RATs, Shovels and Servers
When you look back across history, it is the merchants and suppliers who usually come out the best in any conflict or large scale disruption. Look at the California Gold Rush – while it was in theory possible to get rich mining gold, it was in practice far easier to make a profit selling shovels, and later jeans, to miners. History note – Levis used to have rivets in the crotch until customer feedback from cowboys who squatted around fires to warm up indicated that one of the more painful experiences you could have is to wear pants with a well heated rivet in the crotch.
Similarly, Sun, maker of Unix big iron and suppliers of one of the most favored platforms upon which to build .com infrastructure back in the .com boom days, profited handsomely from selling not shovels but servers. Did it matter that when the dust cleared that nobody saw value in being the first mover in the highly contested free overnight lead ingot market? Nope, what mattered is that there was plenty of VC money earmarked to buy servers. Sadly for Sun, the flip side of enormous success selling web scale iron to sock puppet websites who all bled dry at roughly the same time is that this created a tremendous used market which in turn created tremendous downward pressure on price and demand. Still, probably better than a red hot rivet in the crotch. Just sayin’.
RATs – remote administration tools, are both potentially extremely helpful and extremely harmful. Support tools like Logmein and even VNC have for years provided remote access and remote administration capabilities for legitimate purposes.
When we look at law enforcement and bad guys, the focus has been more on the miners than the providers of shovels. Recently, as covered by Krebs, Taylor Huddleston, author of the NanoCore RAT, was sentenced to 33 months in prison for his sale of RATs to hackers.
Some cases may have been more finely nuanced, shades of grey type things but in this case Huddleston sold his wares on hackforums[dot]net, a hacker forum alongside another product, Net Seal, that prevented the reverse engineering of software such as RATs and other hacking tools.
If he had sold his software in a safer, more brightly lit place, then he might have had more success with a story about not knowing that people were doing bad things with the tools he was providing. Sort of like the difference in selling tools at the hardware store vs. selling slim jims and screw drivers in box labeled “burglar tools.”
Speaking of RATs, would you be interested in reducing the mean time to detection of an intruder? One of our recent white papers, Best Practices for Security Resilience, has a number of suggestions and ideas that can help you speed up the detection of bad guys who have found their way onto your network.