How to Check if Your Cloud Server is Leaking Data

In this video, we’re going over how to check if your cloud server is leaking data. Now that’s where we talked about cloud storage can be a really good place for hackers to target. After all, they don’t need physical access to your server or your computer in order to get your data. Since our data is cloud-based, it’s a lot easier for them to get a hold of it. And as things start moving into cloud, we store more and more data there. That’s why cloud storage is so appealing for malicious hackers. Now how do we go about securing this? Well, depending on what services you’re using will depend on which road we need to take.

If you’re on AWS, Amazon Web Server, you could use Amazon Inspector. And this is an automated security assessment services designed to help improve security and compliance of your applications that are on AWS servers. Google takes a different approach. So instead of giving you a tool to go ahead and scan your servers or services, Google gives you a quick start guide, how to guides, API references, concepts, and other resources to help train you to go ahead and secure and limit access on your servers. Microsoft Azure, it has a security centre designed to help your hybrid security management. So it’s designed to act as a security management and threat protection service.

Now other ways that we could check to see if our data is being leaked on our cloud servers, we could use things like DeHashed and have I been pwned? for account credential leaks. While we could use a search engine called Shodan to actually search online for different information, to see if our servers are leaking data. So let’s take a look at these services. So the first one is DeHashed. Now DeHashed can be found at dehashed.com and again, it’s designed to look up hash passwords, breached data, and whatnot. So what you want to do is you want to make a free account. And from there, we can actually look up quite a number of things.

We can look up usernames, we can look up email, IP addresses, addresses, phone numbers, and whatnot. Now what will happen is if, say, I put an email address or username, and I click Search, and I get a hit back. Well that hit is going to tell me, “Hey, this email or this account was found as part of this breach.” And “we found a password, or didn’t find a password”. Now if the account password or the username is still active, now that means that if I’m able to search for it, malicious hackers are able to search for it too and possibly get the password.

Now in order to see the password, you do need to sign up for a paid account for DeHashed. And it’s a pretty nominal fee. Last time I used it, it was about $2 or $3 for a week or two of unlimited searches. And if you want to verify the password, that is one way you could do it. You do want to verify that it’s going to be legal for you to do it in your area. And it’s going to be within whatever compliance you need for your workplace, if you’re going to search this.

Otherwise, you could go ahead, again, you could enter a username, you can enter a password, IP address, what not, and see if it’s part of a data breach. And it’ll tell you, yes or no, if it’s found in those databases. And as you can see here, there’s quite a number of compromised assets on their database rather. Now the other one we could take a look at is have I been pwned? Now have I been pwned? is a little bit more restricted. Have I been pwned? works by email addresses. So I can put an email address of any user on my cloud’s server.

And primarily, what you want to use is things like MA accounts are big ones that you want to check against. So say I put an admin email address in, I clicked on pwned, and it comes back with a hit. Again, it’s going to tell you what part of the data breach was, and if the password is most likely compromised or not. If it did come back with a data breach, chances are that email address or password got compromised and you do want to go ahead and change it. Have I been pwned?

does not give you the option to actually see the unhatched password, but again you could tell that this account was compromised in this data breach, and I know I haven’t changed the password since this date so, yes I need to change it. Or no I don’t need to change it. So it’ll help you make that determination. Now the last one I want to show is called Shodan. And this is a pretty unique browser, or not a browser, rather a search engine. And it can be found at shodan.io. Now Shodan is pretty interesting because it essentially indexes every device that connects to the internet, or tries to.

And it could be a computer, it could be a server, network switch, IP camera, a children’s toy that connects to the internet, your smartwatch, anything that connects to the internet– it pretty much indexes it here. And the way you could use this is you can look up your organisation, you can look up by IP address, port address, by city, state, country. If you want to see if a IP camera is leaking, you can put that particular search in. And what you want to do is set up an account, which is free. And then you can start doing some basic searches. Now Shodan also has an API key that you could tie into other programs to do some deeper searches.

However, you could do the basic one through here. And to get more information on how to do the searches, there is a cheat sheet here, things like port, and the example here is 502, Country, US, so it’s going to search for different port addresses over 502 in the US. You could also click on the Help Centre and read some of the information there. It gives you more information on how to do a more specific search. Now before you go ahead and start doing searches on this, I do recommend that you check to make sure it’s going to be legal in your state, country, and if it’s going to be allowed in your organisation to do searches.

Depending on the information that you find in here, it may or may not be something that you’re going to be able to do. So do check that before you started searching. Because again, Shodan is a pretty powerful tool. So you do want to make sure that you’re able to do that. So again, pretty powerful tool. It can be found at Shodan.io/home. Now wrapping up, it’s critical to secure our cloud. Securing our cloud infrastructure, whether it’s storage or domain, is critical. After all, we know that hackers really love cloud storage and try to get access to it. Many services offer tools. Some of the larger cloud providers like Microsoft and Amazon offer tools to help secure the cloud infrastructure.

Whereas things like Google will give you a lot of documentation, instructions on how to do that. Data breaches can be used, such as Shodan, have I been pwned? and DeHashed, in order to verify leaked credentials or open services. Now this was all about checking if your cloud is leaking data. And the next video, we’re going to be taking a look at network connections. Thank you for watching. I’ll see you in the next video.