Free Service Botnets

How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others: a couple of security researchers build a botnet out of free accounts, potentially legally they claim, rather than from hijacked computers. They proof of concept tested Litecoin mining, suggesting they could have brought in $1750/week with their constructed botnet if left running.

While the article cites Amazon and Google’s services as examples, the following suggests an alternate source for these vulnerable accounts:

Choosing among the easy two-thirds, they targeted about 15 services that let them sign up for a free account or a free trial. The researchers won’t name those vulnerable services, to avoid helping malicious hackers follow in their footsteps. “A lot of these companies are startups trying to get as many users as quickly as possible,” says Salazar. “They’re not really thinking about defending against these kinds of attacks.”

A brief mention late in the article about companies (not Amazon or Google) turning off services or shutting down because of this type of malicious use suggests this may be a real barrier to entry into the market for cloud computing.

Leave a Reply

Your email address will not be published. Required fields are marked *