By now most of you have probably heard about the GoogleHack in China. Yesterday Google's Chief Legal Officer David Drummond wrote in a blog post that indicated the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routinely accessed by third parties. Drummond said that these accounts were compromised through phishing scams or malware, not through holes in Google's computing infrastructure.
And as expected there are headlines saying that this proves that "The Cloud" isn't secure and CAN'T BE TRUSTED. I'm here to tell you it is the opposite. The GoogleHack proves the Cloud is More Secure then Traditional Desktop Software, not less.
First let's look at the actual hack. Although not a lot is known -- what is known is it's probably part of a program known as "GhostNet". The exploit uses emails which are sent to target organizations that contain contextually relevant information. This is more generally referred to as a "Social Engineering hack" which is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Basically a person opens an email that contains malicious attachments, that when opened, delivers a Trojan horse on to the system's OS. This Trojan connects back to a control server, usually located in China, to receive commands. The infected computer will then execute the command specified by the control server. Occasionally, the command specified by the control server will cause the infected computer to download and install a Trojan known as Gh0st Rat that allows attackers to gain complete, real-time control of computers. Such a computer can be controlled or inspected by attackers, and even has the ability to turn on camera and audio-recording functions, if present, of infected computers, enabling monitors to perform surveillance on windows based machines.
Let's put this hack into perspective. What this hack really proves is that people are easier to hack then networks. The weakest link are the people who are stupid enough to open an attachment they don't recognize, even if it appeared to be from someone they trusted. That's the beauty of social engineering based hacks. The email appears to be from your mother, father, friend or colleague. The lesson we must learn is one of education, don't open attachments you don't recognize. And two, OS based Trojans are still a major treat.
And yes, for the most part the cloud is still safe at least from these sorts of hacks. The real issue with cloud security is the threat from that in which you don't know. Was my infrastructure compromised? Is my hypervisor secure? Has my operating system changed? Those are the real problems that need a technical solution. The rest is just educating the computing public to risks of social engineering related exploits.
