Botnets and illicit file swapping: the original "cloud computing"

The primary motives that are being cited for cloud computing, such as lower operational cost, scalability to elastic demand, and high availability, have all been addressed before in the underground.Have you ever heard of this thing called "Cloud Computing"?

The primary motives that are being cited for cloud computing, such as lower operational cost, scalability to elastic demand, and high availability, have all been addressed before in the underground. Have you ever heard of this thing called "Cloud Computing"? I have, and apparently it is dreamy. It is the solution for fixed CAPEX, high OPEX, non-scalable systems whose availability may be compromised by localized issues, i.e. a Bay-area big one. I realized the other day that as IT groups everywhere look to the Cloud, whatever it may be, to reduce their recession-sized budgets, electronic hoodlums have already moved to the Cloud to realize all of these benefits and then some.

The bad guys were faced with a set of dilemmas ten years ago. The DoS kids weren't able to scale up demand for packets rapidly from their home systems. File sharers had availability problems due to legal procedures, and spammers were being pressured by real-time blackhole lists as well as the increasing cost of hosting from increasingly hostile ISPs.

How did they solve their problems? The DoS kids built networks of systems that allowed them to scale up their packet generation needs on demand and time share the resource with other customers. The file sharers built P2P systems that allowed retrieval of content with just a key without concern to where the file is located. The spammers built botnets that could generate e-mail from a vast number of IP addresses, thus providing high transmission availability to senders. The majority of the content and infrastructure for each of these services exist in locations other than the requesting customer's desktop. Sound familiar?

We can look at the more recent services provided by the underground if we want a list of what to expect from Cloud vendors in the near future. Fast-flux enabled phishing sites using rapid DNS rotation across a large number of end points to provide load-balancing and survivability for a phishing site. A similar legitimate service could provide load-balancing and survivability for a product across multiple Cloud vendors.

While the constraints of accountability, security, and human factors may limit the rate at which the enterprise can move into the Cloud, none of these constraints exist for the underground. I expect that the underground, and not the enterprise, will continue to push the innovation boundary of Cloud computing as a result.

Finally, I have to extend special thanks to Chris Hoff for his presentation at Source Boston as it helped ferment many of these ideas.