Rogue Clouds
Right now cloud computing and cloud infrastructure is all the rage. The big players right now are Amazon, Microsoft and Google with probably more to come. I was thinking about this the other day, what about rogue clouds? Lets not be so naive to think that only the “good guys” will offer or use cloud infrastructure. What’s to stop some unregulated territory offering cloud computing infrastructure to all takers, provided they have the cash? How will the world change when anyone with some cash can avail themselves of massive multi-core cloud infrastructure? What if any country in the world with even meager resources can leverage the kind of computing power only the NSA can muster today?
What if any private individual or institution can do the same?
Suddenly some of our calculations become a little off. We know today what kind of computing power it takes to crack traditional passwords, the assumption is that at a certain point, it makes no sense to try because the computing time required is too large. Well if you can assemble some smart people with some smart software and virtually unlimited computing power, the equations suddenly change: what was once unrealistic or impossible now all of a sudden becomes attainable. Take an average Fortune 500 company, do I need to breach 80,000 mailboxes to get a worm into that environment? No of course not… I just need one. Same goes for passwords; I don’t need them all, I just need one.
So do rogue clouds exist today? What is a botnet for hire if not a rogue cloud? It can be rented by the hour or by computing time. It can be used for any purpose you can dream of; the owners will happily take your money. It can provide massive p2p computing power. What is likely to happen is that in the next few years, these operations will become more mature. They will grow physical data centers or rent (or steal) computing power from average users.
This future isn’t far off, and it has many many interesting implications to what we do today as security professionals.