"What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service.
We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and distribute commands (C2). We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares!
While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was discovered that we were not the only ones doing this! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers. The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted."
Eric Filiol, cryptologist from the military, heads the Laboratory of Virology and Operational Cryptology ESIEA West (College Computer, electronic and automatic). When, for the third time in four years, researchers have recently demonstrated that certain electronic certificates can be counterfeited, he commented on the evolution of computer security. Why this critical flaw in Internet security has she not been filled? This is the eternal problem of security: it has a cost, both financial and human. In this case, the different certificate authorities, and more generally, industrial computers, has not seen fit to invest, preferring to put the scope warnings. Laxity which may bear the brunt users who log on seemingly trustworthy sites. Espionage, data theft, racketeering: the power of nuisance "cyberbandits" goes well beyond the hacking of secure sites. This electronic crime will increase? Successful cyber attacks are by definition undetectable, it is very difficult to assess their real impact. Especially as businesses such as banks do not boast and do not file a complaint until the damage is not greater than the benefit. All we can say is that any good computer, anywhere in the world, is a potential threat. And it is much more profitable and less risky to practice computer data abduction abduction of the child. Or go rob a bank. What is the most effective weapon for pirates of the Web? The big threat is the "botnets": a set of zombie machines fell under the control of an attacker via a "worm" or a Trojan horse, and exploited maliciously. The biggest botnets discovered in the world involving the takeover of three to four million machines: with that, a single hacker can do whatever he wants. Attacking Estonia, for example, as was the case in May 2007. The botnet responsible for this state cyberwar was directed to all Estonian servers, he bombarded with digital packets. Result: all the services of the country were paralyzed. Similarly, a company may well hire the services of a botnet to cripple a competitor. Technically, what safeguards hope against these threats? None. The most powerful firewall never remove all risks. As for antivirus, they only detect known viruses. As in the medical vaccination, they only deal with the past. But the difference is the contamination time scale: for biological virus, it is counted in weeks or months, for computer viruses in seconds. In early 2003, when the Slammer worm attacked more than 200,000 servers, the planet has been infected in fifteen minutes. The same attack today take a minute. Internet security is going to become more and more out of control? It already is! And it was not all bad. If there were truly secure systems, the criminals could use to their advantage, and the police could no longer act. Hence the idea for states to use the same tools that hackers - spyware virus for example - to identify. Just as democracy is the worst system of government except all the others that freedom is the computer "less worse" solutions. It will pose huge problems because its means of intervention, everyone, have unparalleled power. We should be able to legislate. But given the excitement generated by the Internet, speed of development and the interests at stake, we do not take the time to think. Computer weapon has it become a deterrent? Nuclear power was a deterrent because few countries had, and needed to acquire a degree of advanced technology development. Stored data, anyone can start his bomb. All the ingredients for a disaster scenario (economic war between competitors or inter-state war) are thus combined. The experts are wondering more if it can happen, but when. Can we limit the damage? Avoid any scanned. Viruses do not read the paper, but they can read everything that is scanned. Result: it has never produced as much information with as much risk of losing them. Interview by Catherine Vincent
