Search the Community

Just in case you hadn't heard the British Government just passed the IPBill So fairly soon your ISP's will be required to log every site you visit in a log of your Internet Connection Records (ICR). Sounds innocuous, just your browser history really, and you've got nothing to worry about as long as you steer clear of the t*rrorist & kiddie p*rn sites, or have you ? Well yes you have. At the moment the bad guys routinely break into advertising & 3rd party scripting sites to plant malware which gets downloaded to PC's, this malware does things like create botnets, encrypt your PC and tell you to call a number to pay to get it unencrypted or just spread a virus which downloads yet more crap, that sort of thing. Your virus scanner and antimalware software is designed to deal with this sort of thing and people are on the lookout for it so thankfully while it's dangerous and a pain in the arse, it's manageable. For example not long ago the BBC were serving infected adverts from 3rd party sites that had been compromised in this way. I'll get to why I mentioned that in a minute. Bear with me if you already know this. When you visit a web page you effectively download a series of instructions for your browser which tell it how to render the page, but these instructions do much more. They pull in images sometimes from 3rd party sites, they pull in scripts also sometimes from 3rd party sites, those scripts can pull in yet more content from yet more sites until eventually it's all on your PC, some of these continue while you're looking at the page and do so without you noticing. This third party content is the stuff the bad guys tend to target when they plant their malware bombs. These site accesses look just as if you'd sat and typed the address into your browser, it cannot be distinguished from the sites you know you visit, your browser is built to do this. Every one of them is now going to be logged in an ICR that you know nothing about and cannot access. So what I hear you say, it's all legal sites, nothing to worry about. Except for the aforementioned bad guys, who now have another target, further it's a target you have no control over or access to, but it's very intimately yours. Lets imagine the bad guys switch from planting malware to planting a small script section inside a commonly used script from one of these 3rd party sites. This script gets downloaded to your PC when you access a web page, say from the BBC. Once on your PC the main script executes as normal and eventually hits the new code, this creates an element on the page with a "display:none;" style, this means no attempt is made to render the element, you can't tell that either the element or it's contents are there without looking at the generated source code for the page. Then the script downloads some content from a t*rrorist or kiddie p*rn site & directs the output into this new hidden element, they can also pull in some content from their servers just so they can log your IP address and time of access so with a bit more work they can try and trace you with varying degrees of success, some people will be traced others not. They don't have to do it this way, they can use a simple Ajax technique to read any available server content & dump it into a JavaScript variable, it never goes near the displayed page, but it still get's logged in your ICR log. You know nothing about this, but your ICR now has references to t*rrorist and kiddie p*rn addresses in it, and the bad guys know your IP address and are using other methods to trace you. Then after a few days the bad guys go back in & remove the evidence from the server, your ICR log still remains. Then depending on how successful they are at tracing you there's an email or a phone call telling you someone planted t*rrorist and kiddie p*rn addresses in your ICR log and for a fee they won't call the police. Some will pay, some won't, some will be found by the police anyway and as the only evidence will be the ICR log by this time and no one can affect that except by visiting sites, the police won't be interested in peoples protestations of ignorance of how those addresses got there, they will tear peoples lives apart looking for more evidence. Or they don't, they just tip off the police with some IP addresses & contact times to create chaos. The authorities may eventually figure out what is happening, but not before a lot of people have had their lives destroyed. Before anyone tells me I'm telling the bad guys how to do their job, advertisers do this sort of thing all the time to preload & postload adverts, it's a well known technique, any javascript web developer can write a script to do this in under 5 minutes, probably with their eyes shut. And as there's no attempt to download malware or exfiltrate data from your PC, no antimalware software will detect this, your browser is just doing what browsers do. You can try disabling scripting, but a lot of sites just don't work if you do, plus there's nothing to stop the bad guys going after the main page and simply adding some HTML to do the same thing without a script, add a hidden iframe or an img with a source on some dodgy site, it's easier to compromise a script but you don't have to. The British Government just destroyed the internet at the stroke of a pen.