Posted on 04/30/2002 12:15:09 PM PDT by dead
Secreted in KaZaA software is Altnet — and it’s about to be activated, warns Nathan Cochrane.
The 20 million users of KaZaA Media Desktop, the world's most popular file-swapping software, have little more than a month to decide if they want their computers hijacked.
That's the time-frame laid down last Wednesday by Sharman Networks chief executive Nikki Hemming for the activation of Altnet, an alternative network to the Internet used to create a giant virtual supercomputer.
KaZaA Media Desktop is software bought by Sharman in January that lets computer owners swap music and other digital content. Technology boffins call it filesharing or peer-to-peer (P2P) because users communicate directly with each other.
Hidden inside KaZaA, however, is Altnet - Trojan software that aims to harness the spare processing, storage and communications power of the millions of computers connected to KaZaA's FastTrack network, a concept known as "distributed computing".
The Altnet software was created by Brilliant Digital Entertainment (BDE), a California-based multimedia company founded by former Australian entertainment software entrepreneur Kevin Bermeister.
Since March at least, Altnet has been downloaded, often without users' knowledge, secreted in the KaZaA software.
It is scheduled to be activated by a signal Sharman will send to users' PCs, in the next four to five weeks.
"The world is full of unused computing power," BDE said in a disclosure to the US Securities and Exchange Commission at the beginning of the month.
"You pay for this capacity whether you use it or not. Businesses, meanwhile, buy expensive facilities at massive . . . supercomputer centres.
"Altnet seeks to bring these two groups together."
Distributed computing has searched for extraterrestrial intelligence (SETI@Home) and an understanding of living cells (Folding@Home), although with the user's explicit consent and not clandestinely downloaded through a third-party software program.
But the prospect that more than a million PCs could be hijacked en masse chills information security specialists.
"Any attacker who can control 100,000 machines is a major force on the Internet, while someone with a million or more is currently unstoppable," Berkeley University computer science academic Nicholas Weaver wrote this month.
"As for Brilliant Digital, their horribly flawed business plan shows a grave misunderstanding of security. Since their proposed business can't possibly work, they should both protect themselves from legal liability . . . by producing a program on their update server which removes all traces of their trojan."
Australian distributed-computing researcher Rajkumar Buyya is optimistic that a successful deployment of Altnet will spur further development.
"It is wonderful to know that the industry is moving towards invisible distributed computing," Buyya says.
"(But) I have concern about their security protocols for activating the client and running programs that utilise idle resources . . . If someone finds out that, anybody can request your machine to do what they want, which is scary."
KaZaA, like the infamous file-swapping software before it, Napster, has been vilified by the recording industry for allegedly aiding and abetting theft.
Last September the chief of the Recording Industry Association of America (RIAA), Hilary Rosen, called for crisis talks with the heads of a dozen media groups to head off the "overwhelming volume" of piracy on the P2P networks.
Sharman's Nikki Hemming says she will schedule talks with Rosen soon. In the meantime, Hemming is eroding Rosen's support base by talking directly to artists' groups instead of publishers.
KaZaA, more wily than its file-swapping brethren, hired a Washington lobbyist, lawyer Phil Corwin, who previously represented the American Bankers' Association.
He is hawking the Intellectual Property Use Fee, an Internet tax, to be levied by ISPs on their customers.
"A similar levy . . . applied to a much broader base of parties, could provide a significant new revenue stream to copyright owners to compensate them for the inevitable 'leakage' (theft) resulting from Internet distribution," Corwin said in an April 8 submission to a US House judiciary committee on digital copyright.
That revenue would amount to $US2 billion a year in the US if a $US1 tax was charged on top of access fees, Corwin said.
"Every party from hardware manufacturers to ISPs to publishers of ripping software would pay a royalty . . . and provide a royalty stream to compensate (music artists)," Hemming said last week.
"At the end of the day we totally believe that artists, creators and those who represent them should be rightfully rewarded for creation of content."
Hemming said she was pursuing the authors, users and sponsors of KaZaA Lite, software that removes Altnet and other hidden software in the branded KaZaA software.
"There's a lot of concern in the market around these scam sites because they release ripped-off unstable code and it puts users at risk," she said.
I have alot of clean-up ahead.
Hehehehe. And therein lies the rub. I have only a teensy bit of pity for any of us that were troubled by this little gremlin... After all, there is no free lunch. Or, if you hang out with theives, don't be surprised when they try to steal from you, too.
I knew when I walked into the dark smoky room that is KazAa looking for an illegal stolen bootleg of a popular fantasy film not yet available on DVD... That I had left the moral high ground and was now swimming with alligators. Let is be a lesson to us all!
Go forth and sin no more!
At least until spring 2003, when another popular fantasy film shall hit the bootleg underground and tempt us to return... whispering rationalizations in our ears as we stand outside the door, wanting very much to go back into that place just one more time....
Makes sure you always have the most recent referencefile for Ad-aware installed on your system. RefUpdate is a free add-on for Lavasoft's Ad-aware that automatically downloads and installs the latest adware definitions on your system. If no reference file can be located, the most recent file will always be downloaded and installed.
Note: You need to have Ad-aware installed on your system before you can use this free add-on.
regards,
I've got Kazaa-lite (which is on the same network as Grokster) on my system, and I couldn't find any of the distributed computing files listed above after I installed it. Here's a Wired article about it.
In any case, you could solve this one by only allowing specific outbound ports, typically 20, 80, 110, and 119.
As for the ignorant masses who buy a router without knowing how to use it, I urge them to learn. Get the O'Reilly TCP/IP book and work through the examples on a Linux or Sun box.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.