Researchers discover new method of stealth computing

[InfoSec News <isn () c4i org>]

http://www.siliconvalley.com/docs/news/svfront/049987.htm

[The Notre Dame scientists might be suprised to know how many parties
are using Back Orifice 2000 to make significant gains on their
Seti@Home & Distributed.net scores :)   - WK]

Wednesday, Aug. 29, 2001 

SAN JOSE, Calif. (AP) -- Uncovering a new but relatively benign
Internet vulnerability, researchers tricked Web servers around the
world into solving math problems without permission.

Unlike hackers who exploit flaws to gain direct access to machines,
the University of Notre Dame computer scientists created a simple
virtual computer by relying on the protocols used in everyday Internet
communications.

Each problem was broken down into smaller components that were
evaluated by the unknowing servers located in North America, Europe
and Asia. The results from each were used to build a solution.

The process works a lot like distributed computing, which draws
massive processing power from multiple Internet-connected computers
for such tasks as searching for alien life and cracking encryption
keys.

In parasitic computing, however, the work is performed without the
server owner's knowledge or permission.

Because parasitic computing traffic masquerades as regular network
requests -- and is no more challenging to process -- it is unlikely
that any laws were broken.

Still, the approach raises some ethical questions, said Vincent Freeh,
a Notre Dame computer science professor and study co-author. ``When
you're on the road, do you use a McDonald's restroom without buying a
hamburger?'' he said. ``That's the ethics of what we're dealing
with.''

The research, reported in Thursday's journal Nature, is primarily an
academic exercise. For one, sending out data over the Internet
requires more work than the simple problems solved by the virtual
computer.

``In no case did we say it could be efficiently exploited,'' Freeh
said.

By more cleverly breaking down complex problems and running remote
computations in parallel, it might be possible to improve the
efficiency. The Notre Dame team, however, set up their system only as
a proof of concept.

The attack sends less data to a server than a typical request for a
Web page.

The researchers did not disclose targeted servers, except to say they
were distributed around the world. Nobody noticed their masqueraded
data packets, which were insignificant compared to regular Internet
traffic.

More widespread attempts at the exploit could have the same effect as
a denial of service attack -- in which the server is so busy
processing bogus data that it cannot perform its intended job.

Still, anyone attempting to overload a machine is better off with the
usual tactic of useless data, said Scott Blake, director of security
strategy at BindView Corp., a network security firm.

``If you're going to flood the machine, you're better off flooding it
with dumb data,'' he said. ``Being able to do (computations) depends
on getting valid data from the system you're targeting. If you're
overloading it, you're not going to get any data.''

Because the attack involves ubiquitous networking components required
for the Internet to operate, it would be difficult to stop similar
attempts to harness computing power, security experts said.

In particular, the exploit uses a calculation called the checksum --
used to confirm that information is not corrupted during transmission
-- in what is known as the Transmission Control Protocol. Even though
TCP is used in all Internet communication, it is unlikely that the
technique will be exploited because the system is simply too
inefficient, Blake said.

``We don't think anyone should think their computer is going to be
used for nefarious purposes,'' he said. ``This is entirely
theoretical. I'm not convinced there is going to be a practical
application of it.''



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.