The Criminal Cloud
Criminals are using cloud computing to share information and to superpower their hacking techniques. By Simson L. Garfinkel, Technology Review
The cloud opens a world of possibilities for criminal computing. Unlike the zombie computers and malware that have been the mainstay of computer crime for the past decade, cloud computing makes available a well-managed, reliable, scalable global infrastructure that is, unfortunately, almost as well suited to illicit computing needs as it is to legitimate business.
The mass of information stored in the cloud—including, most likely, your credit card and Social Security numbers—makes it an attractive target for data thieves. Not only is more data centralized, but for the security experts and law enforcement agencies trying to make the cloud safe, the very nature of the cloud makes it difficult to catch wrongdoers. Imagine a virtual Grand Central Station, where it's easy to mix in with the crowd or catch a ride to a far-away jurisdiction beyond the law's reach.
Most of all, the cloud puts immense computing power at the disposal of nearly anyone, criminals included. Cloud criminals have access to easy-to-use encryption technology and anonymous communication channels that make it less likely their activities will be intelligible to or intercepted by authorities. On those occasions that criminals are pursued, the ability to rapidly order up and shut down computing resources in the cloud greatly decreases the chances that there will be any clues left for forensic analysis.
Widely Available to Criminals
One of the most straightforward options criminals are employing is simply to register for an account (with an assumed name, of course) and "legitimately" procure services for illegal purposes. Criminals are using Gmail or the text-sharing site Pastebin to plan crimes and share stolen information with near impunity. Just navigate to Pastebin.com and type "Visa" into the search field for a vivid...