Out-Law / Your Daily Need-To-Know

Hackers say they are targeting cloud computing

Out-Law News | 24 Aug 2010 | 12:35 pm |

Cloud vendors are not doing enough to address the security of their services, according to 89% of the hackers and IT security experts polled at a recent hacking conference in Las Vegas.

Almost half of the survey respondents said they had already tried to exploit vulnerabilities in cloud services, 12% of whom said they had done so for financial gain, according to Fortify Software, the company that sponsored the poll.

The survey was carried out among 100 attendees at the annual DEF CON conference this week.

Fortify's chief products officer, Barmak Meftah, said hackers see more opportunities in cloud services because vendors are not doing enough to address the security issues of their services.

"Eighty-nine percent of respondents said they believed this was the case and, when you analyse this overwhelming response in the light of the fact that 45% of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem," said Meftah.

"More than anything, this research confirms our ongoing observations that cloud vendors – as well as the IT software industry as a whole – need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," he said.

This year's DEF CON conference also witnessed a demonstration of a $1,500 device that  intercepted GSM mobile calls made by members of the audience. "GSM is broken," security researcher Chris Paget told Associated Press. "It's just plain broken."