HiveMind: Distributed File Storage Using JavaScript Botnets

Sean Malone

Wed, 27th August 2014


Speaker Bio 1:
Sean Malone has been building and breaking networks and applications for the last 12 years, and he has a diverse practical and academic background in information technology and security. As a Principal Consultant and the primary engagement manager for FusionX, Sean provides clients across all verticals with sophisticated adversary simulation assessments and strategic security guidance. Sean is a key member of the FusionX internal research and development team, and his custom security assessment utilities are used in a majority of FusionX engagements.

Learning Objectives:

Sean will explain:

  • The HiveMind research project
  • Explain how HiveMind data storage offers redundancy and encryption, and allows you to store a virtually unlimited file size by placing blocks of data in the web browser nodes of a JavaScript botnet.

Resources and materials:


Questions and answers

Max, Concise Courses:
@14:22 Would using a script blocker like NoScripts Addon in Firefox stop your browser being used as a node?

Sean Malone:
Yes, it will [the NoScript Addon] block any sort of script including the script running in the background to do all of the botnet processing.


Max, Concise Courses:
@14:40 Has the project been forked?

Sean Malone:
Not that I am aware of but the code is out there on github and anyone is welcome to go out there and grab it [see resources section above] and hack away to their hearts content!


Max, Concise Courses:
@15:00 How would you like to see this project mature?

Sean Malone:
There are a number of interesting ways to see the project mature. Of course, it is possible to take this and build it into more of a production piece of software. There are obviously the less legal uses of this, but regardless of the legality of how you are storing the data, if you are storing illegal data that is going to be illegal to have that data regardless of how it is being stored.

There are also some interesting directions that you can take this for more legal data storage if you do this in a deliberately collaborative manner [for example] if you have a file-sharing site and part of the terms of service that everybody agrees to are that as part of becoming a member of this site you must allow data to be stored on your computer. You can then have a file-sharing site that is passively passing out all of these files in a distributed manner and every member of this site is storing pieces of everybody’s files. It is like a joint-collaborative data-storage network where you are not so much looking for the deniability or the protection of the data, but more of a neat way to provide some additional storage capacity.