Thunder in the cloud: $6 cloud-based denial-of-service attack

When you hear the rumble of thunder, then you know the storm is near. Two security researchers warned that cloud-based denial-of-service attacks are looming on the horizon. With $6 and a homemade “Thunder Clap” program, security experts David Bryan and Michael Anderson managed to take down their client’s server with the help of Amazon’s EC2 cloud infrastructure.

The cloud-based denial-of-service attack was part of a DefCon presentation called, Cloud Computing, a Weapon of Mass Destruction? In the description for their DefCon talk, they wrote, “We have been using the cloud computing environment to test real world scenarios for different types of attacks, such as Distributed Denial of Service, Flooding, and Packet Fragmentation.”

According to a report from DarkReading, the security consultants told DefCon attendees, “With the help of the cloud, taking down small and midsize companies’ networks is easy.” Bryan said, “It’s essentially a town without a sheriff.”

After Bryan and Anderson entered a name and credit card number, the experts created a handful of virtual server instances on Amazon’s EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client’s company off the Internet.

Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company’s network. The researchers reported that they can control the software directly or through a command left on a social network.

Bryan and Anderson launched the attack to test their client’s network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, “A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours — and then telling the company that, if you don’t pay me, then I will attack you again.” Amazon reportedly failed to reply to complaints by the security consultants.

In an email reply available on the DarkReading, Amazon spokeswoman Kay Kinton wrote, “We do have a process for both detecting and responding to reports of abuse. […] When we find misuse, we take action quickly and shut it down.”

Bryan and Anderson explained that so far cybercriminals have mainly used botnets for their denial-of-service attacks. Botnets can be rented, giving “would-be attackers a criminal ‘cloud’ from which to buy services.” The security consultants said that easy-to-configure cloud services like Amazon, Google, Microsoft and Rackspace need to respond faster to complaints.

According to DarkReading, Anderson said, “If we complain loudly enough, maybe they will become more responsive.”

Full Credit To: Darlen Storm with ComputerWorld

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

7 Responses to Thunder in the cloud: $6 cloud-based denial-of-service attack

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and store data. The…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom With the back-to-school season now upon us, parents, students and teachers everywhere are once again struggling with the perpetual challenge of making kids job-ready in a high-speed and fast-changing environment. There is little doubt in anyone’s mind that information technology plays a central role in all areas of life…

The Business Benefits of Cloud CRM

The Business Benefits of Cloud CRM

The Business Benefits of Cloud CRM From software deployment, to mobility, to wearable technology, cloud computing has transformed seemingly every aspect of modern business. Research indicates cloud applications and platforms will be at the forefront of IT spending by 2016, with half of all enterprises implementing cloud solutions by 2017. One of the quickest markets…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

CONNECT TO THE CLOUD

 

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021