Securing the cloudHackers using cloud networks to launch powerful attacks

Published 3 June 2011

In a disturbing new trend, hackers have begun harnessing the vast computing power of cloud based servers to carry out powerful cyber attacks; cloud computing services piece together large strings of online servers and storage systems to provide users with enormous processing power and terabytes of storage space; earlier this year, a German researcher, demonstrated that a cloud server could fire 400,000 passwords a second at a secured Wi-Fi network; in the recent attacks that shut down Sony’s online customer networks in April, hackers used cloud based attacks to disrupt service to roughly 100 million users worldwide

In a disturbing new trend, hackers have begun harnessing the vast computing power of cloud based servers to carry out powerful cyber attacks.

Cloud computing services piece together large strings of online servers and storage systems to provide users with enormous processing power and terabytes of storage space. These companies offer their services on an as needed basis to allow companies like Netflix or Foursquare accommodate additional traffic.

 

But the increasing ubiquity of cloud computing services and the decreasing costs have enabled hackers to rent their services on an hourly basis. Using the computing power of cloud networks, cyber attackers can wage digital assaults like “brute force attacks” which send a constant stream of passwords at a computer system until it finds the correct code to enter.

For instance, earlier this year, Thomas Roth, a German researcher, demonstrated how Amazon’s cloud computing service Elastic Computer Cloud (EC2) could be used to hack into other systems. Using EC2, Roth launched a brute force attack that fired 400,000 passwords a second at a secured Wi-Fi network. Within about twenty minutes, Roth had successfully hacked into the system.

In addition, in the recent attacks that shut down Sony’s online customer networks in April, hackers used cloud based attacks to disrupt service to roughly 100 million users worldwide.

Scott Chasin, the chief technology officer of McAfee’s Security-as-a-Service, said, “That’s the real key now. There’s a lot of available computing out there with instant-on and instant provisioning.”

In the past, to conduct cyber attacks with vast computing power, hackers would painstakingly create botnets by infecting thousands of individual computers to operate as one. pThis process could take months, but with cloud computing networks, hackers can set up a powerful attack in a few minutes.

According to Chasin, these types of “lily pad” attacks, where hackers use one compromised server to attack another, are not new, but the ease with which hackers can gain access to cloud servers is.

p>Hackers can purchase time on Amazon’s EC2 network for as little as a few pennies per hour.

 

Siamak Farah, the founder and CEO of InfoStreet, a cloud service provider, said that companies using cloud-computing networks should not worry too much about attacks that might affect their accounts because service providers have more sophisticated cyber security defenses than most companies do.

It’s natural for any customer to be concerned, but most people want their money in the bank and not under their mattress,” he said.

Farah added that individual companies generally cannot afford the technology or expertise that cloud service providers can. In addition he said companies can purchase insurance as well as disaster recovery and backup services from third party providers.

You cannot stop crime, but you can reduce it from happening,” he said.