Scribd Logo
Upload

Welcome to Scribd!

  • HiveMind by Sean T Malone

    Uploaded by

    vegihat
    30 views28 pages
    fake yterminf

    Copyright

    © © All Rights Reserved

    Available Formats

    PPSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    fake yterminf

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views28 pages

    HiveMind by Sean T Malone

    Uploaded by

    vegihat
    fake yterminf

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    HiveMind

    Distributed File Storage Using JavaScript Botnets

    Copyright 2013 Sean T. Malone

    Sean T. Malone
    Principal Security Consultant

    (Were Hiring!)

    Copyright 2013 Sean T. Malone

    www.seantmalone.com

    The Problem

    Encryption
    is not
    Enough!
    http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/
    Copyright 2013 Sean T. Malone

    The Solution
    Store the files on someone elses system
    Isnt that illegal?

    usually.
    Lets do this with standard functionality

    No exploits but there are a few tricks we


    can use

    Copyright 2013 Sean T. Malone

    Its a Feature!
    All of these techniques are used for real
    web apps
    Theres nothing here to patch removing
    these features breaks legitimate web
    apps

    Copyright 2013 Sean T. Malone

    Disclaimer
    This is a research project, not production
    software. I am not responsible if you lose
    critical data through the use of this
    software.
    Also, I am not a lawyer. Nothing in this
    presentation constitutes legal advice, and I
    do not recommend using these concepts
    or this software for anything illegal.
    Copyright 2013 Sean T. Malone

    Web Browser
    Technology Evolution
    Cookies

    JavaScript

    AJAX

    Web
    Storage

    Web
    Workers

    Web
    Sockets
    Copyright 2013 Sean T. Malone

    So, a web browser is a computer program that will:


    Communicate with my server
    Execute arbitrary code
    Store arbitrary data

    Sounds like a
    Botnet Node
    to me!
    Copyright 2013 Sean T. Malone

    Sandboxing
    But I thought browser sandboxing made it
    almost impossible to access system data
    and execute code?

    Yes, but I dont care about that. I only


    need to run code and access data inside
    the sandbox, and inside the same origin.

    Copyright 2013 Sean T. Malone

    Building the Botnet

    Copyright 2013 Sean T. Malone

    Node Infestation Techniques


    Sites you own (or at least control)
    Compromised sites (i.e., persistent XSS)

    URL Shorteners
    Ad Distribution Networks

    Anonymous proxy servers

    Copyright 2013 Sean T. Malone

    Command & Control


    HTML5 Web Sockets

    To enable Web applications to maintain


    bidirectional communications with server-side
    processes

    http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html

    Copyright 2013 Sean T. Malone

    [When that doesnt work, just fall back to


    AJAX]

    Copyright 2013 Sean T. Malone

    Data Storage
    HTML5 Web Storage
    [localStorage] is designed for storage that spans multiple

    windows, and lasts beyond the current session. In particular,


    Web applications may wish to store megabytes of user data,
    such as entire user-authored documents or a user's mailbox,

    on the client side for performance reasons. (emphasis added)

    http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html

    Copyright 2013 Sean T. Malone

    Back End
    MySQL (ActiveRecord) & Redis

    ActiveRecord is easy to use, but slow (disk database IO)


    Redis provides in-memory key/value storage, and lets you

    expire keys after a set amount of time

    Copyright 2013 Sean T. Malone

    Other botnet uses:


    Network Scanning
    DDoS Attacks

    Data Processing (Web Workers)


    Copyright 2013 Sean T. Malone

    Building the File System

    Copyright 2013 Sean T. Malone

    Definitions
    File Block: A piece of an uploaded file with a set
    maximum size
    Node: A web browser that is a member of the botnet
    Server: The central command and control system used
    to manage nodes, uploads, downloads, and block
    directories

    Copyright 2013 Sean T. Malone

    Storing a File
    File

    Name

    MIME Type

    Data

    Encrypted Data

    Block 1
    Copyright 2013 Sean T. Malone

    Block 2

    Block 3

    Block 4

    Block 5

    Storing a Block
    Server
    B1

    B1

    B1

    Copyright 2013 Sean T. Malone

    B1

    B1

    B1

    B1

    B1

    B1

    Retrieving a Block
    Server
    B1

    B1

    B1

    Copyright 2013 Sean T. Malone

    B1

    B1

    B1

    B1

    B1

    B1

    Retrieving a File
    File

    Name

    MIME Type

    Data

    Encrypted Data

    Block 1
    Copyright 2013 Sean T. Malone

    Block 2

    Block 3

    Block 4

    Block 5

    When the $#!7 Hits the Fan

    Copyright 2013 Sean T. Malone

    The [_ _ _] Seizes the Server


    Nodes go offline
    Block replication fails
    Blocks are lost
    Files are
    unrecoverable

    Copyright 2013 Sean T. Malone

    Unanswered Legal Questions


    Can a website store significant amounts of data
    that is unnecessary for the operation of the site?
    Or does this constitute Unauthorized Use of a
    Computer?
    What about bandwidth? Processing power?
    Is an individual responsible for illegal content
    placed on his or her computer through cookies,
    Web Storage, and similar technologies?

    Copyright 2013 Sean T. Malone

    Demo!

    Copyright 2013 Sean T. Malone

    Code Release

    Code and slides are available at

    www.seantmalone.com

    Copyright 2013 Sean T. Malone

    Copyright 2013 Sean T. Malone

    You might also like