Monday, May 30, 2011

Everything is Moving to the Cloud... Even Hacking?

I promise that this won't be a buzzword-laced post about the benefits of cloud computing, the continuous move to store all our information online, or the pros and cons of relying on off-site storage. However, an interesting trend has been cropping up in terms of cloud computing and network security: the use of "the cloud" as a launching point for cyber attacks. One of the most notable incidents (and the one that inspired this post) was that of the cyber attack on Sony's Playstation Network. One of the big differences between that attack and more "conventional" hacks is that the attackers were able to harness the power of cloud computing to launch their attacks rather than relying on local servers or widespread botnets. I believe that this will quickly become a trend, if not the norm, for cyber attacks in the future. The anonymity of a cloud-based launching point, its ease-of-use, availability, power, and low costs combine to make using the cloud to launch a cyber attack not only feasible, but also tempting.

When Sony released information about the attack, one of the more noteworthy facts was that the attacked had been launched from Amazon's EC2 cloud computing infrastructure. Although hackers have previously used rented servers, this attack marks one of the most significant cases of late where a service such as Amazon's has been abused in such a manner. No longer are the masterminds behind cyber attacks required to purchase server space from shady third parties in unknown countries. Instead, they can use a legitimate service, at a fraction of the cost and with more power (Amazon's cloud is notoriously resilient).

In terms of anonymity, using cloud based services doesn't necessarily decrease your chances of detection, but it does add another layer. Now, law enforcement investigators will need to subpoena Amazon, search their records, find connecting computers, and trace from there. It's another step that only adds time and could possibly aid attackers. Renting a server and service from Amazon is as simple as signing up with a fake account and a fake credit card, something to which cyber criminals undoubtedly have easy access. In addition, using an Amazon server to launch an attack is like hiding behind a proxy without the obnoxious bandwidth reduction. Now, attacks can be launched at full speed, without being channeled through proxies. Only the commands sent to the servers need to be sent through proxies to obfuscate the identity of the attacker.

Amazon has an amazing infrastructure and you can be assured that hackers will continue to exploit it mercilessly. A question that needs to be asked, however, is how will Amazon protect against outbound attacks? They have demonstrated (for the most part) that they can secure their infrastructure from attack. But what happens when that infrastructure is doing the attacking itself rather than being attacked? Hopefully Amazon will be able to implement security that can prevent the abuse of its services.

No comments:

Post a Comment