Skip to main content

Iagon's Secure Lake Technology


Overview

Hacking the data lake of an organization exposes it to an unlimited number of security, privacy, and financial risks such as:

  • Confidential client information leak,
  • Unauthorized use and sale of commercially sensitive data,
  • Disclosure of trade secrets, internal correspondence, and digital goods such as source code or new product designs.

Few examples from recent years illustrate the broad scope of threats and risks to organizations (as well as to their customers and suppliers) that result from hacking their IT systems and databases:

Rising Threats

  • Hadoop Attacks and Database Vulnerabilities In January 2017, Camarda1 reported that "Hadoop attacks followed ongoing attacks on MongoDB, ElasticSearch, and Apache CouchDB. In some cases, criminals have been known to clone and wipe databases, claiming to hold the originals for ransom. In other attacks, they have simply deleted databases without demanding payment".

Cybersecurity Concerns

  • Hadoop Under Attack In the same period, Constantin2 reported that "It was only a matter of time until ransomware groups that wiped data from thousands of MongoDB databases and Elasticsearch clusters started targeting other data storage technologies... 126 Hadoop instances have been wiped so far. The number of victims is likely to increase because there are thousands of Hadoop deployments accessible from the internet although itʼs hard to say how many are vulnerable. The attacks against MongoDB and Elasticsearch followed a similar pattern. The number of MongoDB victims jumped from hundreds to thousands in a matter of hours and to tens of thousands within a week. The latest count puts the number of wiped MongoDB databases at more than 34,000 and that of deleted Elasticsearch clusters at more than 4,600".

The Growing Menace

  • Hadoop Data Breaches Claburn3 indicates that the actions of the attackers on Hadoop-based systems “may include destroying data nodes, data volumes, or snapshots with terabytes of data in seconds.”

Securing Data

  • Iagon's Innovative Approach Earlier reports explain how to hack into Hadoop systems to exploit their vulnerabilities and destroy large volumes of data (Gothard4). Given the nature of the vulnerabilities exposed, and those that have not yet been exploited by attackers, but may exist in the systems, as well as the lack of policies of ongoing cyber security auditing in many organizations, databases at large are exposed to other parties, should attackers decide to apply these intrusion techniques. The results can be catastrophic for any organization and have a large impact on its operations. To illustrate, the Equifax hack, reported in September 2017, exposed personal data of 143 million customers, causing a fall of 19% in Equifaxʼs market value.

Hadoop Security Crisis

  • Insights and Solutions Iagon plans to build a technology named Secure Lake that will be based on decentralization, encryption, random clipping masks, ECC encoding, compression, and sharding. Except for the user who securely uploads a file and has the private key (password) to retrieve and decrypt it, no one can read the contents of the small file slices, decrypt, delete, change, retrieve them, identify their source or even associate them with other file slices generated from the original file. Iagon's technology will ensure that even when information systems are breached in any way, the data and files cannot be accessed, deleted, or modified.

Thus, one of the most important uses of Iagonʼs Secure Lake technology will be “freezing” the data lake, which means that it will prohibit potential threat actors from navigating within the data lake after gaining access to it.

Footnotes

  1. Camarda B., As attacks rise, we ask: how secure is your Hadoop installation?, Sophos News, January 2017

  2. Constantin L., Attackers start wiping data from CouchDB and Hadoop databases, PC World, January 2017

  3. Claburn T., Clusters f**ked: Insecure Hadoop file systems wiped by miscreants, The Register, February 2017

  4. Gothard P, How to hack Hadoop and how to prevent others doing it to you, Computing, October 2015.