Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Are there criminals hiding in the cloud?              By Alex Hudson              BBC ClickTask 1:       Following the exp...
meaning that - until very recently - supercomputers were required to get anydetails in a useable form.But now the internet...
He is already experimenting with speeds that could allow one millionpasswords a second to be tried.Hacking master keyWhat ...
Task 2:      Names of People Mentioned and their Job Roles.      Bredan O’Conner, Australian Minister for Home Affairs    ...
Upcoming SlideShare
Loading in …5
×

Assignment 1

595 views

Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Assignment 1

  1. 1. Are there criminals hiding in the cloud? By Alex Hudson BBC ClickTask 1: Following the exposure of the SonyIs this the PlayStation 3 security flaws - and withunderlined so much of our data stored online - areText we making it too easy for criminals to get hold of our information? When over 100 million peoples details were garnered illegally from Sony recently, users were up in arms about their prized Sonys shares have fallen significantly information being leaked. in the aftermath of the security breach Task 2: But, according to one study, over two thirds of companies are planning to store at least some of their data in "the cloud" - a term used to describe putting data online rather than on a hard-drive. The Red coloured text With more businesses using the cloud, this sort of leak could become a more regular occurrence. "While the potential of cloud computing is rapidly being revealed, so too are its vulnerabilities," Brendan OConnor, the Australian minister for Home Affairs, told the International Association of Privacy Professionals. And, he believes, criminals "can hide data THE SONY CRISIS in clouds" if they are clever about it. Graham Cluley, security "Rogue cloud service providers based in consultant countries with lax cybercrime laws can provide confidential hosting and data storage services," he said. "People need to be more careful with "[This] facilitates the storage and their passwords and make sure that distribution of criminal data, avoiding they have different passwords for detection by law enforcement agencies." different online accounts. An easy parallel to draw is with the way Swiss bank accounts were rumoured to "People should also consider lying operate in the past. about some of their details. I have While bank customers were offered the given Facebook a phoney date of birth utmost of discretion with their financial for instance." transactions, that same courtesy could now Sony crisis: The expert panel be offered to those wishing to de-encrypt sensitive data. Stealing secrets To safeguard information, details are regularly encrypted to a high level, Ricardo Norbert Page 1
  2. 2. meaning that - until very recently - supercomputers were required to get anydetails in a useable form.But now the internet itself is offering criminals the chance to super-chargetheir processing power to make decryption quicker, cheaper and easier thanever before.William Beer, director of Price Waterhouse Coopers security division, says"even if credit card details are encrypted, there is software that may be ableto decrypt it given enough processing power" once it has been stolen from thecloud itself."Encryption is often seen as a silver bullet.We need to be very careful because thereare many different types of encryption. Itcan introduce an air of complacency intoorganisations and what were starting to seeare criminals actually looking to the cloud."It can provide massive amounts ofprocessing power and [this] can actually de- PM David Cameron says cyber-crime isencrypt some of the data. The irony of it is a top priority for national securitythat they are using stolen credit cards to buy that processing power from thecloud providers."And this type of activity has actually been tested by German securityresearcher Thomas Roth.He used a "brute force" technique that could previously only be possible withsuper-computers to break into encrypted WiFi networks.The technique allows 400,000 different passwords to the encryption to betested per second, quite literally knocking at the door until it caves in. Nospecialist hacking techniques need to be used.This was done using a cloud computing service costing just a few dollars perhour.Roth used Amazons Elastic Cloud Even if you haveComputing (EC2) system, which allows supercomputers, if yourusers to rent increased computing power by encryption is strong enough, itthe hour or for as long as is needed - thus would still take years to break those passwordsthe name elastic.Amazon says it continually works to makesure the services arent used for illegal Mark Bowerman, Financial Fraud Action UKactivity and takes all claims of misuse ofservices very seriously and investigates each one.While Roth was not doing this for illicit means - and could be done with anycloud system - the idea could be used, in principle at least, for the purpose ofde-encrypting credit card details.Ricardo Norbert Page 2
  3. 3. He is already experimenting with speeds that could allow one millionpasswords a second to be tried.Hacking master keyWhat many see as most scary about this idea is that because the criminalsusing the cloud are using false information, they are very difficult to trace.That said, there are data standards in relation to private information kept bycompanies which are particularly strict when financial details are held."Youve got to meet the data security standard - it is the absolute minimumrequirement," says Mark Bowerman, a spokesman for Financial Fraud ActionUK."Beyond that, there are reputational issuesto consider. If you are hacked and data isstolen, then it will be a serious concern bothreputationally and financially as well."So what can be done to protect informationyourself?"Unfortunately, people have the habit ofreusing their passwords for multiple Credit card information is heavilydifferent services," says Rik Ferguson, of encrypted when held onlinedigital security company Trend Micro."Many people will have to consider that these criminals have both their emailaddress and their common password."Once you own someones email account, thats really the master key toeverything because you can go through the password reset process of [anumber of services] and of course, they come back to that email account. Itsthe key to your online life."But, says Bowerman, if both you and the companies you trust with your dataare careful with it, serious breaches are still very unlikely."Even if you have supercomputers, the computing power of hundreds ofthousands of computers linked together, if your encryption is strong enough, itwould still take years and years to break those passwords," he says."It boils down to how good your encryption is."Ricardo Norbert Page 3
  4. 4. Task 2: Names of People Mentioned and their Job Roles. Bredan O’Conner, Australian Minister for Home Affairs Graham Cluley, Security Consultant Thomas Roth, German Security Researcher Mark Bowerman, Spokesman for Financial Fraud Action UK , Digital Security Names of Organisations Mentioned Sony Playstation Task 3: Graham Cluley People that are against Fraud Mark BowermanBredan O’Conner Rik Ferguson Thomas Roth Sony PlayStation Summary: The spider diagram shows us that the people involved in this article are agreed that fraud should be stopped and want do their best to prevent this crime. Ricardo Norbert Page 4

×