How free cloud services become free, currency-mining, DDoS-attacking botnets

August 8, 2014 Off By David

Grazed from Gigaom. Author: Derrick Harris.

It’s no secret that the cloud has the potential to be a hacker’s paradise, chock-full of all the password-cracking computing power a trove of stolen credit cards can buy. Surely, though, this type of bad behavior can’t be carried out without any direct financial investment. After all, the free tiers on most cloud computing services are pretty minimal — a single core (probably fairly weak) and maybe a few gigabytes of storage. What can anyone do with that? A whole lot, if they’re clever.

At the Black Hat security conference this week, a pair of professional penetration testers, Rob Ragan and Oscar Salazar of Bishop Fox, showed how they built a functional 1,000-node botnet by stringing together resources from a variety of services. They used it to mine some Litecoin and could have done a whole lot more if they weren’t trying to minimize harm to other cloud users (by being noisy neighbors) or cloud providers (by driving up power bills)…

At its peak, the pair’s bot was generating $0.25 in Litecoin per day per node. Spread across only 1,000 machines, that’s $250 a day in free money. They could have performed click fraud, scanned networks for vulnerabilities or perpetrated DDoS attacks. Really, they could have done pretty much anything that didn’t require higher-performance computing, such as mining Bitcoin or cracking passwords…

Read more from the source @ http://gigaom.com/2014/08/08/how-free-cloud-services-become-free-currency-mining-ddos-attacking-botnets/