UPDATED 11:47 EST / MAY 16 2011

As the PlayStation Network Comes Back Online, Amazon’s EC2 Cloud Discovered as Part of Attack

cloud-rains-on-playstation-network This weekend has seen the beginning of the end of the saga of the PlayStation Network downtime that left millions of customers in the dark and dragged Sony into the glaring spotlight of Congressional scrutiny. Burning the downtime to an end racks up a total of just under 24 days offline. Rumors of the network’s return can finally die down now and thoughts must shift to examining exactly what happened. Something that has become bold news about the event, though, is the discovery that Amazon’s Elastic Cloud Computing service had been used by the hackers.

Bloomberg is running a story right now about how the hackers did not break into Amazon’s servers, but rather signed up using fake information in order to use them as a staging point for their attacks,

Hackers using an alias signed up to rent a server through Amazon’s EC2 service and launched the attack from there, said the person, who requested anonymity because the information is confidential. The account has been shut down, the person said.

The development sheds light on how hackers used the so-called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.

Drew Herdener, a spokesman for Seattle-based Amazon, declined to comment. Amazon didn’t respond to a request to speak with Chief Executive Officer Jeff Bezos.

“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”

Former FBI cyber-crime investigator and president of the security company Online Intelligence, E.J. Hilbert told Bloomberg that the Federal Bureau of Investigation will likely subpoena Amazon as part of the investigation or attempt to obtain search warrants. None of which should come as much of a surprise if Amazon’s servers were used as part of the attack.

There is no news from Amazon or the FBI if any such search warrant or subpoena has yet been obtained.

Amazon rents space for a multitude of different clients on their servers and as the hackers appeared to be legitimate renters the cloud-computing service is certainly not at fault. The hackers could have just as easily decided to find themselves a relatively open hosting service and rented a server from them. This isn’t an issue of security in the cloud any more so than a rental car being used for getaway in a bank heist speaks to the security of renting cars.

As these tools continue to proliferate and make business operations cheaper for legitimate sources the criminals too will attempt to leverage them for their own ends.

As the investigation continues, detectives will simply use each link in the attack chain to follow backwards to locate the origin point of the hackers and determine the flow of data. Not only are they going to use the footprint left behind by the attack itself, but the appearance of personal and credit card data in the wild.

The decision of the hackers to use social engineering to build themselves a duck blind with Amazon’s EC2 service suggests a high level of sophistication and bravado not often seen in these sort of attacks. It’s not uncommon for cybercriminals to use already compromised systems (either consumer machines infected with worms or enterprise servers with rootkits) but using fake credentials to rent time on legitimate services seems pretty ballsy.

I suspect in the future we’ll probably hear about this happening pretty often. Except that the first thing that comes to mind is not using cloud-computing services like Amazon’s EC2 as a platform for attacking remote servers, but as a distributed computing source for breaking encryption. It would certainly make a lot more sense for that and it would be much harder for investigators to even notice that it was going on. By using EC2 as a source, these hackers have left themselves a trail that winds through Amazon’s servers.

The real kicker here is going to be that the Amazon EC2 crash happened April 21st, shortly after Sony discovered that their systems had been breached. Since it is known that some historical data was lost in the cloud-services crash, we’ll have to hope that the relevant information pertaining to this case went unaffected or we’ll have a long investigation ahead of us.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU