It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud â€“ like any other business.
Some way back, there were discussions on how to leverage GPUs to crack passwords: Graphics Cards â€“ The Next Big Thing for Password Cracking? â€“ that was back in 2007. Then in 2009 there were discussions on how to misuse Amazon EC2 to crack passwords: Using Cloud Computing To Crack Passwords â€“ Amazonâ€™s EC2. Now, there are announcements that it will become public knowledge how to use Amazonâ€™s EC2 GPU to combine both â€“ announced at BlackHat DC: Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC.
This development cannot be surprising. Crime is a business – illegal but following the same rules as any other business. If somebody is conducting illegal activities on a Cloud infrastructure, I expect every cloud provider to do their best to fight that. But it is close to impossible. Letâ€™s assume you are a mathematician at a University doing crypto research. Part of your job is trying to understand how vulnerable the mathematical models for crypto are and how you can improve them. So, cracking crypto is a legitimate part of your job. Putting such work in the Cloud might make sense. How can you distinguish such use of a Cloud infrastructure from an illegal activity? Even worse: In Amazon EC2, you just rent an infrastructure, without Amazon knowing what is going on in the virtual machine. As a customer of Amazon, I would definitely not want them to look into my VMs â€“ thatâ€™s my business.
How can we now make sure, that the criminals are not misusing a Cloud infrastructure but still retain confidentially? This will be a huge challenge.