Report: Amazon Web Services Used in Sony Hacker Attacks

May 16, 2011 -

Amazon.com's Web Services were used by hackers in the April attack against Sony’s online entertainment services, according to a Bloomberg report citing a "person with knowledge of the matter."

According to the report, hackers rented a server through Amazon’s EC2 service and launched the attack from that location, according to Bloomberg's source. The source is obviously someone that either knows the hackers that rented the services or an Amazon insider because he or she also said that the account had been shut down.

The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.

Amazon spokesman Drew Herdener declined comment. Amazon didn’t respond to a Bloomberg request to speak with Chief Executive Officer Jeff Bezos.

Sony didn't have a lot to say about the story either:

“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”

E.J. Hilbert, president of the security company Online Intelligence, told Bloomberg that using a hijacked or rented server to launch attacks from is a typical tactic for "sophisticated hackers." Hilbert added that the FBI is likely to subpoena Amazon as part of its ongoing investigation.

FBI Special Agent Darrell Foxworth from the San Diego office, said he couldn’t comment, saying only that they are "following up on each and every lead."

Source: Bloomberg


Comments

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Online security is really an issue. Hope the situation can be better gradually. Have a nice day!

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous my tail.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Anonymous probably didn't steal the information, since this was a sophisticated attack. We all know Anonymous isn't good for anything except their one trick, DDoS attacks, so since they're not as great as they think they are, they couldn't possibly have done it.

However, there was a allegedly a DDoS attack that occurred just before the massive breach that led to Sony being forced to take down the PSN.

Curious, that.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly frequent GP poster Grif lures men to his private island and hunts them for sport.

I don't have any actual evidence to back this up, and if you ask me for any I'll just tell you you should Google it.  But I read it somewhere, so I'm sure it must be true.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Allegedly, frequent GP troll Thad enjoys finding words where there aren't any, and makes thinly-veiled personal attacks behind the guise of obscure short stories most have read in the sixth grade, since he apparently can't rebut a point directly.

http://en.wikipedia.org/wiki/The_Most_Dangerous_Game

Addendum: Grif only says "Google it" when he doesn't feel like putting 300 links in a post to prove a single point.
He also apparently enjoys talking in the third person.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

If you can put 300, 3 shouldn't be a problem. Telling others to Google it is at best insulting, at worst a way to hide you have no proof.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

*Sigh* Asking Grif to do your work for you again, are you? Fine.

http://www.taipeitimes.com/News/biz/archives/2011/05/06/2003502509

http://www.theinquirer.net/inquirer/news/2068111/sony-anonymous-ddos-attacks-distracted

http://www.eweek.com/c/a/Security/Sony-Data-Breach-Was-Camouflaged-by-Anonymous-DDoS-Attack-807651/

This, among some of the other arguments I make, are in the realm of what some would call "common knowledge".

Interestingly enough, those three links are the first three to pop up. I didn't have to do any intense digging just to prove myself right. I'm not a gambling man, but I'm willing to bed that it took less time than it would have taken to make a post asking someone to "prove it", let alone waiting for a response.

I shouldn't have to prove that 1+1=2, or that the sky is blue, or that Fox News is retarded, but since you want me to prove everything for you, here you go.

http://mathforum.org/library/drmath/view/51551.html

http://math.ucr.edu/home/baez/physics/General/BlueSky/blue_sky.html

http://www.i-am-bored.com/bored_link.cfm?link_id=45307

Asking someone to prove something that everyone else around you already knows just makes you look like a jackass and a troll. That kind of crap flies around 4chan, but not here.

Asking for proof of common knowledge is at best insulting, and at worst proof that you're too lazy to do your own research.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Or, you know, you may notice I didn't ask for a link here from you. I, however, did so in a previous thread. Here was my post: "Got any proof that Xbox live was compromised 6 times? You keep bringing it up, but not once have you linked an article. 6 times is a lot and maintenance do happen, so please provide the proofs of said 6 attacks." I am still awaiting said links. Furthermore, backing arguments when they are questioned is what you normally does in a discussion. Yet you love to insult others. I'll point that THIS behavior is typical of a troll, a term you seem to be called quite a lot more than me.

Furthermore, of my first 3 Google search for : "sony attack was hidden by anonymous ddos", only one refers to such a thing. "https://www.infosecisland.com/blogview/13558-Sony-Tells-Congress-Anonymous-DDoS-Aided-Breach.html". Judge by yourself the validity of the source (I will not do so in one way or the other.)

Finally, you cited The Inquirer as one of your source. Since it's a tabloid of very poor reputation, I would at the very least find THEIR source and try to cite them instead. The Inquirer has been found to fabricate more than one of their story. Also, have you noticed how all your link back to the same original source? Huh.

P.S.: You can't call "common knowledge" something that was at best announced less than 2 weeks prior, especially if it isn't Earth shattering news. 9/11, fine, a week later the world knew. This, even if true, even in years from now, you'll find a huge amount of people never even exposed to the "news".

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

And yet you and Thad are the only ones who keep pressing me for proof. Nobody else does. You ever think that it's because everyone else already knows what I know? That's what we call "common knowledge". Neeneko doesn't press me, Andrew Eisen doesn't press me, Austin doesn't press me, Nightwing doesn't press me, hell, not even Zippy presses me to prove something that the entire world already knows.

You want proof of Xbox Live being hacked? Fine, here.

http://www.infosecurity-magazine.com/view/17086/xbox-live-policy-directors-account-hacked/

http://www.zdnet.com/blog/security/xbox-live-hacked-accounts-stolen/131

http://blog.trendmicro.com/xbox-live-accounts-hacked/

http://www.joystiq.com/2008/08/28/bungie-staffer-gets-xbox-live-account-hacked/

I know you wanted six, but meh. Call me lazy. My point was that Microsoft isn't any more secure than Sony was at the time. They have been hacked numerous times in the past, and the examples I listed above aren't even counting the time in 2008 that brought Xbox Live down for 17 days.

http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/

Oooh, there's five! One more and I get a cookie!

And yes, I know the Inquirer is of poor repute, that's why there was more than one link. Even then, they all go back to the original source. Funny, that. Next you'll be asking me to find the source of the source of the source.

P.S.: You don't get to determine what is and isn't common knowledge. Common knowledge is generally referred to as "something everyone knows". It doesn't have to be "Earth-shattering", or even relevant to the rest of the world. Like I said, 1+1=2 is common knowledge. Not Earth-shattering, not relevant to this particular case, but something we all know anyway. The DDoS attack on Sony before the breach is something everyone knew about, yet you and Thad are the only ones who have to make asses of yourselves by going "prove it". Then again, if you don't even know something that's common knowledge, maybe you should refrain from speaking, let alone trying to rebut the proof that you asked for without any of your own.

If you don't want to agree with me, that's fine, but don't go and ask me to keep providing proof of things that everyone else knows.

Also, I'm fairly sure that the whole world knew about 9/11 in less than a week. I'm willing to bet they knew the day it happened. But I don't have any proof to back this up, so it's obviously a false statement. Nevermind.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Urgh, I'm tired of this. Alright, let's see those links. So, out of the first 4 links, how many describe a system attack? *drum rolls* : none. Did you fail basic rigor or something? Have you even read the article you are feeding here or are you so desperate for even a tenuous chance at online victory? Those are all discussing user attack, not system attack. Something that can be done by infecting the users with trojans, finding weak password and the like. If you have doubts about the second link, here's a less romanticized version:

http://www.securityfocus.com/news/11452

Yes, the evil "Clan Infamous" at their worst can get... about 10 accounts a day... using user attacks.

As for the 5th link, not only does it NOT mention an attack or loss of any sort of information, it also fails your claim of 17 days (something you could have fixed by getting an article mentioning the service was back up after X days, for example).

So of all the things you went out of your way, supposedly, to prove, you proved nothing at all. I mean, you didn't even list a single valid attack. I'd like to remind you at this point that originally I asked for links because you kept coming up with what in the coding world we call a magic number (a constant that isn't named or explained in the code) for your arguments and I couldn't find a link to back those up (yes, I do look up first on what I want more information about). Guess what? Seems you can't find links about it either.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I can't believe I actually fell for that. Good show.

You've managed to change the subject from Anonymous opening the door to the Sony breach to performing a clever version of necroposting.

Firstly, just because it's not a system attack using codes or programs, that doesn't necessarily mean it doesn't qualify as a security breach. Those links are just as valid as any link suggesting a system attack. You're just taking the term "hacked" too literally. Phishing scams and trojans are one thing, but when someone's account gets hacked through no fault of their own, that means Microsoft's security is compromised. Customer information is stolen without customers being subjected to trojans or giving up their passwords even unwittingly. It was Microsoft's own customer support employees who gave up the information. Does that still mean it was the customer's fault?

Now, are there any other points you'd like to cover? Or can we get back to the original topic?

In case you forgot it in the midst of picking apart every little thing I say about everything, here it is...

Anonymous opened the door for the Sony security breach: Fact or Fiction?

P.S.: OOPS, I misread the article earlier. Xbox Live was "Up and down" for 14 days, not 17. My bad. I admit I made a mistake. Sorry. Happy now?

And before you go saying "It wasn't down because they got hacked", I never said it was because they were hacked. I was using that as an example to help the Xbots remember the fact that Xbox Live has indeed had its share of downtime that wasn't "scheduled maintenance".

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

What makes you jump to this conclusion? I would LOVE to hear your reasoning behind this.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Was this supposed to be directed at my comment?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Yes it was. I would love to hear why you believe that it didn't had anything to do with console hacks just because they used amazon web services for the attacks.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Well, as I understood the dev hack, it allowed modified consoles to access regions of the network and billing systems they normally could not.  Thus the attack vector was the console via the internal network, not thier Appache farm and not attacked via outside servers.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

Hrm... if this is the case, then that means it was not related to that firmware dev hack.

In which case, why did they push out new firmware?

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

As a precaution would be my guess.

Re: Report: Amazon Web Services Used in Sony Hacker Attacks

I guess I could see that... but I am thinking back to pushing out security updates in the past where we slipped in other stuff we wanted to propegate too, even though it was not related to the issue....

 
Forgot your password?
Username :
Password :

Poll

Did Microsoft pay too much ($2.5 billion) for Minecraft developer Mojang?:

Shout box

You're not permitted to post shouts.
Sleaker@Technogeek - How do you call someone out that anonymously calls in a SWAT team, or sends threats to people?09/20/2014 - 7:04pm
Technogeek"It also doesn't mean you're obligated to stop harassment from all gamers that are doing so." I'd say you're certainly obligated to call them out when you see it happening.09/20/2014 - 5:17pm
SleakerNow if you disagree with anything in my last 2 posts then we obviously have a difference in world view, and wont come to any sort of agreement. I'm fine with that, maybe some people aren't?09/20/2014 - 5:09pm
SleakerIt also doesn't mean that just because a news outlet says that Gamers are the problem and you self-identify as a Gamer, you're immediately the problem. It also doesn't mean you're obligated to stop harassment from all gamers that are doing so.09/20/2014 - 4:59pm
SleakerJust to re-iterate: People getting harassed is wrong. Just because someone is harassed by so called 'gamers' doesn't mean that all gamers are bad. nor does it mean that you need to pass laws or judgement on all gamers.09/20/2014 - 4:56pm
SleakerAnd furthermore just because someone doesn't 'crusade against the evil' that doesn't make them the problem. You can have discussion with those around you. There's a thing called sphere of influence.09/20/2014 - 4:54pm
Sleaker@Conster - one person getting harassed is a 'problem' only so far as the harassee's are doing it. Just because a select few people choose to act like this doesn't make it widespread. Nor does it immediately make everyone responsible to put an end to it.09/20/2014 - 4:54pm
james_fudgeno worries09/20/2014 - 4:15pm
TechnogeekI misread james' comment as "we can't have a debate without threatening" there at first. Actually wound up posting a shout about death threats and "kill yourself" not technically being the same thing before I realized.09/20/2014 - 3:59pm
james_fudgeDon't hit me *cowers behind Andrew*09/20/2014 - 3:20pm
ConsterYou take that back right now, james, or else. *shakes fist menacingly*09/20/2014 - 3:00pm
james_fudgeOur community is awesome. We can have a debate without threatening to kill each other.09/20/2014 - 2:50pm
Andrew EisenNo one's crossed a line but I just want to remind you all to keep discussions civil.09/20/2014 - 1:54pm
Craig R.tldr: I'm a gamer, and imo those who support GamerGate should feel free to take a flying leap off a cliff.09/20/2014 - 1:27pm
Craig R.Not only that, I'm pretty sure that if actual studies were done, you'd still deny them, Sleaker. After all, it's not what you'd want to hear to support your rose-colored view of GamerGate.09/20/2014 - 1:18pm
Craig R.There IS an issue. Nor do we need a study to show that if you deny it then you're part of the problem.09/20/2014 - 1:17pm
Sleakersimply oust people that do harass others.09/20/2014 - 11:34am
Sleaker@Conster - I can say the same thing if you think there's been more than a handful. Until there's an actual study on rates no one can claim to know how widespread the incidence of harassment is. Thus the best we can do is 'there might be an issue' and...09/20/2014 - 11:33am
ConsterSleaker: if you think there's only been "a handful of" incidents, you have your head stuck *somewhere* - I'm assuming it's sand.09/20/2014 - 5:38am
prh99Most of it's agitprop clickbait anyway.09/20/2014 - 5:27am
 

Be Heard - Contact Your Politician