I wrote this for the other blog, but it’s an interesting attack vector I thought I’d share over here (also I’ve been pressed for time so not too much content this side of blogdom) – I’m sure your kid will be claiming it’s what got them in a few years.
One of my many jobs involves a video production company, and I was tasked with attempting to locate a means by which we could distribute a movie to an audience that wanted it and wanted to help distribute it to others, yet without the requirements to install a player, or provide 500 copies of proof we own a license for the music, host a high speed server, and it would be nice if the movie could disappear from the face of the planet after so many hours.
Think charity promo mini movie and you’ve about got it.
Piracy of it wasn’t a huge concern, but the attempt was to make it an event that ended and drew people in at around the same time so that discussion and participation happened then, not months later. Anyway, this was what I was researching when I discovered you could be distributing copyrighted movies, child porn, or participating in other illegal activities just by reading a web page with a little code on it.
While you may have known that actively participating in bandwidth exchange in the TOR network meant you were at some point helping distribute the dark web and all the sundry stuff it contains, the same now is possible just by reading an article about how you’ve accidentally become a criminal.
No, I’m not doing that to you. Which is what I would say if I were doing this to you.
Should you not want to click it at work, what happens is the script loads, a video box like YouTube pops up and starts playing a movie, on the left you’ve got a graphical representation of who you’re connected to on the internet and grabbing pieces of the movie to watch from other people, who are similarly watching the movie or just sitting there seeding it.
At the same time you’re giving out pieces of the movie you have to people out there.
Site operators might not even have a clue that their sites had been injected as it could potentially come in the form of a crappy ad, such as we’ve seen on our site from time to time.
You can also pop open Task Manager, which I did while the WebTorrent page was sitting there – you can see it in this image still sending and receiving the public domain movie they’ve got for a demo.
Now on the positive side, you can potentially slack help companies like Netflix or Hulu distribute content after the probable loss of Net Neutrality coming with this administration, so you’re not stuck with a hiked bill for Netflix to pay for more bandwidth. Just a little time on a webpage that helps decentralize content delivery.
Now I could scare you and tout VPNs here. I stand to make a lot of money should you actually sign up for this one or that one. But honestly you could probably mitigate this attack vector with TOR should you be worried about it.
Just the next time you hear about someone being charged with pirate distribution, hacking, etc, realize it could just be from visiting a web page with scripting turned on and nothing to protect their IP address. Or it could be from a disgruntled IT coordinator who had full access to everything, especially setting startup pages.
The web’s gotten a lot more dangerous to the casual browser.
Of course your compromised computer doesn’t give you a criminal record, but I can guarantee if there’s 30 gig of exploited minor videos on your computer when the FBI comes knocking (even knowing you didn’t download them,) your next couple of months is probably going to be unhappy.
So yeah, slow internet? pop open task manager and make sure something isn’t currently using all of your upload bandwidth, and consider investing in a VPN, packet monitor/active firewall, or downloading something to tell you when you’re using bandwidth or ports predominantly associated with hacking and not expecting to.