Forensics Journal - Stevenson University 2015 | Page 28
STEVENSON UNIVERSITY
such as personal information revealing certain characteristics, i.e.
ethnicity, political and religious beliefs, medical information, and
criminal convictions or private financial data (King & Raja, 2012).
In addition to storage, Netflix also maintains customer accounts,
which contain such sensitive data as credit card numbers. All the
sensitive information stored is then accessible by a third party, the
cloud provider, should this service be outsourced.
Data fraud attacks are not the only type currently threatening
the cloud computing industry. Instead of targeting the data within
the cloud, attackers may target the resources of the cloud. Cloud
consumers generally pay for the computational resources they
consume, as an individual would for any utility service (Idziorek &
Tannian, 2011). The cost basis for the resource utilized in the cloud
relies on the cloud provider’s contract agreement, which outlines
usage fees, support fees, computational costs and other expenses
(Idziorek & Tannian, 2011). In fraudulent resource consumption
attacks, attackers attempt to use cloud resources without paying for
the service. Attackers typically try to infiltrate cloud resources by
“mimicking legitimate client behavior” (Idziorek & Tannian, 2011).
The perpetrators conceal themselves as legitimate users who will then
be billed by the cloud provider for the fraudulent charges.
Other information stored on cloud servers can be as basic as
personal employee files and corporate records, as Twitter did with
Google Apps. Similar to sensitive information, personal files and
corporate records may contain information that is not for public
consumption. In the Twitter incident, the attacker gained access to
personal Twitter accounts. The most identifiable, illegally accessed
account in the Twitter incident was that of President Barrack Obama
(Pavanireddy, Srinivas, & Aruna, 2014). The vast amount of data now
stored on cloud servers throughout the world presents an ideal target
for fraudsters.
When an attacker aims his or her attack on cloud resources, such
as RAM and network bandwidth, the cloud infrastructure becomes
compromised (Booth, Soknacki & Somayaji, 2013). Fraudulent
resource consumption attacks not only result in fraudulent charges
to the legitimate consumer, but also decrease the performance and
functionality of the cloud resources. In the 8th Annual Symposium
on Information Assurance, Gehana Booth states, “Even the largest
of providers have finite resources” (Booth, Soknacki & Somayaji,
2013). When an attacker is using a vast amount of cloud resources,
the consumer will notice a decrease in the cloud server’s productivity
and performance. An attack on cloud resources, which causes the
consumer a decrease in performance, is referred to as a denial of
service attack (Booth, Soknacki, & Somayaji, 2013).
POTENTIAL THREATS
Cloud-based networks are vulnerable infrastructures subject to
daily threats and intrusions. Advancements in technology allow
criminals to target cloud servers and access an abundance of
information and resources across the globe. Some of the major
concerns in the cloud computing industry are inherent weaknesses
found in access controls, authentication, and encryption. Data
fraud attacks are executed by a perpetrator in order to gain access
to information for malicious purposes and may occur from either
an outside source or an associate of the company using the cloud
(Pavanireddy, Srinivas, & Aruna, 2014).
Another threat to the cloud computing industry is the Structured
Query Language (SQL) injection attack. Structured Query Language
is a special type of programming language used to manage data in
large databases. Attackers using SQL injection attacks attempt to
bypass simple SQL commands to gain access to the database. For
example, web-based databases, such as cloud server, typically require
a username and password for authorized access. The username and
password is verified by the web-based application using a series of
planned commands. The SQL injection technique allows perpetrators
to gain backend access to the database by using “specifically crafted
SQL commands” (“SQL Injection: What is it?”, 2014). The attacker
is then able to access the information on the database without proper
verification.
The Cloud Security Alliance identifies attacks by a “malicious
associate” as a top threat to the cloud computing industry
(Pavanireddy, Srinivas & Aruna, 2014). A malicious associate
is an individual who works for the cloud service provider and
gains access to the data by stealing the Cloud customer’s passwords
or private keys. Once the associate has the password or private key,
he or she has access to all the customer’s data (Pavanireddy, Srinivas,
& Aruna, 2014). This type of attack is of major concern to cloud
customers because it is difficult to detect. Malicious associates in
control of customer passwords can essentially access the customer’s
data without alerting the customer to any unauthorized access
(Pavanireddy, Srinivas, & Aruna, 2014).
Data confidentiality remains an ongoing concern. As previously
discussed, cloud servers may contain sensitive data that is extremely
private. In some cases, the cloud consumer may not want the cloud
provider to know the contents of the data being stored on the cloud.
This raises issues with the relationship between the consumer and
the provider. Currently, some cloud providers guarantee service level
agreements comprised of data integrity and availability details (Booth,
Soknacki, & Somayaji, 2013). However, not all providers are assumed
Outside source data fraud attack is exactly as named. An example
of outside source attack is the breach of Twitter’s personal and
corporate documents stored on the cloud server, Google Apps
previously discussed. Data fraud attacks from an outside source are
easier to detect than malicious associate atta