Bloomberg are today reporting that last month’s PSN hack, which resulted in the data from 100 million personal accounts being compromised was launched from rented Amazon servers.
Amazon’s range of web services includes Amazon Elastic Compute Cloud (Amazon EC2) which essentially is racks of CPUs offering enormous computational power that users can rent by the minute. Bloomberg’s anonymous source said that the perpetrators of the attack used an alias to sign up and the account has since been closed.
It is not the first time EC2 has been used for undesirable intentions as earlier this year German security researcher Thomas Roth used the power of the cloud to highlight the power of cloud computing could be used to launch brute force attack on a WPA-PSK protected WiFi network in less than 20mins for a fraction of the cost of running the application on his own equipment. Roth’s program used EC2 to force 400,000 passwords per second to crack the network and he went on to say that with further optimisations he could have cracked the security within six minutes.
In late 2009, a ZeuS-based banking trojan used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.
In both cases, those tapping the Amazon cloud did so as paid customers.
The source didn’t say how EC2 was used in the attack on the PSN, but Amazon’s Web Services themselves were hit by a massive outage around the same time as the PSN attack taking with it a large number of high profile websites who rely on the cheap computational power to run their services. Amazon blamed network upgrades for the outage, rather than any discovery of people using their service to launch the PSN hack and so far haven’t commented on Bloomberg’s story.