Thing a Week 20: Dongnet

1-MirwxjydlEZEIBeAVZinlQ

To imagine that a computer might have some code that it runs in response to being overloaded with requests isn’t too much of a stretch — it’s not hard to believe. Partially because it’s true, and partially because that just makes sense: if servers are going to talk to you, you need to be able to know how to tell them, “Hey, I’m swamped with stuff right now. Can we talk later?”

To imagine that computers are perpetually infallible, however, is ignorant at best. Computers make mistakes all the time; we tell them to make mistakes, of course, but it’s still them that makes them. They aren’t always even mistakes right away; sometimes they’re the best thing you can do at the time.

One such mistake, for example, was made on January 2nd in the year 1989 by a git user named torvalds.

News of this mistake — a perfectly correct solution to a problem at the time, somehow was made vulnerable in the meantime by dependencies hidden deep away, and now thought of as a mistake — had been popping up on private hacker message boards, listed as an attack vector for an impressive, new zero-day exploit triggered by resource exhaustion. The advisories seemed to appear sporadically and always from a different username and then shortly disappear, never staying for long.

No one is really sure whether yolobama was the one releasing the advisories behind the scenes or whether he merely saw one of them and ran with the idea, but his SBBot was the first software found in the wild that had implemented it — and by then it was too late.

He had designed a C&C — a “command and control” — paradigm that gave complete ownership of a conquered box to the first person to access it after the exploit had executed. This meant two things: one, who could control his machines was no longer whoever happened to know, guess, or crack his username and password; and two, that he’d have to make damn sure that he was the first in after each attack, or he might as well not even try to attack them.

So he automated it: he took the exploit code, wrapped it in a script to target random IP addresses on the Internet, and just tacked on another script at the end to log in and run itself again on that computer.

That’s like a dozen lines of code. A sixth grader could have done that.

SBBot originally started out on some machine yolobama owned —either by purchase or by conquest — and just scaaaanned and scaanned random machines on the Internet, challenging each one to a stab from the exploit. Depending on how well his computer compared to everything else on the Internet, he could have been scanning for vulnerable targets anywhere from a total of one second to the entirety of time that had elapsed since that commit was originally pushed in 1989.

With random number generators, however, it’s entirely possible that still even the second-worst computer on the Internet just happened to target the worst computer on its first try, and the Network rapidly spread from there. Extremely unlikely, but possible.

At some point he did find a machine weak enough to exhaust the entirety of its resources just trying to say, “Hold the fuck on, bro,” and his Network eventually doubled in size.

Now at this point, the programmer designing how these machines will interact has two options: either both machines can continue to act independently, infecting weaker machines at random, or the two can work together, combining their resources to out-resource the potential new resource’s resources.

The logical answer, of course, is to combine forces. Otherwise you are limiting yourself to machines no stronger than your strongest (which is obviously your first, because they’d never overpower someone stronger). Combining multiple machines in the same attack means you are only limited by the collective firepower of your entire army, rather than by any single individual.

A second side-effect of the C&C’s design inherently means that you can throw more machines at a task if you are trying to be the first in: rather than entering in a lottery with 4 other people, you could instead enter that lottery with 10 other people, and have 7 of them actually be you. It’s the ol’ “call the radio station with multiple phones” trick.

And what that meant was that whoever controlled the most machines had the best chance to get in — and get more machines.

It was very much a “rich get richer” scheme and yolobama may have been the first to introduce it, but he’s not even close to those of us at the top anymore. His algorithm was okay for a script kiddie, but it lacked the basic functionality for anything other than just aggressively spreading; it couldn’t defend, and it couldn’t hide. Those were its biggest downfalls in the end as a second wave of more intelligent Networks crashed in, enslaving any machines they could overpower, regardless of whether they were under their original owner’s control or not.

And so we took them. We took them all.

The tech media coined “Darknet’s Awakening”, churning out article after article rehashing what little they knew about it at the time. The tech behind it was ignored, but the name was picked up briefly by the mainstream media before settling on a catchier Internet Takeover for coverage on how much it sucked to not be able to use the Internet anymore.

* * *

1-o-lPiwbnFzYZmnHlmVxp4Q

Graham, Hiroshi, Sherard, and I were sprawled out on bean bags at Sherard’s place — only just a couple weekends ago — coding away at one of our weekend hackathons, when someone interrupted a half-dozen-hour streak of plugged-in silence with the apparently factual statement, “We could write a better SB.”

There was more silence following immediately after, however, but only because each of the four brains in the room immediately began cranking their cranial gears, reflecting on what yolobama’s bot did poorly and how it could be improved.

“I’m not entirely convinced yolobama knew what he was releasing,” Graham said, his gaze shooting back to the laptop in front of him, but still spacing out. “At a certain size Network, you’re obviously going to be able to take down pretty much any residential box, and not long after that you’ll be passing most commercial boxes. Why does he just keep scanning randomly forever, instead of sharing between machines who’s been scanned already and who hasn’t?”

“If we track how powerful each node is, we can be pretty efficient across multiple attacks,” Hiroshi thoughtfully added. “We can attack with just enough power to win over a machine, and focus the rest of our nodes elsewhere.”

Sherard piped in on a new angle: “I wonder if we could dynamically re-route attacks on us between our machines. Detect it’s coming from someone trying the exploit early on, and kindly let them know, ‘Oh, sorry, I’ve actually moved! To that bigger machine over there!’”

“That’s probably the best defense I can think of,” I agreed. “Maybe we could redirect the really strong ones to other machines also; if we know that they’re trying to exploit something, we could just keep trying to log in to that something and beat them to it.”

“We should probably be doing that for all attacks anyway,” Hiroshi pointed out. “Hell, we could probably even map out where other peoples’ nodes are and start chucking them against each other.”

Graham laughed and said, “They’d basically be ours. We could just treat them as fleeting mercenaries: whenever they come around, we point them at someone slightly weaker and we steal their spoils.”

“With consumers an obvious first target,” I continued to brainstorm out loud, “you could probably jump start your battalion of heavy artillery by using that consumer foothold to spread in more ways from there, like infecting USBs plugged in that might then get taken to work or something.”

There was more silence until Sherard pointed out, “It’s a worm now.”

“It was a worm before,” I believe I said, and there were some nods.

There were some nods, then Hiroshi announced, “I’ve been meaning to get into more networky stuff, this might be a good way to learn about it.”

“The defensive redirection thing sounds pretty fun, actually,” Graham added.

I said, “The rules for interaction between nodes sounds cool as balls.”

Sherard rolled over in his beanbag and agreed, “I’ll write some badass logic for scanning. Lets do this.”

We all nodded in our bean bags and the room fell silent again with everyone getting excited. Finally, Hiroshi giggled and blurted out, “I have the bestname for it.”

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *