hivemind distributed file storage using javascript botnets copyright 2013 sean t. malone
TRANSCRIPT
![Page 1: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/1.jpg)
Copyright 2013 Sean T. Malone
HiveMindDistributed File Storage Using JavaScript Botnets
![Page 2: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/2.jpg)
Copyright 2013 Sean T. Malone
Sean T. MalonePrincipal Security Consultant
(We’re Hiring!)
www.seantmalone.com
![Page 3: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/3.jpg)
Copyright 2013 Sean T. Malone
The Problem
http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/
Encryption is not
Enough!
![Page 4: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/4.jpg)
Copyright 2013 Sean T. Malone
The Solution
Store the files on someone else’s system
Isn’t that illegal?
… usually.
Let’s do this with standard functionality
No exploits – but there are a few tricks we can use
![Page 5: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/5.jpg)
Copyright 2013 Sean T. Malone
It’s a Feature!
All of these techniques are used for “real” web apps
There’s nothing here to patch – removing these features breaks legitimate web apps
![Page 6: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/6.jpg)
Copyright 2013 Sean T. Malone
Disclaimer
This is a research project, not production software. I am not responsible if you lose critical data through the use of this software.
Also, I am not a lawyer. Nothing in this presentation constitutes legal advice, and I do not recommend using these concepts or this software for anything illegal.
![Page 7: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/7.jpg)
Copyright 2013 Sean T. Malone
Web Browser Technology Evolution
Cookies
JavaScript
AJAX
Web Storage
Web Workers
Web Sockets
![Page 8: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/8.jpg)
Copyright 2013 Sean T. Malone
So, a web browser is a computer program that will:
Communicate with my server
Execute arbitrary code
Store arbitrary data
Sounds like a Botnet Node
to me!
![Page 9: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/9.jpg)
Copyright 2013 Sean T. Malone
Sandboxing
“But I thought browser sandboxing made it almost impossible to access system data and execute code?”
Yes, but I don’t care about that. I only need to run code and access data inside the sandbox, and inside the same origin.
![Page 10: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/10.jpg)
Copyright 2013 Sean T. Malone
Building the Botnet
![Page 11: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/11.jpg)
Copyright 2013 Sean T. Malone
Node Infestation Techniques
Sites you own (or at least control)
Compromised sites (i.e., persistent XSS)
URL Shorteners
Ad Distribution Networks
Anonymous proxy servers
![Page 12: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/12.jpg)
Copyright 2013 Sean T. Malone
Command & Control
HTML5 Web Sockets
“To enable Web applications to maintain
bidirectional communications with server-side
processes”
http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html
![Page 13: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/13.jpg)
Copyright 2013 Sean T. Malone
[When that doesn’t work, just fall back to AJAX]
![Page 14: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/14.jpg)
Copyright 2013 Sean T. Malone
Data Storage
HTML5 Web Storage
“[localStorage] is designed for storage that spans multiple
windows, and lasts beyond the current session. In
particular, Web applications may wish to store megabytes
of user data, such as entire user-authored documents or
a user's mailbox, on the client side for performance
reasons.” (emphasis added)
http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html
![Page 15: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/15.jpg)
Copyright 2013 Sean T. Malone
Back End
MySQL (ActiveRecord) & Redis
ActiveRecord is easy to use, but slow (disk database IO)
Redis provides in-memory key/value storage, and let’s you
expire keys after a set amount of time
![Page 16: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/16.jpg)
Copyright 2013 Sean T. Malone
Network Scanning
DDoS Attacks
Data Processing (Web Workers)
Other botnet uses:
![Page 17: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/17.jpg)
Copyright 2013 Sean T. Malone
Building the File System
![Page 18: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/18.jpg)
Copyright 2013 Sean T. Malone
Definitions
File Block: A piece of an uploaded file with a set maximum size
Node: A web browser that is a member of the botnet
Server: The central command and control system used to manage nodes, uploads, downloads, and block directories
![Page 19: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/19.jpg)
Copyright 2013 Sean T. Malone
Storing a File
File
DataName MIME Type
Block 1 Block 2 Block 3 Block 4 Block 5
Encrypted Data
![Page 20: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/20.jpg)
Copyright 2013 Sean T. Malone
Storing a BlockServer
B1
B1 B1 B1 B1 B1 B1 B1 B1
![Page 21: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/21.jpg)
Copyright 2013 Sean T. Malone
Retrieving a BlockServer
B1 B1 B1 B1 B1 B1 B1 B1
B1
![Page 22: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/22.jpg)
Copyright 2013 Sean T. Malone
Retrieving a File
File
Block 1 Block 2 Block 3 Block 4 Block 5
Name MIME Type
Encrypted Data
Data
![Page 23: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/23.jpg)
Copyright 2013 Sean T. Malone
When the $#!7 Hits the Fan
![Page 24: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/24.jpg)
Copyright 2013 Sean T. Malone
The [_ _ _] Seizes the Server
Nodes go offline
Block replication fails
Blocks are lost
Files are unrecoverable
![Page 25: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/25.jpg)
Copyright 2013 Sean T. Malone
Unanswered Legal Questions
Can a website store significant amounts of data that is unnecessary for the operation of the site? Or does this constitute Unauthorized Use of a Computer?
What about bandwidth? Processing power?
Is an individual responsible for illegal content placed on his or her computer through cookies, Web Storage, and similar technologies?
![Page 26: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/26.jpg)
Copyright 2013 Sean T. Malone
Demo!
![Page 27: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/27.jpg)
Copyright 2013 Sean T. Malone
Code Release
Code and slides are available at
www.seantmalone.com
![Page 28: HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone](https://reader037.vdocuments.us/reader037/viewer/2022103121/56649c735503460f94924e6e/html5/thumbnails/28.jpg)
Copyright 2013 Sean T. Malone