Mar 17 2016
'Remote access tool', that is - a little beastie (usually considered malware, though there are legit incarnations of this sort of software) that hides itself inside a workstation and lets someone connect remotely at any time and go through the system and silently monitor what the user is doing. Crackers have been using them for years for recon before an infiltration attempt, but only recently are the white hats finding uses for them. Such as watching what your kids are up to. Presenting Snoopstick, an all in one package for infecting someone's box with a RAT that lets you keep an eye on what's happening. Snoopstick comes on a handy USB key for easy installation. The idea is that you plug it into a USB port on a system, wait for the window to come up, and run the installer. The RAT is installed, and then you unplug and walk away. Like any good infiltration utility, it's undetectable to a casual search (though you can bet that ways of finding and uninstalling it will be released soon). Then, at any other machine on the Net, you can use the Snoopstick to connect back to the infected machine and watch what's going on (the client seems to be on the stick along with the daemon's installer), send pop up messages to the logged in user ("Jo0 |>. pwn3d!@#!@#@$!@$@$%"), disable network access, tap instant messenger traffic, remotely read e-mail, edit web browser settings to block social network sites... all of this without having to type in a password, which suggests that the client either uses a file on the key to authenticate itself, or that it uses a volume ID code in the FAT32 file system (about as universal as they get these days) to authenticate.
Mom and Dad discover Back Orifice, in other words.
Like a lot of things, I'm of two minds about this. On one hand, I'm very against net.surveillance of any kind, and it matters little if it means parents keeping an eye on their kids or Big Brother snarfing terabytes of traffic off the Net. Every sapient being has a right to privacy, which goes along with life, liberty, and the persuit of happiness (yes, I mangled the Declaration of Human Rights).
On the other hand, kids gets into trouble. It's a fact of life. On the Net, kids can get into trouble well over their heads much faster than the used to, and parents have a duty to keep an eye on their children and protect them from grevious harm (be it hooking up with a stranger they met in a Yahoo chatroom or blowing themselves up by figuring out how to make plastic explosives using ordinary household chemicals). Children tend to be farther along the technology curve than their parents, also; they pick things up faster, learn how to apply the rules in creative ways faster, and learn how to outright break or dodge the rules faster. It's the only way to have a good time when you're that age.
What I'd like to say boils down to this: RATs are tools, like any other. They can be used, or they can be abused. The question is, how much do you trust the users to not abuse them?