Even the SYN flood could be used for testing DDoS against an internal server for benchmarks. There have been more capable technologies which seem to be absolutely on the end user for malicious intent.

The reference to blaming a gun manufacturer for a crime is spot on. Especially when the people abusing it are pirating the software, you can't even look to the author as their arms dealer, they stole the product and are using it with malicious intent.

It is more about the total package. nmap and ssh could be used to build a distributed SYN flood tool quite easily. But when you combine all of these features into one tool it shapes a picture of intent that gets harder and harder to argue about.

I have great concern as a person who has built and released software whose only real purpose is to perform MiTM on network traffic. On the other hand, my software isn't popular with criminals and I break software professionally. It would take a lot of effort to package most infosec and computer tools into easy to use hacking tools.

We tread a difficult line here, but at some point there is no charitable interpretation for a software package. I think at the end of the day I still lean in this guy's favor, but he makes it really hard. It was for profit software and I bet if we have the whole back story of evidence it will become even more difficult to defend the author. Intent matters, even with software.

What that sounds like to me is you would consider dozens of individual and potentially malicious packages to be benign, but when brought under one umbrella it is considered to be malicious?

Every feature I've read that is included in that software suite has a good use case with zero malicious intent, and often times can be very useful to white hat hackers and system administrators and security analysts alike. I still don't believe it is fault of the author that black hat hackers are pirating and abusing a useful software suite, especially when it isn't being advertised exclusively towards them and the author has in many ways attempted to mitigate or limit harmful uses and users.

Like a gun manufacturer who offers weapons as believer in home defense and the right to bear arms, only to have criminals steal merchandise and use it to rob a bank. Or the guy who invented dynamite which has great uses such as tunneling through mountains only to have it used for derailing and looting trains. You can kill a man with a pencil; that doesn't mean a 20-pack of pencils was produced with malicious intent. Dangerous use cases don't necessarily mean that is their purpose.

I agree it is a difficult line to tread, and, in my opinion it really boils down to his involvement in the criminal activity itself.

I liken this to weaponizing dynamite. It is a step beyond a simple tool. But still just a tool. The criminal activity matters. Also, this software was marketed toward the black hat community based on other threads here and my own understanding of how this software got its popularity.

You don't need a remote access tool to test DDoS. That would be a silly use case for something better accomplished with ssh or a remote desktop tool.

Can you name a major corporation that does "24/7 keylogging"?

I don't know about major corporations but smaller businesses or government institutions (such as my old highschool) use stuff like this.

I hope high schools like that keep getting sued.

Also really glad I'm not in high school anymore.

http://www.pcmag.com/article2/0,2817,2386599,00.asp

Can you point out where its described in NanoCore as "24/7 keylogging" as opposed to a feature that can be enabled when needed (in the case of theft or suspected misdeeds for instance). If not, you're building a strawman.

It's not "building a strawman," it's a direct response to a claim by the parent. It's open to some amount of interpretation how much of a bearing it has on the broader discussion, but if the claim is false it absolutely deserves push-back - especially insofar as these understandings help determine norms.

I know of a call center that use to do it, it was stored with Screen Capture and Audio recording data,

Basically everything the employee did while interacting with the customer was recorded..

Some of the tax prep and strict financial institutions do.

I've done work for gigantic investment banks, hedge funds, two of the world's largest retail banks, several insurance companies, and three major trading exchanges. None of them keylog. Can you give me a more specific example of "strict financial institution" that does keylog all its employees?

At every F-500 company I've ever been posted to, the logs produced by a keylogger would be considered a far greater threat than anything the keylogger itself might detect. I can't imagine the regime you'd have to come up with to protect those logs.

It would be a nightmare having to classify this flood of data, store it, manage its lifecycle, identify (or de-identify) it, understand its risk properties from legal, privacy, and insurance perspectives, manage its domicile(s)... Hard to imagine what benefit would outweigh all the cost and risk.

Bloomberg.

> Send SYN floods from all your controlled computers

Seems potentially useful for stress testing. Especially if you're trying to make your service more resistant to DDoS attacks.

This is about as credible as saying that the Michelangelo virus was really intended as a remote wipe tool for IT departments.

There's a long tradition there, wasn't BO2K non-ironically marketed as a system admin tool?

No, it was ironically marketed as a system administration tool, for exactly the subtextual reason as this story suggests one might.