back to article Zombie PCs are for crimelord chumps: Fear clusters, says infosec ace

It may be possible for a "single dedicated attacker" to run an internet "carpet-bombing" attack by applying Big Data and distributed computing technologies, security researcher Alejandro Caceres warns. The traditional botnet, or network of hijacked computers, has been used for distributed computing problems, such as Bitcoin …

COMMENTS

This topic is closed for new posts.
  1. Tom_

    Wait a minute...

    Is his whole argument that the software that comes with Hadoop clusters makes it a bit easier than writing your own software to run on a bot net?

  2. Pascal Monett Silver badge

    Big Iron Improves Badware shocker

    Next in the news : crooks using rocket launchers gain entry quicker than with crowbars.

    Yes, except that rocket launchers make a heck of lot more noise than the lowly crowbar, and when you're in the illegal entry business, it pays to be discreet.

    I always thought that was one of the prime qualities of a botnet : you're not conducting the attack itself from a traceable IP, you're just giving instructions to a mass of addresses that are conducting the attack on your behalf.

    With attacks conducted from a commercial cloud service, it will be easy as pie to trace the attack back to you. I don't think that's all that smart from a crims' point of view. And even if you create your own cluster, you still own the IPs used - so not any better.

    I honestly don't see how this is actually going to change things, but hey, I'm not very knowledgeable in such matters.

    1. Anonymous Coward
      Anonymous Coward

      Re: Big Iron Improves Badware shocker

      I think you'll find that renting VMs using pilfered credit card numbers will allow you, if you buy them all, to do it hundreds of thousands of times, at $100/instance.

    2. d3rrial
      Meh

      Re: Big Iron Improves Badware shocker

      Thats because his attacks do not involve Denial of Service. His way of doing things is focussing on SQL Injection vulnerability testing, password cracking etc. which can be done more efficiently in a well managed system. Because there is no outbound malicious network traffic, there will be nothing left for anyone to trace him by, except maybe the company doing the cloud hosting.

      The whole point is, that the companies being attacked won't even notice that they are, the results of the attack will then neatly be stored in some logfile for later >actual< malicious use

  3. Busby

    Way outside my area of expertise but I'm curious a out liability. Lets say for example I use Amazons cloud service to attack ebay and manage to bring it down for a while. Can ebay then go after Amazon or do they get some form of safe harbor protection and ebay can only come after me?

    Just seems potentially someone could make a lot of mischief pitting large orgs against each other in this way. Then again I could be totally clueless and arent understanding correctly.

This topic is closed for new posts.

Other stories you might like