“For Educational Purposes Only”

by Daniel Smith

Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?

Ransomware has been at the center of this discussion for about two years now. Ransomware is a malicious type of software that is designed to lock users out of a computer system until the victim pays a ransom to the attacker, normally in Bitcoin. Reports from PhishMe suggest that in Q3 2016, 97% of all phishing emails contained ransomware, while a security expert who requested to stay anonymous told CSO Online that ransomware authors took in close to $1 Billion in 2016. Another group, Malware Hunter Team, reports that there are over 300 different ransomware variants in existence! This is truly a growing problem.

Sites like Github are important to programmers. It gives them the ability to showcase and publish their work, but some projects on the website can be easily used for malicious intent. In 2015 a user and security researcher Utku Sen published Hidden Tear, an open source ransomware project, on Github and argued that it was for educational purposes so students and other researchers could gain a deeper insight into how ransomware works. Others argued that this project laid out the basics for actual malware and those that couldn’t create the software on their own could now do so. In the end, Hidden Tear was abandoned and ultimately detected by antivirus software. But the discussion doesn’t stop there. In 2016, Bleeping Computer’s Lawrence Abrams spotted a strain of ransomware called Magic that had been built using an open source ransomware code, eda2, designed for educational purposes only.

Read more: http://ow.ly/FiYR3091PZy