HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone

HiveMindDistributed File Storage Using JavaScript Botnets

Sean T. MalonePrincipal Security Consultant

(We’re Hiring!)

www.seantmalone.com

The Problem

http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/

Encryption is not

Enough!

The Solution

Store the files on someone else’s system

Isn’t that illegal?

… usually.

Let’s do this with standard functionality

No exploits – but there are a few tricks we can use

It’s a Feature!

All of these techniques are used for “real” web apps

There’s nothing here to patch – removing these features breaks legitimate web apps

Disclaimer

This is a research project, not production software. I am not responsible if you lose critical data through the use of this software.

Also, I am not a lawyer. Nothing in this presentation constitutes legal advice, and I do not recommend using these concepts or this software for anything illegal.

Web Browser Technology Evolution

Cookies

JavaScript

Web Storage

Web Workers

Web Sockets

So, a web browser is a computer program that will:

Communicate with my server

Execute arbitrary code

Store arbitrary data

Sounds like a Botnet Node

to me!

Sandboxing

“But I thought browser sandboxing made it almost impossible to access system data and execute code?”

Yes, but I don’t care about that. I only need to run code and access data inside the sandbox, and inside the same origin.

Building the Botnet

Node Infestation Techniques

Sites you own (or at least control)

Compromised sites (i.e., persistent XSS)

URL Shorteners

Ad Distribution Networks

Anonymous proxy servers

Command & Control

HTML5 Web Sockets

“To enable Web applications to maintain

bidirectional communications with server-side

processes”

http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html

[When that doesn’t work, just fall back to AJAX]

Data Storage

HTML5 Web Storage

“[localStorage] is designed for storage that spans multiple

windows, and lasts beyond the current session. In

particular, Web applications may wish to store megabytes

of user data, such as entire user-authored documents or

a user's mailbox, on the client side for performance

reasons.” (emphasis added)

http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html

Back End

MySQL (ActiveRecord) & Redis

ActiveRecord is easy to use, but slow (disk database IO)

Redis provides in-memory key/value storage, and let’s you

expire keys after a set amount of time

Network Scanning

DDoS Attacks

Data Processing (Web Workers)

Other botnet uses:

Building the File System

Definitions

File Block: A piece of an uploaded file with a set maximum size

Node: A web browser that is a member of the botnet

Server: The central command and control system used to manage nodes, uploads, downloads, and block directories

Storing a File

DataName MIME Type

Block 1 Block 2 Block 3 Block 4 Block 5

Encrypted Data

Storing a BlockServer

B1 B1 B1 B1 B1 B1 B1 B1

Retrieving a BlockServer

B1 B1 B1 B1 B1 B1 B1 B1

Retrieving a File

Block 1 Block 2 Block 3 Block 4 Block 5

Name MIME Type

Encrypted Data

When the $#!7 Hits the Fan

The [_ _ _] Seizes the Server

Nodes go offline

Block replication fails

Blocks are lost

Files are unrecoverable

Unanswered Legal Questions

Can a website store significant amounts of data that is unnecessary for the operation of the site? Or does this constitute Unauthorized Use of a Computer?

What about bandwidth? Processing power?

Is an individual responsible for illegal content placed on his or her computer through cookies, Web Storage, and similar technologies?

Code Release

Code and slides are available at

www.seantmalone.com

HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone

Documents

Town of Malone Village of Malone

Mike Malone Playbook - The Basketball Playbookthebasketballplaybook.com/.../uploads/2015/10/Mike-Malone-Playboo… · Mike Malone Playbook pg. 3 All Contents Proprietary Mike Malone

Botnets: Infrastructure and Attacks

Resilient Botnets - KAIST

Monitoring botnets from within

Black Market Botnets

[Webinar] Building a Product Security Incident Response Team: Learnings from the Hivemind

Hunting Botnets with Zmap

Hivemind business capability modelling

HiveMind Marketing Capabilities

SPAM/BOTNETS and Malware

Botnets And Alife

Sole Culture: Understanding the Sneakerhead Hivemind

BotNets & Targeted Malware

precision apiculture - Hivemind brochure 2018 NZ.pdf · precision apiculture What is Hivemind? And how does it work? Getting hive measurements to you Hivemind is NZ and Australia’s

botnets - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/botnets.pdf · Botnets • Botnets: – Command and Control (C&C) – Zombie hosts (bots) ... [Your

Army of Botnets

Withstanding Multimillion-Node Botnets

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Malware: Botnets and Worms