Wed, Dec 10, 2014 - Page 9 News List

As computing goes to the cloud, so does crime

While technological advances allow less waste, increased flexibility and, ultimately, make everyday life more convenient around the world, the security risks must also be considered

By Quentin Hardy  /  NY Times News Service

Illustration: Mountain People

As more of people’s lives, from family photos to financial information, moves into the cloud, malicious hackers are following.

It is easy to see why: Cloud computing systems contain lots of critical information, from sensitive corporate and personal financial data to government secrets and even nude photographs never meant to be shared.

All of it has been targeted by hackers, and in many cases stolen. In 2009, a password-stealing “botnet,” or collection of malevolent software, was found inside Amazon Web Services, perhaps the world’s largest cloud-computing system. More recently, celebrities’ private photos were stolen from Apple’s iCloud storage system.

IBM said its researchers regularly receive taunts from Russian hackers who leave them mocking messages in software aimed at stealing from the 300 banks IBM serves.

“Talk about hand-to-hand combat,” IBM Security Systems vice president for strategy Marc Van Zadelhoff said. “People are salivating at the chance of stealing money. The darker side of society thinks fast, out of desperation.”

Cloud-computing systems are collections of server and mainframe computers, sometimes more than 1 million, made into a single collective via software that disperses data and computing chores among them. As there is less waste and more flexibility in this sharing, the computing whole is far greater than the sum of its computer parts.

Many clouds are privately owned and controlled, inside corporate and government facilities. The biggest and fastest-growing systems are “public clouds,” from the likes of Amazon, Google, Microsoft and many telecommunications providers.

Both kinds of clouds share information across many points, both inside their own networks and with external devices like smartphones.

Much of the older software being moved from regular servers to the cloud were not designed for use there, making the transition particularly vulnerable. In addition, conventional security precautions, such as firewalls that establish a perimeter around a company’s resources, are far less useful in a cloud.

“They are now fundamentally irrelevant,” Van Zadelhoff said. “The notion of a perimeter, where your computing begins and ends, is obliterated in the cloud.”

Hackers might want to be inside clouds for more than just sensitive data, since cloud-based computing systems are places where supercomputer-quality processing power can be rented. That makes them useful in developing new and strong types of malware.

At the Black Hat security conference last summer, two researchers, Bob Ragan and Oscar Salazar, showed how to build a cloud-based botnet for no money at all, simply by using the free-trial offers of many cloud-based businesses.

That processing power hijacked from others can be deployed for moneymaking schemes besides botnets, like “mining,” or creating, new units of the cybercurrency Bitcoin without paying for machine time.

Just as recent hacks reached critical information through innocuous-seeming things like heating and air-conditioning systems that were networked to other computers, cloud systems might have even more pathways in, and a greater number of potential targets out — basically, any connected devices.

Not far away, devices for health monitoring and building control, among other things, would make for even richer targets, said Steven Weber, who recently received a US$15 million grant to start a center for long-term cybersecurity at the University of California, Berkeley.

This story has been viewed 2551 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top