BitTorrent in Corporate Networks a Sign of Breaches: BitSight

While BitTorrent is not a direct cause of malware, networks that use the peer-to-peer service are much more likely to have botnets and other compromised systems.

network breach

Companies that have BitTorrent running inside their networks are more likely to have systems infected with malware and other signs of a breach, according to a study of more than 30,000 companies conducted by security firm BitSight.

BitTorrent is not the cause of the issues although applications and games downloaded through the service often carry malware, the company said in its report. Instead, the 23 percent of companies that have BitTorrent running on at least one system in their networks also had a lower security rating and were more likely to have signs of a botnet or other compromise, Jay Jacobs, senior data scientist at BitSight, told eWEEK.

The link suggests that companies should review their security policies, in general, and their peer-to-peer networking policies, in particular, he said.

"Unless you can justify a legitimate use of BitTorrent, unless you are in that tiny population of use cases, you should block BitTorrent activity and have a policy against it," Jacobs said.

The study highlights the continued controversy surrounding peer-to-peer networking. In legitimate applications, the technology allows data to be distributed among the client computers and delivered by the closest node, helping spread out the bandwidth load. In cases such as the Tor network, peer-to-peer routing can offer additional benefits, such as anonymity.

However, online criminals have used peer-to-peer networks to make their infrastructure harder to dismantle and protect their command-and-control capabilities. People who pirate digital media and software often use peer-to-peer networks for similar reasons.

The study suggests that companies that are exposed by BitTorent use have a less mature security program. While slightly less than a quarter of the 30,700 companies studied had BitTorrent running in their networks, the peer-to-peer technology was much more common in some industries. Unsurprisingly, BitTorrent is common at educational institutions, with almost 60 percent showing signs of the peer-to-peer technology. The next-highest user, tourism and hospitality, had a much smaller rate of about 36 percent.

BitSight found that companies exposing peer-to-peer file sharing to the public Internet had much lower security ratings. Financial firms with no signs of peer-to-peer file sharing typically have the highest rating. Yet financial firms using BitTorrent have a security rating nearly 150 points lower, on BitSight's 800-point scale.

The firm stressed that the connection between BitTorrent is not causal: The networking technology does not cause breaches, but evidence that BitTorrent is running inside a corporate network is often a sign that the company has lax policies and a less mature security program, Jacobs said. The companies that allow the peer-to-peer service—or do not actively block it—are much more likely to have botnets and other compromised systems running inside the network, the company stated.

"If you don't have a policy around BitTorrent and peer-to-peer file sharing, you probably should put one in place," he said.

The peer-to-peer software also has a more direct link to compromises, according to the report. BitSight found that 43 percent of the applications, and 39 percent of the games, available on BitTorrent carried malware.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...