A system for turning trackerless BitTorrents into DDoS tools has been described at a hacker convention, potentially using peer swarms for inadvertent botnet-style cyberattacks. Hacker “Astro” revealed the process in a talk called “Lying to the Neighbours” earlier this week, whereby a decentralized DHT could be maliciously co-opted to target certain websites by overloading their servers.
“The core problem are the random NodeIDs. The address hashing and verification scheme works for scenarios like the old Internet, but becomes almost useless in the big address space of IPv6″ ‘Astro’
DHT – or distributed hash tables – are used in BitTorrent downloads to avoid a central tracker and instead use peer-sourcing to identify other users sharing files. By establishing a malicious hash table, the torrent downloaders could be unwittingly directed at a specific server; large swarms of simultaneous users could potentially overwhelm the site.