Report: Amazon Web Services Used in Sony Hacker Attacks

May 16, 2011 -

Amazon.com's Web Services were used by hackers in the April attack against Sony’s online entertainment services, according to a Bloomberg report citing a "person with knowledge of the matter."

According to the report, hackers rented a server through Amazon’s EC2 service and launched the attack from that location, according to Bloomberg's source. The source is obviously someone that either knows the hackers that rented the services or an Amazon insider because he or she also said that the account had been shut down.

The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.

Amazon spokesman Drew Herdener declined comment. Amazon didn’t respond to a Bloomberg request to speak with Chief Executive Officer Jeff Bezos.

Sony didn't have a lot to say about the story either:

“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”

E.J. Hilbert, president of the security company Online Intelligence, told Bloomberg that using a hijacked or rented server to launch attacks from is a typical tactic for "sophisticated hackers." Hilbert added that the FBI is likely to subpoena Amazon as part of its ongoing investigation.

FBI Special Agent Darrell Foxworth from the San Diego office, said he couldn’t comment, saying only that they are "following up on each and every lead."

Source: Bloomberg


Comments

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Online security is really an issue. Hope the situation can be better gradually. Have a nice day!

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous my tail.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous probably didn't steal the information, since this was a sophisticated attack. We all know Anonymous isn't good for anything except their one trick, DDoS attacks, so since they're not as great as they think they are, they couldn't possibly have done it.

However, there was a allegedly a DDoS attack that occurred just before the massive breach that led to Sony being forced to take down the PSN.

Curious, that.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly frequent GP poster Grif lures men to his private island and hunts them for sport.

I don't have any actual evidence to back this up, and if you ask me for any I'll just tell you you should Google it.  But I read it somewhere, so I'm sure it must be true.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly, frequent GP troll Thad enjoys finding words where there aren't any, and makes thinly-veiled personal attacks behind the guise of obscure short stories most have read in the sixth grade, since he apparently can't rebut a point directly.

http://en.wikipedia.org/wiki/The_Most_Dangerous_Game

Addendum: Grif only says "Google it" when he doesn't feel like putting 300 links in a post to prove a single point.
He also apparently enjoys talking in the third person.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

If you can put 300, 3 shouldn't be a problem. Telling others to Google it is at best insulting, at worst a way to hide you have no proof.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

*Sigh* Asking Grif to do your work for you again, are you? Fine.

http://www.taipeitimes.com/News/biz/archives/2011/05/06/2003502509

http://www.theinquirer.net/inquirer/news/2068111/sony-anonymous-ddos-attacks-distracted

http://www.eweek.com/c/a/Security/Sony-Data-Breach-Was-Camouflaged-by-Anonymous-DDoS-Attack-807651/

This, among some of the other arguments I make, are in the realm of what some would call "common knowledge".

Interestingly enough, those three links are the first three to pop up. I didn't have to do any intense digging just to prove myself right. I'm not a gambling man, but I'm willing to bed that it took less time than it would have taken to make a post asking someone to "prove it", let alone waiting for a response.

I shouldn't have to prove that 1+1=2, or that the sky is blue, or that Fox News is retarded, but since you want me to prove everything for you, here you go.

http://mathforum.org/library/drmath/view/51551.html

http://math.ucr.edu/home/baez/physics/General/BlueSky/blue_sky.html

http://www.i-am-bored.com/bored_link.cfm?link_id=45307

Asking someone to prove something that everyone else around you already knows just makes you look like a jackass and a troll. That kind of crap flies around 4chan, but not here.

Asking for proof of common knowledge is at best insulting, and at worst proof that you're too lazy to do your own research.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Or, you know, you may notice I didn't ask for a link here from you. I, however, did so in a previous thread. Here was my post: "Got any proof that Xbox live was compromised 6 times? You keep bringing it up, but not once have you linked an article. 6 times is a lot and maintenance do happen, so please provide the proofs of said 6 attacks." I am still awaiting said links. Furthermore, backing arguments when they are questioned is what you normally does in a discussion. Yet you love to insult others. I'll point that THIS behavior is typical of a troll, a term you seem to be called quite a lot more than me.

Furthermore, of my first 3 Google search for : "sony attack was hidden by anonymous ddos", only one refers to such a thing. "https://www.infosecisland.com/blogview/13558-Sony-Tells-Congress-Anonymous-DDoS-Aided-Breach.html". Judge by yourself the validity of the source (I will not do so in one way or the other.)

Finally, you cited The Inquirer as one of your source. Since it's a tabloid of very poor reputation, I would at the very least find THEIR source and try to cite them instead. The Inquirer has been found to fabricate more than one of their story. Also, have you noticed how all your link back to the same original source? Huh.

P.S.: You can't call "common knowledge" something that was at best announced less than 2 weeks prior, especially if it isn't Earth shattering news. 9/11, fine, a week later the world knew. This, even if true, even in years from now, you'll find a huge amount of people never even exposed to the "news".

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

And yet you and Thad are the only ones who keep pressing me for proof. Nobody else does. You ever think that it's because everyone else already knows what I know? That's what we call "common knowledge". Neeneko doesn't press me, Andrew Eisen doesn't press me, Austin doesn't press me, Nightwing doesn't press me, hell, not even Zippy presses me to prove something that the entire world already knows.

You want proof of Xbox Live being hacked? Fine, here.

http://www.infosecurity-magazine.com/view/17086/xbox-live-policy-directors-account-hacked/

http://www.zdnet.com/blog/security/xbox-live-hacked-accounts-stolen/131

http://blog.trendmicro.com/xbox-live-accounts-hacked/

http://www.joystiq.com/2008/08/28/bungie-staffer-gets-xbox-live-account-hacked/

I know you wanted six, but meh. Call me lazy. My point was that Microsoft isn't any more secure than Sony was at the time. They have been hacked numerous times in the past, and the examples I listed above aren't even counting the time in 2008 that brought Xbox Live down for 17 days.

http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/

Oooh, there's five! One more and I get a cookie!

And yes, I know the Inquirer is of poor repute, that's why there was more than one link. Even then, they all go back to the original source. Funny, that. Next you'll be asking me to find the source of the source of the source.

P.S.: You don't get to determine what is and isn't common knowledge. Common knowledge is generally referred to as "something everyone knows". It doesn't have to be "Earth-shattering", or even relevant to the rest of the world. Like I said, 1+1=2 is common knowledge. Not Earth-shattering, not relevant to this particular case, but something we all know anyway. The DDoS attack on Sony before the breach is something everyone knew about, yet you and Thad are the only ones who have to make asses of yourselves by going "prove it". Then again, if you don't even know something that's common knowledge, maybe you should refrain from speaking, let alone trying to rebut the proof that you asked for without any of your own.

If you don't want to agree with me, that's fine, but don't go and ask me to keep providing proof of things that everyone else knows.

Also, I'm fairly sure that the whole world knew about 9/11 in less than a week. I'm willing to bet they knew the day it happened. But I don't have any proof to back this up, so it's obviously a false statement. Nevermind.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Urgh, I'm tired of this. Alright, let's see those links. So, out of the first 4 links, how many describe a system attack? *drum rolls* : none. Did you fail basic rigor or something? Have you even read the article you are feeding here or are you so desperate for even a tenuous chance at online victory? Those are all discussing user attack, not system attack. Something that can be done by infecting the users with trojans, finding weak password and the like. If you have doubts about the second link, here's a less romanticized version:

http://www.securityfocus.com/news/11452

Yes, the evil "Clan Infamous" at their worst can get... about 10 accounts a day... using user attacks.

As for the 5th link, not only does it NOT mention an attack or loss of any sort of information, it also fails your claim of 17 days (something you could have fixed by getting an article mentioning the service was back up after X days, for example).

So of all the things you went out of your way, supposedly, to prove, you proved nothing at all. I mean, you didn't even list a single valid attack. I'd like to remind you at this point that originally I asked for links because you kept coming up with what in the coding world we call a magic number (a constant that isn't named or explained in the code) for your arguments and I couldn't find a link to back those up (yes, I do look up first on what I want more information about). Guess what? Seems you can't find links about it either.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I can't believe I actually fell for that. Good show.

You've managed to change the subject from Anonymous opening the door to the Sony breach to performing a clever version of necroposting.

Firstly, just because it's not a system attack using codes or programs, that doesn't necessarily mean it doesn't qualify as a security breach. Those links are just as valid as any link suggesting a system attack. You're just taking the term "hacked" too literally. Phishing scams and trojans are one thing, but when someone's account gets hacked through no fault of their own, that means Microsoft's security is compromised. Customer information is stolen without customers being subjected to trojans or giving up their passwords even unwittingly. It was Microsoft's own customer support employees who gave up the information. Does that still mean it was the customer's fault?

Now, are there any other points you'd like to cover? Or can we get back to the original topic?

In case you forgot it in the midst of picking apart every little thing I say about everything, here it is...

Anonymous opened the door for the Sony security breach: Fact or Fiction?

P.S.: OOPS, I misread the article earlier. Xbox Live was "Up and down" for 14 days, not 17. My bad. I admit I made a mistake. Sorry. Happy now?

And before you go saying "It wasn't down because they got hacked", I never said it was because they were hacked. I was using that as an example to help the Xbots remember the fact that Xbox Live has indeed had its share of downtime that wasn't "scheduled maintenance".

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

What makes you jump to this conclusion? I would LOVE to hear your reasoning behind this.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Was this supposed to be directed at my comment?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Yes it was. I would love to hear why you believe that it didn't had anything to do with console hacks just because they used amazon web services for the attacks.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Well, as I understood the dev hack, it allowed modified consoles to access regions of the network and billing systems they normally could not.  Thus the attack vector was the console via the internal network, not thier Appache farm and not attacked via outside servers.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Hrm... if this is the case, then that means it was not related to that firmware dev hack.

In which case, why did they push out new firmware?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

As a precaution would be my guess.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I guess I could see that... but I am thinking back to pushing out security updates in the past where we slipped in other stuff we wanted to propegate too, even though it was not related to the issue....

 
Forgot your password?
Username :
Password :

Poll

Is King right? Should all games adopt the free-to-play model?:

Shout box

You're not permitted to post shouts.
Matthew Wilsonit is a game worth playing if you have a pc/360/ps304/20/2014 - 9:34pm
MaskedPixelantehttps://twitter.com/IGLevine/status/457552538343325696 The Lutece Twins show up in some of the most unlikely of places.04/20/2014 - 2:44pm
Andrew EisenAs it happens, Chinatown Wars is the only GTA game I've played.04/19/2014 - 10:43am
Papa MidnightWith GTA5 (to date) failing to even provide indication of a PC release, I'm realising that this might be the first GTA game that I have not played (outside of Chinatown Wars) since the series inception.04/19/2014 - 8:14am
IanCSo im guessing a bunch of edutainment games, which a lot of people elsewhere are going gaga over, dot count as classics? Okay. If you don't mind me, i have a sudden urge to play Putt Putt....04/19/2014 - 6:15am
MaskedPixelantehttp://www.joystiq.com/2014/04/18/playstation-99-cent-sale-discounts-tokyo-jungle-super-stardust/ Weekend long PSN flash sale. So much stuff is 99 cents for the rest of the weekend.04/18/2014 - 5:59pm
Adam802http://www.polygon.com/2014/4/18/5627928/newtown-video-game-addiction-forum04/18/2014 - 4:14pm
Matthew Wilsonit is a video talking about why certain games/products/consoles do well, and others do not. he back it up with solid research.04/18/2014 - 3:56pm
Andrew EisenI'm not keen on blind links. What is it?04/18/2014 - 3:45pm
Matthew Wilsonthis is worth a whatch https://www.youtube.com/watch?v=MyXcr6sDRtw&list=PL35FE5C4B157509C904/18/2014 - 3:43pm
MaskedPixelanteNumber 3: Night Dive was brought to the attention of the public by a massive game recovery, and yet most of their released catalogue consists of games that other people did the hard work of getting re-released.04/17/2014 - 8:46pm
MaskedPixelanteNumber 2: If Humongous Entertainment wanted their stuff on Steam, why didn't they talk to their parent company, which does have a number of games published on Steam?04/17/2014 - 8:45pm
MaskedPixelanteNumber 1: When Night Dive spent the better part of a year teasing the return of true classics, having their big content dump be edutainment is kind of a kick in the stomach.04/17/2014 - 8:44pm
Matthew Wilsonhttp://www.giantbomb.com/articles/jeff-gerstmann-heads-to-new-york-takes-questions/1100-4900/ He talks about the future games press and the games industry. It is worth your time even though it is a bit long, and stay for the QA. There are some good QA04/17/2014 - 5:28pm
IanCErm so they shouldn't sell edutainment at all? Why?04/17/2014 - 4:42pm
MaskedPixelanteNot that linkable, go onto Steam and there's stuff like Pajama Sam on the front-page, courtesy of Night Dive.04/17/2014 - 4:13pm
Andrew EisenOkay, again, please, please, PLEASE get in a habit of linking to whatever you're talking about.04/17/2014 - 4:05pm
MaskedPixelanteAnother round of Night Dive teasing and promising turns out to be stupid edutainment games. Thanks for wasting all our time, guys. See you never.04/17/2014 - 3:44pm
Matthew WilsonAgain the consequences were not only foreseeable, but very likely. anyone who understood supply demand curvs knew that was going to happen. SF has been a econ/trade hub for the last hundred years.04/17/2014 - 2:45pm
Andrew EisenMixedPixelante - Would you like to expand on that?04/17/2014 - 2:43pm
 

Be Heard - Contact Your Politician