I guess I'll get a bunch of cypherpunkers on me now, even though I have the disclaimers/clarifications there. I am not opposed to anonymous services at all, ok? The inital idea behind this note, my main conclusion, is that NSA and others wont be able to estimate the amount of free computing power available "out there". The note outlines what I consider a probable scenario that will invalidate their estimates with a few orders of magnitude. If that is not enough, one can always bring out the big jack hammer: An combiner Internet Worm/SSL Bruter kidnaping the net for a number of hours. /Christian ---- To: Risks Digest This is a short note I wrote the other day. It points out a potential future risk, and also show existing problems with the FSP "proto-market". Also note that I am not opposed to anonymous services per se, I am only pointing out possible misuses of the technology. There are just as big risks in not deploying encryption and anonymous services, in going forward with a world without privacy and private spaces. /Christian THE ILLEGAL MARKETS OF CYBERSPACE by Christian Wettergren, cwe@it.kth.se Given the recent Brute-SSL efforts, together with the BlackNets and an eventual ecash exchange, there is a quite interesting situation emerging. The future markets of Cyberspace will be trading computing power, storage capacity and communications bandwidth, in addition to the more usually mentioned goods. This market for computing capabilities can be used for legitimate purposes as well as for illegal ones. I will here concentrate on the illegal uses, since they will prove to be a challenge to control. Computing power can yield pay-off in actual money, as the bruteSSL effort has quite convincingly shown. This can create a market for hiring computing power for illegal purposes. The actors on such a market can be quite safe, given the anonymity of the BlackNet and the tracelessness of ecash (DigiCash). There are other goods on the market as well; storage capacity and communication bandwidth. How would such a market be operated? The supply of "goods" for the market could be created by hackers breaking in to other's systems and hiring out the stolen capacity. The intruder could install a backdoor into a foreign system that would accept issued cryptographic access codes that would expire after a certain amount of time or usage. This makes it possible for the intruder to operate the business without having to go near the "scene of the crime". There is of course a certain risk that the intruder might lose the system to the hiring party, but that isn't such a big deal, since first of all its not his system, and second of all he may have booby-trapped the system for this case. The intruder would break into computers en masse, and install the backdoors as indicated above. They would then offer the stolen merchandise onto a BlackNet-like arrangement. Potential buyers would express their interests, and the broker of the BlackNet would connect the two together. The buyer and seller would agree on a price. The buyer would deposit the access codes, the seller the anonymous ecash by the broker, and the broker would effect the deal, taking a share of the profit. The buyer can then exchange his ecash for real money, or do whatever he wants with it. The seller brutes away onto whatever he wants, why not the SWIFT international banking system? The usage of stolen CPU cycles must of course be done in a careful way. The intruder would probably install some safeguards against excessive use, in his own interest. These safeguards could feature; * only using spare cycles, * monitoring superuser and sysadm activities, * hiding the process from system utilities like ps, * backing off during daytime hours etc. Other merchandise Storage capacity can be traded in a similar way, by setting up backdoor file server processes that listenes for the proper access codes. This kind of capacity could be used as anonymous post boxes, where you store secrets that you don't want to store at home, even if they are encrypted. It could also be used for bulk storage if it is cheaper than buying a new harddrive. Since this storage isn't offered by the proper owner, he can easily be very competetive. :-) There are of course a number of catches trading with stolen disk capacity, but they can quite easily be circumvented. To counter the privacy issue, all stored files will be encrypted by the submitter. This also eliminates potential evidence, if the proper owner discovers the illegal use of his resources. There is also a certain risk of losing the files if the area is discovered. This can be countered by storing the files in several locations. There is a third risk of traffic analysis of the file server. This analysis can be complicated by having a system of file servers that exchange files with each other, moving them around. In this scheme a buyer can submit a file in one location, and it can be stored in a totally different location. It will take a concerted action by several system owners to track down all their unwanted guests, so it is more likely they will only shut down the file server on their own system. Underground bases Trading communication bandwidth is somewhat more involved than the two previous ones, and cannot be traded without a portion of disk and cycles. It can however be worth a great deal to a potential buyer. Buyers of communication bandwidth is most likely setting up a service that is sold for profit. This service can probably not tolerate day-light and accountability, and hence needs to be anonymous. A good example of such a service is the emerging FSP-server black market, which has been souring during the last year and a half. (There have been lists circulating with several hundreds of FSP servers.) An FSP server is an anonymous file server where the users can freely upload and download files. These "black markets" of file exchanges has been used to trade porn, pirated music and pirated software. A site in Sweden recently caught students that had started such a server. 3 Gb/day went out through the server, and an estimated worth of $2 million in pirated PC programs were exchanged over it during it's three weeks of operation. The high volumes in the server was mainly due to the large amounts of available bandwidth out from the site. The example is not entirely good, since there is no money or ecash exchange in this case. The thing traded currently in the FSP buisness is instead the mere existance of a server, trading one piece of server access info for another. This is mainly because of lack of features in the FSP code, and not a fundamental feature of any such market. Communication bandwidth/service space rental is traded in a similar way as the other merchandise over the BlackNet system, with ecash exchange. The service provider will probably keep on using the site until the proper owner discovers it, since it is a hassle to move the service while running. What is the size of this potential market? I consider the estimates below conservative. Any illegal market would probably be much bigger, and constantly try to expand. Internet now has well over 3 million reachable computers. Lets assume 1 percent of them could be broken into at any one time, i.e 30.000 computers. Each computer is probably good for 5-10 MIPS, but assume we can use on average 1 MIPS without risk for discoverage. (We can probably use more during non-office hours, but maybe nothing during the day.) You can certainly use 10 Mb of ddisk storage on each computer without problems. This adds up to a constant 30 GIPS in computing power, and 300 Gb's of storage. And I believe this is a very conservative estimate, as I said. Conclusions I think it is quite likely that markets similar to those described above will emerge in a few years. There is already one primitive example of such a market in the FSP buisness, and we will most likely see more elaborate forms soon. The developement will accelerate once there is targets which will yield interesting pay-offs. Another conclusion is that all current estimates on available privately available CPU power for bruteforcing is likely to be _wrong_ in the face of such markets. The net has now shown several cases of doing the supposedly impossible; RSA-129, SSL1, SSL2, RC40 etc. The SSL2 effort, although impressive, I believe has only revealed a miniscule piece of what is possible to do. Observe that the current effort has all used volounteers, has not used any of the easily accessible super computers on the net, nor has used any intrusion techniques to round up CPU. The ultimate technique would be to have a well-writen worm raid the Net for CPU power, maybe only being active for a few hours. The worm could penetrate a substantial fraction of the Internet, if fed the right database of possible attacks on different vendors. The last, and most obvious conclusion perhaps, is that all sites should be concerned about their security. There is more to steal in your system than your supposedly worthless information, and I would say that the laws are quite unclear on the issue of liability in any of the above situations. At least if you haven't taken proper precautions. By the way, the above mechanisms can be used to create perfectly legit and proper markets as well. Don't confuse the phenomenas with the techniques. [BlackNet is a creation of Tim May <tcmay@got.net>, and possibly other cypherpunkers. A black market broker announces a public key widely on Internet, stating the market's existance. Potential buyers and sellers encrypt their requests and offers with the public key and posts the encrypted info in a newsgroup somewhere. The broker can then match up buyers and sellers. Ecash can be used to transfer funds, and the broker will get his share of the deal. This scheme is close to impossible to traffic analyse.]