Michael Calce, the reformed hacker from Montreal who will forever be known asMafiaboy, told a group of IT professionals yesterday that he has seriousconcerns about the inherent vulnerabilities in the latest evolution ofinformation technology: cloud computing.
Calce was a guest-speaker at storage vendor Hitachi DataSystems’ annual Information Forum event in Toronto. He came to fame in 2000 when, as ateenager, he launched a series of denial of service attacks that crippled theWeb sites of companies such as CNN, Amazon, Dell and Yahoo, leading to amanhunt by the RCMP and the FBI and his eventual arrest.
Having completed his sentence and matured beyond the“misguided youth with too much power at his fingertips,” Calce is speaking-outabout IT security and the inherent vulnerabilities in the way the Internet isconstructed that he said still haven’t been addressed. And Calce has someserious concerns about the latest craze sweeping the IT industry: cloudcomputing.
“These businesses are a lot more at risk today than everbefore. So much data is available, and being put into the cloud,” said Calce.“It’s one of the reasons I’ve decided to break my silence.”
While he understands the practicality behind the cloudarchitecture, agreeing it’s what the Internet was really designed to be, Calcesaid he worries if we’re ready for the security risks and are willing toaddress them.
“Raising awareness of security is very critical to where thecloud is moving,” said Calce. “It’s like sex-ed, we need IT security educationin school. At this point, everyone is destined in their lives to touchtechnology.”
In an interview with CDN, Calce said while everyone isfocused on the cloud, his biggest concern is that we’re not even secure withour current infrastructure, and here we are putting our data alone in onebubble. It’s a great concept, but he said security seems to be an afterthought.
“It’s hard to patch-up holes when so many bullets havealready been fired. I know I’ll never get businesses to agree but we need toslow down technology, and stop reinventing without fixing the predecessorfirst,” said Calce. “We’re always taking on security as an afterthought. Weshould redesign the protocols behind the Internet to make it less exploitable.”
Calce isn’t suggesting we back away from new models ofcomputing like the cloud. But he does stress we need to make security apriority, not an afterthought.
“Imagine building a new house with a crap foundation, howlong will it last?” asked Calce. “Why not build a new foundation first?”
While he doesn’t share Calce’s level of concern with cloudcomputing, Chris Willis, senior director of solutions consulting for HDSCanada, said they brought Calce in as a speaker because they wanted to raisethe awareness of security issues around cloud computing and IT in general.
Willis said Hitachiworks with its partners such as Brocade to build security into its systems andarchitectures, and offers features such as data encryption both at rest and inflight.
“The top thing people as about cloud applications is if it’ssecure. It comes back to education, awareness and standards,” said Willis.“It’s like STDs. No one wants to talk about if, but you’d better talk aboutit.”
Bradley Brodkin, president of Toronto-based Hitachi partner HighVail Systems, said he canunderstand Calce’s concerns and where he’s coming from but, at the end of theday, we’re not going to go offline.
“I’ve had fraud. People have stolen information on me from adumpster. It’s caused some grief,” said Brodkin. “But I do a lot of thingsonline. If it happens, it happens. The vendors work very diligently to preventfraud. As a partner I have to rely on technology to run my life. At the end ofthe day, you’re going to worry or you’re going to live your life.”