STE WILLIAMS

Researcher cracks Wi-Fi passwords with Amazon cloud

A security researcher has tapped Amazon’s cloud computing service to crack Wi-Fi passwords in a fraction of the time and for a fraction of the cost of using his own gear.

Thomas Roth of Cologne, Germany told Reuters he used custom software running on Amazon’s Elastic Compute Cloud service to break into a WPA-PSK protected network in about 20 minutes. With refinements to his program, he said he could shave the time to about six minutes. With EC2 computers available for 28 cents per minute, the cost of the crack came to just $1.68.

“People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so,” Roth told the news service. “But it is easy to brute force them.”

Roth is the same researcher who in November used Amazon’s cloud to brute force SHA-1 hashes. Roth said he cracked 14 hashes from a 160-bit SHA-1 hash with a password of between one and six characters in about 49 minutes. He told The Register at the time he’d be able to significantly reduce that time with minor tweaks to his software, which made use of “Cluster GPU Instances” of the EC2 service.

As the term suggests, brute force cracks are among the least sophisticated means of gaining unauthorized access to a network. Rather than exploit weaknesses, they try huge numbers of possible passwords until the right phrase is entered. Roth has combined this caveman approach with a highly innovative technique that applies it to extremely powerful servers that anyone can rent at highly affordable rates.

Roth’s latest program uses EC2 to run through 400,000 possible passwords per second, a massive amount that only a few years ago would have required the resources of a supercomputer. He is scheduled to present his findings at next week’s Black Hat security conference in Washington, DC. ®

WikiLeaks dubs Amazon ‘The Cowardly Liar’

WikiLeaks has dubbed Amazon both cowardly and a liar, after the American net giant booted the whistle-blowing website from its hosting service and then said its decision had nothing to do with complaints from the US government.

“Amazon’s press release does not accord with the facts on public record. It is one thing to be cowardly. Another to lie about it,” WikiLeaks said in post to its Twitter account on Friday.

As of Monday, WikiLeaks was hosting its trove of classified US state department cables on the US-based portion of Amazon Elastic Compute Cloud service, and on Wednesday, US Senator Joe Lieberman, the chair of the Senate’s Homeland Security and Governmental Affairs Committee, announced that after an inquiry from his staff, Amazon said it had removed WikiLeaks from the service.

“The company’s decision to cut off WikiLeaks now is the right decision and should set the standard for other companies WikiLeaks is using to distribute its illegally seized material. I call on any other company or organization that is hosting WikiLeaks to immediately terminate its relationship with them,” Lieberman said in a statement

“WikiLeaks’ illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world. No responsible company — whether American or foreign — should assist WikiLeaks in its efforts to disseminate these stolen materials. I will be asking Amazon about the extent of its relationship with WikiLeaks and what it and other web service providers will do in the future to ensure that their services are not used to distribute stolen, classified information.”

Netcraft records confirmed that WikiLeaks was no longer hosted on AWS, and WikiLeaks soon tweeted that its mirrors were removed against its wishes. “WikiLeaks servers at Amazon ousted,” it said. “Free speech the land of the free — fine our $ are now spent to employ people in Europe.” According to internet records, the site fell back on servers in Sweden.

Amazon did not respond to repeated requests for comment from The Register. But more than a day later, the company published a blog post claiming it had not removed WikiLeaks in response to government inquiries. “There have been reports that a government inquiry prompted us not to serve WikiLeaks any longer,” the post said. “That is inaccurate.”

The company also said it had not removed the mirrors due to DDoS attacks. It said that WikiLeaks was booted because the site wasn’t following its terms of service. “AWS does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. [For instance], it’s clear that WikiLeaks doesn’t own or otherwise control all the rights to this classified content,” the company said.

“Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy. Human rights organizations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments.”

The company added that it has no problems hosting “controversial” data, but that the WikiLeaks situation is a separate case. “When companies or people go about securing and storing large quantities of data that isn’t rightfully theirs, and publishing this data without ensuring it won’t injure others, it’s a violation of our terms of service, and folks need to go operate elsewhere.”

But the timing of the decision is telling.

Assange: ‘It was all part of my master plan…’

On October 25, The Register reported that WikiLeaks was mirroring data on Amazon servers in both the US and Ireland, including the classifed “Iraq War logs.” But aside from a brief mention on The Daily Telegraph website, the news received little mention in the mainstream media. We contacted Amazon at the time and alerted them to the mirrors, but the company did not respond.

Then, earlier this week, we reported that WikiLeaks had hoisted its “cablegate” documents onto Amazon, and this time, the news was picked up by the Wall Street Journal and several other major news outlets. The Joe Liebermans of the world, you see, read The Wall Street Journal.

What’s more, a day after Amazon booted WikiLeaks, the site was also ousted by its US-based DNS provider, EveryDNS. Last month, we spoke to EveryDNS about WikiLeaks’ use of its service, and though it declined to discuss the accounts of specific customers, it said it would only remove customers if they violated its terms of service. We also spoke to Dynadot, WikiLeaks’ US-based domain name registrar. President Todd Han echoed what EveryDNS told us, but he did add that it typically only removes sites for violations if it receives a complaint from an injured party.

“Usually, most of the time, we resonded to complaints, but sometimes we will take action on our own if it violates our terms of service,” Han told us. “If they violate the law, they violate terms of service. But with these kinds of situations with domains, there are two sides of the story. There’s a lot of grey areas.”

Indeed.

Like Amazon, EveryDNS did not boot WikiLeaks until this week — more than a month after we first spoke to the company about the site. Unlike Amazon, it said that it removed WikiLeaks due to DDos attacks on the site. “The services were terminated for violation of the provision which states that ‘Member shall not interfere with another Member’s use and enjoyment of the Service or another entity’s use and enjoyment of similar services’,” EveryDNS said in a statement.

“The interference at issue arises from the fact that wikileaks.org has become the target of multiple distributed denial of service (DDOS) attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites.”

Naturally, WikiLeaks has simply moved its service elsewhere. Booted by its DNS provider, the site has resurfaced on a Swiss net domain. “WikiLeaks moves to Switzerland http://wikileaks.ch/,” read another Tweet from WikiLeaks.

In other words, the whole saga has played out just as expected. “Even if Amazon is insulated from liability, I suspect Amazon will choose to remove the content ‘voluntarily’ (motivated by a little persuasion from the government), presumably citing a breach of its terms of service as a pretext,” Santa Clara law professor and tech law blogger Eric Goldman told The Reg a month ago.

“A more ‘ideological’ web host would probably fight more vigorously for its users’ publishing rights than Amazon will.” Unless a federal crime has been committed, Amazon is not legally required to remove the data, and it’s unclear whether WikiLeaks is committing a criminal act.

And echoing other suspicions from late October, WikiLeaks founder has now claimed that the site purposefully mirrored its data on Amazon’s servers to expose the company’s “free speech deficit.”

“Since 2007 we have been deliberately placing some of our servers in jurisdictions that we suspected suffered a free speech deficit in order to separate rhetoric from reality,” Assange said on Friday during a live chat on The Guardian‘s website. “Amazon was one of these cases.” ®