14 DAY TRIAL // Web technology consultant and developer Brett O'Connor has released an intriguing HOWTO article that demonstrates how a BitTorrent client can be moved from the desktop and into the cloud by using Amazon's Elastic Compute Cloud (EC2) service. Security experts claim this poses significant security issues and opens doors to abuse.
Cloud computing is a popular technology used mainly by developers who create RIAs (Rich Internet Applications). Services such as the Amazon EC2 provide access to better computational power and bandwidth than most developers would normally afford. This is exactly what Brett O'Connor thought when he decided to install TorrentFlux, a PHP-powered BitTorrent manager, on Amazon's platform.
“I created a web-based, open-source BitTorrent “machine” that liberated my network and leveraged Amazon’s instead,” explains O'Connor. “I can access it from anywhere, uploading Torrent files from wherever, and manage them from my iPhone,” he outlines the benefits. The developer explains that one of the primary reasons that pushed him to consider this was the impact of the BitTorrent traffic on his home Internet connection.
One of the other reasons was to bypass ISP throttling of BitTorrent traffic. While the BitTorrent file transfer protocol is mostly abused for sharing copyrighted materials, it is also used for distributing legit files. For example, most Linux distributions are also delivering their released .iso files through the BitTorrent protocol in addition to the classic HTTP- or FTP-based transfers.
Therefore, running a BitTorrent client in the cloud has several benefits. First of all, the torrent files can be leached and seeded at far greater speeds, using the bandwidth of the cloud service provider. Secondly, after a torrent is downloaded, one can move it from the cloud to his computer without the ISP limiting the speed of the transfer. O'Connor estimates that the costs of doing this would be around $75 per month.
The problem with this approach, explain the security professionals, is that while Mr. O'Connor's intentions might be harmless, others might abuse the service. For example, since such service can be acquired with anonymous prepaid debit cards, it leaves very few chances of tracking software pirates, they explain.
Organizations are also at risk, because while they usually block BitTorrent traffic to and from their local network, Amazon EC2 is a legitimate service, which doesn't normally get blacklisted. This means that employees can transfer copyrighted works on the corporate computers after they first download them to Amazon EC2 via BitTorrent.
Furthermore, as the recent Apple iWork suite incident stands to show, malware can also be shipped along with pirated software distributed via BitTorrent. It is highly unlikely that the on-line criminals will care too much about Amazon's Terms of Service, which explicitly prohibit distributing, sharing, or facilitating the distribution of “unauthorized data, malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code.”