HiveMind by Sean T Malone

  • Upload
    vegihat

  • View
    218

  • Download
    0

Embed Size (px)

Citation preview

  • 8/10/2019 HiveMind by Sean T Malone

    1/28

    HiveMindDistributed File Storage Using JavaScript Botnets

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    2/28

    Sean T. MalonePrincipal Security Consultant

    (Were Hiring!)

    www.seantmalone.comCopyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    3/28

    The Problem

    http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/

    Encryptionis not

    Enough!

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    4/28

    The Solution

    Store the files on someone elses system

    Isnt that illegal?

    usually.

    Lets do this with standard functionality

    No exploitsbut there are a few tricks wecan use

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    5/28

    Its a Feature!

    All of these techniques are used for real

    web apps

    Theres nothing here to patch removingthese features breaks legitimate web

    apps

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    6/28

    Disclaimer

    This is a research project, not productionsoftware. I am not responsible if you losecritical data through the use of thissoftware.

    Also, I am not a lawyer. Nothing in thispresentation constitutes legal advice, and I

    do not recommend using these conceptsor this software for anything illegal.

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    7/28

    Web BrowserTechnology Evolution

    Cookies

    JavaScript

    AJAX

    WebStorage

    WebWorkers

    WebSockets

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    8/28

    So, a web browser is a computer program that will:

    Communicate with my server Execute arbitrary code

    Store arbitrary data

    Sounds like a

    Botnet Nodeto me!

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    9/28

    Sandboxing

    But I thought browser sandboxing made it

    almost impossible to access system data

    and execute code?

    Yes, but I dont care about that. I only

    need to run code and access data insidethe sandbox, and inside the same origin.

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    10/28

    Building the Botnet

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    11/28

    Node Infestation Techniques

    Sites you own (or at least control)

    Compromised sites (i.e., persistent XSS)

    URL Shorteners

    Ad Distribution Networks

    Anonymous proxy servers

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    12/28

    Command & Control

    HTML5 Web Sockets

    To enable Web applications to maintain

    bidirectional communications with server-side

    processes

    http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    13/28

    [When that doesnt work, just fall back toAJAX]

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    14/28

    Data Storage

    HTML5 Web Storage

    [localStorage] is designed for storage that spans multiple

    windows, and lasts beyond the current session. In particular,

    Web applications may wish to store megabytes of user data,

    such as entire user-authored documents or a user's mailbox,

    on the client side for performance reasons. (emphasis added)

    http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    15/28

    Back End

    MySQL (ActiveRecord) & Redis

    ActiveRecord is easy to use, but slow (disk database IO)

    Redis provides in-memory key/value storage, and lets you

    expire keys after a set amount of time

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    16/28

    Network Scanning

    DDoS Attacks

    Data Processing (Web Workers)

    Other botnet uses:

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    17/28

    Building the File System

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    18/28

    Definitions

    File Block: A piece of an uploaded file with a setmaximum size

    Node: A web browser that is a member of the botnet

    Server: The central command and control system usedto manage nodes, uploads, downloads, and blockdirectories

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    19/28

    Storing a File

    File

    DataName MIME Type

    Block 1 Block 2 Block 3 Block 4 Block 5

    Encrypted Data

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    20/28

    Storing a Block

    Server

    B1

    B1 B1 B1 B1 B1 B1 B1 B1

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    21/28

    Retrieving a Block

    Server

    B1 B1 B1 B1 B1 B1 B1 B1

    B1

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    22/28

    Retrieving a File

    File

    Block 1 Block 2 Block 3 Block 4 Block 5

    Name MIME Type

    Encrypted Data

    Data

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    23/28

    When the $#!7 Hits the Fan

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    24/28

    The [_ _ _] Seizes the Server

    Nodes go offline

    Block replication fails

    Blocks are lost

    Files are

    unrecoverable

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    25/28

    Unanswered Legal Questions

    Can a website store significant amounts of datathat is unnecessary for the operation of the site?Or does this constitute Unauthorized Use of a

    Computer?

    What about bandwidth? Processing power?

    Is an individual responsible for illegal content

    placed on his or her computer through cookies,Web Storage, and similar technologies?

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    26/28

    Demo!

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    27/28

    Code Release

    Code and slides are available at

    www.seantmalone.com

    Copyright 2013 Sean T. Malone

  • 8/10/2019 HiveMind by Sean T Malone

    28/28

    Copyright 2013 Sean T. Malone