Image: Noah Berger/Getty Images for Amazon Web Services
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
“Just like how people were surprised about their dependencies on AWS when it went down, people would be surprised about how much their security was dependent on AWS. However, they are less likely to notice that their security now has a hole. I mean, if it's an unexpected dependency on availability, people notice immediately. If it's an unexpected vulnerability on security, they won't notice—unless the hackers notice it :),” Graham said in an online chat. “You aren't going to have a big breakdown in obvious security thingies, but a subtle vulnerability in unexpected ways.”On Tuesday, Amazon said that it was “seeing impact to multiple AWS APIs in the US-EAST-1 Region. This issue is also affecting some of our monitoring and incident response tooling, which is delaying our ability to provide updates.”“The root cause of this issue is an impairment of several network devices in the US-EAST-1 Region,” the company added on its official status page. The other risk, Bellovin added, is that AWS is a monoculture, and if a hacker figures out a way to phish AWS customers, they can use that technique with every one of them. Still, AWS is a great choice for most companies.“For small and medium companies, I generally recommend cloud services, because they don't have the people or the skills to run their own systems as securely,” Bellovin said. “But there are real but imponderable risks to one company controlling so much of the net.”AWS is a single point of failure, but the fact that it doesn’t fail too often has lulled many into a sense of security where they should prepare better.“Single points of failure are all over, and those affected could have engineered with failover if it really is critical for them to keep working,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an online chat. “If anything AWS is too reliable, it's reliable enough that people don’t bother doing the engineering for when it fails, so when it does fail it is a shock.”Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.“There are real but imponderable risks to one company controlling so much of the net.”