Everyone seems to be in the Clouds these days. Cloud Computing is certainly something we hear about more and more. The IT industry races full steam ahead into the great shapeless nebula that promises unfathomable rewards such as vast economy of scale and
unimaginable resource effectiveness.
The Cloud is quite mysterious. Its boundaries, scope, controls and rules of engagement are yet to be determined by the industry. Many IT managers look at the gathering Cloud and scratch their heads, not really sure what to make of it. One thing is sure:
it’s here to stay.
But there’s another Cloud covering the sky, and this one promises a bleak future.
I call it the Dark Cloud.
In the Cloud, you tap external forces as a resource to promote your business. In the Dark Cloud, external forces tap
your resources to promote their business.
It’s the perfect mirror image of the Cloud.
The Dark Cloud is all around us, every minute of the day. It sends invisible tendrils that try to pull us from the safety of our secured world into a crazed alternative universe. A parallel, shadowy world in which the infrastructure we own is used for sinister
deeds without leaving a shred of evidence.
By now you probably guess what I’m referring you. You know what the Dark Cloud is. It’s the rapidly growing infrastructure used by cyber criminals to promote their evil cause.
Millions of zombie computers are at their disposal; thousands of
legitimate websites they hijack on a weekly basis lead consumers to infection points. The Dark Cloud grows fast: it’s ten times bigger than last year. A much faster growth than the Cloud itself.
Today’s criminals no longer need to use their own resources. They use the Dark Cloud instead. They can use your PC to stage denial of service attacks such as the one that crippled
Twitter. They can use your social network account to spread crimeware to all your friends. If you are an employee, they can use your laptop to
penetrate the enterprise without spending a dime on attacking the highly resilient corporate network. If you reply to a
‘work from home, get lots of money’ ad, they can use your bank account to launder money stolen from victims of Phishing, or use your home address to reship goods bought with stolen credit
The similarity between the Cloud and the Dark Cloud is striking. As a fraudster you don’t really care about where your stolen credentials and infection points are hosted; you just want to make sure your data and applications are always available and managing
them does not cost much. Rings a bell?
The main benefit of the Dark Cloud is scale. A single cyber criminal can only do that much damage. But with the full malevolent power of the Dark Cloud, cyber criminals can effectively scale up – just like organizations using the Cloud.
And like its benevolent counterpart, the Dark Cloud is truly global. It’s a Trojan mothership in Russia. It’s a ‘drop zone’ for stolen credentials hosted in a hospital network in the US. It’s a fraud forum hosted in Pakistan.
Astrophysicists estimate that as much as 74% of the content in the universe is
dark energy – a mysterious entity that does not have mass and does not interact with matter.
It’s much more difficult to estimate the exact size of the Dark Cloud, but there’s a ray of hope. Industry researchers are capable of exposing various bits of the Dark Cloud, shedding light on its black operation. This activity reveals much about the dynamics
of the Dark Cloud, and helps the industry design better security, expand its ‘bag of tricks’ for fighting cyber crime, and scale up their counter measures.
The more we know about the Dark Cloud, the better. So feel free to share your thoughts about the Dark Cloud