How can unauthorized access be used without evil?
September 6, 2007 11:37 PM Subscribe
DoublethinkFilter: Suppose someone had unauthorized access to thousands of random computers around the world. Without doing anything illegal or unethical (besides controlling these computers of course), is there some way they could use these computers for profit without hindering the true owner's ability to operate the computer?
There was a plan some spyware companies had to sell out the surplus processing power of the infected computers, ala seti@home. (Too lazy to find a link).
posted by scodger at 11:53 PM on September 6, 2007
posted by scodger at 11:53 PM on September 6, 2007
This is the goal of botnets (ignoring the illegal and unethical restrictions).
posted by null terminated at 11:56 PM on September 6, 2007
posted by null terminated at 11:56 PM on September 6, 2007
Parasitic computing:
In this model, which we call 'parasitic computing', one machine forces target computers to solve a piece of a complex computational problem merely by engaging them in standard communication. Consequently, the target computers are unaware that they have performed computation for the benefit of a commanding node.
There are many profitable NP-complete problems (efficient airplane scheduling, for example, could save an airline billions in fuel costs).
Spread over millions of hosts, you probably wouldn't hinder usage too much.
As for being ethical? Probably not:
Although parasitic computing does not compromise the security of the target, it could delay the services the target computer normally performs, which would be similar to a denial-of-service attack, disrupting Internet service. Thus, parasitic computing raises interesting ethical and legal questions regarding the use of a remote host without consent, challenging us to think about the ownership of resources made available on the Internet.
posted by Blazecock Pileon at 11:59 PM on September 6, 2007
In this model, which we call 'parasitic computing', one machine forces target computers to solve a piece of a complex computational problem merely by engaging them in standard communication. Consequently, the target computers are unaware that they have performed computation for the benefit of a commanding node.
There are many profitable NP-complete problems (efficient airplane scheduling, for example, could save an airline billions in fuel costs).
Spread over millions of hosts, you probably wouldn't hinder usage too much.
As for being ethical? Probably not:
Although parasitic computing does not compromise the security of the target, it could delay the services the target computer normally performs, which would be similar to a denial-of-service attack, disrupting Internet service. Thus, parasitic computing raises interesting ethical and legal questions regarding the use of a remote host without consent, challenging us to think about the ownership of resources made available on the Internet.
posted by Blazecock Pileon at 11:59 PM on September 6, 2007
Parasitic computing tends to use a lot of resources for a fairly small computation. It's an interesting subject, but I don't think it'll generally be cheaper to do a computation that way than on conventional hardware. Anyway, a botnet isn't the same thing as parasitic computing.
Anyway. Ignoring the fact that the unauthorized access itself is illegal and unethical, some ideas that come to mind:
Using the CPU to run seti@home, and somehow converting that into money. (The second step seems like the hard part.)
Using the disk to store stuff. You could make a giant distributed filesystem, perhaps, and get a PhD thesis out of it if you actually got it working usefully.
Using the network to send stuff. Spam, for example. Or you could host websites on the distributed filesystem you implemened, above— think of Amazon's S3 and Akamai. Except you could only sell to unscrupulous people.
Using the network to receive stuff. You could run a zillion web proxies, and sell access to spammers, Chinese dissidents, and Wikipedia vandals.
The best combination of these I can think of is to run a search engine. Google already runs on large groups of not-perfectly-reliable machines (more reliable than a random selection of compromised desktops, though), and you'd have a widely distributed set of hosts to spider from.
The difficulties, I think, are that your substrate is unreliable (any of your nodes can drop off the net at any random time), and you need to keep your profile low to avoid interfering with legitimate work on the machines. And since you're asking about profit, you'd need some way to sell a service that is not in itself unethical, but sell it only to people who don't know or don't care that you're running on stolen resources.
posted by hattifattener at 12:23 AM on September 7, 2007 [1 favorite]
Anyway. Ignoring the fact that the unauthorized access itself is illegal and unethical, some ideas that come to mind:
Using the CPU to run seti@home, and somehow converting that into money. (The second step seems like the hard part.)
Using the disk to store stuff. You could make a giant distributed filesystem, perhaps, and get a PhD thesis out of it if you actually got it working usefully.
Using the network to send stuff. Spam, for example. Or you could host websites on the distributed filesystem you implemened, above— think of Amazon's S3 and Akamai. Except you could only sell to unscrupulous people.
Using the network to receive stuff. You could run a zillion web proxies, and sell access to spammers, Chinese dissidents, and Wikipedia vandals.
The best combination of these I can think of is to run a search engine. Google already runs on large groups of not-perfectly-reliable machines (more reliable than a random selection of compromised desktops, though), and you'd have a widely distributed set of hosts to spider from.
The difficulties, I think, are that your substrate is unreliable (any of your nodes can drop off the net at any random time), and you need to keep your profile low to avoid interfering with legitimate work on the machines. And since you're asking about profit, you'd need some way to sell a service that is not in itself unethical, but sell it only to people who don't know or don't care that you're running on stolen resources.
posted by hattifattener at 12:23 AM on September 7, 2007 [1 favorite]
I think scodger is referring to the scumware that came packaged with Kazaa. In theory, the target computer owners agreed to this by clicking Yes at the bottom of an EULA while installing Kazaa, so whether the use was technically "unauthorized" is an interesting question.
posted by flabdablet at 12:25 AM on September 7, 2007
posted by flabdablet at 12:25 AM on September 7, 2007
Suppose you believe it is ethical to use spare capacity. It's lying around, the owner isn't using it, no one will know, where's the harm?
Maybe that computer that looks idle is actually the hot backup system at my doctor's medical practice. It looks as though it's doing nothing, and hey, what can it hurt if you steal a few cycles? Maybe it's a system that is idle but has to respond to requests in real time. It may be idle now, but that capacity could be suddenly needed.
The very idleness and spare capacity of the system may be something the owner has deliberately set up. So you can't use resources just because they look as though nobody needs them, because one milliseconds from now, they might.
You have this idea that you could do something that wouldn't hinder the owner's ability to use the computer, but in fact, at a higher level, the computer's idleness is of use to me. There is nothing you can do that won't consume some resources.
posted by i_am_joe's_spleen at 12:25 AM on September 7, 2007
Maybe that computer that looks idle is actually the hot backup system at my doctor's medical practice. It looks as though it's doing nothing, and hey, what can it hurt if you steal a few cycles? Maybe it's a system that is idle but has to respond to requests in real time. It may be idle now, but that capacity could be suddenly needed.
The very idleness and spare capacity of the system may be something the owner has deliberately set up. So you can't use resources just because they look as though nobody needs them, because one milliseconds from now, they might.
You have this idea that you could do something that wouldn't hinder the owner's ability to use the computer, but in fact, at a higher level, the computer's idleness is of use to me. There is nothing you can do that won't consume some resources.
posted by i_am_joe's_spleen at 12:25 AM on September 7, 2007
Also, you have to say whether your ethics make it ok to use any resource that you perceive the owner to be wasting. Can you drive my car when you know I'm at work and won't need it? Can you sleep on my porch while I'm out?
And then, could you sell space on my shady porch to passers-by? Just while I'm not home to be annoyed, you understand.
I can see how you COULD erect a consistent ethical system which makes it ok to exercise a sort of CPU usufruct , but it would be one in which property rights as most people think of them don't exist.
posted by i_am_joe's_spleen at 12:36 AM on September 7, 2007 [1 favorite]
And then, could you sell space on my shady porch to passers-by? Just while I'm not home to be annoyed, you understand.
I can see how you COULD erect a consistent ethical system which makes it ok to exercise a sort of CPU usufruct , but it would be one in which property rights as most people think of them don't exist.
posted by i_am_joe's_spleen at 12:36 AM on September 7, 2007 [1 favorite]
...without hindering the true owner's ability to operate the computer?
Nope. You'll be using cycles, you'll be using bandwidth. Some PC users out there pay hundreds of dollars for video cards just to gain a bit of frame rate on their games; others compile code and other CPU-intensive tasks. Still others max out their internet connections. Anything you do will in some way impact users like that.
Also: you can't just throw out the questionable ethics and legality of unauthorized usage; that's like saying "without doing anything illegal or unethical (except for breaking into the home without permission) what can I do to make a profit while housesitting?"
posted by davejay at 1:33 AM on September 7, 2007
Nope. You'll be using cycles, you'll be using bandwidth. Some PC users out there pay hundreds of dollars for video cards just to gain a bit of frame rate on their games; others compile code and other CPU-intensive tasks. Still others max out their internet connections. Anything you do will in some way impact users like that.
Also: you can't just throw out the questionable ethics and legality of unauthorized usage; that's like saying "without doing anything illegal or unethical (except for breaking into the home without permission) what can I do to make a profit while housesitting?"
posted by davejay at 1:33 AM on September 7, 2007
Onion Routing. However, whatever you do, you're pushing up someone's electricity bill.
posted by Leon at 2:03 AM on September 7, 2007
posted by Leon at 2:03 AM on September 7, 2007
theres some spyware around that automatically adds (and overrides any current) affiliate links for e-commerce sites. so when making a purchase from amazon.com or another site where the attacker has an affiliate account.
generally this isnt noticable to the user - unless they are trying to use their own affiliate and it means each purchase made provides a small kickback to the affiliate used.
posted by dnc at 3:15 AM on September 7, 2007
generally this isnt noticable to the user - unless they are trying to use their own affiliate and it means each purchase made provides a small kickback to the affiliate used.
posted by dnc at 3:15 AM on September 7, 2007
Generally the users are oblivious to what's going on, so I'd say that's a yes.
posted by cellphone at 5:19 AM on September 7, 2007
posted by cellphone at 5:19 AM on September 7, 2007
There's an old nerd folk legend about a hacker who used spare cycles on an ancient timesharing system to run a cybernetic prayer wheel. If you had the capability of running a distributed version of a prayer wheel, then it could be argued that you would have an ethical obligation to help lift humanity out of the cycle of karma. Of course prayer wheels could also be a bunch of superstitious hooie.
posted by rdr at 5:25 AM on September 7, 2007
posted by rdr at 5:25 AM on September 7, 2007
Ooh... if we're going to argue for one ethical obligation outweighing another, how about the distributed protein folding project, Folding@Home?
posted by Leon at 5:27 AM on September 7, 2007
posted by Leon at 5:27 AM on September 7, 2007
I can't really see anything you can do with these computers without consuming power and bandwidth which is going to cost someone money.
posted by juv3nal at 5:30 AM on September 7, 2007
posted by juv3nal at 5:30 AM on September 7, 2007
I'm not a webmaster so don't have a great understanding of advertising, google adwords, and so forth, but i could certainly imagine a scenario where you use these computers to browse to your website (or search for it, or search for terms that lead to it, whatever), thus driving up the price advertisers will pay to advertise on your site?
Coded correctly this shouldn't "hinder" any PC in the slightest.
posted by poppo at 6:00 AM on September 7, 2007
Coded correctly this shouldn't "hinder" any PC in the slightest.
posted by poppo at 6:00 AM on September 7, 2007
If you had perfect knowledge, the only ethical things would be to make sure that no one else can do the same thing, and then leave. Informing the owner would be best. Plugging the backdoor would be second best.
Since you don't have perfect knowledge, the only ethical thing you can do is leave them alone.
posted by cmiller at 6:32 AM on September 7, 2007
Since you don't have perfect knowledge, the only ethical thing you can do is leave them alone.
posted by cmiller at 6:32 AM on September 7, 2007
What about surreptitious symbiosis, i.e., trading access for a benefit to the owner? Suppose the hacker also cleaned the computer of malware, effectively reducing bandwidth and/or increasing the computer's efficiency? Perhaps still unethical, but certainly not evil.
posted by weapons-grade pandemonium at 7:01 AM on September 7, 2007
posted by weapons-grade pandemonium at 7:01 AM on September 7, 2007
Some people argue that it is ethical to use a bot net to search the web for bot nets and shut them down, or that is ethical to use a virus to distribute the patch that fixes the vulnerability your virus uses to replicate.
I don't agree.
Sony Music believed, and still believes, that it is ethical to make unauthorized usage of a computer to protect their copyrights. This led to the 2005 Sony BGM scandal.
Their software was so buggy, all the achieved was breaking millions of computer around the world, which costed billions of dollar to repair. For a number of months in 2005, the IT staff of companies around the United States did nothing but rebuilt machine destroyed by Sony.
So Sony got sued for destruction of property, on top all of being sued for unauthorized usage of the computers.
By loading your software onto someone's computer, you expose them to the consequences of your bugs. That exposure is unethical, regardless of whether there are bugs or not.
posted by gmarceau at 7:01 AM on September 7, 2007
I don't agree.
Sony Music believed, and still believes, that it is ethical to make unauthorized usage of a computer to protect their copyrights. This led to the 2005 Sony BGM scandal.
Their software was so buggy, all the achieved was breaking millions of computer around the world, which costed billions of dollar to repair. For a number of months in 2005, the IT staff of companies around the United States did nothing but rebuilt machine destroyed by Sony.
So Sony got sued for destruction of property, on top all of being sued for unauthorized usage of the computers.
By loading your software onto someone's computer, you expose them to the consequences of your bugs. That exposure is unethical, regardless of whether there are bugs or not.
posted by gmarceau at 7:01 AM on September 7, 2007
(besides controlling these computers of course), is there some way they could use these computers for profit without hindering the true owner's ability to operate the computer?
I'm assuming that "besides controlling these computers" means that he is ignoring the bandwidth, performance, and electricity costs here. You could schedule all sorts of things to do when the machine is idle:
1. Do batch processing for money.
2. Sending out spam.
3. Using the disks as remote storage.
4. Hosting images and multimedia content.
5. Using it in a onion routing system.
6. Using it as a head for a vpn system.
7. Making it a web proxy.
You can probably make money off all of these.
posted by damn dirty ape at 7:51 AM on September 7, 2007
I'm assuming that "besides controlling these computers" means that he is ignoring the bandwidth, performance, and electricity costs here. You could schedule all sorts of things to do when the machine is idle:
1. Do batch processing for money.
2. Sending out spam.
3. Using the disks as remote storage.
4. Hosting images and multimedia content.
5. Using it in a onion routing system.
6. Using it as a head for a vpn system.
7. Making it a web proxy.
You can probably make money off all of these.
posted by damn dirty ape at 7:51 AM on September 7, 2007
Amazon EC2 is making a business out of selling CPU cycles. One could try to do the same with a botnet (but with your need to keep your data non-center a secret, you probably wouldn't get many takers.) (This is damn dirty ape's #1 answer, above.)
posted by Zed_Lopez at 9:44 AM on September 7, 2007
posted by Zed_Lopez at 9:44 AM on September 7, 2007
Spam is a popular and easy one. Millions of businesses want to spam but no one wants to own up to their desire, so it's perfect for people who don't want anyone prying too much.
Providing proxies to people who want to be anonymous is interesting, and perhaps even an ethical net gain in certain circumstances, but advertising would be a pain.
You could set up a web host in russia or something, and then construct a lovely site detailing how you can provide total anonymity to anyone for various services. Write some programs, and voila, money. Could be alright. Call it a dark net instead of a bot net.
Need a coder? Ha.
posted by blacklite at 10:08 AM on September 7, 2007
Providing proxies to people who want to be anonymous is interesting, and perhaps even an ethical net gain in certain circumstances, but advertising would be a pain.
You could set up a web host in russia or something, and then construct a lovely site detailing how you can provide total anonymity to anyone for various services. Write some programs, and voila, money. Could be alright. Call it a dark net instead of a bot net.
Need a coder? Ha.
posted by blacklite at 10:08 AM on September 7, 2007
I suppose the real answer is: yes. None of these really hinder the average user, they're all quite easily done, and most people don't know what is going on with their PCs on the best of days.
posted by blacklite at 10:10 AM on September 7, 2007
posted by blacklite at 10:10 AM on September 7, 2007
I think you could argue that the unused and unsecured processing cycles on the net have the same status as the Commons. How is applying your know-how and entrepreneurial spirit to gather and sell these cycles different than using the public waterways to cool your reactor or provide you with a harvest of delicious bass? From this vantage, a prima facie case could be made that doing so would be ethical.
Not saying this stands, but reading joe's spleen's comment kind of put the idea in my head.
posted by Fezboy! at 11:17 AM on September 7, 2007
Not saying this stands, but reading joe's spleen's comment kind of put the idea in my head.
posted by Fezboy! at 11:17 AM on September 7, 2007
Because these computers in question aren't public. They're private property.
posted by IronLizard at 11:57 AM on September 7, 2007
posted by IronLizard at 11:57 AM on September 7, 2007
This question is inherently broken. It's illegal to access a computer without the owner's permission, so there is absolutely nothing you can do with the computer that would be legal. You may as well say, "Suppose I'm trepassing on the property of thousands of random people. What can I do there that wouldn't be illegal?" It doesn't work because the basis for your question is that you're doing something illegal. The end.
posted by mullingitover at 12:08 PM on September 7, 2007
posted by mullingitover at 12:08 PM on September 7, 2007
If you look at the Internet not as a collection of computers linked together so that they can communicate but as an abstraction, then it is just a bunch of publicly held property. One could conceive of the Internet address space as a Common. Maybe not so much any longer, but at one time, the whole infrastructure of the Internet was held in trust by our mutual agent.
On the Internet you don't see my iBook so much as you see a public IP address that responds to various communication protocols. You can make requests using those protocols and if I haven't locked that port or protocol down, you will receive responses to those requests. If you don't fence off your corner of the public Common then it remains the Common, no? How is it illegal for me to make a request to a computer intentionally put on a public network? If I make the requests over a period of time without your complaint, can I be granted an easement? That's the way things work in the case of real property...
Anyway, someone just blew up the calendar plugin to the wiki at work so I have to cut this short. Sorry.
posted by Fezboy! at 1:37 PM on September 7, 2007
On the Internet you don't see my iBook so much as you see a public IP address that responds to various communication protocols. You can make requests using those protocols and if I haven't locked that port or protocol down, you will receive responses to those requests. If you don't fence off your corner of the public Common then it remains the Common, no? How is it illegal for me to make a request to a computer intentionally put on a public network? If I make the requests over a period of time without your complaint, can I be granted an easement? That's the way things work in the case of real property...
Anyway, someone just blew up the calendar plugin to the wiki at work so I have to cut this short. Sorry.
posted by Fezboy! at 1:37 PM on September 7, 2007
If you don't fence off your corner of the public Common then it remains the Common, no?
Yeah but what if you fence it off, but it's not a very good fence that someone (like, say, comwiz) could easily get around/over?
posted by juv3nal at 2:22 PM on September 7, 2007
Yeah but what if you fence it off, but it's not a very good fence that someone (like, say, comwiz) could easily get around/over?
posted by juv3nal at 2:22 PM on September 7, 2007
One bug report and server restart later...
That's where I was going, juv3nal. Let's say I own some property between you and AdventureLand and that you really, really like to visit AdventureLand. Let's say you like it so much that instead of getting in your car and driving around my property, you climb my crappy chain link fence and cut across the corner of my lot to get to the gate. You do this because it saves you 5 minutes. The corner you cut across every day is hidden from my view by my grove of plum trees so I never see you.
Ten years later I sell my property to some guy who tears out all the plum trees (bastard!). You're still going to AdventureLand because you enjoy fun-filled days and you're still cutting across my lot to gain that extra 5 minutes of AdventureLand fun. The new guy sees this and gets all up in your grill about trespassing on his property. However, since you've been doing this for so long without complaint, you might be able to acquire an easement to permit your access to my property.
A more virtual application of this might be how escalator went from a trademark to a generic noun because Otis Elevators did not properly defend their rights to this virtual property.
Shouldn't a computer user have the same obligations? Isn't ignorance generally not a valid defense? Again, I'm not vigorously arguing this point. It was mostly just an interesting (to me anyway) thought brought on by the discussion of whether it would be ethical under any circumstances to take advantage of a situation as presented by the OP.
posted by Fezboy! at 2:42 PM on September 7, 2007
That's where I was going, juv3nal. Let's say I own some property between you and AdventureLand and that you really, really like to visit AdventureLand. Let's say you like it so much that instead of getting in your car and driving around my property, you climb my crappy chain link fence and cut across the corner of my lot to get to the gate. You do this because it saves you 5 minutes. The corner you cut across every day is hidden from my view by my grove of plum trees so I never see you.
Ten years later I sell my property to some guy who tears out all the plum trees (bastard!). You're still going to AdventureLand because you enjoy fun-filled days and you're still cutting across my lot to gain that extra 5 minutes of AdventureLand fun. The new guy sees this and gets all up in your grill about trespassing on his property. However, since you've been doing this for so long without complaint, you might be able to acquire an easement to permit your access to my property.
A more virtual application of this might be how escalator went from a trademark to a generic noun because Otis Elevators did not properly defend their rights to this virtual property.
Shouldn't a computer user have the same obligations? Isn't ignorance generally not a valid defense? Again, I'm not vigorously arguing this point. It was mostly just an interesting (to me anyway) thought brought on by the discussion of whether it would be ethical under any circumstances to take advantage of a situation as presented by the OP.
posted by Fezboy! at 2:42 PM on September 7, 2007
Isn't ignorance generally not a valid defense?
I reckon ignorance of the law is not a valid defense, but ignorance of the occurrence of trespassing is a different matter. Especially if we take a case where the trespasser is being surreptitious, actively taking pains to avoid detection. The grove of plum trees complicates things because we can see the one side saying he was just walking by the most optimal route and the other saying he picked that route to avoid detection. I don't really know how the grove translates to computer terms though.
posted by juv3nal at 5:51 PM on September 7, 2007
This thread is closed to new comments.
posted by LobsterMitten at 11:46 PM on September 6, 2007