Prosecutor: Cloud computing is security's frontier
Software piracy model is becoming obsolete as programs are increasingly distributed over the Net, making targets of cloud computing centers, U.S. attorney says.
FORT BAKER, Calif.--As data moves to the cloud, attackers and thieves will follow, a federal prosecutor said on Friday.
The days of tracking down software counterfeiters in other countries who are selling pirated CDs are numbered as companies increasingly distribute software and store data online via hosted computing services, Matthew Parrella, an assistant U.S. attorney based in San Jose, Calif., said at Symantec's Norton Cyber Crime Day.
"That model of importation of software is becoming obsolete because we're seeing on the horizon cloud computing where so many of these operations are pushed from a user's PC or a user's computer onto Google Docs or Salesforce.com," he said.
Looking ahead five years, "I'm thinking the attack is going to be on cloud computing centers," said Parrella, chief of the computer hacking and intellectual property unit at the U.S. Attorney's Office.
The immediate threat will be attacks to steal data from the servers they are stored on, either remotely or by an insider or someone who gains access to the data center, he said. Later on it's likely any stolen data could be pirated, he said.
Parrella spends a lot of time prosecuting counterfeit software cases, as well as trade secret theft, he said.
His office also has been tracking a botnet for a long time that has grown to include 100,000 or so compromised computers.
"We don't know what it does," he said. "That's the type of threat we're looking to prosecute...malware that may lead to distributed denial of service attacks."
Parella declined to comment on the most recent DDOS attacks that have targeted Web sites in the U.S. and South Korea since the July 4 weekend.
FBI agent Donna Peterson said her office had seen a "tremendous uptick in large-scale, fairly devastating data breaches," with the biggest heist being close to $10 million stolen in 24 hours.
Cyberthieves "are getting more organized and their technical sophistication is better," she said. "They do what they need to get the job done...if they can use a 5-year-old exploit in conjunction with an exploit that they paid a programmer in another country $60,000 to (write), they will do it."
Cybercriminals can spend anywhere from two weeks to six weeks to completely own a corporate target's computer system so completely that "you won't even know that they're there," she said.
Businesses have opened on a Monday morning only to discover that so much money has been stolen since employees went home on Friday that they are no longer solvent and there is no record on their systems of the activity, Peterson said.
Also on the cybercrime panel was San Jose Police Sergeant Edward Schroder, who talked about how he spends his time investigating fraud related to sites like eBay and Craigslist, Nigerian or lottery scams, and money mule orwork-from-home scams.
Schroder also said he gets a fair share of cases involving phishing attempts and e-mail extortion cases in which someone's life is threatened if someone don't pay the hired killer money.