Home > Cloud Computing, Cloud Security > More On Clouds & Botnets: MeatClouds, CloudFlux, LeapFrog, EDoS and More!

More On Clouds & Botnets: MeatClouds, CloudFlux, LeapFrog, EDoS and More!

After my "Frogs" talk at Source Boston yesterday, Adam O'Donnell and I chatted about one of my chuckle slides I threw up in the presentation in which I give some new names to some (perhaps not new) attack/threat scenarios which involve Cloud Computing:

CloudSecBingo.058

  • MeatCloud - Essentially abusing Amazon's Mechanical Turk and using it to produce the Cloud version of a sweat shop; exploiting the ignorant for fun and profit to perform menial illegal muling tasks on your behalf…think SETI meets underage garment workers…
  • CloudFlux – Take a mess of stolen credit cards, open up  a slew of Amazon AWS accounts using them, build/scale to thousands of instances overnight, launch carpet bomb attack (you choose,) tear it down/have it torn down, and move your botnet elsewhere…rinse, lather, repeat…
  • LeapFrog – As we move to hybrid private/public clouds and load balancing/cloudbursting across multiple cloud providers, we'll interconnect Clouds via VPNs to the "trusted internals" of your Cloudbase… Attackers will thank us by abusing these tunnels to penetrate your assets through the, uh, back door.
  • vMotion Poison Potion – When VMware's vCloud makes its appearance and we start to allow vMotion across datacenters and across Clouds (in the clear?,) imagine the fun we'll have as we see attacks against vMotion protocols and VM state…  
  • EDoS – Economic Denial of Sustainability – Covered previously here

Adam mentioned that I might have considered that Botnets were a great example of a Cloud-based service and wrote a very cool piece about it on ZDNet here.

I remembered after the fact that I wrote a related blog on the topic several months ago titled "Cloud Computing: Invented by Criminals, Secured by ???" as a rif on something Reuven Cohen wrote.

/Hoff
Categories: Cloud Computing, Cloud Security Tags:
  1. March 13th, 2009 at 15:29 | #1

    So let's assume that whatever can be done without clouds, can also be done with clouds, except faster, cheaper and with massive horizontal scalability?
    Sounds like fun to me!
    –Mike

  2. March 13th, 2009 at 15:41 | #2

    Exactly. w00t!

  3. Roland Dobbins
    March 14th, 2009 at 19:17 | #3

    No matter how you keep changing around the definition of the acronym, at the end of the day, your 'EDoS' is still just a DoS, heh.

  4. March 20th, 2009 at 17:04 | #4

    Meatcloud is not being used properly.

    While I concede Mechanical Turk is a meatcloud (Meatcloud as a Service to be precise), the term by itself does not imply an attack.

    Meatclouds can be used for good or evil (or awesome!).
    http://tinyurl.com/meatclouds

    Just thought you should know…

  5. March 20th, 2009 at 18:16 | #5

    @Andrew Clay Shafer Well, I suppose you're right. It's the funny part of the slide deck, so you can take from it what you like. Marcus Ranum liked it, and so I was happy šŸ˜‰ Didn't really know the other definitions existed. Shoulda Googled, I spose.

    Ta.

  6. March 21st, 2009 at 08:42 | #6

    It's all in good fun.

  1. No trackbacks yet.