Thunder in the cloud: $6 cloud-based denial-of-service attack

When you hear the rumble of thunder, then you know the storm is near. Two security researchers warned that cloud-based denial-of-service attacks are looming on the horizon. With $6 and a homemade “Thunder Clap” program, security experts David Bryan and Michael Anderson managed to take down their client’s server with the help of Amazon’s EC2 cloud infrastructure.

The cloud-based denial-of-service attack was part of a DefCon presentation called, Cloud Computing, a Weapon of Mass Destruction? In the description for their DefCon talk, they wrote, “We have been using the cloud computing environment to test real world scenarios for different types of attacks, such as Distributed Denial of Service, Flooding, and Packet Fragmentation.”

According to a report from DarkReading, the security consultants told DefCon attendees, “With the help of the cloud, taking down small and midsize companies’ networks is easy.” Bryan said, “It’s essentially a town without a sheriff.”

After Bryan and Anderson entered a name and credit card number, the experts created a handful of virtual server instances on Amazon’s EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client’s company off the Internet.

Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company’s network. The researchers reported that they can control the software directly or through a command left on a social network.

Bryan and Anderson launched the attack to test their client’s network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, “A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours — and then telling the company that, if you don’t pay me, then I will attack you again.” Amazon reportedly failed to reply to complaints by the security consultants.

In an email reply available on the DarkReading, Amazon spokeswoman Kay Kinton wrote, “We do have a process for both detecting and responding to reports of abuse. […] When we find misuse, we take action quickly and shut it down.”

Bryan and Anderson explained that so far cybercriminals have mainly used botnets for their denial-of-service attacks. Botnets can be rented, giving “would-be attackers a criminal ‘cloud’ from which to buy services.” The security consultants said that easy-to-configure cloud services like Amazon, Google, Microsoft and Rackspace need to respond faster to complaints.

According to DarkReading, Anderson said, “If we complain loudly enough, maybe they will become more responsive.”

Full Credit To: Darlen Storm with ComputerWorld

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Latest posts by CloudTweaks (see all)

7 Responses to Thunder in the cloud: $6 cloud-based denial-of-service attack

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

The Business Benefits of Cloud CRM

The Business Benefits of Cloud CRM

The Business Benefits of Cloud CRM From software deployment, to mobility, to wearable technology, cloud computing has transformed seemingly every aspect of modern business. Research indicates cloud applications and platforms will be at the forefront of IT spending by 2016, with half of all enterprises implementing cloud solutions by 2017. One of the quickest markets…

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About Latest Posts Follow Us!CloudTweaksEstablished in 2009,…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

CONNECT TO THE CLOUD

 

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Branded Content Programs

Advertising