id sent me a link today about how PGP zip file password cracking on Amazon EC2 could work. I’ve actually seen presentations about cloud password cracking in the past, so it wasn’t new to me, per se, but this is a great writeup on the nitty gritty details. But it occurred to me that finding a command injection vulnerability on EC2 gives an attacker a whole new shiny toy to play with.
By utilizing their command injection within the cloud, the attacker can boost their cracking abilities to unprecedented levels. When id and I started talking about it, he said, “Or you could just use a botnet.” True, but that said, this could even put companies out of business from an economic perspective, as they are forced into much higher utilization than they may have expected. However, id’s right, and yes, botnets are another viable solution to cloud cracking. Botnets are the hacker’s version of the cloud.