GeekSpeak: July 22, 2002

Parasitic computing: What you don't see could sap system.

In the course of researching grid computing, I ran across two inventive ways to use other systems CPU power without users of those systems giving permission—or even knowing.

The first option is to embed JavaScript in a Web page displayed in a nearly invisible, 1-pixel-wide frame. The JavaScript can download information from and upload information to the source server, and it can do a fair amount of calculation—one hour-long test on a public Web site provided 40 million floating-point operations of computing.

A second approach is even more cunning. Four researchers at the University of Notre Dame developed a method to use the package integrity features of TCP to do distributed computing.

As described in their Aug. 30, 2001, article in the scientific journal Nature, they wrote code that calculates the results of a particular Boolean expression using the TCP checksum. A TCP checksum is computed by dividing the packet into 16-bit words and adding the words together—by crafting particular packet data, the process can be used for Boolean expression evaluation.

The process is extremely inefficient—they had to send out every possible answer to find which one resulted in a correct checksum and was thus the right answer—but it is diabolically clever. There is no way to prevent this kind of resource usage without disabling TCP.