Software Tracks Child Predators Peddling Porn on Peer-to-Peer Networks
Oak Ridge National Laboratory engineers are readying BitPredator, a tool for tracing the source of P2P files, so it can help law enforcement crack down on child abusers
By Larry Greenemeier | SciAm.com | 26 July 2013
British Prime Minister David Cameron earlier this week spoke publicly about a number of measures his country is taking to crack down on child pornography peddled over the Web. A key component in Cameron’s plan is enlisting the aid of Internet service providers, wireless carriers and search engine developers to help filter out images portraying such child abuse.
The prime minister’s initiative is commendable, but it does not address a major source of online child porn—peer-to-peer (P2P) file-sharing networks. A P2P network consists of a group of PCs that can exchange files with one another without going through a centralized server, saving time and bandwidth space. This distributed arrangement, however, makes tracing the source of a file difficult, given that different pieces of a file typically come from different PCs in the network. (Those pieces are assembled into a complete file on the PC requesting the file). Once the download is complete, the requesting PC then becomes a source for the rest of the network, further obfuscating a particular file’s lineage.
For years child predators have been sharing images, videos and other offensive material using these complex, decentralized networks of computers that make the source of the child abuse very difficult to locate. “There are so many different sites, it’s almost discouraging to see how prevalent this content is,” says Robert Patton, a computer science researcher at Oak Ridge National Laboratory in Tennessee.
Patton would know. He and several Oak Ridge colleagues have spent the past several years working with the National Association to Protect Children (NAPC), a nonprofit advocating on behalf of abused and neglected children, and local law enforcement to develop a tool to automate the tracking of P2P content distributed using the BitTorrent protocol. The process of building that tool—called BitPredator—and putting it in the hands of investigators has been slowed by the complexity of the P2P networks that shuttle the illicit images from computer to computer.
BitTorrent allows large files to be broken up so they are easier to distribute via the Internet. In the hands of child predators BitTorrent becomes a convenient way to share images, videos or other seedy content while making it difficult for law enforcement to trace the material’s original uploader. BitTorrent users first upload a small descriptor file, or "torrent," that can be distributed via the Web or e-mail. The torrent file tells those interested in downloading this content where to find it. Because of the way BitTorrent works, the consumer ends up getting different pieces of this content from multiple computers with different IP (Internet Protocol) addresses that have already downloaded copies of the material in question.
Oak Ridge’s prototype BitPredator automates the tracking of potentially illicit content by reading the torrent files, tracking the IP addresses of computers distributing the content and helping investigators trace all this material back to its source. Tracking must be done quickly—the more times a file has been downloaded via a P2P network, the more widely distributed the contents of that file are, making it much more difficult to find the originator (or “seeder”)—sort of like looking for a needle in an ever-growing haystack. “We want to go after whoever’s producing the content because if they’re producing the content, they’re likely hands-on offenders,” Patton says.
Oak Ridge has spent the past few years improving BitPredator so that it can more quickly analyze multiple files across multiple RSS feeds that publish information about those files—location, size, file type, etcetera—to RSS subscribers. Child predators use these feeds to find pedophiles interested in their work. “We initially targeted one feed and one set of files,” Patton says. “But we’ve rewritten the software to take advantage of the way newer PCs use multiple processor cores to divide up computing tasks so that they are performed simultaneously.”
The Oak Ridge researchers realize that BitPredator alone will not be enough for law enforcement to crack down on child pornographers using P2P networks. “One of the challenges that we’ve come across with BitPredator is that, while we’re able to find the [offending] content, law enforcement must then start downloading the content to ensure that it is, in fact, illegal,” Patton says. Unfortunately, as soon as BitTorrent files are downloaded, they almost immediately become available for sharing with other computers on the network. Law enforcement can avoid sharing content by leaving the network following a download, but an unwillingness to share could get them blacklisted from that network in the future. “This places law enforcement in a difficult position, because they don’t want their IP addresses sharing illicit content,” he adds.
To avoid this problem, Patton and his colleagues want to bundle their software with a separate tool called BitThief, developed by the Distributed Computing Group at the Swiss Federal Institute of Technology (ETH) Zurich. BitThief would allow investigators to preview the contents of the files they find before they fully download. In addition, BitThief downloads from P2P networks while providing very little information to the rest of the network about what files it is downloading. As a result, someone using BitThief to download a file might not later be identified as a source of that file.
Because files sent over P2P networks are broken up, those pieces can be sent in any order. BitThief also reassembles the files sequentially so they can be previewed while the content is still downloading, which means law enforcement can get a sense of what they’ve found before their computers finish the download. Talks between Oak Ridge and ETH Zurich to promote their tools as a package for law enforcement are still in the early stages, Patton says.
Even with the addition of BitThief, Patton acknowledges that Oak Ridge’s software needs more work before it is ready for law enforcement. Even so, the Knoxville Police Department, home of the Tennessee Internet Crimes against Children Task Force, has expressed interest in BitPredator. Among the improvements researchers want to create: a more intuitive user interface so that a wider range of law enforcement officers can easily use the software during their investigations.
The NAPC played a crucial role in BitPredator’s development, helping kick off this work in 2010 by connecting Oak Ridge researchers with law enforcement officials from Tennessee and Virginia. The association recently secured $150,000 in funding for the project from the Weiss Center for Child Rescue and Protection Technology, a program within the NAPC formed with help from philanthropist Debbie Weiss to develop technology to protect children from exploitation. NAPC executive director Grier Weeks says he hope this “small but strategic investment” will allow Oak Ridge to finish its work on BitPredator and get this software into the hands of law enforcement.
Weiss also provided additional funding for NAPC’s Human Exploitation Rescue Operatives (HERO) Child-Rescue Corps, a program to train wounded military veterans in computer forensics and other skills that allow them to help law enforcement track child predators. Beginning in early August a group of 20 veterans will spend nearly a month at Oak Ridge learning about child abuse and trauma, counter–child exploitation, law enforcement, and high-tech strategies and tools, including BitPredator.