Cloud computing has created huge opportunities both for providers of cloud services and for customers seeking a flexible, scalable and affordable source for IT solutions. State and local governments seeking storage, software and infrastructure as a service have myriad options that are more accessible than ever. Not surprisingly, these services aren’t always used for wholesome purposes.
Hackers and spammers have always found ways to harass both innocent and not-so-innocent Internet users, but now the average Joe with an ax to grind has access to the engineers who run the dark side of the web. It’s made possible through crime as a service. Although that’s not the technical name for such operations, the principal is very much in line with more virtuous operations, such as software as a service.
The crime-as-a-service model depends heavily on botnets, which are large collections of compromised computers that can be controlled by a single, usually malicious, operator. The collective force of a botnet can be used to take down websites by overloading web servers and to recruit more hosts. Previously only available to the skillful programmers who build them, these botnets, as well as other cyber crime, are now available for sale. According to a report from ReadWrite, the prices are competitive and start at around $700. The report also describes the enormous security problems these networks are creating:
With geographically diverse nodes spread all over the planet and controlled by a fairly well-hidden network of command and control servers, one could argue that the botnets are even more resilient and "cloudy" than legitimate cloud networks, which still tend to be localized in key spots on the Internet.
Making the problem worse . . . is that criminals and spammers are no longer limited by their own technical expertise (or lack thereof) to implement their schemes. A whole new marketplace of Botnets-as-a-Service (BaaS) providers are cropping up, selling either the direct capabilities of the botnet to perform whatever the client needs, or selling the gains of botnet-gathered data to the highest bidder or through resellers. Think of it as Crime-as-a-Service.
Read BotClouds: How Botnets Now Offer Crime-As-A-Service on ReadWrite.