Cloud Server trials are Allows Attackers to Create a “free supercomputer" - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Cloud Server trials are Allows Attackers to Create a “free supercomputer"

Researchers Rob Ragan and Oscar Salazar have built a free LiteCoin-mining botnet that generates $US1750 a week using free cloud signup promotions and shown that the cloud can harbour something even more alarming for cloud security.

Online zombie horde was capable of launching coordinated cyberattacks, cracking passwords, or mining hundreds of dollars a day worth of cryptocurrency. And by assembling that botnet from cloud accounts rather than hijacked computers, Ragan and Salazar believe their creation may have even been legal.

Ragan said "“We essentially built a supercomputer for free,”", who along with Salazar works as a researcher for the security consultancy Bishop Fox. “We’re definitely going to see more malicious activity coming out of these services.”

Ragan and Salazar created their automated rapid-fire signup and confirmation process with the email service Mandrill and their own program running on Google App Engine. 

A service called FreeDNS.afraid.org let them create unlimited email addresses on different domains; to create realistic-looking addresses they used variations on actual addresses that they found dumped online after past data breaches. 

Then they used Python Fabric, a tool that lets developers manage multiple Python scripts, to control the hundreds of computers over which they had taken possession.

One of their first experiments with their new cloud-based botnet was mining the cryptocurrency Litecoin. 

The pair will outline the exploit at Black Hat next month, but have blabbed to Wired about how they used automatic tools and processes to spread a currency-mining botnet across some 150 popular free services that each generated about 25 cents a day all on the providers' electricity bill.

The attack worked because of cloud providers' ongoing efforts to recruit customers with free promotions. It appears that none of the providers the pair targeted took much interest in what the researchers were doing with their free servers.





Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter