Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Article

Fighting Crime on the Invisible Cloud | @CloudExpo #Cloud

The tough road ahead for fighting crime on the cloud

Cloud servers bring with them distributed hosting and the ability to anonymize identities and that has enabled cloud becoming a breeding ground for criminals and even terrorists.

The cloud brings unique advantages to individual and business users alike and this explains the exponential adoption rate that cloud has seen in the past decade. There are also numerous security challenges with the cloud especially in the areas of privacy and data theft that has concerned stakeholders for a long time. However, with sophisticated encryption technologies, the instances of cloud data getting stolen is only going to get fewer in future.

But there is another aspect to cloud that has not been discussed as vocally as the security issues have been – crime. Cloud servers bring with them distributed hosting and the ability to anonymize identities and that has enabled cloud becoming a breeding ground for criminals and even terrorists. One of the biggest examples to this is Tor. The Onion Router encrypts web requests from users and allows them to be routed through a network of Tor servers located across the web in such a way that it completely obfuscates the identity of the original request. Although it was originally developed by the US Navy, the browser is now a gateway to the deep web – an underground internet that is completely hidden from search engines and conventional internet users.

A research by the Trend Micro Deep Web Analyzer showed up some interesting numbers. According to the research, the listed price for US Citizenship on a deep web site selling fake passports was $5900. Stolen Paypal accounts with about $500-$700 balance in them was around $250 while the price for assassinating a celebrity or politician was listed at $180,000. These listing and transactions are not too different from routine cloud transactions that regular consumers like us engage in. However, these transactions leave no trail on the cloud making it attractive for criminals.

Considering the implications, governments are investing more into improving electronic forensics to fight crime on the cloud. While criminals operating over platforms like eBay, Facebook or Paypal are regularly apprehended thanks to compliance from the platform owners, this can prove to be difficult on the dark web where criminals host their own servers. Cloud data aggregation for forensics has proven to be difficult so far because of the problems with multi-tenant hosting, synchronization and data segregation.

However, investigators have started identifying loopholes in the system that could help tackle crime on the invisible cloud. The drawbacks of Tor has already been well established and investigators in the FBI have already used a combination of malware and interception techniques to bust open the IP addresses of criminals using Tor. Bitcoin forensics too has been picking up which is making it possible to reconstruct transfers and potentially bust illegal transactions.

With the amount of resources required to bust these hidden cloud transactions, it is definitely a tough road ahead for investigators. But the good news is that investments in the area have picked up and so will the tools necessary to fight crime. Cloud has changed the way corporate entities do business and so has it changed the operations of criminals and it will need innovations to fight this new form of crime that is only going to get bigger in future.

More Stories By Harry Trott

Harry Trott is an IT consultant from Perth, WA. He is currently working on a long term project in Bangalore, India. Harry has over 7 years of work experience on cloud and networking based projects. He is also working on a SaaS based startup which is currently in stealth mode.

IoT & Smart Cities Stories
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of ...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determin...