Simson Garfinkel describes the power of the criminal cloud:
One emerging use of cloud computing is password cracking. To break into encrypted files, attackers run programs that repeatedly try different passwords until the right one is found. Many of today’s security protocols were designed at a time when would-be password crackers might have access to only a few computers. Back then, security experts considered safe any security scheme capable of withstanding 30 years of brute-force guesswork. These days, computers are dozens of times faster, and thanks to services such as Amazon’s Elastic Computing Cloud (EC2), an attacker can rent time on hundreds of them at once. The result: an encryption password that used to take 30 years to break can now be cracked in a few days.
This isn’t idle speculation. The attackers who broke into Sony’s PlayStation game network last April reportedly used Amazon’s EC2 to crack some of the encryption keys, giving them access to tens of thousands of people’s credit card information. Hackers had been discussing how to use Amazon’s cloud computing service for password cracking since 2009. But things got really interesting last year, when Amazon added GPU-based supercomputing capability to its cloud offerings. German computer security specialist Thomas Roth calculated that he can use Amazon’s machines to crack the sort of encryption key used to protect most Wi-Fi networks in six minutes.
The cost, according to Roth, would be just $1.68.