> * Disable webcam indicator light ... What exactly is the legitimate use of disabling the webcam indicator remotely?
Cheaper than opening the laptop frame and cutting/shorting the LED, allows you to take pictures of people trying to log into your computer without them noticing. Company computer does this on every invalid login, and makes me review them when I log in successfully.
They also make sure when I enter my password I'm not reading it from anything (like a phone or a text file), and when I use the 2FA card that there aren't any wires sticking out from it. I also imagine it takes random pictures, and I'm glad the light is disabled because it would probably annoy me to have it blink all the time.
> * Lock computer with a password of your choosing and show a message on the computer.
My company laptop does this if someone steals it, telling them that this computer is stolen and has embedded GPS and 3G in it so the owners know where it is.
> * Swap mouse button functions
Left-handed people. Sinister, I know.
> * Open CD tray
Before DVD and Blu-Ray made it common to fit everything on a single disc, many applications would copy files from multiple CD discs and would open the tray as a prompt to swap the disc at various stages of the installation process.
> * Keylogger
One of the environments I work in has strict audit policy: Everything is logged to make sure nobody is passing notes in some other way (chat, a text file on a shared server, a drafts folder, etc). Indeed, someone was using a keystroke-stuffing USB device to transfer files into the network and the keylogger was the tool that detected it.
> * Extract passwords of various applications
I use the Apple Keychain. It has an option to let me get my password. This is useful when I log in via the website, which saves a generated password, but then I log in via the app and the idiot programmer has made their own password prompt (instead of using the iCloud-enabled password API).
Sometimes I want to go the other way, and I'm lucky that most programmers are idiots and just wang cleartext passwords into a text file or a sqlite file, or trivially "encrypting it"[1] because otherwise I might not be able to recover my access.
> * Send SYN floods from all your controlled computers
I usually use hping to do this because I want to know that I can protect my applications and services from anyone who will spend less than they can make by knocking my services offline. I wish more programmers did this, but I'm frequently disappointed by bad engineering.
Honestly, that someone is so willing to judge someone they don't even know as malicious simply because of their own ignorance and lack of imagination, is what I find most disappointing of all.
> Combine [all of] this with the fact that NanoCore was originally launched on HackForums and I'd say this is a slam dunk case of a tool being purpose built for illegal activity.
It probably is, but if that happens I hope it will be overturned like some other slam dunk cases[2].
> Now whether someone should be held accountable for building such tools without using it themselves is an interesting question.
I've never pondered it before, and I feel like spending my time arguing about it could be better spent elsewhere, so in my view, it is the exact opposite of an interesting question.
> However please don't try to act like this tool was built for anything other than malicious activity.
Only if you don't try to act like this tool was built for malicious activity, because to be completely frank: You don't know this person, or this tool, or this space, and that the US government agrees with you isn't evidence that you're smart or right, nor will I respect your prejudices for it.
> so willing to judge someone they don't even know as malicious simply because of their own ignorance and lack of imagination
> You don't know this person, or this tool, or this space
I've been involved in the security space for 17 years now. I'm very well aware how these tools and features are used in practice. That's the primary reason why these superficial excuses don't work on me. This isn't abstract theory for me, I'm talking from direct experience.
Can you name any company with 1000 employees or more that has used NeonCore? Or are you talking about other tools? That's really the crux of the situation, the packaging & intent - not the individual features in vacuum. I've seen plenty of people open CD trays and swap mouse buttons for left handed use, but none of them use popular trojans like NeonCore or Sub7 to achieve these tasks remotely.
> are you talking about other tools? That's really the crux of the situation,
No, it's not the crux of the situation. You said:
> > > Now whether someone should be held accountable for building such tools without using it themselves is an interesting question.
So you're clearly talking about any such tool. If now you want to just talk about NanoCore, then you're moving the goalpost, but it's still not going to work:
> > > > I looked at a youtube video of NanoCore [1] and it's immediately obvious that all of the above is bullshit.
...because your source is a youtube clip, and not the admission of any personal or experiential knowledge of the tool, to wit you list a number of features outlined in the youtube clip as specific evidence that the software was designed for illegal purposes only, to which I argue convincingly that those features are not evidence, because I have used those features in large companies.
I've never moved the goalpost, your interpretation may have changed though. Regarding accountability I'm talking about any tool which contains all those features [1] packaged together in high concentration. So NanoCore, Sub7, Zeus etc. Beyond that I've talked specifically about NanoCore. You said the accountability question isn't interesting to you and commented plenty on the specific features. It increasingly felt to me that you're building a case for every feature separately, which is why I brought it explicitly back to the package. I've never argued for the features being inherently malicious in a vacuum, so arguing that with me seems like talking past eachother more than anything else.
Regarding describing personal experience around software designed for illegal purposes, I don't feel like the benfits are worth it for me right now. So you'll have to live with parallel construction. [2]
Unrelated to NanoCore, just as a friendly suggestion, you should cut down on the ad hominem. In every reply you've made to me you've managed to slap on a personal attack. First you called me ignorant and having a lack of imagination. Next you call into question my experience. Now to top it off, you've moved from ad hominem to straight up name calling, accusing me of being a troll. [3] Tactics like these don't help me understand your arguments any better, and I would bet they don't help others reading either.
--
[1] I want to be even more clear in that when I say "all those features" I also mean the truckload of botnet controlling & deployment features that I didn't list in my comment but exist in NanoCore and other competing software.
Cheaper than opening the laptop frame and cutting/shorting the LED, allows you to take pictures of people trying to log into your computer without them noticing. Company computer does this on every invalid login, and makes me review them when I log in successfully.
They also make sure when I enter my password I'm not reading it from anything (like a phone or a text file), and when I use the 2FA card that there aren't any wires sticking out from it. I also imagine it takes random pictures, and I'm glad the light is disabled because it would probably annoy me to have it blink all the time.
> * Lock computer with a password of your choosing and show a message on the computer.
My company laptop does this if someone steals it, telling them that this computer is stolen and has embedded GPS and 3G in it so the owners know where it is.
> * Swap mouse button functions
Left-handed people. Sinister, I know.
> * Open CD tray
Before DVD and Blu-Ray made it common to fit everything on a single disc, many applications would copy files from multiple CD discs and would open the tray as a prompt to swap the disc at various stages of the installation process.
> * Keylogger
One of the environments I work in has strict audit policy: Everything is logged to make sure nobody is passing notes in some other way (chat, a text file on a shared server, a drafts folder, etc). Indeed, someone was using a keystroke-stuffing USB device to transfer files into the network and the keylogger was the tool that detected it.
> * Extract passwords of various applications
I use the Apple Keychain. It has an option to let me get my password. This is useful when I log in via the website, which saves a generated password, but then I log in via the app and the idiot programmer has made their own password prompt (instead of using the iCloud-enabled password API).
Sometimes I want to go the other way, and I'm lucky that most programmers are idiots and just wang cleartext passwords into a text file or a sqlite file, or trivially "encrypting it"[1] because otherwise I might not be able to recover my access.
[1]: https://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
> * Send SYN floods from all your controlled computers
I usually use hping to do this because I want to know that I can protect my applications and services from anyone who will spend less than they can make by knocking my services offline. I wish more programmers did this, but I'm frequently disappointed by bad engineering.
Honestly, that someone is so willing to judge someone they don't even know as malicious simply because of their own ignorance and lack of imagination, is what I find most disappointing of all.
> Combine [all of] this with the fact that NanoCore was originally launched on HackForums and I'd say this is a slam dunk case of a tool being purpose built for illegal activity.
It probably is, but if that happens I hope it will be overturned like some other slam dunk cases[2].
[2]: http://legal-dictionary.thefreedictionary.com/Jim+Crow+Laws
> Now whether someone should be held accountable for building such tools without using it themselves is an interesting question.
I've never pondered it before, and I feel like spending my time arguing about it could be better spent elsewhere, so in my view, it is the exact opposite of an interesting question.
> However please don't try to act like this tool was built for anything other than malicious activity.
Only if you don't try to act like this tool was built for malicious activity, because to be completely frank: You don't know this person, or this tool, or this space, and that the US government agrees with you isn't evidence that you're smart or right, nor will I respect your prejudices for it.