Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Find Home In Amazon EC2 Cloud

Posted by CmdrTaco on from the don't-mind-us dept.

snydeq writes "Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to threat researcher Don DeBolt. The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers and then secretly installing their command and control infrastructure."

22 of 89 comments (clear)

  1. If anything... by iamapizza · · Score: 5, Funny

    This is going to Kindle a debate about the merits and demerits of the cloud.

    --
    Always proofread carefully to see if you any words out.
    1. Re:If anything... by hesaigo999ca · · Score: 3, Interesting

      Not really, as everyone knows you have hotmail and gmail accounts that have commands updated each week for certain other types of botnet, so is that to spark a debate about whether or not we should allow hotmail or gmail, certainly not, however, it could go to show there should be a better security implementation on the servers hosting the clouds to quickly locate any compromised machines or code on the servers.

  2. And? by Kenja · · Score: 4, Insightful

    There is nothing intrinsic to a cloud of computers that makes them any different then the internet in general. Anything that makes use of unprotected computers on the internet will make use of a cloud as well. In fact, from a logical perspective, the internet is a cloud. Its just that access is generally curtailed in some way.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:And? by Monkeedude1212 · · Score: 2, Insightful

      In fact the internet has been represented as a cloud long before cloud became a buzzword.

    2. Re:And? by Anonymous Coward · · Score: 4, Funny

      Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

      The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

      And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

      My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

    3. Re:And? by Rycross · · Score: 2, Interesting

      We need to extend Poe's Law to managerial speak.

    4. Re:And? by sjames · · Score: 2, Funny
      • Buzzword compliant: check
      • So far into the latest trend we can't even tell if it's real: check
      • Thinking so foggy that "the cloud" is spewing from your ears and covering your office floor like a bad horror film: check!

      There we have it. Metrics never lie! Looks like you're on a one way trip to the executive suite!

    5. Re:And? by TooMuchToDo · · Score: 4, Informative

      Link next time. I had to waste 10 seconds googling =) http://rationalwiki.com/wiki/Poe's_Law

  3. Nothing really special by Yetihehe · · Score: 5, Insightful

    Hackers break into website, but it happens to be hosted on EC2. Hosting in cloud doesn't automagically make your sites more secure.

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
    1. Re:Nothing really special by Monkeedude1212 · · Score: 2, Interesting

      I think the "special" part of the news is that since its being hosted on the cloud its harder to remove - since it'll be running on multiple computers capable of replicating itself across multiple machines. In order to purge it, you'd probably have to take down the entire infected cloud and clean it all seperately or at least all in synch.

    2. Re:Nothing really special by DaTroof · · Score: 2, Informative

      According to the second article, it has been fixed.

      Please Note:The legitimate hacked website was contacted and informed about its participation in the Zeus bot activity and accordingly has stopped serving the malicious variant.

  4. This type of illegal activity? by quangdog · · Score: 4, Insightful

    "This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

    So, has it been used for other illegal things that have been reported on? Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

  5. Ready for prime time! by HaeMaker · · Score: 5, Funny

    You know, if bot net operators are trusting the EC2 cloud for their mission critical operations, it has to be ready for prime time.

    This is a stunning endorsement. Amazon should send out a press release.

  6. Not Amazon that got hacked by Meshach · · Score: 3, Informative

    According to the article it was not Amazon itself that got hacked but an "unidentified website on Amazon's cloud" that got hacked. The hackers then used that website to get onto the cloud and execute code.

    --
    "Maybe this world is another planet's hell"
    Aldous Huxley
    1. Re:Not Amazon that got hacked by nacturation · · Score: 2, Informative

      According to the summary too: "The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers..."

      No different than "a web site hosted on Rackspace's servers". I agree with the other posts that this is essentially a non-news item. So a server gets hacked. It doesn't matter that the server is in someone's basement or in a colo or a VM somewhere.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  7. This is not new by ub3r+n3u7r4l1st · · Score: 2, Informative

    If you search "Xbox Host booting" on YouTube, there are hundreds of videos showing you how to utilize the mass computing power of the cloud to knock your opponent off from a Halo 3 session and get the win.

    --
    New Economic Perspectives
  8. I'm just pwning your server if that's ok... by meerling · · Score: 3, Funny

    I love that " ...then secretly installing their command and control infrastructure." statement.
    When was the last time a criminal came up to your admin and said, "Hi, I'm going to install my unwanted rootkit on your server now so I can use it as a botnet."?
    Yeah, it's like saying a burglar secretly robbed your house... Like he's really going to send you a postcard saying, "Tonight when you go to the movies, I'm going to pillage your apt.".

    1. Re:I'm just pwning your server if that's ok... by Monkeedude1212 · · Score: 5, Funny

      When was the last time a criminal came up to your admin and said, "Hi, I'm going to install my unwanted rootkit on your server now so I can use it as a botnet."?

      Yesterday. But since he wasn't asking a question, I couldn't say no. I advised him that his course of action was not one that I wished to occur and he politely informed me that it was "duly noted" and proceeded anyways. All in all, it was a nice verbal transaction and his posture was excellent, and I'm sure outside of his work he's a really nice guy. I wanted to ask him if he wanted to go for a couple of cold ones - but I think that might have been pushing it and didn't want to offend him.

      To be honest, the thing that bugs me more than this backdoor to my machine is the regret that I never reached out to him more. A lost friendship, that will likely never have another chance at forming. Everytime that Antivirus XP pop-up comes on screen it reminds me of him. I've slowly come to realize that I am remembering him constantly, where he probably does not remember me at all. I shamefully admit that I cry myself to sleep, telling myself that one day he'll come back to me, and maybe out of remorse he'll remove the conficker and everything will be okay.

  9. The "Deniable" Already Happens! by StCredZero · · Score: 2, Insightful

    "This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

    So, has it been used for other illegal things that have been reported on? Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

    I'm willing to bet that folks like Apple, Google, Amazon, and Microsoft are already hiring "security consultants" to act as deniable intermediaries to other consultants using semi-legal (or flat-out illegal) means to gather information. Not only are arrangements like this being used for industrial espionage, but to gather intelligence on illegal operators who might hack into or otherwise subvert corporate resources like AWS or Google's cloud. This would just be an extension of what companies already do with "private detectives."

    Someone needs to start writing novels about this!

  10. the interesting thing is autoscaling and billing by noric · · Score: 4, Interesting

    The interesting thing about this case, to me, is that Amazon's lawful customer will receive a bill in the mail for hacker usage charges.

  11. WHAT???? by Colin+Smith · · Score: 2, Insightful

    Hosting in cloud doesn't automagically make your sites more secure.

    You mean... I still have to have people who can "manage" my systems?

    NOOOO!!!!
     

    --
    Deleted
  12. Brute Force ssh attacks from Amazon by peterthomas2009 · · Score: 3, Interesting

    "This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

    I posted to my blog back in June that Amazon cloud nodes were compromised and performing brute force SSH scans against some of my hosts.

    This story and my post merely highlight the obvious fact that most cloud services are just scalable hosting. Remember your instance / slice / vm can be compromised like any other web host.

    Amazon Cloud Service Brute Force Attacks