantities of data than it would be from one single point to another.
The DRDoS attack takes advantage of the peering system, allowing an adversary to reflect and and amplify Internet traffic from peers and then direct it at a target site, aiming to crash that site under the weight of overwhelming Internet traffic.
“Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times,” the researchers wrote. “Additionally, we observe that the most popular BitTorrent clients are the most vulnerable ones.”
DRDoS attackers get an added bonus, too. By using BitTorrent peers to send the amplified traffic, the attacker’s identity remains hidden, despite the potentially massive size of the offensive.
H/T Ars Technica | Illustration by Max Fleishman