Hackers Cracked Amazon’s CloudAdded: Monday, August 4th, 2014
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
Apparently, the digital thieves found out a way to break into Amazon’s cloud and infect it with DDoS malware. Security experts found out that the hole was thanks to a flaw in distributed search engine software Elasticsearch, a popular open-source search engine server. The software in question was developed in Java, and it is known that Java allows apps to perform full-text search for different documents via a REST API (representational state transfer application programming interface).
The Amazon Elastic Compute Cloud (EC2) is not the only one which uses Elasticsearch: the search engine server is commonly used in many cloud environments, such as Microsoft Azure, Google Compute Engine and other platforms.
According to the engine’s developers, versions 1.1.x of Elasticsearch support active scripting via API calls in their default configuration. However, the authors failed to explain why this doesn’t require authentication. This is how the malware creators have broken into the system.
Apparently, the developers decided not to release a patch for the 1.1.x branch, but starting with version 1.2.0, dynamic scripting was disabled by default. In the meantime, Kaspersky Lab has discovered variants of Mayday, a Trojan program for Linux used to launch distributed denial-of-service attacks, and one of them was caught running on compromised Amazon EC2 server instances.
According to Kaspersky Lab researchers, Amazon was not the only victim of the intruders. They also break into virtual machines run by Amazon EC2 customers by exploiting the CVE-2014-3120 vulnerability in Elasticsearch 1.1.x, because it was still being used by some organizations in active commercial deployments despite being superseded by 1.2.x and 1.3.x versions.
Security experts saw the early stages of the Elasticsearch attacks. They also found out that the intruders modified publicly available proof-of-concept exploit code for CVE-2014-3120 and installed a Perl-based Web shell with its help. This is how the hackers got a backdoor script which allowed remote attackers to execute Linux shell commands over the Internet. According to the information from the security specialists, the script downloads the new version of the Mayday DDoS bot, dubbed Backdoor.Linux.Mayday.g.
Posted by: Date:
Monday, August 4th, 2014
|posted by (2014-08-04 12:39:23)|
|Eventually, as we rely more and more on cloud based services, this will be an everyday occurrence.|
|posted by (2014-08-04 18:56:59)|
|Hackers can crack only those things has loop holes, having OS & protocols loop holes. my system is open for hacking, hack it....||
Most Popular Stories