hivemind by sean t malone
TRANSCRIPT
-
8/10/2019 HiveMind by Sean T Malone
1/28
HiveMindDistributed File Storage Using JavaScript Botnets
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
2/28
Sean T. MalonePrincipal Security Consultant
(Were Hiring!)
www.seantmalone.comCopyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
3/28
The Problem
http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/
Encryptionis not
Enough!
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
4/28
The Solution
Store the files on someone elses system
Isnt that illegal?
usually.
Lets do this with standard functionality
No exploitsbut there are a few tricks wecan use
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
5/28
Its a Feature!
All of these techniques are used for real
web apps
Theres nothing here to patch removingthese features breaks legitimate web
apps
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
6/28
Disclaimer
This is a research project, not productionsoftware. I am not responsible if you losecritical data through the use of thissoftware.
Also, I am not a lawyer. Nothing in thispresentation constitutes legal advice, and I
do not recommend using these conceptsor this software for anything illegal.
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
7/28
Web BrowserTechnology Evolution
Cookies
JavaScript
AJAX
WebStorage
WebWorkers
WebSockets
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
8/28
So, a web browser is a computer program that will:
Communicate with my server Execute arbitrary code
Store arbitrary data
Sounds like a
Botnet Nodeto me!
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
9/28
Sandboxing
But I thought browser sandboxing made it
almost impossible to access system data
and execute code?
Yes, but I dont care about that. I only
need to run code and access data insidethe sandbox, and inside the same origin.
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
10/28
Building the Botnet
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
11/28
Node Infestation Techniques
Sites you own (or at least control)
Compromised sites (i.e., persistent XSS)
URL Shorteners
Ad Distribution Networks
Anonymous proxy servers
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
12/28
Command & Control
HTML5 Web Sockets
To enable Web applications to maintain
bidirectional communications with server-side
processes
http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
13/28
[When that doesnt work, just fall back toAJAX]
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
14/28
Data Storage
HTML5 Web Storage
[localStorage] is designed for storage that spans multiple
windows, and lasts beyond the current session. In particular,
Web applications may wish to store megabytes of user data,
such as entire user-authored documents or a user's mailbox,
on the client side for performance reasons. (emphasis added)
http://www.whatwg.org/specs/web-apps/current-work/multipage/webstorage.html
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
15/28
Back End
MySQL (ActiveRecord) & Redis
ActiveRecord is easy to use, but slow (disk database IO)
Redis provides in-memory key/value storage, and lets you
expire keys after a set amount of time
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
16/28
Network Scanning
DDoS Attacks
Data Processing (Web Workers)
Other botnet uses:
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
17/28
Building the File System
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
18/28
Definitions
File Block: A piece of an uploaded file with a setmaximum size
Node: A web browser that is a member of the botnet
Server: The central command and control system usedto manage nodes, uploads, downloads, and blockdirectories
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
19/28
Storing a File
File
DataName MIME Type
Block 1 Block 2 Block 3 Block 4 Block 5
Encrypted Data
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
20/28
Storing a Block
Server
B1
B1 B1 B1 B1 B1 B1 B1 B1
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
21/28
Retrieving a Block
Server
B1 B1 B1 B1 B1 B1 B1 B1
B1
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
22/28
Retrieving a File
File
Block 1 Block 2 Block 3 Block 4 Block 5
Name MIME Type
Encrypted Data
Data
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
23/28
When the $#!7 Hits the Fan
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
24/28
The [_ _ _] Seizes the Server
Nodes go offline
Block replication fails
Blocks are lost
Files are
unrecoverable
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
25/28
Unanswered Legal Questions
Can a website store significant amounts of datathat is unnecessary for the operation of the site?Or does this constitute Unauthorized Use of a
Computer?
What about bandwidth? Processing power?
Is an individual responsible for illegal content
placed on his or her computer through cookies,Web Storage, and similar technologies?
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
26/28
Demo!
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
27/28
Code Release
Code and slides are available at
www.seantmalone.com
Copyright 2013 Sean T. Malone
-
8/10/2019 HiveMind by Sean T Malone
28/28
Copyright 2013 Sean T. Malone