by Mike Masnick

Filed Under:
andrew cuomo, copyright, hash database, porn


Strange Bedfellows: IsoHunt And Andrew Cuomo?

from the didn't-see-that-coming dept

This one is a bit odd and unexpected. We recently reported on how grandstanding New York Attorney General Andrew Cuomo had kicked off a new project that would create a database of child porn, and offer up hashes to any website that wanted to use it to block such content from being uploaded. While the general concept seemed good, it wasn't clear how this database was being generated, or if there were safeguards in place to make sure that the list really only included illegal images. Either way, it appears that Cuomo has welcomed with open arms a surprising company who wants to use the database: IsoHunt. Yes, the torrent search engine in the midst of a legal battle for its survival has agreed to use the hash database to prevent access to such images via its system.

Considering that Cuomo thrust himself in the middle of the file sharing debate by supposedly trying (and failing) to broker backroom deals with ISPs to get them to embrace three strikes policies, it seems a bit surprising that he would embrace a site like IsoHunt. That said, it seems that he appears a lot more interested in getting publicity over child porn issues rather than copyright. As for IsoHunt, this also appears to be a pretty calculated move. Part of the site's legal argument is that the judge's demand to filter by keyword is way too broad, and it has argued that a similar hash database would make more sense. So, it's no surprise that IsoHunt wasted little time in letting the judge know about this new deal.

Reader Comments (rss)

(Flattened / Threaded)

  1. icon
    CharlieM (profile), Jul 1st, 2010 @ 9:54pm

    As Mike said, great move by Isohunt.

    Now its in the hands of Cuomo to actually go ahead and create such a DB. As I doubt Cuomo has an intention of actually following through, perhaps Cuomo will have to answer for his lack of drive.

    I wish more companies would call politicians on their bluffs.

    reply to this | link to this | view in thread ]

  2. icon
    MadderMak (profile), Jul 1st, 2010 @ 10:01pm

    But will it work?

    I still think the idea may be laudable but once implemented just how long will it take before those actively distributing/sharing such images start to make simple alteractions to prevent hash matching?

    Now if they used 3 or 4 smaller sections of eah image that may prevent simple changes from breaking the has matching but I wonder just how much thought has been put into this as verses the political grandstanding... good idea != good execution after all.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Jul 1st, 2010 @ 10:31pm

    Re: But will it work?

    It seems trivial to me to write a simple script which will subtly alter any number of images without significantly changing the content. I really don't see how a database of hashes is going to be of any use at all for this.

    It seems more likely that this is a political move which will used to impress upon someone untechnical that "something" is being done, even though the truth is that it's ineffective.

    Hmm, kind of sounds like everything done by TSA and DHS...

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, Jul 1st, 2010 @ 10:41pm


    I wish politicians had half a brain. I can change a bit in any file and it would change the entire hashsum. It's so easy to add or remove a millisecond of junk at the end or beginning of any file to get it to change the hashsum completely.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Jul 1st, 2010 @ 10:48pm

    Re: Re: But will it work?

    just slightly alter a pixel and the hashsum changes completely. DUH!!!

    Maybe some form of antivirus where they try to detect certain static sections of a file? I still don't see that working. Maybe some heuristic? Sounds like it still won't work. Might detect a bunch of false positives? Certainly false negatives being that those putting up content that should be detected will try to ensure their content isn't detected whereas those putting up legitimate content will be less likely to try and actively seek to avoid detection measures?

    Seriously, politicians are such a joke.

    See, the difference between an executable file/virus and an image is that you can't substantially change certain aspects of an executable file in certain ways without rendering the intended purpose of the file functionless. So it's possible to create reasonable heuristics that detect certain core aspects and dynamics of a virus, even a polymorphic computer virus. But an image ... I don't see the same thing happening.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Jul 2nd, 2010 @ 12:55am

    That said, it seems that he appears a lot more interested in ...
    It seems that it appears that allegedly, reportedly, sources have said that studies have shown that Mike might be hedging his words a little too enthusiastically on this one. =)

    reply to this | link to this | view in thread ]

  7. icon
    Big_Mike (profile), Jul 2nd, 2010 @ 5:34am

    Less technical then I should be.

    If we know where the child porn is why is it still there? Is there anywhere in the world child porn is legal? Why are people who are looking at it arrested but people who are uploading it not?

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, Jul 2nd, 2010 @ 6:55am

    Re: Re: Re: But will it work?

    It *is* possible to test for a polymorphic binary with some degree of accuracy, but I think it's at least an order of magnitude harder. Sophisticated hackers have become incredibly good with their techniques in this regard. There are so many things you could do, from simply varying the process layout, to actually interlacing your virus code with real code that serves some legitimate purpose, to segmenting your virus code across multiple distributed binaries and other code segments run in VMs that can't be analyzed. The amount of devious and clever expansions you can do to a binary are nearly limitless.

    reply to this | link to this | view in thread ]

  9. icon
    MD (profile), Jul 2nd, 2010 @ 7:33am

    Re: Re: Re: Re: But will it work?

    DBs such as the one mentioned are already in use by forensic labs across the country (and perhaps world) to do a hash comparison of images found on a suspect's devices. Yes, alteration of a single bit will change the hash, and there is always the extremely small chance of a clash, but this has potential to identify known images that HAVEN'T been altered by advanced users. You guys pointed out work arounds for these advanced users, but in the grand scheme of things, its usually the "dumb" ones that get caught. This isn't a bad idea at all, but its usually the implementation that tends to make these ideas a waste of taxpayer money.

    reply to this | link to this | view in thread ]

  10. icon
    MD (profile), Jul 2nd, 2010 @ 7:42am

    Re: Less technical then I should be.

    Fact: Some of it is there for law enforcement monitoring purposes.

    Also, those who get caught usually have their viewing habits extend from their digital lives to their physical ones. Take the conviction of NJ State Assemblyman Neil Cohen for example; he printed it out images of child pornography in his office and kept them in his desk. Did his viewing extend into his physical life? Yes. Did he get caught? Yes. Would he have gotten caught if he maintained the separation between physical and digital? Well, he was dumb enough to do it in his office... Also, look at the "To Catch a Predator" series - those guys bring their digital life into their physical one.

    The people who get arrested for it are pretty dumb.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, Jul 2nd, 2010 @ 8:00am

    Re: Re: Re: Re: Re: But will it work?

    That is true, there are a lot of dumb criminals out there. Pretty much everyone's seen cops. But I imagine that criminals that use computers to upload files probably tend to be, on average, somewhat more sophisticated than the drunk/high/stoned criminals seen on cops.

    reply to this | link to this | view in thread ]

  12. identicon
    sum quy, Jul 2nd, 2010 @ 9:21am

    I think you guys are misunderstanding how p2p file sharing works. Yes, it is possible to change a bit and alter the hash sum. But this defeats the purpose of file sharing. P2p programs depend on the ability to find a shared file by its hash sum. If you change it, then you are not sharing the original file anymore and as far as p2p software is concerned might as well no longer exist.

    Think of it as a situation in which Google didn't account for misspellings in searches, so you had to type in the exact term you were looking for to find anything. Now add that the spelling of the term changed randomly on a daily/weekly basis with no warning and no way to know what the new spelling was. This would obviously make trying to find anything not impossible, but very difficult. That isn't an exact analogy, but hopefully close enough to get the point across. A more effective strategy would be, instead of removing the link, corrupt it so that it doesn't work. A search would return 100 links but no way to determine which 1 or 2 actually work. A user would get really frustrated really fast and probably give up.

    This has the potential to be very effective if executed properly, but I have a couple of questions:
    Who decides what child porn is? A committee examining pics/videos? Is Blue Lagoon child porn?
    So is there going to be a database somewhere of "the ultimate child porn collection"? I can already hear the outcry from that getting hacked!

    reply to this | link to this | view in thread ]

  13. icon
    MD (profile), Jul 2nd, 2010 @ 9:53am


    Statutes determine what child porn "is." Here's a link to NY Penal Law Article 263 "Sexual Performance by a Child." As far as identifying whether individuals portrayed are children, that's likely left to law enforcement and other experts/professionals. The issue with that however, comes down to "morphed" images - those that involve a performer of legal age made to look like they are underage through CGI. I'm sure there are all sorts of mathematical algorithms used to identify the age of people in pictures. As far as the databases are concerned, you can already find these in forensics labs.

    reply to this | link to this | view in thread ]

  14. icon
    Niall (profile), Jul 3rd, 2010 @ 7:30am

    Re: cccxvvvvvvvv

    So you have to wonder /which/ word or concept brought this particular spambot into play :)

    reply to this | link to this | view in thread ]

  15. identicon
    Spudd86, Jul 5th, 2010 @ 1:54pm

    Re: Re: But will it work?

    I think you hit the nail on the head.

    Since isoHunt is a bittorrent tracker/search engine site it doesn't have the actual files being shared so all it can do is examine the hashes in the torrent, this is totally infective for video/image/audio data since just a simple reencode will result in a new hash, you don't even have to change anything... or you could add a tag to the container metadata, append junk to the end of the file (most media formats don't care about stuff that comes after the end of the content)

    There are more sophisticated audio/video/image 'fingerprinting' methods that are robust to even fairly extensive degradation/alteration of the material, but those are not an option for isoHunt since it doesn't have the actual file data that is need to compute such a 'fingerprint'. So yes defeating this measure is trivial, and it won't really stop anything...

    reply to this | link to this | view in thread ]

  16. identicon
    Spudd86, Jul 5th, 2010 @ 1:57pm

    Re: Re: Re: Re: But will it work?

    The problem is not that methods that are difficult to defeat don't exist, but that such methods CANNOT be applied in this case since a SHA1 (or something like it I forget what bittorrent uses) is all isoHunt has they cannot compute the kind of 'fingerprint' that would make identifying the content even remotely possible.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.