Heightened security threat could follow Dallas Buyers Club anti-piracy defeat

Security-conscious systems administrators have another potential threat to worry about if emboldened users increase their use of movie-download sites in the wake of a decision to stop pursuing 4736 Australians alleged to have downloaded the movie Dallas Buyers' Club (DBC) using BitTorrent.

Commercial rights holders for the Oscar-winning film launched legal action in late 2014 to force six ISPs to hand over the personal details of thousands of their customers, whom DBC accused of downloading the film online. After a series of decisions in the closely-watched case went against DBC – which was, many feared, trying to use 'speculative invoicing' practices to extract sizeable settlements from accused downloaders – this week saw the passing of a court-set deadline by which DBC would have had to continue its action.

The movie industry's next steps remain to be seen, but in the short term security administrators may want to be particularly aware of users that may see the decision as an opportunity to resume extensive use of BitTorrent Web sites.

Such sites have a spotty reputation when it comes to security, with malicious advertisements rife and some sites employing manipulative tricks such as fake Download buttons to get users to download malware and unwanted software. Sites such as the popular Kickass Torrents have had to take action against malware after being flagged as unsafe by Google on at least two occasions in recent months.

The site stepped up its malware-detection work, but its travails reflect the fact that malicious code has become so prevalent on the Web that Google this week announced that it would stop taking Flash display advertisements as of July.

BitTorrent itself has also been linked with a number of security concerns, with a vulnerability last year discovered that allowed BitTorrent clients to be abused to amplify distributed denial of service (DDoS) attacks. Last March, an update to the popular µTorrent application began loading cryptocurrency mining tools that devoured system resources. More recently, a bug in some VPN services – often used to hide the identities of BitTorrent users – was found to allow their identities to be compromised.

BitTorrent has also been pushing into the online file-sharing market, potentially causing headaches for administrators whose users decide to embrace the company's Sync application – which was reverse-engineered in late 2014 and found to have several security issues – in lieu of conventional options such as Dropbox and Box.

This has implications on the ability to control corporate documents throughout their lifecycle – already a significant challenge for most companies. A recent study, for example, found that 23 percent of documents shared through cloud-storage apps are made available to the public.

Australians have long been recognised as the world's heaviest users of illegal download sites, with one Nielsen survey finding that more than 2.5m Australians visited The Pirate Bay and Kickass Torrents in May 2014 alone.

Read more: ​How the security and operations gap is threatening your business

Join the CSO newsletter!

Error: Please check your email address.

Tags security threat

More about DropboxGoogleNielsen

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place