Thunder in the cloud: $6 cloud-based denial-of-service attack

When you hear the rumble of thunder, then you know the storm is near. Two security researchers warned that cloud-based denial-of-service attacks are looming on the horizon. With $6 and a homemade “Thunder Clap” program, security experts David Bryan and Michael Anderson managed to take down their client’s server with the help of Amazon’s EC2 cloud infrastructure.

The cloud-based denial-of-service attack was part of a DefCon presentation called, Cloud Computing, a Weapon of Mass Destruction? In the description for their DefCon talk, they wrote, “We have been using the cloud computing environment to test real world scenarios for different types of attacks, such as Distributed Denial of Service, Flooding, and Packet Fragmentation.”

According to a report from DarkReading, the security consultants told DefCon attendees, “With the help of the cloud, taking down small and midsize companies’ networks is easy.” Bryan said, “It’s essentially a town without a sheriff.”

After Bryan and Anderson entered a name and credit card number, the experts created a handful of virtual server instances on Amazon’s EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client’s company off the Internet.

Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company’s network. The researchers reported that they can control the software directly or through a command left on a social network.

Bryan and Anderson launched the attack to test their client’s network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, “A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours — and then telling the company that, if you don’t pay me, then I will attack you again.” Amazon reportedly failed to reply to complaints by the security consultants.

In an email reply available on the DarkReading, Amazon spokeswoman Kay Kinton wrote, “We do have a process for both detecting and responding to reports of abuse. […] When we find misuse, we take action quickly and shut it down.”

Bryan and Anderson explained that so far cybercriminals have mainly used botnets for their denial-of-service attacks. Botnets can be rented, giving “would-be attackers a criminal ‘cloud’ from which to buy services.” The security consultants said that easy-to-configure cloud services like Amazon, Google, Microsoft and Rackspace need to respond faster to complaints.

According to DarkReading, Anderson said, “If we complain loudly enough, maybe they will become more responsive.”

Full Credit To: Darlen Storm with ComputerWorld

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

7 Responses to Thunder in the cloud: $6 cloud-based denial-of-service attack

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About Latest Posts Follow Us!CloudTweaksEstablished in 2009,…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

Cloud Infographic – What Is The Internet of Things?

Cloud Infographic – What Is The Internet of Things?

What Is The Internet of Things? “We’re still in the first minutes of the first day of the Internet revolution.”  – Scott Cook The Internet of Things (IOT) and Smart Systems are based on the notions of Sensors, Connectivity, People and Processes. We are creating a new world to view and measure anything around us through…

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends For nearly every business, the concept of business intelligence is nothing new. Ambitious organizations have been searching for any type of data-driven advantage for some time now – perhaps for as long as they’ve existed. However, the historical use of competitive intelligence pales in comparison to the…

Featured Sponsors

Watching You Shop: Stores And Mannequins “Read” Their Customers And Respond

Watching You Shop: Stores And Mannequins “Read” Their Customers And Respond

Watching You Shop The mannequin in the store window stares blankly ahead as shoppers look at the clothes it is dressed in and contemplate a purchase. One shopper makes some comments. “It’s nice. I wonder if they have my size.” Another takes a few steps inside the store to see where these particular clothes might…

Sponsors

Can You Run Your Business Entirely From A Mobile Device?

Can You Run Your Business Entirely From A Mobile Device?

Can You Run Your Business Entirely From A Mobile Device? You know the feeling. It’s 8:00 a.m. Your bus is stuck in traffic, so you pull out your phone and start answering work emails. While you may rely on your mobile device’s apps for everything from an alarm clock to a fitness tracker to a…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter