Criminals are using cloud computing to share information and to superpower their hacking techniques
Joe Oldfield

Criminals are using cloud computing to share information and to superpower their hacking techniques.

There are concerns being raised that the cloud opens a world of possibilities for criminal computing which may have implications on Computer Forensics experts and Law Enforcement Agencies as the nature of the cloud makes it difficult to catch wrongdoers.

One emerging use of cloud computing is password cracking. To break into encrypted files, attackers run programs that repeatedly try different passwords until the right one is found.

Many of today's security protocols were designed at a time when would-be password crackers might have access to only a few computers. Back then, security experts considered safe any security scheme capable of withstanding 30 years of brute-force guesswork. These days, computers are dozens of times faster, and thanks to services such as Amazon's Elastic Computing Cloud (EC2), an attacker can rent time on hundreds of them at once. The result: an encryption password that used to take 30 years to break can now be cracked in a few days.

Although incident response and law enforcement officials can recover forensically useful data from a running virtual machine, it is nearly impossible to recover such data after the machine has been "de-provisioned." In a real sense, the machine no longer exists. And neither does the evidence.

For the criminal enterprise, like the legitimate one, the promise of the cloud is unlimited computing for a low, low price.