http://www.defenseone.com/technology/2015/07/how-break-cias-cloud-amazon/117175/
By Patrick Tucker
defenseone.com
July 7, 2015
Last year, Amazon Web Services surprised a lot of people in Washington by
beating out IBM for a $600 million contract to provide cloud services and
data storage to the CIA and the broader intelligence community. But more
money can bring more problems. Amazon, in essence, has turned itself into
the most valuable data target on the planet. The cloud is completely
separate from the rest of the Internet and heavy duty encryption is
keeping the spies’ secrets relatively safe from outsiders — but what about
an attack from within?
In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole
millions of classified and unclassified government documents: “Weak
servers, weak logging, weak physical security, weak counter-intelligence,
inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s
‘Telephone’ while exfiltrating possibly the largest data spillage in
American history.”
So if you wanted to pull off a similar feat at Amazon, how would you do
it?
First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes
called the “spook cloud.” According to this help-wanted ad, applicants
must pass a single-scope background investigation—in essence, the kind of
detailed 10-year background check required for a Top Secret security
clearance. Of course, to a savvy spy or informant, obtaining top-secret
clearance is not the barrier it once was.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
