Originally published July 2, 2012 at 6:51 PM | Page modified July 2, 2012 at 6:52 PM

Storm-related outages at an Amazon.com data center in Ashburn, Va., prompted some congressional officials on Monday to question whether the federal government is moving too swiftly to put important data on private-sector cloud computing servers.

The outages affected companies such as Netflix and Pinterest, not the government. But several federal agencies have moved email and other services to cloud servers, which are housed at remote data centers and typically managed by technology companies such as Amazon or Google.

The House Energy and Commerce subcommittee on commerce, manufacturing and trade is studying the risks of such moves and hopes to schedule a hearing on the matter ahead of the August congressional recess.

"Last week's powerful thunderstorms, along with the massive disruptions they caused, exposed some of the vulnerabilities of cloud computing," the panel's chairman, Rep. Mary Bono Mack, R-Calif., said in a statement. "But I also believe the problems extend way beyond consumer convenience and customer service. There are some serious privacy issues which we need to look at as well."

The federal government has been aggressively embracing more extensive use of cloud servers since 2010 and closing government data centers. Cloud services allow for large volumes of information to be stored remotely, generally on several different servers, so that it can be accessed from anywhere with an Internet connection. The data often is encrypted.

Government email and Web sites were among the first to move away from government servers. More sensitive data is likely to follow, federal officials say, as cloud providers demonstrate they can provide the security and continuous access that agencies require.

Federal officials predict that the most sensitive information from the White House or CIA, for example may be moved eventually to cloud servers maintained by the government itself, allowing for maximum control and security.

The General Services Administration switched its email to a Google cloud service last year, cutting its estimated costs from $30 million to $15 million over five years, said agency spokeswoman Casey Coleman. Outages, which used to come about once a month, have disappeared, she said.

The violent storm that blasted through the region Friday night disrupted power to several data centers at Amazon's Web service facility in Ashburn. One of them lost both its primary and backup sources of power, causing outages that stretched into Saturday. No data was lost, Amazon has said. In April, the same facility also caused outages for Reddit, HootSuite, Quora and FourSquare.

More here:
Lawmakers voice concern over cloud-computing outages from storm

Researchers say criminals are moving their malware heavy lifting from end user PCs to servers in the cloud. The same flexibility and freedom companies get from having their software and services hosted in the cloud is enabling cybercriminals to conduct highly automated online banking theft -- without doing much of the necessary information processing on their victims' own computers.

Security and privacy experts have long worried that criminals would launch attacks on the servers storing the data in cloud environments. But, a report released this week from McAfee and Guardian Analytics shows that criminals are now using the cloud infrastructure itself to get more capability out of their campaigns.

"They are leveraging the cloud," Brian Contos, senior director of emerging markets at McAfee, said in an interview. "This is the first time we've ever seen this."

Basically, what researchers uncovered was a series of highly sophisticated campaigns designed to siphon money out of high balance bank accounts in Europe, the U.S. and South America through automated transfers. Like most online consumer bank fraud, the attacks started off with a phishing e-mail, typically pretending to be from a victim's bank and urging the recipient to click a link to change the account password. Once the link is clicked, a Trojan -- in this case Zeus or SpyEye -- was downloaded onto the victim's computer, in early versions of the attacks. In later versions the malware is operating from a server.

When the victim goes to log into the bank site, the malware would use a so-called Web inject technique to overlay what looks like the bank Web page in the victim's browser. However, behind the scenes and totally transparent to the victim, something entirely different is happening. While the victim thinks he or she is transferring money from a savings account into a checking account, for instance, the malware is actually transferring any amount of money the criminals specify into their own account.

Traditionally, banking malware like this will handle the processing from the victim's PC. But in this case, the heavy lifting of the malware is being done on the server in the cloud, according to Contos. In the operations McAfee and Guardian Analytics uncovered the servers were located in eastern European countries, he said. The servers are located mostly at "bullet proof" ISP that have lax policies and are re-located frequently to avoid discovery.

"The servers are sitting within ISPs that are designed specifically to take part in fraud," he said, adding that the criminals in these campaigns even managed to bypass two-factor authentication systems commonly used in European consumer online banking. For instance, not only does a consumer type in a username and password to a site, but also swipes a card into a special card reader attached to the PC that provides additional data proof that the legitimate user is accessing the account.

The log-in or authentication "information is taken from the malware (on the PC) and redirected to the server in real time, Contos said. "That server takes that data and authenticates against the victim's bank account, all within seconds."

The servers -- at least 60 were used in these operations -- provided the criminals with the ability to fully automate the attacks, so less manual intervention is needed on the part of the attacker to do things like adjust the amount to steal that will be below fraud detection levels.

"The server is the brains that does all the transactions in the bank account," he said. Rather than having the malware residing on the victim's computer take charge of the attack functions, like stealing the data and sending it off somewhere, the attack itself is performed by the server.

See the article here:
Sunday

Researchers say criminals are moving their malware heavy lifting from end user PCs to servers in the cloud.

The same flexibility and freedom companies get from having their software and services hosted in the cloud is enabling cybercriminals to conduct highly automated online banking theft -- without doing much of the necessary information processing on their victims' own computers.

Security and privacy experts have long worried that criminals would launch attacks on the servers storing the data in cloud environments. But, a report released this week from McAfee and Guardian Analytics shows that criminals are now using the cloud infrastructure itself to get more capability out of their campaigns.

"They are leveraging the cloud," Brian Contos, senior director of emerging markets at McAfee, said in an interview. "This is the first time we've ever seen this."

Basically, what researchers uncovered was a series of highly sophisticated campaigns designed to siphon money out of high balance bank accounts in Europe, the U.S. and South America through automated transfers. Like most online consumer bank fraud, the attacks started off with a phishing e-mail, typically pretending to be from a victim's bank and urging the recipient to click a link to change the account password. Once the link is clicked, a Trojan -- in this case Zeus or SpyEye -- was downloaded onto the victim's computer, in early versions of the attacks. In later versions the malware is operating from a server.

When the victim goes to log into the bank site, the malware would use a so-called Web inject technique to overlay what looks like the bank Web page in the victim's browser. However, behind the scenes and totally transparent to the victim, something entirely different is happening. While the victim thinks he or she is transferring money from a savings account into a checking account, for instance, the malware is actually transferring any amount of money the criminals specify into their own account.

Traditionally, banking malware like this will handle the processing from the victim's PC. But in this case, the heavy lifting of the malware is being done on the server in the cloud, according to Contos. In the operations McAfee and Guardian Analytics uncovered the servers were located in eastern European countries, he said. The servers are located mostly at "bullet proof" ISP that have lax policies and are re-located frequently to avoid discovery.

"The servers are sitting within ISPs that are designed specifically to take part in fraud," he said, adding that the criminals in these campaigns even managed to bypass two-factor authentication systems commonly used in European consumer online banking. For instance, not only does a consumer type in a username and password to a site, but also swipes a card into a special card reader attached to the PC that provides additional data proof that the legitimate user is accessing the account.

The servers -- at least 60 were used in these operations -- provided the criminals with the ability to fully automate the attacks, so less manual intervention is needed on the part of the attacker to do things like adjust the amount to steal that will be below fraud detection levels.

"The server is the brains that does all the transactions in the bank account," he said. Rather than having the malware residing on the victim's computer take charge of the attack functions, like stealing the data and sending it off somewhere, the attack itself is performed by the server.

See the article here:
Cybercrime moves to the cloud

Read the original post:
Eleven2 : Coupon for First Month for 1 Penny - Video