2010 Saw the Dawn of Nation-State Cyber Wars: Citrix CTO

"Conficker is still out there, and that's 28 terabits/second. If that thing was pointed at any U.S. national interest or any national interest, it would go down in a heartbeat," Simon Crosby told eWEEK.

Citrix CTO Simon Crosby looks back at 2010 in the cloud computing sector--and ahead at what 2011 may bring--and isn't very comfortable with a number of things emerging on the security side of that very hot business.
Crosby has become a go-to resource for knowledge in virtualization, cloud computing and data security. He was founder and CTO of XenSource prior to its acquisition by Citrix for $500 million in 2007. Previously, Simon was a principal engineer at Intel, where he led strategic research in distributed autonomic computing, platform security and trust.
It's Crosby's job as the CTO of an international enterprise IT provider to maintain a big-picture view of what the trends are, where they're going and how they will affect companies making strategic IT plans.
It's not necessarily cloud infrastructure issues that worry Crosby. It's protection of stored data and access to servers that keeps him up at night.
"This was the year when nation-state attacks started to happen," Crosby said. "You've got Stuxnet, you've got the Chinese government attack on Google, and you've got WikiLeaks. My take is that every CIO should be shivering in a state of panic."
Everybody's long been aware of denial of service attacks and their potential, but Crosby thinks many people have become indifferent to these events, believing such an attack won't happen to them.
"All of these have profound lessons for us," Crosby told eWEEK. "We're in a space of hyper-innovation, and that's fueled by Moore's Law on the client and the server, and Moore's Law helping the network, so we get the network effect of that. And the network effect of that innovation is unbelievable.
World's largest cloud: Conficker
"If you look at the world's largest cloud, it's probably something called Conficker. It has probably 30 million CPUs. It requires something like 20 terabits of bandwidth, and it's for hire. You can hire it today, and point it at anything you want," Crosby said.
"Think cloud now. Every single one of those hosts up there that are infected with Conficker--and there are still millions and millions of them--are all out there, and they can be remotely controlled and instructed to do something. It's similar to the way the anonymous guys at WikiLeaks have been getting people to download and attack payload, and then they can remotely point that attack payload at any site they want to attack."
For example, anonymous hackers have been able to put together an attack of 10GB per second and point it at Visa, PayPal, Amazon and a couple of other places to shut them down for various times, Crosby said.
"Conficker is still out there, and that's 28 terabits/second. If that thing was pointed at any U.S. national interest or any national interest, it would go down in a heartbeat," Crosby said.
So why hasn't this happened yet, if there are people in the world devious and knowledgeable enough to activate this dangerous weapon?
"Well, it hasn't yet for the same reason that nobody has launched an atomic bomb--it's that big, right?" Crosby said. "It turns out that most of the Conficker stuff is relatively straightforward--denial of service and blackmail stuff in the hands of organized crime.
"But the scary thing is that this was the year [2010] that nation-states started to engage in cyber war actively--and everybody saw it for the first time."

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...