Make us your home page
Instagram

Hackers having field day as sensitive data moves to 'cloud'

LOS ANGELES — As hackers continue their rampage against the world's largest banks, defense contractors and technology companies, executives and government officials are confronting a sobering truth: The bad guys are winning.

The seemingly unending string of high-profile attacks, most recently against Citigroup and Sony, has shown that nearly every organization is vulnerable to a growing contingent of well-trained and agile attackers who are finding security holes faster than they can be plugged.

"It's gotten very dangerous out there," said Stan Stahl, a security consultant and president of the Los Angeles chapter of the Information Systems Security Association. "There's an epidemic of this stuff going on right now."

The increase in high-profile attacks comes as companies are looking to move more of their business operations online, including to the "cloud," in which computing tasks are outsourced to firms that maintain huge data centers around the world.

Despite the cloud's potential for cost savings and reducing the hassles of running in-house computer servers, security analysts say it may not yet be as safe as advertised — a warning that many companies are taking seriously.

Alex Bermudez, security manager for Beachbody, a Los Angeles company that makes the popular P90X workout videos, said that although his company is beefing up security as it expands overseas, he has held off on shifting operations into the cloud.

"There are a lot of good technology companies doing the cloud well," he said, but having his company's data stored remotely, alongside data from many other firms, "is a little scary."

Concerns about the cloud dominated conversation at a conference this week on cyber security at the University of California at Los Angeles. The conference drew nearly 400 executives, double last year's attendance.

Eugene Schultz, chief technology officer at Emagined Security, said hackers are spending substantial amounts of time and effort looking for ways to penetrate the cloud.

"There are some real Achilles' heels in the cloud infrastructure that are making big holes for the bad guys to get into," he said.

Because data from hundreds or thousands of companies can be stored on large cloud servers, he said, hackers can theoretically gain control of huge stores of information through a single attack — a process he called "hyperjacking."

As attacks yield increasingly lucrative financial and personal data, the crowd of outlaws is growing, too, many from developing nations where unemployment rates are high and programming jobs are in short supply.

In much the same way that YouTube and cell phones have enabled millions to become filmmakers, low-cost hacking tools have automated the hacking process for novices.

"A lot more people understand how to do this now," said Samy Kamkar, a security researcher and former hacker who once created a malicious computer program that crashed MySpace. "It's much easier for any kid with a computer to download software, point it at a company's website and attempt to run various attacks."

A hacker group called LulzSec has taken credit for recent attacks on the websites of the U.S. Senate, the CIA and several video game companies.

In Internet lingo, the word "lulz" means laughs that are had at the expense of others — and it's the group's self-proclaimed raison d'être.

"Vigilantes? Nope. Cyber terrorists? Nope," the group tweeted recently. "We have no political motives — we do it for the lulz."

Hackers having field day as sensitive data moves to 'cloud' 06/17/11 [Last modified: Friday, June 17, 2011 9:39pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, Los Angeles Times.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. Ratings service Nielsen begins tracking live TV consumption on Hulu, YouTube

    Retail

    TV ratings service Nielsen will begin tracking how many people watch network TV on YouTube and Hulu to gauge how many viewers broadcast networks have through streaming, the company announced Tuesday.

    Nielsen, a ratings company, is monitoring how many viewers watch live TV on Hulu and YouTube to get a better sense of overall viewership. | [AP]
  2. Allegiant Air strands 200 in Las Vegas, possibly for days

    Airlines

    What happened in Vegas will stay in Vegas — at least until Thursday for about 200 Allegiant Air passengers who were stranded Sunday when their flight to Oklahoma City was canceled.

    About 200 Allegiant Air passengers are stranded in Las Vegas, perhaps for days. Allegiant's headquarters, shown here, is located in the Las Vegas suburb of Summerlin, Nevada.
[JAMES BORCHUCK   |   Times]


  3. Cott Corp. sells beverage manufacturing business for $1.25 billion

    Business

    TAMPA — Cott Corp., a beverage manufacturer with headquarters in Tampa and Toronto, announced Tuesday it is selling its national beverage manufacturing business to Refresco for $1.25 billion.

    Cott Corp CEO Jerry Fowden
[Handout photo]
  4. Duke Energy Florida again ranks last in J.D. Power satisfaction survey

    Business

    ST. PETERSBURG — Another J.D. Power customer satisfaction survey, another last place annual ranking for Duke Energy Florida.

    Duke Energy Florida president. Can he improve the utility's customer satisfaction ratings?
[SCOTT KEELER   |   Times file photo]
  5. Trigaux: Florida's jobless rate looks great — but 25 other state rates look even better

    Economic Development

    No debate here: Florida's unemployment rate continues to drop — even as more people move to Florida and enter the workforce. What's not to like?

    Who remembers the remarkable lines of hundreds of people looking for construction work in Tampa back in March of 2010 at a job fair at the Encore construction site near downtown Tampa? Now the construction industry is struggling to find skilled workers to meet building demand. [
JOHN PENDYGRAFT | TIMES]