Over the last couple of days I’ve been busy setting up some new projects (secapis.com) and initiatives (GNUCITIZEN Wordpress Plugins) and also working on Hakiri with Daniel Cuthbert, famous for not only hist awesome photography projects but his deep understandings of the hacker culture and the IT sec field. Anyway, while developing the secapis platform I exchanged a few messages with .mario about how we are going to support the project. We talked about a few things and from one thing to another, I started researching about the so called Amazon’s Elastic Cloud (EC2). I was intrigued!

Amazon

Essentially the elastic cloud is CPU and networking power which comes on demand (utility computing if you will). It works like this: The developer/me/you sets up an AMI (machine image) onto the cloud which is then executed through Amazon’s scalable Xen virtualizaton infrastructure. The image, which can be anything like Linux, Windows, etc, runs on the top of a 1.7Ghz, 2G RAM, 180G space virtualized server and the whole thing costs $0.10 or £0.05 an hour. Quite cheep and very interesting, don’t you think?

I started accumulating evil thoughts. What bad guys can do with infrastructure like that? What I can do with an infrastructure like that? For sure, the possibilities seamed to be endless. 5p an hour is not expensive at all. I can run Linux images specifically designed to serve a single purpose. Moreover, I can run as many of them as I want. It is easy to build upon Slax Frodo edition, and the size of Frodo is just 40 megs. I can even spawn communication services like IRC servers in a completely secure and distributed fashion. Maybe even start my own IRC network, etc. What if I use EC2 for processing large and time consuming computational tasks?

For sure, I could have built the biggest MD5 database on the planet and that could have cost me an initial investment of about £50 and then around £10 to £15 a month if the database is heavily used by all of us. Nah! Dynamic botnet command and control center proof of concept? Hmmm maybe! Cracking crypto? Why not? Everything I had in my mind seamed to be possible and after doing the math, it seamed to be feasible as well. I pay for as much I use. Not a panny more, not a penny less. Ain’t that utopic?

My experience with the elastic cloud has thought me a few things. I started to foresee thing that may happen in the future. It has definitely expanded my skillset and experience and increased my awareness dramatically. I realized that the net is growing towards something that is deeply nested and tangled into a greater degree of complexity. It feels great to grasp even a portion of the feeling you receive from something like that.

So there you go. This is what I have been playing/paying lately. Keep an eye on services like this because they will explode very soon. If you are a company that is generally interested in cutting edge stuff and cool hunting, make sure that you invest some money into R&D or hire us. Hehe, this was actually a joke. We are fairly busy at the moment. No way, we can handle anything else. However, if you are a security researcher or a consultant, you definitely want to visit the elastic cloud even if it is only once. The key is with keeping up with the latest. Otherwise, you will be left behind. In the follow-up post, I will talk about a few of the things around the security implications of massively accumulated power grids and what the hacker mind can make out them.

As a side note: if you are a security vendor and you are interested in www.secapis.com and you are willing to participate in this awesome and very innovative project, drop us a few lines via our contact section. Don’t reinvent the wheel. The world does not work this way!