Do You Know What Your Amazon Cloud Is Up To?
26 October 2012
The Amazon Web Service (AWS) had an East Coast service outage on October 22nd. The interruption of service lasted several hours.
According to TechCrunch:
- "What started as a small issue affecting some instances of Amazon’s Elastic Cloud Compute (EC2) in North Virginia became a full-blown outage of AWS in North Virginia. Major services, such as Reddit, Foursquare, Minecraft and Heroku, are down. GitHub, imgur, Pocket, HipChat, Coursera and others are affected"
In brief, the usual short-term whoops that happens with all large computer systems. But what c|net added was interesting:
- "Amazon isn't saying what happened, but a spokesperson said the problem isn't due to an attack, as some have speculated. A member of hacker group Anonymous claimed responsibility for the outage via a tweet, but the Amazon spokesperson said that's not accurate and that no attack occurred."
It was almost a year ago when this article appeared:
Amazon's EC2, Eucalyptus hacked
Darren Pauli, 28 October 2011
- “Effectively, a successful attack on a cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included,” researchers at Germany’s Ruhr University wrote in a paper.
- "We had full access to all customer data, including data authentication, tokens, and even passwords in clear text," researcher Mario Heiderich said.
The article had this warning at the end:
- "Critical infrastructure and services are making ever more use of cloud computing," he said. "It is therefore an urgent need to identify the security gaps in cloud computing".
Don't comfort yourself believing this is theoretical. As we noted in May 2011, there was this incident:
Sony Network Breach Shows Amazon Cloud's Appeal for Hackers
Joseph Galante, Olga Kharif, Pavel Alpeyev, 16 May 2011
- For three pennies an hour, hackers can rent Amazon.com Inc. (AMZN)’s servers to wage cyber attacks such as the one that crippled Sony Corp. (6758)’s PlayStation Network and led to the second-largest online data breach in U.S. history.
- A hacker used Amazon’s Elastic Computer Cloud, or EC2, service to attack Sony’s online entertainment systems last month, a person with knowledge of the matter said May 13.
This article had this warning at the end:
- The episode will cause individuals and companies to rethink what data to put on the cloud and force companies to potentially double what they spend on application security, said Murray Jennex, an associate professor at San Diego State University who specializes in computer systems security. In the long run, it will be cheaper than being hacked, he said.
“This puts cloud computing into proper perspective,” Jennex said. “Everybody’s been thinking it’s chic and ignoring the security aspect. I think this reminds companies that things that make them great need to stay under their control.”
Our point is not that Amazon's Cloud is more vulnerable that other systems. It isn't; ask Sony about THEIR data security. Our point is that we see far too many people buy into the hype of the safety and security of Cloud Computing. And when they** move to Cloud Computing, do the computer equivalent of leaving their house keys under the door mat.*
* Then too, we do see people** getting a web site and putting the keys under the mat.
** Yes, this article is partially directed to 'you know who you are'.
In security matters, treat Cloud Computing no differently from other computer services.
Now we do have a small bone to pick with Amazon AWS Services - Cloudfront.
Previous emails to Amazon Cloud customer service about their problem users have always resulted in mixed results. Translation: No Response.
126.96.36.199 /MyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
188.8.131.52 /myadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
184.108.40.206 /pma/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
220.127.116.11 /phpmyadmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
18.104.22.168 /phpMyAdmin/scripts/setup.php 10/26/12 1:03 PM 0 404 GET ZmEu
22.214.171.124 /w00tw00t.at.blackhats.romanian.anti-sec:) 10/26/12 1:03 PM 0 404 GET ZmEu
We do realize Amazon, that this had no effect on that site. And virtually all web sites are immune to this not ready for amateur hour attack. But maybe he'll learn and try something else, on someone bigger.
Could you have a talk with this Amazon Cloud customer?
"Captain Gideon, 'security' happens to be my middle name." Captain Elizabeth Lochley
"That's all well and good, but just in case your last name is 'breach' it won't hurt for me to double-check." Captain Matthew Gideon