Napster alternative: hack people's hard drives

'ShareSniffer' blurs line between hacking and P2P sharing

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

With the future of music-swapping site Napster looking grim, on Friday a tiny Nashville-based startup began touting an even more controversial milieu for peer-to-peer file sharing: random, unprotected hard drives on the Internet.

ShareSniffer's newly-launched software, itself called ShareSniffer, allows people to hunt for exposed Windows file systems with the ease of a Napster-user searching for a favorite track. "Right now... there are tens of thousands of computers worldwide that have their files deliberately shared with the Internet with no password required," reads the ShareSniffer Web site. The site goes on to encourage Netizens to rummage through strangers' music files, digital movies, Microsoft Word documents and spreadsheets.

The company motto: "Because it's there."

Microsoft Windows' NetBIOS support makes it easy to share hard drives and printers over a network. But users who configure their home or office network for file sharing often inadvertently make their files accessible from the Internet as well. If such a user hasn't chosen a file sharing password, then their disk drives are open to anyone who knows their system's Internet (IP) address.

These so-called "open shares" are one of the Internet's most persistent security issues. The problem made the SANS Institute's list of top ten security holes in 2000, and has been the subject of warnings from the government-funded Computer Emergency Response Team (CERT), and the FBI's National Infrastructure Protection Center (NIPC). The vulnerability is a favorite among computer intruders and virus writers: last year even saw a malicious worm that spread through open shares, seized victims' modems and dialed 911.

ShareSniffer Inc. appears to be the first enterprise to try to harvest open shares for commercial gain. The three-person company offers the software as a free download, but plans to offer more full-featured versions for between $5 and $100.

A program that scans Internet addresses for unprotected disk drives might be viewed as a hacking tool. But to the man who wrote it, ShareSniffer is an honest peer-to-peer venture that brings out the full potential of Windows' networking features.

"I want people to know that they don't have to take the time to make a web site and pay somebody to host it," says ShareSniffer Inc. co-founder Kerry Rogers, 40, the author of the program. "All they have to do is right-click on a folder, and they can make all their music and art and other incredible stuff available to the world."

Legal Issues

Others see it differently. "Federal law makes it illegal to knowingly obtain unauthorized access to a computer," says Mark Rasch, a former federal computer crime prosecutor, now an attorney with the Science Applications International Corporation (SAIC).

"The person who has, through no knowledge of his own, left file sharing 'on' with no protection, that is the electronic equivalent of leaving your door unlocked," says Rasch. "You can't with any degree of certainly say it is an invitation to enter....Therefore, when you enter through an open file share, that's likely an unauthorized access."

"We have a bevy of lawyers that say just the opposite," Rogers claims. Rogers also points out that ShareSniffer only locates open shares, it doesn't access them. The user does that through a normal Windows function.

Programs that scan for open shares are already available online -- as hacking and security auditing tools. What distinguishes ShareSniffer is the user interface, which has all the trappings, icons and trademark touches you'd expect from a serious P2P commercial software package. A user selects a block of Internet addresses and clicks on an icon to set the program's scanning engines, or "nostrils," into action. ShareSniffer eventually returns a list of addresses with open shares.

The program automatically posts its bounty of unprotected systems to a particular Usenet news group, where other ShareSniffer clients can pick it up and display it. "It's distributed computing -- everyone is getting the benefits of everyone else's sniffing," explains Rogers. As a side effect, the ShareSniffer news group has quickly become an open repository of unprotected systems. Monday morning, thirty Internet addresses were listed.

In a Usenet posting, Rogers predicted that number will "soon easily exceed 2000 per day," and will increase ten-fold in the months to come.

Rogers maintains that those open shares are not accidents or security holes: people share files deliberately, he says, particularly on college campuses, where students use open shares to swap music and software with one another. "I want to emphasize that this is public and voluntary," says Rogers. "Microsoft Windows by default will not expose files to the Internet. It has to be consciously configured to expose files to the Internet."

But Patrick Prokop, a TV weatherman in Savannah, Georgia, says he never intended to open his home computer to the world. Nevertheless, a ShareSniffer client sniffed out Prokop's machine earlier this month, apparently in pre-launch testing by the company, and the address was posted on Usenet. On Friday, anyone could read, modify, or delete files on Prokop's system.

"I don't like that idea," said Prokop, after SecurityFocus notified him that his computer was accessible. Prokop says he meant to share files between two computers on a home network, and didn't realize they were accessible to everyone else. "I'll have to password protect them, or put a firewall up."

Asked about Prokop's system, Rogers acknowledged that ShareSniffer may expose unintentional file shares. "We're seeing stuff on the Usenet group that we don't necessarily want to see," he admits, but he claims that will become rare when ShareSniffer catches on. "People will realize that they're going to be exposed."

© 2001 SecurityFocus.com, all rights reserved.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.