Thunder in the cloud: $6 cloud-based denial-of-service attack

When you hear the rumble of thunder, then you know the storm is near. Two security researchers warned that cloud-based denial-of-service attacks are looming on the horizon. With $6 and a homemade “Thunder Clap” program, security experts David Bryan and Michael Anderson managed to take down their client’s server with the help of Amazon’s EC2 cloud infrastructure.

The cloud-based denial-of-service attack was part of a DefCon presentation called, Cloud Computing, a Weapon of Mass Destruction? In the description for their DefCon talk, they wrote, “We have been using the cloud computing environment to test real world scenarios for different types of attacks, such as Distributed Denial of Service, Flooding, and Packet Fragmentation.”

According to a report from DarkReading, the security consultants told DefCon attendees, “With the help of the cloud, taking down small and midsize companies’ networks is easy.” Bryan said, “It’s essentially a town without a sheriff.”

After Bryan and Anderson entered a name and credit card number, the experts created a handful of virtual server instances on Amazon’s EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client’s company off the Internet.

Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company’s network. The researchers reported that they can control the software directly or through a command left on a social network.

Bryan and Anderson launched the attack to test their client’s network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, “A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours — and then telling the company that, if you don’t pay me, then I will attack you again.” Amazon reportedly failed to reply to complaints by the security consultants.

In an email reply available on the DarkReading, Amazon spokeswoman Kay Kinton wrote, “We do have a process for both detecting and responding to reports of abuse. […] When we find misuse, we take action quickly and shut it down.”

Bryan and Anderson explained that so far cybercriminals have mainly used botnets for their denial-of-service attacks. Botnets can be rented, giving “would-be attackers a criminal ‘cloud’ from which to buy services.” The security consultants said that easy-to-configure cloud services like Amazon, Google, Microsoft and Rackspace need to respond faster to complaints.

According to DarkReading, Anderson said, “If we complain loudly enough, maybe they will become more responsive.”

Full Credit To: Darlen Storm with ComputerWorld

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

7 Responses to Thunder in the cloud: $6 cloud-based denial-of-service attack

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Cloud Infographic – Cyber Security And The New Frontier

Cloud Infographic – Cyber Security And The New Frontier

Cyber Security: The New Frontier The security environment of the 21st century is constantly evolving, and it’s difficult to predict where the next threats and dangers will come from. But one thing is clear: the ever-expanding frontier of digital space will continue to present firms and governments with security challenges. From politically-motivated Denial-of-Service attacks to…

Cloud Infographic – Big Data Survey: What Are The Trends?

Cloud Infographic – Big Data Survey: What Are The Trends?

Jaspersoft Big Data Survey Shows Rise in Commitment to Projects and Decline in Confusion Nearly 1,600 Jaspersoft Community Members Participate in Second Jaspersoft Big Data Survey San Francisco, February 4, 2014 – Jaspersoft, the Intelligence Inside applications and business processes, today shared results from its Big Data Survey. Nearly 1,600 Jaspersoft community members responded to…

Cloud Infographic: Cloud Apps (A Buyers Guide)

Cloud Infographic: Cloud Apps (A Buyers Guide)

Cloud Apps (A Buyers Guide) SaaS has gained huge popularity over the last few years, with an increasing number of enterprises adopting it mainly due to the benefits like pay per use and on demand service. Cloud applications entail thorough testing for their integrity, different from that of on-premise applications. This involves testing of business…

Big Data Analytics Adoption

Big Data Analytics Adoption

Big Data Analytics Adoption Big Data is an emerging phenomenon. Nowadays, many organizations have adopted information technology (IT) and information systems (IS) in business to handle huge amounts of data and gain better insights into their business. Many scholars believe that Business Intelligence (BI), solutions with Analytics capabilities, offer benefits to companies to achieve competitive…

Featured Sponsors

The Internet of Everything Opens Up The World

The Internet of Everything Opens Up The World

Shaping The World With New Technologies As a connected collection of intelligent objects, the Internet of Everything promises to open up those areas of the world hardest hit by economic, political and agricultural blights. Relatively inexpensive devices, paired with revolutionary energy sources and unprecedented access to information offer great promise to farmers and workers in…

2015 Advertising Opportunities - Find Out More!

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Blue square_logo_100x100-01
cisco_logo_100x100 vmware citrix100

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter