[toast0]

If I'm a cloud provider and somebody's workflow is hard resetting lots of my physical machines, I'm going to give them free access to single tenant machines at the very minimum. If they keep crashing the machines that only they run on, I guess that's ok.

[dgacmu]

You can exploit this from a single core shared instance.

So you go and find yourself a thousand cheap / free tier accounts, spin up an instance in a few regions each, and boom, you've taken out 10k physical hosts. And run it in a lambda at the same time, and see how well the security mechanisms identify and isolate you.

Causing a near simultaneous reboot of enough hosts is likely to take other parts of the infrastructure down.

[ajross]

I'm curious what part of this scheme involves "not ending up in jail"? Needless to say you can't do this without identifying yourself. To make this an exploitable DoS attack you need to be able to run arbitrary binaries on a few thousand cloud hosts that you didn't lease yourself.

[mschuster91]

> I'm curious what part of this scheme involves "not ending up in jail"? Needless to say you can't do this without identifying yourself.

Stolen credit cards are a dime a dozen, and nation state actors can just use their domestic banks or agents in the banks of other countries in a pinch to deflect blame or lay false trails.

If I were Russia or China, I'd invest a lot of money into researching all kinds of avenues on how to take out the large three public cloud providers if need be: take out AWS, Google, Microsoft and on the CDN side Cloudflare and Akamai and suddenly the entire Western economy grinds to a halt.

The only ones who will not be affected are the US government cloud services in AWS, as this runs separate from other AWS regions - that is, unless the attacker gets access to credentials that allow them executions on the GovCloud regions...

[ajross]

> If I were Russia or China, I'd invest a lot of money into researching all kinds of avenues on how to take out the large three public cloud providers

This subthread started with "is this issue a valuable exploit". Needless to say, if you need to invoke superpower-scale cyber warfare to find an application, the answer is "no". Russia and China have plenty of options to "take out" western infrastructure if they're willing to blow things up[1] at that scale.

[1] Figuratively and literally

[dgacmu]

Countries have proven far more reticent to use kinetic options vs. cyberattacks. Or, put differently, we're all hacking each other left and right and the responses have thus far mostly remained in the digital realm.

See, e.g., https://madsciblog.tradoc.army.mil/156-what-is-the-threshold...

> responses are usually proportional to and in the same domain as the provocation

[mschuster91]

> Or, put differently, we're all hacking each other left and right and the responses have thus far mostly remained in the digital realm.

Which is both good and bad at the same time. Cyber warfare has been significantly impacting our economies and our citizens - anything from scam callcenters over ransomware to industrial espionage - to the tune of many dozens of billions of dollars a year. And yet, no Western government has ever held the bad actors publicly accountable, which means that they will continue to be a drain on our resources at best and a threat to national security at worst (e.g. the Chinese F-35 hack).

I mean, I'm not calling for nuking Bejing, that would be disproportionate - but even after all that's happened, Russia and China are still connected to the global Internet, no sanctions, nothing.

[blibble]

it's not superpower-scale

some bored kid with a couple of hundred stolen credit cards can bring down a significant chunk of AWS/GCP/...

[vbezhenar]

If clouds use shared servers to run their management workloads and if very important companies use shared servers to run their workloads, they would deserve it.

But I don't believe it. People are not that stupid.

[mschuster91]

> If clouds use shared servers to run their management workloads and if very important companies use shared servers to run their workloads, they would deserve it.

Why target the management plane? Fire off payloads to take down the physical VM hosts and suddenly any cloud provider has a serious issue because the entire compute capacity drops.

[dgacmu]

I mean, you kinda can. There's a depressingly thriving market for stolen cards and things like compromised accounts. A card is a couple of dollars. There are many jurisdictions that turn a blind eye to hacking us companies. Look at how hard it's been to rein in the ransomware gangs and even 'booter' (ddos-for-rent) services.

DoS isn't as lucrative as other things; I assume that most state actors would far prefer to find a way to turn this into a privilege escalation. But being able to possibly take out a cloud provider for a while is still monetizable.

[blibble]

there exist people outside of your jurisdiction

e.g. the GRU

[TeMPOraL]

So Replit, Godbolt, and whatever other cloud-hosted compilers are there?