Author: Sean Gilbride, Director of Professional Services Operations
As promised in my last post, here are a couple of additional articles related to cloud computing that contain some great food for thought. I'd also like to hear what your thoughts are on this subject.
Cyberattack on Google Said to Hit Password System
Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google's crown jewels, a password system that controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications.
The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.
These new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google's that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in a cluster of computers, popularly referred to as "cloud" computing, a single breach can lead to disastrous losses.
Spam Suspect Uses Google Docs; FBI Happy
FBI agents targeting alleged criminal spammers last year obtained a trove of incriminating documents from a suspect's Google Docs account, in what appears to be the first publicly acknowledged search warrant benefiting from a suspect's reliance on cloud computing.
The warrant, issued August 21 in the Western District of New York, targeted Levi Beers and Chris de Diego, the alleged operators of a firm called Pulse Marketing, which was suspected of launching a deceptive e-mail campaign touting a diet supplement called Acai Pure. The warrant demanded the e-mail and "all Google Apps content" belonging to the men, according to a summary in court records.
Google provided the files 10 days later. From Beers' account, the FBI got a spreadsheet titled "Pulse_weekly_Report Q-3 2008" that showed the firm spammed 3,082,097 e-mail addresses in a single five-hour spree. Another spreadsheet, "Yahoo_Hotmail_Gmail - IDs," listed 8,000 Yahoo webmail accounts the suspects allegedly created to push out their spam. The Yahoo accounts were established using false information, allegedly in violation of the CAN SPAM Act.
Privacy advocates have long warned that law enforcement agencies can access sensitive files stored on services like Google Docs with greater ease than files stored on a target's hard drive. In particular, the 1986 Stored Communications Act allows the government to access a customer's data whenever there are "reasonable grounds" to believe the information would be relevant in a criminal investigation - a much lower legal standard than the "probable cause" required for a search warrant.
Is your company moving toward, or considering, implementing a public cloud solution? I'd like to hear from you.