A workman quickly slides a dustmop over the floor at the Central Intelligence Agency headquarters during a visit by President George W. Bush, on March 3, 2005.

A workman quickly slides a dustmop over the floor at the Central Intelligence Agency headquarters during a visit by President George W. Bush, on March 3, 2005. J. Scott Applewhite/AP

How To Break Into the CIA’s Cloud on Amazon

Looking to steal America’s spy data from Amazon? Hope you’re up for a challenge.

Last year, Amazon Web Services surprised a lot of people in Washington by beating out IBM for a $600 million contract to provide cloud services and data storage to the CIA and the broader intelligence community. But more money can bring more problems. Amazon, in essence, has turned itself into the most valuable data target on the planet. The cloud is completely separate from the rest of the Internet and heavy duty encryption is keeping the spies’ secrets relatively safe from outsiders — but what about an attack from within?

In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole millions of classified and unclassified government documents: “Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history.”

So if you wanted to pull off a similar feat at Amazon, how would you do it?

First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes called the “spook cloud.” According to this help-wanted ad, applicants must pass a single-scope background investigation—in essence, the kind of detailed 10-year background check required for a Top Secret security clearance. Of course, to a savvy spy or informant, obtaining top-secret clearance is not the barrier it once was.

Amazon keeps the C2S cloud, built specifically for the intelligence community, separate from the rest of its business and unconnected to the Internet. To access it, you’ll need a terminal on the Joint Worldwide Intelligence Communication System, or JWICS, which you would find only in a special room called a Sensitive Compartmented Information Facility. SCIFs are rooms, or even whole buildings, that are built to be impervious to outside signals intelligence collection. There’s no way to transmit data in or out except by the designated terminals. SCIFs add a layer of physical security from external threats and even a bit of protection for internal attacks, since they are in secure locations under surveillance. SCIFs abound in Washington and elsewhere; defense contractors routinely rent them. But there’s no logging in from, say, China.

(RelatedHow the CIA Partnered With Amazon and Changed Intelligence)

Once hired, awarded top-secret clearance, and given access to a SCIF on the JWICS network, you’ll need to navigate a variety of controls that intelligence agencies have put in place. (As Manning and then Edward Snowden showed, that’s not impossible.) You’ll also have to get past internal security features at AWS in order to get closer to stealing the intelligence community’s data.

Here’s where things get tricky, very much so.

Just as AWS encrypts all customer data in its widely used Elastic Compute Cloud environment, it does the same for C2S. “Our people don't have direct access to customer data,” said Mark Ryland, AWS’ chief solutions architect for the worldwide public sector team. 

“There are a whole set of strong controls in place to prevent that. And we always recommend that they encrypt sensitive data with features like AWS Cloud Hardware Security Module or AWS Key Management Service," an AWS spokesperson later added in an email.


Sign up now to attend our exclusive event on insider threats. 


That’s a step or two above what’s become common practice for the government. Remember, one of the most important, even scandalous, details in the OPM hack is that the government stored its data unencrypted—naked, visible and vulnerable to anyone with access to the system.

Of course, data that’s encrypted can be unencrypted. This is accomplished via the exchange of what are called keys. For most decryption, you need two: a public key and a private key. It’s the private key that allows a particular person to decrypt a message.

Could you, as an AWS employee, get your hands on the NSA’s keys? To attempt it, you would need to find a co-conspirator at your own level in the company. “Even normal administrative access requires two employees, jointly, do certain operations,” Ryland said. AWS instituted this precaution years ago; the intelligence community only recently began to follow suit. Ryland said the number of administrators with access to the root keys is in the “tens.”

Perhaps you could steal an administrator password to gain access, as Edward Snowden is alleged to have done. (He denies it.) That alone won’t be enough. For sensitive operations such as accessing the key management system, AWS requires multi-factor authentication — for example, typing in the rapidly changing code on a physical device the size of a key fob. Both you and the co-conspirator will need such a device, provided by AWS, to show that you are who claim to be. You’ll also both need the correct password.

(RelatedThe NSA’s New Spy Facilities are 7 Times Bigger Than the Pentagon)

So, to review: to get at the root keys to unlock the CIA’s data, you would need two people, both with top-secret-level clearance. Assuming that the target has opted for the highest level of security that AWS provides, both of the insiders would have to have a separate multi-factor authentication device. They would have to go to a secure facility and log into the key management system to change the keys. The company also maintains that there are other features that prevent this that they can’t describe publically.

Risky? Yes. Guaranteed effective? Nope. The root key option is only possible when the customer purchases that particular key management solution. AWS also allows their customers to upload their own private keys, which AWS employees themselves can’t see. “If you upload your own public key, we actually can’t log in as an administrator of your operating systems,” said Ryland.

Ryland wouldn’t speak specifically about the service packages purchased by his customers in the intelligence community, or many of the special security features available to them that are different from what AWS provides to general customers, (which was all he was really authorized to speak on). But after all that preparation, there’s a chance that there aren’t even root keys to steal.

Your next best target is the virtual compute environment, where the customer is dealing with the data directly, when it’s not encrypted. That data is accessible via a software layer called the hypervisor, software that allows different operating systems to use cloud services in roughly the same way. When you go to the AWS’s cloud, the system creates a small, virtual version of your machine in the cloud environment. The hypervisor is what manages all those virtual machines. (AWS uses Xen hypervisor software, as does its nearest competitor, Rackspace.)

Ryland was careful to say that he doesn’t consider interactive access to the hypervisor to be a “vulnerability,” per se, so much as “the one arguably weakest link, one that is super tightly controlled.” Could someone log into the hypervisor to see and copy AWS customer data? “It’s theoretically possible,” he said.

But he added that any AWS employee accessing the hypervisor interactively would do so “only under very controlled circumstances and at customer request, will we ever log into the dom0 of a hypervisor,” he says. AWS later added that the request would have to be “legally binding.”

The dom0 stands for the domain zero. The hypervisor essentially creates it for administrative purposes. Since dom0 is the domain that creates all the subsequent domains, it’s the virtual machine that supervisors all the other ones. Access to the dom0 at AWS requires director-level authorization from security officials in the company, and is accessed “only when absolutely required,” says Ryland.

So you would somehow need to get director-level authorization in order to do anything involving a hypervisor. Furthermore, once that authorization has been given and the AWS employee logs in, you’ll be working in a virtual environment loaded with booby traps, one that “basically logs every single operation that you carry out and alarms on certain types of operations,” says Ryland. “It’s all metered, alarmed, and it’s got tons of … metrics about behavior.” A would-be Snowden or Manning attempting to download a trove of NSA data onto a flash drive from the hypervisor would be trying to do it while internal alarms were going off.

Bottom line, you would have to perform this mission as the world is learning about your crime in real time, not months later on the front page of the Guardian. It wouldn’t be so much a burglary as a brazen heist.

Hope you have a good pair of running shoes.