When Sony released information about the attack, one of the more noteworthy facts was that the attacked had been launched from Amazon's EC2 cloud computing infrastructure. Although hackers have previously used rented servers, this attack marks one of the most significant cases of late where a service such as Amazon's has been abused in such a manner. No longer are the masterminds behind cyber attacks required to purchase server space from shady third parties in unknown countries. Instead, they can use a legitimate service, at a fraction of the cost and with more power (Amazon's cloud is notoriously resilient).
In terms of anonymity, using cloud based services doesn't necessarily decrease your chances of detection, but it does add another layer. Now, law enforcement investigators will need to subpoena Amazon, search their records, find connecting computers, and trace from there. It's another step that only adds time and could possibly aid attackers. Renting a server and service from Amazon is as simple as signing up with a fake account and a fake credit card, something to which cyber criminals undoubtedly have easy access. In addition, using an Amazon server to launch an attack is like hiding behind a proxy without the obnoxious bandwidth reduction. Now, attacks can be launched at full speed, without being channeled through proxies. Only the commands sent to the servers need to be sent through proxies to obfuscate the identity of the attacker.
Amazon has an amazing infrastructure and you can be assured that hackers will continue to exploit it mercilessly. A question that needs to be asked, however, is how will Amazon protect against outbound attacks? They have demonstrated (for the most part) that they can secure their infrastructure from attack. But what happens when that infrastructure is doing the attacking itself rather than being attacked? Hopefully Amazon will be able to implement security that can prevent the abuse of its services.
No comments:
Post a Comment