Publication Details

This conference paper was originally published as Horton, J and Seberry, J, Covert Distributed Computing Using Java Through Web Spoofing, Information Security and Privacy, ACISP '98, Lecture Notes in Computer Science, 1438, 1998, 48-57. Copyright Springer-Verlag. Original journal available here.


We use the Web Spoofing attack reported by Cohen and also the Secure Internet Programming Group at Princeton University to give a new method of achieving covert distributed computing with Java. We show how Java applets that perform a distributed computation can be inserted into vulnerable Web pages. This has the added feature that users can rejoin a computation at some later date through bookmarks made while the pages previously viewed were spoofed. Few signs of anything unusual can be observed. Users need not knowingly revisit a particular Web page to be victims. We also propose a simple countermeasure against such a spoofing attack, which would be useful to help users detect the presence of Web Spoofing. Finally, we introduce the idea of browser users, as clients of Web-based services provided by third parties, "paying" for these services by running a distributed computation applet for a short period of time.