Just to see how vulnerable cloud services really are to potential attacks by cloud hackers, CloudPassage, a security company, built an elaborate setup that consists of four servers with Linux-based operating systems and 2 servers using Microsoft operating systems. Loading these up with a variety of commonly-used programs, they invited hackers to break into the system, offering $5,000 for the winner.
All it took was four hours. Gus Gray, a novice who is still working on his bachelor’s degree in computer science while working for a technology company at the same time, just thought he’d fiddle around with the system because he didn’t have anything interesting to do.
So what was CloudPassage hoping to achieve with this experiment? Andrew Hay, CloudPassage’s director for applied security research, says that they wanted cloud users to realize how vulnerable they really are if they do not consider adding security measures to their default setup. “The cloud is cheap and efficient, which makes people want to use it. However, they do this without thinking about the security risks,” he says.
Of course, all these would prove to be beneficial to CloudPassage considering that they offer security services for cloud users. For those who are still not interested in getting the additional security, remember that loss of data is also caused by poor human judgment most of the time. Gus Gray, for example, was able to hack into the system after merely guessing the administrator password. This calls for stringent measures that users themselves can do, such as veering far away from default passwords and creating unique passwords that would be impossible for anyone else to guess. Changing these passwords over time would also be necessary to keep the security in the same level for a long period of time.
As for Gus Gray, the first thing he did after hacking the system was to go back to their office and check their own system for similar vulnerabilities.
It is normal for people to fear for the safety of their data, especially when you consider how attacks of cloud hackers seem to appear here and there. This makes it especially difficult for those who do not have a thorough background in cloud computing and technology as a whole, especially when hacking is blamed on the provider’s security system without considering human error and judgment. Just like the controversial iCloud incident, the term “hacked” was carelessly used, considering that the people behind it used phishing to get login credentials that would give them access to the information. Although people argue that Apple should have kept a two-step security check in place before the incident even occurred, the data centers remained secure throughout this incident.
Regardless of all the technical details surrounding such incidents however, it still remains that security should always be the first thing on people’s minds when they consider using cloud services. After all, you never know what trick cloud hackers are going to pull off next.
What about you? Have you considered adding security measures on top of your system’s default, or have you been keeping a tight watch over your system that you’re sure no one will be able to get in?