DEFCON survey reveals vast scale of cloud hacking

An in-depth survey carried out amongst 100 of those attending this year’s DEFCON conference in Las Vegas recently has revealed that an overwhelming 96 percent of the respondents said they believed the cloud would open up more hacking opportunities for them.

“While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud” said Barmak Meftah, CPO with Fortify.

According to Meftah, when you factor in the prediction from numerous analysts that at the start of 2010 20 percent of businesses would have their IT resources in the cloud within four years, you begin to appreciate the potential scale and complexity of the security issues involved.

In the many predictions, he explained, 20 per cent of organizations would own no appreciable IT assets, but would instead rely on cloud computing resources – the same resources that 45 percent of the DEFCON attendees in the survey cheerfully admitted to already having tried to hack.

Breaking down the survey responses, 21 percent believe that SaaS cloud systems are viewed as being the most vulnerable, with 33 percent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their cloud travels.

Remember, says Meftah, we are talking about hackers having discovered these types of vulnerabilities in the cloud, rather than merely making an observation.