This document discusses cloud computing and its implications for cyber security. It begins with definitions of cloud computing and an overview of its key properties and benefits, such as scalability, on-demand access, and lower costs. It then explores both defensive and offensive uses of cloud computing for cyber activities. Defensively, the cloud can enable services like DDoS protection, backup and disaster recovery, and security auditing. However, attackers have also adapted malicious tools and techniques to the cloud, using its resources for activities like password cracking, botnets, and command-and-control servers. The document concludes with a case study showing how easily cyber attacks can be launched from the cloud anonymously and at low or no cost.

1. 11 Haziran 2015
Cloud Computing v.s. Cyber Security
Bahtiyar BİRCAN
TOBB-ETU
bahtiyarb@gmail.com

2. Agenda
Cloud Computing Definition
Cloud Properties and Benefits
Cloud Computing fo Cyber Defense
Cloud Computing for Cyber Offense
Case Study: Cloud Based Cyber Attack
2

3. Cloud Computing

4. Cloud Computing Definiton
“Cloud computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g. ,networks,
servers, storage,applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction.”
NIST
Cloud computing refers to the on-demand provision of computational
resources (data, software) via a computer network, rather than from a local
computer.
Wikipedia
4

5. • On-demand self-service
• Dynamic Resource Allocation
• Device / Location Independence
• Distributed architecture
• Scalable and Elastic
• High Computing Power
• High Bandwith
• High Storage Capacity
Cloud Characteristics
5

6. Cloud Computing Benefits
6

7. Cloud Models
7

8. Cloud for Cyber Defense

9. • DDoS Protection
• Web Application Attack Prevention
• Backup and Disaster Recovery
• Vulnerability Scan
• Penetration Testing & Security Audit
• Log Managamenet / SIEM
• Forensics as a Service
Cloud Usage for Cyber Defense
9

10. DDoS Protection
Cloud Based DDoS Protection Services
• CloudFlare, Incapsula
10

11. Web Application Attack Prevention
11

12. Vulnerability Scanning
12

13. Vulnerability Scanning
13

14. Penetration Testing & Security Audit
14

15. Forensics as a Service
15

16. Cloud for Cyber Offense

17. Cloud for Cyber Offense
Hacking as a Service
• Cloud properties for criminals
– Scalability,
– Quick Deployment
– Dynamic resource usage
– High computing power
– High bandwith
• Cyber criminals adapted their
tools and techniques for cloud
computing
• Unfortunately they are better at
using cloud platforms
17

18. Cloud for Cyber Offense
Cloud Usage in Cyber Offense
• DDoS as a Service
• Botnet as a Service
• Malware as a Service
• Password Cracking
• BotClouds
• C&C Servers
• Warez as a Service
18

19. DDoS as a Service
19
Source: McAfee

20. Botnet as a Service
20Source: McAfee

21. Malware as a Service
21
Source: Solutionary

22. Password Cracking as a Service
Password Cracking Experiment
• Lentgth: 1-6 character
• Algorithm: SHA1
• Method: Brute Force
• Hardware:
– Amazon cg1.4xlarge
– 22 GB memory
– 2 x Intel Xeon X5570, quad-core
– 2 x NVIDIA Tesla M2050 GPUs
– 1690 GB of instance storage
• Crack time: 49 min
• Price: 2100 $
22

23. Password Cracking as a Service
23

24. Command & Control Servers
24

25. Case Study:
Cloud Based Cyber Attack

26. • How easy it is to build cyber
attack infrastructure at cloud?
• Can we build it at no cost ?
• Can we build it anonymously?
Case Study: Cloud Based Cyber Attack
26

27. Get anonymous e-mail account
Register to cloud provider
Get free trial of cloud Linux image
Install attack software on VM
Register free DNS domain
Start attack
Large scale attack
Attack Scenario
27

28. • Known e-mail providers:
– Gmail,
– Yahoo,
– Yandex,
– Mail.ru
• One-time mail providers
– Mailinator
Attack Step 1: Get Anonymous E-mail
28

29. • Lots of cloud providers
give free trial accounts
– 1 week – 1 year trial
– Amazon
– Rackspace
– Siemens Cloud
Services
– …
Attack Step 2: Register to Cloud Provider
29

30. Attack Step 3: Get a Trial of Linux VM Image
30

31. Attack Step 4: Install Attack Software on VM
31

32. Attack Step 5: Register Free DNS Domain
32

33. Attack Step 6: Launch an Attack
Possible Attacks
• Denial of Service
• Port Scanning
• Vulnerability Scan
• Exploitation
• Pshishing Site
• Malware Server
• Password Cracking
33

34. Attack Step 7: Large Scale Attacks
Creating 20 Cloud Bots
• Script for creating 20 cloud bot servers
34

35. Attack Step 7: Large Scale Attacks
Creating 1000 Cloud Bots
• Script for creating 1000 cloud bot servers
35

36. Thanks
Bahtiyar BİRCAN
TOBB-ETU
bahtiyarb@gmail.com