Researchers ID Skype users who also use BitTorrent

"As soon as the BitTorrent crawler detects a matching IP address, it signals the verifier, which immediately calls the corresponding Skype user and, at the same time, initiates a handshake with the BitTorrent client," they wrote.

A Skype user and a BitTorrent user could appear to be one and the same because they have the same IP address, but that may not be true due to the use of NAT (Network Address Translation), which allows several machines to share one public IP address. To weed out false positives of this nature, the researchers looked at identifiers in the IP datagrams received to see whether they had been sent shortly after one another from the same machine. If the identifiers in the datagrams generated by Skype and BitTorrent suggested they were sent close together in the same sequence, the Skype user was likely to be the one using BitTorrent.

Overall, the researchers determined that 52 percent of the 765 users they had verified were really using both applications. That means from a sample set of 100,000 Skype users, they figured out that 400 of them were using BitTorrent. Of those users, all had provided their last names to Skype and all but two provided their first names. All but one listed where they lived.

"We have further shown that by deploying modest resources, it is possible for an attacker to scale this scheme to not just one user but tens of thousands of users simultaneously," the researchers wrote. "A prankster could use this scalable calling scheme to, for example, create a public website which provides the mobility and file-sharing history of all active Skype users in a city or a country."

The research was done by Stevens Le Blond of MPI-SWS in Germany; Chao Zhang and Keith Ross of NYU-Poly in the U.S.; and Walid Dabbous and Arnaud Legout of INRIA in France.

Send news tips and comments to jeremy_kirk@idg.com