PlayStation Network hack launched from Amazon EC2
Cloud economics strikes again
The hackers who breached the security of Sony's PlayStation Network and gained access to sensitive data for 77 million subscribers used Amazon's web services cloud to launch the attack, Bloomberg News reported.
The attackers rented a server from Amazon's EC2 service and penetrated the popular network from there, the news outlet said, citing an unnamed person with knowledge of the matter. The hackers supplied fake information to Amazon. The account has now been closed.
Neither Sony nor Amazon commented on the claims.
Bloomberg doesn't say how Amazon's cloud service was used to mount the attack. If the report is correct, it wouldn't be the first time it's been used by hackers.
German security researcher Thomas Roth earlier this year showed how tapping the EC2 service allowed him to crack Wi-Fi passwords in a fraction of the time and for a fraction of the cost of using his own computing gear. For about $1.68, he used special “Cluster GPU Instances” of the Amazon cloud to carry out brute-force cracks that allowed him to access a WPA-PSK protected network in about 20 minutes.
And in late 2009, a ZeuS-based banking trojan used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.
In both cases, those tapping the Amazon cloud did so as paid customers.
A top Sony executive recently implicated the Anonymous hacker collective in the PSN attack but has so far provided no convincing evidence to support that claim. The attack, which penetrated core parts of the gaming network, was used to steal passwords, names, addresses, ages, email addresses and other data associated with 77 million accounts.
The network has been closed for the past 23 days and Sony has provided
no little indication when it will reopen. On Tuesday, the company said the exact restoration date "will likely be at least a few more days". On April 30, the company's CEO had predicted the site would reopen later that week.
The Bloomberg article is here. ®
This article was updated to add details about the timeline for restoration of the PlayStation Network.
- Black Hat
- Cloud native
- Common Vulnerability Scoring System
- Content delivery network
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Edge Computing
- Google Cloud Platform
- G Suite
- Hybrid Cloud
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Private Cloud
- Public Cloud
- Sony Interactive Entertainment
- Trusted Platform Module
- Zero Day Initiative
- Zero trust