Report: Amazon Web Services Used in Sony Hacker Attacks

May 16, 2011 -

Amazon.com's Web Services were used by hackers in the April attack against Sony’s online entertainment services, according to a Bloomberg report citing a "person with knowledge of the matter."

According to the report, hackers rented a server through Amazon’s EC2 service and launched the attack from that location, according to Bloomberg's source. The source is obviously someone that either knows the hackers that rented the services or an Amazon insider because he or she also said that the account had been shut down.

The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.

Amazon spokesman Drew Herdener declined comment. Amazon didn’t respond to a Bloomberg request to speak with Chief Executive Officer Jeff Bezos.

Sony didn't have a lot to say about the story either:

“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”

E.J. Hilbert, president of the security company Online Intelligence, told Bloomberg that using a hijacked or rented server to launch attacks from is a typical tactic for "sophisticated hackers." Hilbert added that the FBI is likely to subpoena Amazon as part of its ongoing investigation.

FBI Special Agent Darrell Foxworth from the San Diego office, said he couldn’t comment, saying only that they are "following up on each and every lead."

Source: Bloomberg


Comments

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Online security is really an issue. Hope the situation can be better gradually. Have a nice day!

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous my tail.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous probably didn't steal the information, since this was a sophisticated attack. We all know Anonymous isn't good for anything except their one trick, DDoS attacks, so since they're not as great as they think they are, they couldn't possibly have done it.

However, there was a allegedly a DDoS attack that occurred just before the massive breach that led to Sony being forced to take down the PSN.

Curious, that.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly frequent GP poster Grif lures men to his private island and hunts them for sport.

I don't have any actual evidence to back this up, and if you ask me for any I'll just tell you you should Google it.  But I read it somewhere, so I'm sure it must be true.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly, frequent GP troll Thad enjoys finding words where there aren't any, and makes thinly-veiled personal attacks behind the guise of obscure short stories most have read in the sixth grade, since he apparently can't rebut a point directly.

http://en.wikipedia.org/wiki/The_Most_Dangerous_Game

Addendum: Grif only says "Google it" when he doesn't feel like putting 300 links in a post to prove a single point.
He also apparently enjoys talking in the third person.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

If you can put 300, 3 shouldn't be a problem. Telling others to Google it is at best insulting, at worst a way to hide you have no proof.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

*Sigh* Asking Grif to do your work for you again, are you? Fine.

http://www.taipeitimes.com/News/biz/archives/2011/05/06/2003502509

http://www.theinquirer.net/inquirer/news/2068111/sony-anonymous-ddos-attacks-distracted

http://www.eweek.com/c/a/Security/Sony-Data-Breach-Was-Camouflaged-by-Anonymous-DDoS-Attack-807651/

This, among some of the other arguments I make, are in the realm of what some would call "common knowledge".

Interestingly enough, those three links are the first three to pop up. I didn't have to do any intense digging just to prove myself right. I'm not a gambling man, but I'm willing to bed that it took less time than it would have taken to make a post asking someone to "prove it", let alone waiting for a response.

I shouldn't have to prove that 1+1=2, or that the sky is blue, or that Fox News is retarded, but since you want me to prove everything for you, here you go.

http://mathforum.org/library/drmath/view/51551.html

http://math.ucr.edu/home/baez/physics/General/BlueSky/blue_sky.html

http://www.i-am-bored.com/bored_link.cfm?link_id=45307

Asking someone to prove something that everyone else around you already knows just makes you look like a jackass and a troll. That kind of crap flies around 4chan, but not here.

Asking for proof of common knowledge is at best insulting, and at worst proof that you're too lazy to do your own research.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Or, you know, you may notice I didn't ask for a link here from you. I, however, did so in a previous thread. Here was my post: "Got any proof that Xbox live was compromised 6 times? You keep bringing it up, but not once have you linked an article. 6 times is a lot and maintenance do happen, so please provide the proofs of said 6 attacks." I am still awaiting said links. Furthermore, backing arguments when they are questioned is what you normally does in a discussion. Yet you love to insult others. I'll point that THIS behavior is typical of a troll, a term you seem to be called quite a lot more than me.

Furthermore, of my first 3 Google search for : "sony attack was hidden by anonymous ddos", only one refers to such a thing. "https://www.infosecisland.com/blogview/13558-Sony-Tells-Congress-Anonymous-DDoS-Aided-Breach.html". Judge by yourself the validity of the source (I will not do so in one way or the other.)

Finally, you cited The Inquirer as one of your source. Since it's a tabloid of very poor reputation, I would at the very least find THEIR source and try to cite them instead. The Inquirer has been found to fabricate more than one of their story. Also, have you noticed how all your link back to the same original source? Huh.

P.S.: You can't call "common knowledge" something that was at best announced less than 2 weeks prior, especially if it isn't Earth shattering news. 9/11, fine, a week later the world knew. This, even if true, even in years from now, you'll find a huge amount of people never even exposed to the "news".

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

And yet you and Thad are the only ones who keep pressing me for proof. Nobody else does. You ever think that it's because everyone else already knows what I know? That's what we call "common knowledge". Neeneko doesn't press me, Andrew Eisen doesn't press me, Austin doesn't press me, Nightwing doesn't press me, hell, not even Zippy presses me to prove something that the entire world already knows.

You want proof of Xbox Live being hacked? Fine, here.

http://www.infosecurity-magazine.com/view/17086/xbox-live-policy-directors-account-hacked/

http://www.zdnet.com/blog/security/xbox-live-hacked-accounts-stolen/131

http://blog.trendmicro.com/xbox-live-accounts-hacked/

http://www.joystiq.com/2008/08/28/bungie-staffer-gets-xbox-live-account-hacked/

I know you wanted six, but meh. Call me lazy. My point was that Microsoft isn't any more secure than Sony was at the time. They have been hacked numerous times in the past, and the examples I listed above aren't even counting the time in 2008 that brought Xbox Live down for 17 days.

http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/

Oooh, there's five! One more and I get a cookie!

And yes, I know the Inquirer is of poor repute, that's why there was more than one link. Even then, they all go back to the original source. Funny, that. Next you'll be asking me to find the source of the source of the source.

P.S.: You don't get to determine what is and isn't common knowledge. Common knowledge is generally referred to as "something everyone knows". It doesn't have to be "Earth-shattering", or even relevant to the rest of the world. Like I said, 1+1=2 is common knowledge. Not Earth-shattering, not relevant to this particular case, but something we all know anyway. The DDoS attack on Sony before the breach is something everyone knew about, yet you and Thad are the only ones who have to make asses of yourselves by going "prove it". Then again, if you don't even know something that's common knowledge, maybe you should refrain from speaking, let alone trying to rebut the proof that you asked for without any of your own.

If you don't want to agree with me, that's fine, but don't go and ask me to keep providing proof of things that everyone else knows.

Also, I'm fairly sure that the whole world knew about 9/11 in less than a week. I'm willing to bet they knew the day it happened. But I don't have any proof to back this up, so it's obviously a false statement. Nevermind.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Urgh, I'm tired of this. Alright, let's see those links. So, out of the first 4 links, how many describe a system attack? *drum rolls* : none. Did you fail basic rigor or something? Have you even read the article you are feeding here or are you so desperate for even a tenuous chance at online victory? Those are all discussing user attack, not system attack. Something that can be done by infecting the users with trojans, finding weak password and the like. If you have doubts about the second link, here's a less romanticized version:

http://www.securityfocus.com/news/11452

Yes, the evil "Clan Infamous" at their worst can get... about 10 accounts a day... using user attacks.

As for the 5th link, not only does it NOT mention an attack or loss of any sort of information, it also fails your claim of 17 days (something you could have fixed by getting an article mentioning the service was back up after X days, for example).

So of all the things you went out of your way, supposedly, to prove, you proved nothing at all. I mean, you didn't even list a single valid attack. I'd like to remind you at this point that originally I asked for links because you kept coming up with what in the coding world we call a magic number (a constant that isn't named or explained in the code) for your arguments and I couldn't find a link to back those up (yes, I do look up first on what I want more information about). Guess what? Seems you can't find links about it either.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I can't believe I actually fell for that. Good show.

You've managed to change the subject from Anonymous opening the door to the Sony breach to performing a clever version of necroposting.

Firstly, just because it's not a system attack using codes or programs, that doesn't necessarily mean it doesn't qualify as a security breach. Those links are just as valid as any link suggesting a system attack. You're just taking the term "hacked" too literally. Phishing scams and trojans are one thing, but when someone's account gets hacked through no fault of their own, that means Microsoft's security is compromised. Customer information is stolen without customers being subjected to trojans or giving up their passwords even unwittingly. It was Microsoft's own customer support employees who gave up the information. Does that still mean it was the customer's fault?

Now, are there any other points you'd like to cover? Or can we get back to the original topic?

In case you forgot it in the midst of picking apart every little thing I say about everything, here it is...

Anonymous opened the door for the Sony security breach: Fact or Fiction?

P.S.: OOPS, I misread the article earlier. Xbox Live was "Up and down" for 14 days, not 17. My bad. I admit I made a mistake. Sorry. Happy now?

And before you go saying "It wasn't down because they got hacked", I never said it was because they were hacked. I was using that as an example to help the Xbots remember the fact that Xbox Live has indeed had its share of downtime that wasn't "scheduled maintenance".

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

What makes you jump to this conclusion? I would LOVE to hear your reasoning behind this.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Was this supposed to be directed at my comment?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Yes it was. I would love to hear why you believe that it didn't had anything to do with console hacks just because they used amazon web services for the attacks.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Well, as I understood the dev hack, it allowed modified consoles to access regions of the network and billing systems they normally could not.  Thus the attack vector was the console via the internal network, not thier Appache farm and not attacked via outside servers.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Hrm... if this is the case, then that means it was not related to that firmware dev hack.

In which case, why did they push out new firmware?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

As a precaution would be my guess.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I guess I could see that... but I am thinking back to pushing out security updates in the past where we slipped in other stuff we wanted to propegate too, even though it was not related to the issue....

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
Andrew EisenSorry for the all caps but we don't have the ability to bold in the the Shout box.07/28/2015 - 5:08pm
NatirI never said sexism and harassment doesn't exists, just those few women are making it seem way worse. Are you literally cherry picking one part of the entire conversation going on here?07/28/2015 - 5:08pm
NatirAndrew, if you disagree with people like Anita Sarkeesian or Zoe Quinn, you are labeled as misogynistic. Gaming companies are at their knees when it comes to people like them and gaming journalism. You disagree with them, your reputation is on the line.07/28/2015 - 5:07pm
Andrew EisenNatir - This is what you said: "The point is that these women do very little for the gaming industry but paint it to be a very bad place. From just constant harassment from (male) gamers to just SEXISM IN THE WORKPLACE. Stuff that just isn't true."07/28/2015 - 5:06pm
NatirI'm not arguing anything about sexism and harassment in the workplace... What are you talking about?07/28/2015 - 5:04pm
Andrew EisenYes, you've linked that several times and several times I've explained why that list isn't exactly what it says it is nor is it reflective of the actual criticism.07/28/2015 - 5:04pm
Mattsworknamehttp://www.giantbomb.com/female-protagonists/3015-2287/games/07/28/2015 - 5:01pm
MattsworknameFor the record, here is a list of games with female protagnists from they year 2014, as per giant bomb.07/28/2015 - 5:01pm
Mattsworknameandrew, I think natir may have ment a differnet point. I don't think he was aruging the workplace side, I think he was aruging the diversity in the games themselves, maybe.07/28/2015 - 5:01pm
Andrew EisenAnd I'll repeat this as many times as it needs repeating: no one (except maybe some random, anonymous numb nuts on Twitter) is calling anyone a misogynist simply for disagreeing with Sarkeesian and her ilk.07/28/2015 - 5:01pm
Andrew EisenNatir - What lie? What movement? What does that snide quote have to do with anything?07/28/2015 - 5:00pm
Andrew EisenMatt - Completely disagree. Any thinking person can see that just like with gamers, the most toxic elements, while the most attention getting, are not the majority or representative of the whole.07/28/2015 - 4:59pm
Andrew EisenNatir - Harassment and sexism in the workplace is true. It's been extensively observed and documented. That doesn't mean everything is bad. But that all doesn't mean shining a light on it to try and make it even better is an undesirable move either.07/28/2015 - 4:57pm
NatirThe movement they started is based on a complete lie and that is the real problem. Most people don't realize or those that do, ignore it because of the reprisal they get for disagreeing. You disagree with them and call them out? You are misogynistic now.07/28/2015 - 4:57pm
NatirHere is a good quote from the wordpress site: "Zoe Quinn with her little twine game commands the attention to be in documentaries, to be quoted on Kotaku, as Anita Sarkeesian is claimed to be one of the 100 most influential people in the world."07/28/2015 - 4:55pm
MattsworknameAndrew: its very true what you say, but with Feminism, the toxic fringe has become the main stream face of the movment, to the point where the US rep to the un on womens issues has called feminism a toxic word.07/28/2015 - 4:55pm
Natirdirectly related to games and politics.07/28/2015 - 4:53pm
NatirThe point is that these women do very little for the gaming industry but paint it to be a very bad place. From just constant harassment from (male) gamers to just sexism in the workplace. Stuff that just isn't true. Take a look for yourself since this is07/28/2015 - 4:53pm
Andrew EisenMatt - Every group has its jerk faces. Especially groups like feminists that are so large they encompass the vast majority of the population.07/28/2015 - 4:47pm
Andrew EisenAnd I don't get the sense many if any take anyone's thoughts at face value. They seem to be listening to what they have to say, evaluating what they heard, agreeing or disagreeing and acting accordingly. Or just outright ignoring them in the first place07/28/2015 - 4:44pm
 

Be Heard - Contact Your Politician