Picture: Noah Berger/Getty Picture of Amazon Web Services
hacker. False information. Surveillance. CYBER is a podcast on Motherboard, covering the dark side of the Internet.
On Monday, several services on the Internet were suspended due to a failure of some Amazon Web Services cloud servers.Affected by power outage Netflix, Disney Plus, PlayerUnknown’s Battlegrounds, League of Legends, Ring security camera, And Amazon products and Delivery infrastructure. People can’t see Photos of their favorite McDonald’s coffee, Nor Use their Roomba vacuum cleaner. On Reddit, users report that they can’t charge electric carEven on Motherboard, we are temporarily unable to publish new stories or share them on social media because the power outage affected some of the tools we use.
The outage only lasted a few hours, but it showed the world how dependent the Internet is on Amazon’s infrastructure.
Steven Bellovin, a professor of computer science at Columbia University, said that one of the problems with the Internet’s reliance on AWS is that thousands of websites now have a single point of failure.
“If an attacker can control the AWS infrastructure, they can cause a lot of damage. This may be much more difficult than infiltrating individual companies, because AWS is very, very good at operating secure stores, but this is of course not impossible,” Bellovin said. Tell Motherboard in an email.
Ed Skoudis, director of the SANS Institute of Technology, which focuses on network security, told Motherboard in an interview: “This is another glimpse of the degree of interconnection of our services. The huge complexity of cloud deployment affects a large number of enterprises and consumers.” Email.
Rob Graham, a cyber security expert known for creating tools that scan the entire Internet, said that when you rely on a cloud provider like AWS, you might set up your website or service to continue running when the provider shuts down, which might Affect some security services.
Graham mentioned Paller’s example. Earlier this year, AWS and Twilion shut down right-wing social media sites, This caused the website’s SMS verification system to fail, allowing hackers to bypass the two-factor authentication And enter the user’s account.
“A company that controls so many networks faces real but immeasurable risks.”
“Just as people are surprised by their reliance on AWS when AWS is down, people will be surprised by how much their security relies on AWS. However, they are unlikely to notice that their security is now vulnerable. I mean, if this is an accidental dependence on usability, people will immediately notice it. If it is an accidental security hole, they won’t notice – unless the hacker notices it :),” Graham once said Said in the online chat. “You won’t have major failures on obvious security issues, but subtle vulnerabilities will appear in unexpected ways.”
On Tuesday, Amazon stated that it “saw an impact on multiple AWS APIs in the US-EAST-1 region. This issue also affected some of our monitoring and incident response tools, thereby delaying our ability to provide updates.”
“The root cause of this problem is that multiple network devices in the US-EAST-1 area were damaged,” The company added on its official status page.
Bellovin added that another risk is that AWS is a monoculture, and if hackers figure out a way to phish AWS customers, they can use this technique for everyone. Nevertheless, AWS is still an excellent choice for most companies.
“For small and medium-sized companies, I usually recommend cloud services because they don’t have the people or skills to run their systems safely,” Bellovin said. “But a company that controls so many networks faces real but immeasurable risks.”
AWS is a single point of failure, but the fact that it does not fail often gives many people a sense of security, and they should be better prepared.
Nicholas Weaver, a senior researcher at the Institute of International Computer Science at the University of California, Berkeley, told Motherboard on the Internet: “Single points of failure are all over. If it’s really important for them to continue working, those The affected person could have designed a failover.” Chat. “If AWS is too reliable, then it is reliable enough that people won’t bother with engineering design when it fails, so when it does fail, it will be shocking.”
Subscribe to our cybersecurity podcast, The internet. Subscribe Our new Twitch channel.
