I have been observing the latest round of P2P lawsuits with a keen eye, as it is something that I have a genuine interest in. Recently, a law firm has been sending out threatening letters to people associated with IP addresses, accusing them of downloading video games over the P2P networks, like BitTorrent and E-Donkey.
The law firm has a Q and A section on its website, where there is a section regarding the faking of IP addresses. It says ‘Whilst we understand it is possible for an individual to create a false IP address, we have received advice from our experts which has confirmed that it is not possible using the methods employed by our clients’ investigators for either a user or our client’s monitoring software to enter into a successful transaction on a peer to peer network whilst using a fake IP address’.
This made me guffaw loudly into my cup of Earl Gray tea with enough force to send a fine mist of hot, sweet tea all over my computer monitor. Of course it’s possible to ’spoof’ an IP address on a Peer To Peer network! Dear God, did these people do any research?
Here, I am going to explain how it is possible to ’spoof’ an IP address. Now, I’ve put ’spoof’ between apostrophes, because the reality of the subject is that it’s nothing like that crappy Angelina Jolie movie from the 90’s. In fact, the reality of what happens is astonishingly simple.
The most painfully obvious example of using another person’s IP address to use P2P is the use of an unlocked WiFi network. If you leave your router unlocked, you are inviting the world to use your internet connection, without being accountable to anyone and without your permission. This was shown perfectly in the BBC Watchdog programme, which can be seen here.
The second example would be the cracking of weak WiFi encryption. This is a bit more complicated, but still entirely plausible. If you have anything weaker WEP2 or WPA, you can be hacked, and people can use your Internet connection for whatever they want. The software to crack your WiFi encryption is easily and freely availiable online, and it isn’t technically illegal. Of course, hacking a WiFi point without the consent of the owner is a criminal act, and a breach of the Computer Misuse Act, and should be prosecuted the the fullest extent of the law. The software, however, is entirely legitimate. One of the most popular pieces of software for the Macintosh platform is Kismac, and it can be seen here.
The third way to ’spoof’ an IP address is quite implausible, but I have included it here anyway, to make the argument that it is indeed possible to use another persons IP address and internet connection to download copyrighted material without the consent of the copyright owners.
It is entirely possible to use something called a ‘VPN’ to avoid detection. The way it works is that your internet passes through another persons computer, and then goes to the destination that you want. All data is transfered through a ‘go between’, meaning that the end user is entirely anonymous. There are legitimate VPN services out there, mainly for those who dislike the interference of their ISP with their data packets. An example would be Relakks, which is a popular, commercial service that is based in Sweden.
It is possible to set up a VPN server on somebody’s home computer without the knowledge and consent of the end user, which is then used for illegal downloading. This is entirely possible, although quite unlikely. In fact, Microsoft actually tell you how to do it on their website.
There are other ways of spoofing an IP address, but they generally do not allow the receipt of data packets, so I have not listed them as it is simply not possible/practical to use them for peer to peer downloading. The methods I have listed are not ’spoofing’ per se, rather than the ilicit, secretive usage of another person’s internet. By these methods, it is entirely possible to download pirated content without revealing your IP address, making yourself invisible to others.