[ISN] How To Break Into the CIA’s Cloud on Amazon

http://www.defenseone.com/technology/2015/07/how-break-cias-cloud-amazon/117175/ By Patrick Tucker defenseone.com July 7, 2015 Last year, Amazon Web Services surprised a lot of people in Washington by beating out IBM for a $600 million contract to provide cloud services and data storage to the CIA and the broader intelligence community. But more money can bring more problems. Amazon, in essence, has turned itself into the most valuable data target on the planet. The cloud is completely separate from the rest of the Internet and heavy duty encryption is keeping the spies’ secrets relatively safe from outsiders — but what about an attack from within? In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole millions of classified and unclassified government documents: “Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history.” So if you wanted to pull off a similar feat at Amazon, how would you do it? First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes called the “spook cloud.” According to this help-wanted ad, applicants must pass a single-scope background investigation—in essence, the kind of detailed 10-year background check required for a Top Secret security clearance. Of course, to a savvy spy or informant, obtaining top-secret clearance is not the barrier it once was. […]