Bloomberg are today reporting that last month’s PSN hack, which resulted in the data from 100 million personal accounts being compromised was launched from rented Amazon servers.
Amazon’s range of web services includes Amazon Elastic Compute Cloud (Amazon EC2) which essentially is racks of CPUs offering enormous computational power that users can rent by the minute. Bloomberg’s anonymous source said that the perpetrators of the attack used an alias to sign up and the account has since been closed.
It is not the first time EC2 has been used for undesirable intentions as earlier this year German security researcher Thomas Roth used the power of the cloud to highlight the power of cloud computing could be used to launch brute force attack on a WPA-PSK protected WiFi network in less than 20mins for a fraction of the cost of running the application on his own equipment. Roth’s program used EC2 to force 400,000 passwords per second to crack the network and he went on to say that with further optimisations he could have cracked the security within six minutes.
In late 2009, a ZeuS-based banking trojan used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.
In both cases, those tapping the Amazon cloud did so as paid customers.
The source didn’t say how EC2 was used in the attack on the PSN, but Amazon’s Web Services themselves were hit by a massive outage around the same time as the PSN attack taking with it a large number of high profile websites who rely on the cheap computational power to run their services. Amazon blamed network upgrades for the outage, rather than any discovery of people using their service to launch the PSN hack and so far haven’t commented on Bloomberg’s story.
Source: Bloomberg, Via The Register.
gideon1451
I suppose there’s always a danger in these services that they can be used for nefarious purposes.
nofi
Uh oh.
gideon1451
Reminds me of Scooby Doo.
MrSpeedyGonzales
Ruh Roh haha
Flash
Wow, this is big
DrNate86
If they paid for the cloud service, that is at least another avenue to investigate to try and identify the hackers.
cc_star
Mickey Mouse from Beverly Hills 90210 is surly going to be in a lot of trouble when the feds catch up with him
eye8have9you3
well obviously a fake name won’t help, but they must have used a credit card or something traceable to pay for the service, it’s not like you can just pay in cash
DrNate86
Exactly. Unless they set up dummy bank accounts then the money has to come from somewhere traceable.
Awayze
The billing adress has to match the credit cards adress, as the two users stated, you can’t pay in cash, the debit/credit card must be traceable even if its one of them pre paid cards you can get.
Watchful
@eye @DrNate @Awayze
So you don’t think the people who hacked PSN and stole the identity information for all the PSN accounts are likely to have used stolen or fraudulent IDs themselves when doing it if they needed one?
Of course there won’t be a credit card/bank account trail to follow unless it simply leads to more victims.
TURRICAN-808
Surely the FBI who are working with SONY would investigate…
cc_star
Although AMZ have attributed their outage to ‘network upgrades’ from what I can tell it came at the same time as the PSN attack was uncovered… I’m going to add 2+2 and say AWS was taken offline (effecting hundreds of other sites including Reddit, 4sq, Quora) as part of the discovery, but yes there should be an IP address trail, but they were probably anonymised with something like Onion Routing/Tor
StevenHibs
Hopefully the basterds will be caught
cam the man
Shoot them all!
Erroneus
This is totally material for Hackers 2. Come on Hollywood, show us what you do best, Sequels.
cc_star
If it was a brute force attack on admin passwords (or whatever) there are many ways to protect against them. Adding a delay of a few seconds between unsuccessful log-in attempts would be unnoticeable to an end user but would prevent hundreds of thousands of attempts per second. Having a flag raised after x number of attempts, temporarily disabling the account and requiring the users to go through alternative verification measures to re-activate their account. Security basics, first day on the job stuff, so I’m sure that wasn’t totally the case… Hopefully.
DrNate86
There’s no indication from the news report that it was a brute force attack on Sony, that’s just one way the cloud was used in the past on a Wifi network.
cc_star
1) I know, I wrote the article
2) Hence the if
3) It has been said in other reputable reports that admin accounts were used because of their advanced privileges, and brute force would be the easy, cheap way to gain control of them. Also,if Bloomberg are correct then there wouldn’t really be another use for EC2 particular brand of cloud computing.
DrNate86
You will have to excuse my scepticism matey, it’s just you have got quite an accusative and condemning tone when dealing with “if’s”. I can recall a few times you have held arms against Sony for security issues that have turned out to be untrue or exaggerated. I would rather hold judgement until I know the full story.
quinkill
Wow, this is huge. Is it at all possible that Sony could take Amazon to court over this?
Joe
i doubt it… i’m sure amazon has a massive disclaimer to read through before you use the service outlining what youre not allowed to use it for
Sympozium
No….. its not there fault, plus senseless sueing isn’t even worth it
YOURMUMANDME
I’d imagine a sort of disclosure check should be implemented by Amazon.
TURRICAN-808
Thats right, make it similar to the email/bank account check that PayPal do, it might ensure a genuine Amazon cloud account