White hat hacker Mafiaboy casts doubt on cloud computing security
December 1, 2010
Michael Calce, the reformed hacker from Montreal who will forever be known as Mafiaboy, told a group of IT professionals Tuesday that he has serious concerns about the inherent vulnerabilities in the latest evolution of information technology: cloud computing.
Calce was a guest speaker at storage vendor Hitachi Data Systems’ (HDS) annual Information Forum event. He came to fame in 2000 when, as a teenager, he launched a series of denial of service attacks that crippled the websites of companies such as CNN, Amazon, Dell and Yahoo, leading to a manhunt by the RCMP and the FBI and his eventual arrest.
Having completed his sentence and matured beyond the "misguided youth with too much power at his fingertips," Calce is speaking out about IT security and the inherent vulnerabilities in the way the Internet is constructed that he said still haven’t been addressed. And Calce has some serious concerns about the latest craze sweeping the IT industry: cloud computing
"These businesses are a lot more at risk today than ever before. So much data is available, and being put into the cloud," said Calce. "It’s one of the reasons I’ve decided to break my silence."
While he understands the practicality behind the cloud architecture, agreeing it’s what the Internet was really designed to be, Calce said he worries if we’re ready for the security risks and are willing to address them.
"Raising awareness of security is very critical to where the cloud is moving," said Calce. "It’s like sex-ed, we need IT security education in school. At this point, everyone is destined in their lives to touch technology."
In an interview with CDN, Calce said while everyone is focused on the cloud, his biggest concern is that we’re not even secure with our current infrastructure, and here we are putting our data alone in one bubble. It’s a great concept, but he said security seems to be an afterthought.
"It’s hard to patch-up holes when so many bullets have already been fired. I know I’ll never get businesses to agree but we need to slow down technology, and stop reinventing without fixing the predecessor first," said Calce. "We’re always taking on security as an afterthought. We should redesign the protocols behind the Internet to make it less exploitable.
Calce isn’t suggesting we back away from new models of computing like the cloud. But he does stress we need to make security a priority, not an afterthought. "Imagine building a new house with a crap foundation, how long will it last?" asked Calce. "Why not build a new foundation first?"
While he doesn’t share Calce’s level of concern with cloud computing, Chris Willis, senior director of solutions consulting for HDS Canada, said they brought Calce in as a speaker because they wanted to raise the awareness of security issues around cloud computing and IT in general.
Willis said Hitachi works with its partners such as Brocade to build security into its systems and architectures, and offers features such as data encryption both at rest and in flight.
"The top thing people ask about cloud applications is if it’s secure. It comes back to education, awareness and standards," said Willis. "It’s like STDs. No one wants to talk about if, but you’d better talk about it."
Bradley Brodkin, president of Hitachi partner HighVail Systems, said he can understand Calce’s concerns and where he’s coming from but, at the end of the day, we’re not going to go offline.
"I’ve been defrauded. People have stolen information on me from a dumpster. It’s caused some grief," said Brodkin. "But I do a lot of things online. If it happens, it happens. The vendors work very diligently to prevent fraud. As a partner I have to rely on technology to run my life. At the end of the day, you’re going to worry or you’re going to live your life."