Make us your home page
Instagram

Hackers having field day as sensitive data moves to 'cloud'

LOS ANGELES — As hackers continue their rampage against the world's largest banks, defense contractors and technology companies, executives and government officials are confronting a sobering truth: The bad guys are winning.

The seemingly unending string of high-profile attacks, most recently against Citigroup and Sony, has shown that nearly every organization is vulnerable to a growing contingent of well-trained and agile attackers who are finding security holes faster than they can be plugged.

"It's gotten very dangerous out there," said Stan Stahl, a security consultant and president of the Los Angeles chapter of the Information Systems Security Association. "There's an epidemic of this stuff going on right now."

The increase in high-profile attacks comes as companies are looking to move more of their business operations online, including to the "cloud," in which computing tasks are outsourced to firms that maintain huge data centers around the world.

Despite the cloud's potential for cost savings and reducing the hassles of running in-house computer servers, security analysts say it may not yet be as safe as advertised — a warning that many companies are taking seriously.

Alex Bermudez, security manager for Beachbody, a Los Angeles company that makes the popular P90X workout videos, said that although his company is beefing up security as it expands overseas, he has held off on shifting operations into the cloud.

"There are a lot of good technology companies doing the cloud well," he said, but having his company's data stored remotely, alongside data from many other firms, "is a little scary."

Concerns about the cloud dominated conversation at a conference this week on cyber security at the University of California at Los Angeles. The conference drew nearly 400 executives, double last year's attendance.

Eugene Schultz, chief technology officer at Emagined Security, said hackers are spending substantial amounts of time and effort looking for ways to penetrate the cloud.

"There are some real Achilles' heels in the cloud infrastructure that are making big holes for the bad guys to get into," he said.

Because data from hundreds or thousands of companies can be stored on large cloud servers, he said, hackers can theoretically gain control of huge stores of information through a single attack — a process he called "hyperjacking."

As attacks yield increasingly lucrative financial and personal data, the crowd of outlaws is growing, too, many from developing nations where unemployment rates are high and programming jobs are in short supply.

In much the same way that YouTube and cell phones have enabled millions to become filmmakers, low-cost hacking tools have automated the hacking process for novices.

"A lot more people understand how to do this now," said Samy Kamkar, a security researcher and former hacker who once created a malicious computer program that crashed MySpace. "It's much easier for any kid with a computer to download software, point it at a company's website and attempt to run various attacks."

A hacker group called LulzSec has taken credit for recent attacks on the websites of the U.S. Senate, the CIA and several video game companies.

In Internet lingo, the word "lulz" means laughs that are had at the expense of others — and it's the group's self-proclaimed raison d'être.

"Vigilantes? Nope. Cyber terrorists? Nope," the group tweeted recently. "We have no political motives — we do it for the lulz."

Hackers having field day as sensitive data moves to 'cloud' 06/17/11 [Last modified: Friday, June 17, 2011 9:39pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, Los Angeles Times.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. Pinellas construction licensing board needs to be fixed. But how?

    Local Government

    LARGO –– Everyone agrees that the Pinellas County Construction Licensing Board needs to be reformed. But no one agrees on how to do it.

    Rodney Fischer, former executive director of the Pinellas County Construction Licensing Board Rodney, at a February meeting. His management of the agency was criticized by an inspector general's report. [SCOTT KEELER   |   Times]

  2. New owners take over downtown St. Petersburg's Hofbräuhaus

    Retail

    ST. PETERSBURG — The downtown German beer-hall Hofbräuhaus St. Petersburg has been bought by a partnership led by former Checkers Drive-In Restaurants president Keith Sirois.

    The Hofbrauhaus, St. Petersburg, located in the former historic Tramor Cafeteria, St. Petersburg, is under new ownership.
[SCOTT KEELER  |  TIMES]

  3. Boho Hunter will target fashions in Hyde Park

    Business

    Boho Hunter, a boutique based in Miami's Wynwood District, will expand into Tampa with its very first franchise.

    Palma Canaria bags will be among the featured items at Boho Hunter when it opens in October. Photo courtesy of Boho Hunter.
  4. Gallery now bringing useful art to Hyde Park customers

    Business

    HYDE PARK — In 1998, Mike and Sue Shapiro opened a gallery in St. Petersburg along Central Ave., with a majority of the space dedicated to Sue's clay studio.

     As Sue Shapiro continued to work on her pottery in St. Petersburg, her retail space grew and her studio shrunk. Now Shapiro's is bringing wares like these to Hyde Park Village. Photo courtesy of Shapiro's.
  5. Appointments at Raymond James Bank and Saint Leo University highlight this week's Tampa Bay business Movers & Shakers

    Business

    Banking

    Raymond James Bank has hired Grace Jackson to serve as executive vice president and chief operating officer. Jackson will oversee all of Raymond James Bank's operational business elements, risk management and strategic planning functions. Kackson joins Raymond James Bank after senior …

    Raymond James Bank has hired Grace Jackson to serve as executive vice president and chief operating officer. [Company handout]