hivemind distributed file storage using javascript botnets copyright 2013 sean t. malone

Copyright 2013 Sean T. Malone

HiveMindDistributed File Storage Using JavaScript Botnets


Sean T. MalonePrincipal Security Consultant

(We’re Hiring!)

www.seantmalone.com


The Problem

http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/

Encryption is not

Enough!


The Solution

Store the files on someone else’s system

Isn’t that illegal?

… usually.

Let’s do this with standard functionality

No exploits – but there are a few tricks we can use


It’s a Feature!

All of these techniques are used for “real” web apps

There’s nothing here to patch – removing these features breaks legitimate web apps


Disclaimer

This is a research project, not production software. I am not responsible if you lose critical data through the use of this software.

Also, I am not a lawyer. Nothing in this presentation constitutes legal advice, and I do not recommend using these concepts or this software for anything illegal.


Web Browser Technology Evolution

Cookies

JavaScript

AJAX

Web Storage

Web Workers

Web Sockets


So, a web browser is a computer program that will:

Communicate with my server

Execute arbitrary code

Store arbitrary data

Sounds like a Botnet Node

to me!


Sandboxing

“But I thought browser sandboxing made it almost impossible to access system data and execute code?”

Yes, but I don’t care about that. I only need to run code and access data inside the sandbox, and inside the same origin.


Building the Botnet


Node Infestation Techniques

Sites you own (or at least control)

Compromised sites (i.e., persistent XSS)

URL Shorteners

Ad Distribution Networks

Anonymous proxy servers


Command & Control

HTML5 Web Sockets

“To enable Web applications to maintain

bidirectional communications with server-side

processes”

http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html


[When that doesn’t work, just fall back to AJAX]


Data Storage

HTML5 Web Storage

“[localStorage] is designed for storage that spans multiple

windows, and lasts beyond the current session. In

particular, Web applications may wish to store megabytes

of user data, such as entire user-authored documents or

a user's mailbox, on the client side for performance

reasons.” (emphasis added)

http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html


Back End

MySQL (ActiveRecord) & Redis

ActiveRecord is easy to use, but slow (disk database IO)

Redis provides in-memory key/value storage, and let’s you

expire keys after a set amount of time


Network Scanning

DDoS Attacks

Data Processing (Web Workers)

Other botnet uses:


Building the File System


Definitions

File Block: A piece of an uploaded file with a set maximum size

Node: A web browser that is a member of the botnet

Server: The central command and control system used to manage nodes, uploads, downloads, and block directories


Storing a File

File

DataName MIME Type

Block 1 Block 2 Block 3 Block 4 Block 5

Encrypted Data


Storing a BlockServer

B1

B1 B1 B1 B1 B1 B1 B1 B1


Retrieving a BlockServer

B1 B1 B1 B1 B1 B1 B1 B1

B1


Retrieving a File

File

Block 1 Block 2 Block 3 Block 4 Block 5

Name MIME Type

Encrypted Data

Data


When the $#!7 Hits the Fan


The [_ _ _] Seizes the Server

Nodes go offline

Block replication fails

Blocks are lost

Files are unrecoverable


Unanswered Legal Questions

Can a website store significant amounts of data that is unnecessary for the operation of the site? Or does this constitute Unauthorized Use of a Computer?

What about bandwidth? Processing power?

Is an individual responsible for illegal content placed on his or her computer through cookies, Web Storage, and similar technologies?


Demo!


Code Release

Code and slides are available at

www.seantmalone.com

hivemind distributed file storage using javascript botnets copyright 2013 sean t. malone

Documents