"Leak door" challenges cloud computing mobile terminals into a new battlefield for hackers

"I've emptied my online payment accounts, such as Alipay and Tenpay, since I knew about the panic leaks," he said. "Mongling, a white-collar worker in Zhongguancun, Beijing, said to the first financial journal. She told reporters, she found her own Tianya account was stolen, decided at least six months, online shopping in addition to have to use Net Silver U shield payment, as long as the goods to the payment will no longer choose the way to pay online.

Her encounter may not be an exception. The leak, triggered by the CSDN, has triggered a butterfly effect in more and more risky industries. Although there are payment companies that disclose the user information is only the account does not have the password, but because many online payment user's account is the e-mail, and if the user's e-mail and password has been leaked, then the third party to pay the account may become no longer secure.

For CSDN, Tianya sites such as large-scale leaks, the site only needs to send an apology letter, notify users to modify the password on the line, but if the user's property security of the online banking, Alipay information is hackers steal, it is difficult to calm down.

Worse than that. As more and more companies hype cloud computing, when the mobile internet comes in the face, worries are coming: is our information really safe?

The life gate of the cloud era

The "Leak door" is challenging cloud computing, and Sony is a cautionary tale.

Since April 17 last year, Sony's gaming platform play redevelop receptacle (PSN) has suffered at least three hacker attacks. Hackers have stolen personal information from over 100 million users, including PSN registration IDs, email accounts, login codes and even information related to credit card accounts.

Shortly after the Sony PSN public cloud platform was invaded, hackers were listed on the forum to sell millions of personal information from the Sony PSN network data leaks, even though Sony claimed that credit card information had been encrypted, but in fact the contents of the database had been read out.

Cloud computing often means "on demand" self-service, a large pool of resource pooling, lower costs, and higher productivity. But behind these advantages, massive amounts of data are being shifted to machines outside the user's control, and how to ensure that the "cloud" that stores massive amounts of important information is safely ignored inadvertently.

"A series of leaks is not difficult to see, in many Internet enterprises internal security links are relatively weak, if the future of the enterprise to put a huge amount of information on the ' cloud ', the first to the enterprise's own psychological capacity is a huge challenge. "Dawei, a cloud-maker marketing director, said to reporters.

Cloud computing can generally be summed up as IaaS (infrastructure as a service), PaaS (Platform for Service) and SaaS (software as a service) three levels, Dawei told reporters, 90% of the hacker attack occurred at the SaaS level, but in fact from the bottom to the top, there are a variety of different hacker attack routes.

Shihong, chief security expert at NetQin, told reporters that personal or corporate information security concerns about the cloud has become one of the biggest problems in the spread of cloud computing. "In the cloud, it is hard to keep the boundaries of data protected, and there is no uniform standard of implementation for how cloud computing stores and protects data." ”

According to the different service objects, cloud computing is generally divided into public and private cloud two categories, the former refers to the public-oriented services in the cloud computing services, the latter generally refers to the social units for their own needs to build the own cloud computing service model. Dawei told reporters that many financial institutions and medical care, such as security concerns, dare not adopt the public cloud model, but in its internal build private cloud system.

However, Dawei, Shihong that the leak is a security issue from the recessive to the dominant preview, can not be due to the leakage of the incident, denying the value of cloud computing for enterprises and individuals. Prior to the release of the "China cloud computing Industry Development White Paper," The Forecast, by 2012, China's cloud computing market scale will reach 60.678 billion yuan, "Twelve-Five" period, China's cloud computing industry chain can reach 750 billion to 1 trillion yuan.

The risk of "moving"

Mobile terminals have become the "new battlefield" for hackers.

Gong, founder of China's first hacker group Green Corps, now cog information security organization, predicts that the leak is just a prelude to a larger security incident, and that the major events are expected to erupt in 2012, affecting hundreds of millions of of China's mobile end-users.

It's not alarmist. Shihong told reporters that only last year, the new mobile phone malware 24,794, 2,943 malware samples, of which in China, the cumulative infection in the annual 10.78 million smartphone.

According to the 360 Safety center issued by the relevant Chinese mobile phone safety report, the damage of mobile Trojan is mainly caused by system damage to malicious deduction and theft of user privacy. For example, before the uproar of the Trojan "x undercover" is essentially a hacker spy software, not only will return the user text messages, and even listen to user calls.

"Malicious deduction fee on the other hand, Mobile Trojan will secretly in the background to send custom SP business text messages, users of mobile phone charges in the case of unknown unnoticed by the suction." "360 security expert Shi Xiaohong said.

Of these, the Android, which occupies half of the smartphone, has become the hardest hit. Shi Xiaohong told reporters that because of the Android system open source, open, free features, Trojan can be made through the system loopholes, access to the highest authority (root), so that users can not perceive the situation of the system file operations, including the removal of system files, theft of privacy data, Implanted more Trojans and so on; iOS's call to the underlying files of the system is particularly restrictive and relatively secure, but once the jailbreak is over, the software will be granted more privileges and the security issue is not optimistic.

Some time ago, foreign security vendors said that in less than six months, the platform's number of malicious programs increased by more than one times, the number of the first breakthrough four digits. Most of these dubious applications are found in Third-party app stores, which can lead to identity leaks, increased SMS costs, and even 4% of the total number of malware in parts of the region, such as Russia, Israel and China.

The rise of mobile payments is also triggering a higher interest among hackers. Prior to this, Analysys International is expected to say that 2012 mobile payment users are expected to reach 220 million households, the market revenue will increase by 78.8% to reach 5.24 billion yuan. 2013 is expected to break through 20 billion yuan, to reach 23.51 billion yuan.

The Analysys analysis points out that although the mobile payment market is promising, the security of the account is the main threshold for users to choose their mobile payment methods-users have doubts about the security of payment on the internet, let alone in the new mobile payment field.

"Mobile payments make the user's activities on the smartphone directly linked to benefits, and hackers can use malware to trick users into installing them to get more privacy information, and this is now happening. "Shihong said.

Shi Xiaohong suggested that mobile phone users should learn as much as possible through a number of conventional technical means to protect their mobile phone security, personal privacy and other legitimate rights and interests, but the main responsibility for the leak is not to protect the user data site. Some of the domestic netizens security awareness is weak, the habit of using the same set of registered mailboxes and passwords, further magnified the site leaks harm. "Fundamentally, the major Internet stations should assume the obligation to protect the data security of users, not to criticize all netizens immediately have security awareness." ”

A list of major cyber leaks in recent years

December 2011

CSDN website user database is hacked online, 600余万个 email account and password leaks. The next few days, including Tianya, Sina Weibo, when the many Internet sites are involved.

July 2011

One of South Korea's three portals, Nate, and social networking site "Race My Network" was hacked, 35 million user information leaked.

April 2011 ~ May

Sony's PlayStation website was hacked, hackers stole personal information from the Sony PS3 and music, animation cloud service network qriocity users, and spread to hundreds of millions of people in 57 countries and regions.

2008

South Korea's well-known E-commerce website auction by hackers, occurred about 18 million users of information leakage accident.

2004

An outsourced employee of Yahoo, Japan, has stolen 4.5 million personal information, causing the user's personal information to leak out.

Weibo Punch Line

@ Tiejun (Weibo): I originally thought that the news about password leaks continued to toss about a week, how should also have more than half of the netizens have changed the password. After chatting with two of internet users, we learned that it was not the same thing. They are all in one pass and don't know how to change the password. Two people in the Tianya, mop account are stolen, one of the Alipay balance has not. The day after tomorrow there are a batch of rice noodles to rob mobile phones, I hope they are OK.

@ Liuyuan Lift: Each Big website account leakage also has the welfare, I incredibly through this has recovered I to forget already long Tianya account. Try it.

@ Two fat wheat: if one day you discover, oneself originally pure lovely girlfriend, suddenly on the micro-blog told the yellow joke, or your wussy boyfriend, unexpectedly launched the pornographic, don't rush to get angry. Not that they changed, but that their account was stolen.