How To Break Into the CIA’s Cloud on Amazon

[InfoSec News <alerts () infosecnews org>]

http://www.defenseone.com/technology/2015/07/how-break-cias-cloud-amazon/117175/

By Patrick Tucker
defenseone.com
July 7, 2015

Last year, Amazon Web Services surprised a lot of people in Washington by 
beating out IBM for a $600 million contract to provide cloud services and 
data storage to the CIA and the broader intelligence community. But more 
money can bring more problems. Amazon, in essence, has turned itself into 
the most valuable data target on the planet. The cloud is completely 
separate from the rest of the Internet and heavy duty encryption is 
keeping the spies’ secrets relatively safe from outsiders — but what about 
an attack from within?

In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole 
millions of classified and unclassified government documents: “Weak 
servers, weak logging, weak physical security, weak counter-intelligence, 
inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s 
‘Telephone’ while exfiltrating possibly the largest data spillage in 
American history.”

So if you wanted to pull off a similar feat at Amazon, how would you do 
it?

First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes 
called the “spook cloud.” According to this help-wanted ad, applicants 
must pass a single-scope background investigation—in essence, the kind of 
detailed 10-year background check required for a Top Secret security 
clearance. Of course, to a savvy spy or informant, obtaining top-secret 
clearance is not the barrier it once was.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/