Cloud Ninja - Catch Me If You Can!
- 941 views
Starting with just a browser, imagine you’ve signed into a control panel to manage your 100,000 node botnet, where you monitor the rate of DDoS attacks being launched from your automated rental ...
Starting with just a browser, imagine you’ve signed into a control panel to manage your 100,000 node botnet, where you monitor the rate of DDoS attacks being launched from your automated rental service. Then you set up a few more phishing sites that include payloads from the latest Chinese exploit packs. You then review the latest social security numbers, credit card numbers, and personal information extracted from yesterday’s network and application compromises. Your distributed search quickly aggregates all the latest valuable data and validates it before automatically posting it for resale. Now, what if I told you that was all done from a browser while utilizing machines provided from freely available cloud services? What happens when computer criminals start using friendly cloud services such as Dropbox, Google Apps, Heroku, Amazon EC2, and Yahoo Pipes for malicious activities. In this presentation we explore how to (ab)use the free public cloud for the business of computer crime. Oh! Also we violate the hell out of some terms of service. We built a framework to make the above scenarios a reality. What will organizations do when the origin of attack came from popular sites that can’t be blocked due to legitimate business purposes? How will the FBI successfully prosecute when the perpetrator doesn’t have any evidence of illegal activity in their possession? How will SaaS and cloud providers thwart these activities to maintain a safe reputation? We explore answers to these questions and more.
- Total Views
- Views on SlideShare
- Embed Views