Random Knowledge - November 05, 2020

November 5, 2020

The history related posts this month with be security-related. November 30th is National Computer Security Day. So the month of November we will reflect on some of the biggest moments in the past 10 years.

To start with lets we will travel back to 2013, and look at Edward Snowden and the leaked documents. From a technical standpoint, this is easily done by anyone. Edward Snowden, at the time, was a 29-year-old employee of Booz Allen Hamilton (a defense contractor). He copied sensitive files from the NSA via an exploit is an antiquated security system and some thumb drives, a willingness to do the deed, and an understanding of the ramifications.

To learn more about what this event was here are some resources:

• How Snowden did it
• Edward Snowden Says He's Applying For Russian Citizenship
• This is everything Edward Snowden revealed in one year of unprecedented top-secret leaks
• Edward Snowden: the whistleblower behind the NSA surveillance revelations
• 17 disturbing things Snowden has taught us (so far)
• Edward Snowden's Relationship With WikiLeaks Should Concern Everyone

As we all know he was both willing to do it and willing to live with the consequences. He has been branded as a traitor by some, and a patriot to others, but lives in exile. While not a flashy hacking, or some clever backdoor like what happened with AWS (Capital One Says Breach Hit 100 Million Individuals in U.S.), this was a large reminder of the importance of internal security. Some articles indicate the NSA was working with technology that was 10 years old in 2013 (so around 2003ish). In 2013 it would be easy for any technically inclined person to find major exploits of systems 10 years old.

Bringing the cloud back into this, I wanted to go back a little further to 2010. The cloud concept was still relatively new, AWS started in 2006 and Azure started in February 2010. There was a site called WikiLeaks, not sure if anyone still remembers them, but they might have been connected with Edward Snowden at one point in time, Edward Snowden's Relationship With WikiLeaks Should Concern Everyone).

In 2010 AWS (Amazon Web Services) gives WikiLeaks the boot. WikiLeaks was hosting on their EC2 (Elastic Compute) offering, this is one of their Infrastructure as a Service (IaaS) resources that closely resembles Virtual Machines (VMs). When they were given the boot the hacking group Anonymous attempted to bring down AWS services via using a DDoS Attack (Distributed Denial of Service). Their goal was to try to flood the AWS network with more requests than they could handle. DDoS prior to the cloud had been very effective in bringing down networks, until then. AWS stood strong and was able to thwart the attack. The cloud did exactly what it was supposed to, be elastic, and absorbed the increased traffic. AWS even put out a small message regarding the matter at the time, WikiLeaks. DDoS themselves might not be a security risk, but it could just be a front for something more, which is why this made the list.

To learn more about some of the topics addressed here are some links to get you started:

• What to Know About the Worldwide Hacker Group ‘Anonymous’
• Why attackers can't take down Amazon.com
• WikiLeaks cut off from Amazon servers
• Sony Data Breach Was Camouflaged by Anonymous DDoS Attack
• 17 disturbing things Snowden has taught us (so far)
• Five years ago today, Sony admitted the great PSN hack (Article from April 2016)