Can your computer be used without your knowledge when you're online?

As this ScienCentral News video reports, researchers say your everyday Internet communications can be tapped to perform calculations.

Parasitic computing

As the popular SETI@home project has demonstrated, a little bit of computer processing contributed by millions of individual computers over the internet can add up to a whole lot of number-crunching. Most so-called "distributed computing" projects involve downloading a screensaver that taps your computer's excess power.

Vincent Freeh and his colleagues at the University of Notre Dame wondered if distributed computing could be done without computer users' knowledge or consent. He dubbed this idea "parasitic computing."

"Parasitic computing kind of sits between voluntary use of your computer-- donating your computer through screensavers-- and hacking, which is breaking into somebody's computer unauthorized," says Freeh, who will begin teaching at North Carolina State University in January.

Like the voluntary screensavers, parasitic computing doesn't harm your computer, Freeh explains. It simply takes advantage of something your computer already has to do to communicate online.

"We asked, if the Internet is one big computer, can we compute on the Internet? And we found out that, yes, you can actually compute with the common protocols that create the Internet," Freeh says.

Any of the hundreds of millions of computers on the Internet uses the TCP protocol to communicate. In TCP, many small packets of information are sent back and forth between online computers. To verify the integrity of each packet, the receiving computer adds up all the data in the packet and compares it to a "check sum." If it doesn't add up, that packet contains errors.

"That's the computation that we are able to exploit with parasitic computing," says Freeh. He found a way to formulate a message that forces the receiver to return a computation. The research was featured in the journal Nature.

While parasitic computing "does violate the protocol," it certainly doesn't break any laws. But Freeh wants people to be aware that going online is like living in a community with few rules.

"It's really easy to tell when somebody walks across your front yard, and it's really easy to conceive of a measure to prevent them from walking across your front yard," Freeh says. "But how many of you know when somebody enters your computer from the outside? It happens almost every time you log on. Every time you connect to the Internet there's some packet out there that you didn't ask for, that you didn't authorize, that has come and probed your computer in some way."

Freeh's method isn't profitable, because it costs him as much to send the message as it does to receive the answer, so no real parasites out there are likely to use it. But could someone devise a method that is profitable? Possibly, says Freeh, but he's noncommittal on whether that would be a bad thing. He feels the norms of proper online behavior need to be worked out by society.

"The Internet is a brand-new emerging community and we're all connected," he says. "There are good people and bad people and there's good behavior and bad behavior, and right now we're in the process of figuring out what that should be. We're figuring it out in the laboratories and in the legislature and in the courts of our land."

As for whether it ought to bother individual Internet users, Freeh warns that most computer users, "even computer professionals," don't police their systems adequately to protect against even more malicious attacks.

For those it does bother, however, Freeh has devised a rule called SNORT that can be used with most popular firewalls to detect parasitic computing attacks.