A cloud refers to “the provision of dynamically scalable and often virtualized resources as a service over the Internet†(from Wikipedia). In practice, a user that logs in a cloud service (the bottom of this page lists some of them), for a reasonable price, can rent “resources†such as disk space or virtual machines to run his own code.
Recently, I have been monitoring the queries coming to our WHOIS service and have noticed that several requests were originated by machines belonging to the IP space of a well-known commercial cloud. Since the WHOIS is a free service and can be run from any machine, I strongly suspect this technique has been used to avoid hitting the limit of 1000 queries/day set by Nominet’s Acceptable Use Policy on a per user basis (and not per IP).
The impact of this episode, as far as I can see, is limited and, maybe, not worth too much attention. What is interesting, however, is the way the cloud has been used to circumvent Nominet’s rules. This rises questions about how easy it would be for a malicious user to exploit a cloud computing environment for illegal activities and how long shall we wait before the first large-scale attack based on this technology is reported.
If we consider how the cloud environment works, we realise that:
- A cloud gives a malicious user access to a virtually unlimited pool of resources and computing power
- It is difficult to enforce limits on the amount of resources a single user is allowed to control, because this would harm legimitate users, without preventing malicious ones to open multiple accounts
- Monitoring all processes and activities that run on the cloud is quite complex, maybe impractical. Besides, I don’t think legitimate users would be happy with service providers inspecting their data. They will be forced to use cryptography, which will make things even worse
- Assuming that a service provider could offer some level of protection from misuses of their service, malicious users could spread their activities across different cloud providers, making the task of early detection very complex.
- Finally, accessing cloud services is cheap and prices are expected to drop with the technology behind big data centres becoming more accessible.
The security issues associated to cloud computing are not unknown (recently, for example, botnet controllers have been discovered in the Google cloud), the problem is that this kind of attacks and the threat associated to them are likely to increase in the coming years.
Defending from a cloud-based attack might not be easy and will need to rely on the “good will†of the cloud service providers, which will be expected to monitor their users activities. And, to cite Joze Nazario, from Arbor Networks in a recent interview to The Register, “going to a company as big as Google and saying ‘Can we get an image of that server,’ that’s a pretty high barrierâ€. Especially for small-medium organisations affected by a small/medium -sized attacks.
