From the Blogosphere
Fighting Crime on the Invisible Cloud | @CloudExpo #Cloud
The tough road ahead for fighting crime on the cloud
By: Harry Trott
Jun. 22, 2016 05:00 PM
Cloud servers bring with them distributed hosting and the ability to anonymize identities and that has enabled cloud becoming a breeding ground for criminals and even terrorists.
The cloud brings unique advantages to individual and business users alike and this explains the exponential adoption rate that cloud has seen in the past decade. There are also numerous security challenges with the cloud especially in the areas of privacy and data theft that has concerned stakeholders for a long time. However, with sophisticated encryption technologies, the instances of cloud data getting stolen is only going to get fewer in future.
But there is another aspect to cloud that has not been discussed as vocally as the security issues have been – crime. Cloud servers bring with them distributed hosting and the ability to anonymize identities and that has enabled cloud becoming a breeding ground for criminals and even terrorists. One of the biggest examples to this is Tor. The Onion Router encrypts web requests from users and allows them to be routed through a network of Tor servers located across the web in such a way that it completely obfuscates the identity of the original request. Although it was originally developed by the US Navy, the browser is now a gateway to the deep web – an underground internet that is completely hidden from search engines and conventional internet users.
A research by the Trend Micro Deep Web Analyzer showed up some interesting numbers. According to the research, the listed price for US Citizenship on a deep web site selling fake passports was $5900. Stolen Paypal accounts with about $500-$700 balance in them was around $250 while the price for assassinating a celebrity or politician was listed at $180,000. These listing and transactions are not too different from routine cloud transactions that regular consumers like us engage in. However, these transactions leave no trail on the cloud making it attractive for criminals.
Considering the implications, governments are investing more into improving electronic forensics to fight crime on the cloud. While criminals operating over platforms like eBay, Facebook or Paypal are regularly apprehended thanks to compliance from the platform owners, this can prove to be difficult on the dark web where criminals host their own servers. Cloud data aggregation for forensics has proven to be difficult so far because of the problems with multi-tenant hosting, synchronization and data segregation.
However, investigators have started identifying loopholes in the system that could help tackle crime on the invisible cloud. The drawbacks of Tor has already been well established and investigators in the FBI have already used a combination of malware and interception techniques to bust open the IP addresses of criminals using Tor. Bitcoin forensics too has been picking up which is making it possible to reconstruct transfers and potentially bust illegal transactions.
With the amount of resources required to bust these hidden cloud transactions, it is definitely a tough road ahead for investigators. But the good news is that investments in the area have picked up and so will the tools necessary to fight crime. Cloud has changed the way corporate entities do business and so has it changed the operations of criminals and it will need innovations to fight this new form of crime that is only going to get bigger in future.
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week