Stop Online Piracy Act (SOPA) and You

Note: This was written quite a while ago. While the risks are still factual, the politics are well outdated.

This article touches briefly on the security risks associated with the Stop Online Piracy Act (SOPA). If you’re looking for information on possible countermeasures, you may be interested in some of these links:

What is SOPA?

H.R. 3261, also known as the Stop Online Piracy Act (SOPA) is a piece of legislation that is attempting to allow federal censorship of the internet (along with S.968, commonly referred to asthe PROTECT IP act. Both of these pieces of legislation not only threaten our freedom online, but could also have a major effect on internet censorship globally. Politics aside, the act poses several very real security threats to not only the infrastructure of the internet itself, but to the millions of people who use it every day. A whitepaper, published here (direct PDF),presents an in-depth analysis of the technical problems that would be caused by the implementation of DNS-level censorship. I’m not going to discuss the infrastructure risks or politics here, but rather focus on the number of security risks that very likely will present themselves to the average internet user.

Proposed Implementation: DNS Filtering

There are several ways to censor content on the web. With the current Digital Millennium Copyright Act, or DMCA, individual service providers are responsible for removing infringing content. In other words, if I were to post copyrighted content, my hosting provider would be responsible for removing my site, not the government. An ISP can be served with a DMCA takedown notice by anyone who feels their copyright has been infringed, and sites may be taken down with only a “good faith effort” on behalf of the complaintant – it doesn’t even have to be a legitimate takedown notice, it just needs to be filed with good intentions. For the special interests groups (MPAA, RIAA, et al.), this still isn’t enough.

In countries like China, Iran, and Egypt, the national governments handle the censorship. The method that’s been proposed for the US (and is used in some countries) is DNS filtering. Your employer, school, or other organization may employ DNS filtering on a local level, which isn’t so bad for the health of the internet. (It’s also easy to bypass, see this page.)

However, implementing DNS filtering on a nationwide level poses a number of security threats to the internet itself, which in turn create security threats to you, the end user. DNS (Domain Name System) is the system by which your computer translates a web address (http://www.cmattoon.com) to an IP address (69.175.118.186). Computers only understand IP addresses, but they’re inconvenient for humans to remember, so we have a “phonebook” (so to speak), that translates an easy-to-remember domain name to an IP address, so that your computer can connect to the correct server. When you type an address into your web browser, the DNS looks up the IP address, and gives it back to your computer. Then, your computer can connect to the site you requested.

DNS Filtering works by giving your computer bad directions. If you wanted to view www.example.com, which contained information that your government felt was unsuitable for you, the DNS would give your computer the IP address of the government’s “Nothing to see here” page. By tampering with the directory system of the internet and re-directing content, you open up the system to exploitation. We’ve worked so hard to improve security and trust online, and tampering with the DNS undermines both of those.

Fact: The Filters WILL Be Bypassed

“Locks are there to keep honest people out” – this saying touches upon the reality that no lock (or filter) will keep determined people from attaining their goal. Teenagers bypass parental controls to look at porn. Employees bypass corporate web filters to get to their favorite sites. The Chinese have been bypassing the “Great Firewall of China” since its inception. No matter what the government tries to throw at people, they’ll eventually find a way to circumvent it. Several tools have already been created for the sole purpose of bypassing anticipated SOPA filters.

Besides using browser add-ons or third-party applications, users can modify their HOSTS file, or change their default DNS servers (say, to a foreign DNS that’s not subject to US law). You can even enter the IP address directly into the URL field, and bypass the DNS altogether (since your computer doesn’t need to look up directions). Aside from manually entering an IP address or installing an approved Firefox add-on, these steps can pose a serious risk to your computer if performed improperly.

Any new technology or change in habit among internet users as a whole opens up new possibilities to malicious hackers, identity thieves, etc. Let’s take a look at the can of worms that SOPA could open.

Problem #1: Malicious Software & Websites

Once the general public is fully aware of the SOPA provisions, perhaps when YouTube is taken down due to SOPA violations, they will begin to look for alternatives. Opportunists will likely develop a million different versions of software that will allow you to view or download the blocked content. While some of these programs may be legitimate, we all know how many virus-ridden, spyware-infested applications are available for download over the internet. Since most people these days have antivirus software installed, this shouldn’t be too much of an issue, right?

Wrong.

Even legitimate software could be used to modify your HOSTS file (perhaps automatically, for ease-of-use), to help you get to your favorite censored website. Currently, Windows protects the HOSTS file against changes, unless accessed with Administrator privleges. Of course, that doesn’t necessarily stop the malicious hackers from gaining access, either directly or through an application. And while your antivirus may catch an attempt to modify the HOSTS file, it will be widely-publicized that modification of the HOSTS file, albeit risky, is not so bad afterall. Therefore, more users will probably just click “ignore”, or simply disable their antivirus when it won’t let them ignore the file. (If you think this isn’t the case, there are hundreds of studies that show people will open just about anything, ignoring all warnings, to get to what they want.)

The second problem with software solutions is that they come with the possibility of intercepting ALL of your internet traffic. For example, a new program that routes traffic around the DNS filters has to know what site you’re requesting, as well as have the means to shuttle information back and forth. A malicious programmer could easily write a program to capture all your login data, and send it off to his computer. Again, this already happens on a daily basis (google: phishing, or see Credential Harvesting with SET).

Software aside, thousands of blogs and websites will appear (and have already started to), telling users how to bypass the DNS filter. The problem is, not all of these websites will be truthful. Be wary of any site telling you to “download this widget” or “allow Administrator access” to a program. Always double-check the information you find online with reputable sources. Don’t simply follow the first tutorial that Google shows you.

Problem #2: Rogue DNS Servers

Additionally, there is the option to modify your DNS settings, so that your computer could query a DNS server in another country that doesn’t have to comply with SOPA. Let me re-state that for clarity:
You can route all of your internet traffic through someone’s server, located in the basement of some guy’s house, on the other side of the world, outside the jurisdiction of US law.

While it’s true that a lot of DNS servers will probably pop up, and a lot of them will be operated by well-intentioned free-speech advocates, companies trying to make a few bucks, or whomever, there WILL be a large number that are operated by malicious people, who would be able to intercept every bit of data you transmit over the internet. (Of course, there’s always the possibility that the “good” DNS servers will be hacked, and your information exploited anyway).

Given that your average internet user knows almost nothing about how the internet works internally, and most of them will click on anything, this is begging for
disaster. Picture every 13 year old who wants to download the latest Hannah Montana song following a tutorial on how to tamper with DNS server settings. This isn’t speculation, it can and WILL happen. If you don’t believe me, ask the IT department at your local middle school how many hours were spent un-fucking their network and applying security patches and upgrades because of some kid bypassing filters or modifying network settings. (I know, I was that kid.)

Or check out forum posts like this, this, this, and this.

Problem #3: Social Engineering

As more and more people start to bypass the DNS filtering put in place by Uncle Sam, they’ll be familiar with lots of warnings, antivirus temper tantrums, and words of wisdom. And just like they do now, they’ll ignore them. Why? Because it’ll be so commonplace. If you’re an Internet Explorer user, think of the last time the Information Bar appeared, and you just clicked the “Yeah, whatever. Show me what I’m looking for” option? How many times have you let a Java or JavaScript app run, without having the foggiest idea as to what it does? We do it all the time. We know the pop-up blocker is there for our own good, but we add exceptions without thinking, because we figure it’s being overly-sensitive. We allow programs to modify files and settings on our computer when we install new programs, and we don’t even know what they’re modifiying. What makes anyone think this won’t be a BIGGER problem when the content-sharing sites that so many of us love are blocked?

As people become accustomed to ignoring more and more errors and warnings, more opportunities will present for the malicious hackers. Again, the human element (stupidity and complacency) are huge factors in compromising networks and computers. Tons of survey sites, giveaway programs, adware, and sketchy porn sites are notoriously infested with stuff that’s bad for your computer. Fortunately, most of us don’t have a reason to visit shady web sites, and are wise to their scams, so that part of the internet isn’t a huge threat to educated internet users.

But what about a website that explains how their new program can let you watch YouTube videos again? It’s free (honest) just download our new toolbar and make sure it’s running anytime you’re online – particularly when you’re checking your bank accounts, e-mail, or entering credit card information. Bet the farm that, if
SOPA or PROTECT IP pass, the internet will see tons of these sites popping up. Everything from spyware-infested toolbars to “secure” proxy sites to DIY tutorials written in barely-legible English.

I’ve also mentioned previously that it’s possible to use DNS servers outside of the US. If this becomes a popular method to bypass the filtering, users will eventually become comfortable (or at least accustomed to) routing their internet traffic overseas. They’ll get used to the slower connection time (because of the longer distance) and other hassles that come with it. But alas, even the more cautious people will eventually slip up and check their bank account in a hurry, forgetting that everything is potentially exposed, and their information will be in the hands of the malicious server operator. It only takes one slip-up, and your information could be stolen.

Summary

No matter which way you look at it, SOPA and PIPA are horrible ideas.

From a political stance, they promote the expansion of government (who’s going to monitor all this? Certainly, we’ll need a new department!) and infringement of first-amendment rights. It eliminates internet freedom in favor of a special-interests group (RIAA/MPAA), and will not stop piracy anyway. Hell, even RIAA and DHS employees have been caught downloading illegal music at work. It’s a gateway to more thorough internet censorship (give them an inch, they’ll take a mile), and similar laws have already been abused. It tampers with the inner workings of the internet, compromises state-of-the-art authentication techniques (DNSSEC), and exposes users to numerous security threats, viruses and cyberattacks.

Internet piracy, along with malware in all forms, is here to stay. People love free stuff, and will go out of their way to NOT pay for their music. After all, who has $30,000 to fill up their iPod? (I know, that’s a poor excuse). In addition, this sets a dangerous precident globally. Other countries may start to ask: If the United States, the epitome of liberty & freedom, can censor the internet, why can’t we?

Stop Online Piracy Act (SOPA) and You

Leave a Reply