Dedicated to Providing Insight Into the Enablement of Cloud Hosting Environments.

Cloud Hosting Journal

Subscribe to Cloud Hosting Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Hosting Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Cloud Hosting Authors: Liz McMillan, Vaibhaw Pandey, Matt Brickey, Harry Trott, Yeshim Deniz

Related Topics: Cloud Computing, Cloud Interoperability, PC Security Journal, Twitter on Ulitzer, SEO Journal, Security Journal, Cloud Hosting & Service Providers Journal, Cloud Security Journal , Google, Secure Cloud Computing

Blog Feed Post

GoogleHack Proves People are Easier to Hack then Networks

Let's put this hack into perspective

Security Session at Cloud Expo

By now most of you have probably heard about the GoogleHack in China.

Yesterday Google's Chief Legal Officer David Drummond wrote in a blog post that indicated the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routinely accessed by third parties.

Drummond said that these accounts were compromised through phishing scams or malware, not through holes in Google's computing infrastructure.

And as expected there are headlines saying that this proves that "The Cloud" isn't secure and CAN'T BE TRUSTED. I'm here to tell you it is the opposite. The GoogleHack proves the Cloud is More Secure then Traditional Desktop Software, not less.

First let's look at the actual hack. Although not a lot is known -- what is known is it's probably part of a program known as "GhostNet

". The exploit uses emails which are sent to target organizations that contain contextually relevant information. This is more generally referred to as a "Social Engineering hack" which is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Basically a person opens an email that contains malicious attachments, that when opened, delivers a Trojan horse on to the system's OS. This Trojan connects back to a control server, usually located in China, to receive commands. The infected computer will then execute the command specified by the control server. Occasionally, the command specified by the control server will cause the infected computer to download and install a Trojan known as Gh0st Rat that allows attackers to gain complete, real-time control of computers. Such a computer can be controlled or inspected by attackers, and even has the ability to turn on camera and audio-recording functions, if present, of infected computers, enabling monitors to perform surveillance on windows based machines.

Let's put this hack into perspective. What this hack really proves is that people are easier to hack then networks. The weakest link are the people who are stupid enough to open an attachment they don't recognize, even if it appeared to be from someone they trusted. That's the beauty of social engineering based hacks. The email appears to be from your mother, father, friend or colleague. The lesson we must learn is one of education, don't open attachments you don't recognize. And two, OS based Trojans are still a major treat.

And yes, for the most part the cloud is still safe at least from these sorts of hacks. The real issue with cloud security is the threat from that in which you don't know. Was my infrastructure compromised? Is my hypervisor secure? Has my operating system changed? Those are the real problems that need a technical solution. The rest is just educating the computing public to risks of social engineering related exploits.

Read the original blog entry...

More Stories By Reuven Cohen

An instigator, part time provocateur, bootstrapper, amateur cloud lexicographer, and purveyor of random thoughts, 140 characters at a time.

Reuven is an early innovator in the cloud computing space as the founder of Enomaly in 2004 (Acquired by Virtustream in February 2012). Enomaly was among the first to develop a self service infrastructure as a service (IaaS) platform (ECP) circa 2005. As well as SpotCloud (2011) the first commodity style cloud computing Spot Market.

Reuven is also the co-creator of CloudCamp (100+ Cities around the Globe) CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas and is the largest of the ‘barcamp’ style of events.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.