1. News
  2. 2015
  3. September
  4. City student helps to prevent a major internet attack
News from City, University of London
Bittorrent logo
Science & Technology Series: Expert Comment

City student helps to prevent a major internet attack

Electrical Engineering PhD student Florian Adamsky identified a vulnerability in BitTorrent that could have led to amplified denial of service attacks on users of the internet protocol.
by John Stevenson (Senior Communications Officer)

City University London PhD student (Electrical Engineering), Florian Adamsky, has helped to rescue BitTorrent from a catastrophic fate. BitTorrent is a collection of content distribution protocols that enable movies and television shows to be shared online. It also allows users to serve as network redistribution points.

Adam SkyAt the influential USENIX Security Symposium in Washington DC (August 12th to 14th), Florian and co-authors (including his PhD supervisors, Professor Muttukrishnan Rajarajan and Professor Rudolf Jager) presented a paper which documented the vulnerability of the BitTorrent family of protocols - Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync. Ahead of public disclosure at USENIX, Florian and researchers informed BitTorrent engineers of their findings, which led to BitTorrent taking timely corrective action to mitigate the flaw which could have diverted user traffic to launch significantly amplified Distributed Reflected Denial of Service (DRDoS) attacks. Florian, an external student from the Technische Hochschule Mittelhessen (THM) University of Applied Sciences, in Friedberg, Germany, is happy about averting a possible large-scale attack on internet users: 

“It feels good to know that our research has real-world impact and that we contributed to a more secure Peer-to-Peer (P2P) protocol such as BitTorrent. We followed responsible disclosure practices, which means we contacted BitTorrent a month before we presented our paper in Washington. The engineers at the company quickly realized that they had a major problem on their hands and quickly developed a patch for the vulnerability.”

News of Florian's research and the averted internet attack was carried in several media outlets including  SC Magazine, ZDNet and Heise Security.

Florian first heard about City from two of his friends who completed their PhDs at the University. He has been a computer user since the age of six and has been fascinated with digital technology ever since. His father wrote a few basic computer games for him and he quickly progressed to mastering a number of games. By the time he reached 12, he had installed a Linux distribution programme on his PC.

He says he is pleased to be undertaking his studies under the supervision of Professor Rajarajan.

When he is not hard at work researching issues around privacy, anonymity and network security, Florian can be found hiking and reading science fiction literature.

DDoS and DRDoS attacks

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A Distributed Reflective Denial of Service attack (DRDoS) attack makes use of a potentially legitimate third party to send attack traffic to a user, masking the attackers’ own identity. The attackers send packets of information to reflector servers with a source internet protocol (IP) address set to their victims’ IP address, overwhelming the user with the response packets.

Tags , , , , , , , ,
Share this article