Report: Amazon Web Services Used in Sony Hacker Attacks’s Web Services were used by hackers in the April attack against Sony’s online entertainment services, according to a Bloomberg report citing a "person with knowledge of the matter."

According to the report, hackers rented a server through Amazon’s EC2 service and launched the attack from that location, according to Bloomberg’s source. The source is obviously someone that either knows the hackers that rented the services or an Amazon insider because he or she also said that the account had been shut down.

The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.

Amazon spokesman Drew Herdener declined comment. Amazon didn’t respond to a Bloomberg request to speak with Chief Executive Officer Jeff Bezos.

Sony didn’t have a lot to say about the story either:

“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”

E.J. Hilbert, president of the security company Online Intelligence, told Bloomberg that using a hijacked or rented server to launch attacks from is a typical tactic for "sophisticated hackers." Hilbert added that the FBI is likely to subpoena Amazon as part of its ongoing investigation.

FBI Special Agent Darrell Foxworth from the San Diego office, said he couldn’t comment, saying only that they are "following up on each and every lead."

Source: Bloomberg

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone


  1. 0
    Grif says:

    I can’t believe I actually fell for that. Good show.

    You’ve managed to change the subject from Anonymous opening the door to the Sony breach to performing a clever version of necroposting.

    Firstly, just because it’s not a system attack using codes or programs, that doesn’t necessarily mean it doesn’t qualify as a security breach. Those links are just as valid as any link suggesting a system attack. You’re just taking the term "hacked" too literally. Phishing scams and trojans are one thing, but when someone’s account gets hacked through no fault of their own, that means Microsoft’s security is compromised. Customer information is stolen without customers being subjected to trojans or giving up their passwords even unwittingly. It was Microsoft’s own customer support employees who gave up the information. Does that still mean it was the customer’s fault?

    Now, are there any other points you’d like to cover? Or can we get back to the original topic?

    In case you forgot it in the midst of picking apart every little thing I say about everything, here it is…

    Anonymous opened the door for the Sony security breach: Fact or Fiction?

    P.S.: OOPS, I misread the article earlier. Xbox Live was "Up and down" for 14 days, not 17. My bad. I admit I made a mistake. Sorry. Happy now?

    And before you go saying "It wasn’t down because they got hacked", I never said it was because they were hacked. I was using that as an example to help the Xbots remember the fact that Xbox Live has indeed had its share of downtime that wasn’t "scheduled maintenance".


    "Power means nothing without honor and pride." My video game review site.

    Atlanta Video Games Examiner for

  2. 0
    DorthLous says:

    Urgh, I’m tired of this. Alright, let’s see those links. So, out of the first 4 links, how many describe a system attack? *drum rolls* : none. Did you fail basic rigor or something? Have you even read the article you are feeding here or are you so desperate for even a tenuous chance at online victory? Those are all discussing user attack, not system attack. Something that can be done by infecting the users with trojans, finding weak password and the like. If you have doubts about the second link, here’s a less romanticized version:

    Yes, the evil "Clan Infamous" at their worst can get… about 10 accounts a day… using user attacks.

    As for the 5th link, not only does it NOT mention an attack or loss of any sort of information, it also fails your claim of 17 days (something you could have fixed by getting an article mentioning the service was back up after X days, for example).

    So of all the things you went out of your way, supposedly, to prove, you proved nothing at all. I mean, you didn’t even list a single valid attack. I’d like to remind you at this point that originally I asked for links because you kept coming up with what in the coding world we call a magic number (a constant that isn’t named or explained in the code) for your arguments and I couldn’t find a link to back those up (yes, I do look up first on what I want more information about). Guess what? Seems you can’t find links about it either.

  3. 0
    Grif says:

    And yet you and Thad are the only ones who keep pressing me for proof. Nobody else does. You ever think that it’s because everyone else already knows what I know? That’s what we call "common knowledge". Neeneko doesn’t press me, Andrew Eisen doesn’t press me, Austin doesn’t press me, Nightwing doesn’t press me, hell, not even Zippy presses me to prove something that the entire world already knows.

    You want proof of Xbox Live being hacked? Fine, here.

    I know you wanted six, but meh. Call me lazy. My point was that Microsoft isn’t any more secure than Sony was at the time. They have been hacked numerous times in the past, and the examples I listed above aren’t even counting the time in 2008 that brought Xbox Live down for 17 days.

    Oooh, there’s five! One more and I get a cookie!

    And yes, I know the Inquirer is of poor repute, that’s why there was more than one link. Even then, they all go back to the original source. Funny, that. Next you’ll be asking me to find the source of the source of the source.

    P.S.: You don’t get to determine what is and isn’t common knowledge. Common knowledge is generally referred to as "something everyone knows". It doesn’t have to be "Earth-shattering", or even relevant to the rest of the world. Like I said, 1+1=2 is common knowledge. Not Earth-shattering, not relevant to this particular case, but something we all know anyway. The DDoS attack on Sony before the breach is something everyone knew about, yet you and Thad are the only ones who have to make asses of yourselves by going "prove it". Then again, if you don’t even know something that’s common knowledge, maybe you should refrain from speaking, let alone trying to rebut the proof that you asked for without any of your own.

    If you don’t want to agree with me, that’s fine, but don’t go and ask me to keep providing proof of things that everyone else knows.

    Also, I’m fairly sure that the whole world knew about 9/11 in less than a week. I’m willing to bet they knew the day it happened. But I don’t have any proof to back this up, so it’s obviously a false statement. Nevermind.


    "Power means nothing without honor and pride." My video game review site.

    Atlanta Video Games Examiner for

  4. 0
    DorthLous says:

    Or, you know, you may notice I didn’t ask for a link here from you. I, however, did so in a previous thread. Here was my post: "Got any proof that Xbox live was compromised 6 times? You keep bringing it up, but not once have you linked an article. 6 times is a lot and maintenance do happen, so please provide the proofs of said 6 attacks." I am still awaiting said links. Furthermore, backing arguments when they are questioned is what you normally does in a discussion. Yet you love to insult others. I’ll point that THIS behavior is typical of a troll, a term you seem to be called quite a lot more than me.

    Furthermore, of my first 3 Google search for : "sony attack was hidden by anonymous ddos", only one refers to such a thing. "". Judge by yourself the validity of the source (I will not do so in one way or the other.)

    Finally, you cited The Inquirer as one of your source. Since it’s a tabloid of very poor reputation, I would at the very least find THEIR source and try to cite them instead. The Inquirer has been found to fabricate more than one of their story. Also, have you noticed how all your link back to the same original source? Huh.

    P.S.: You can’t call "common knowledge" something that was at best announced less than 2 weeks prior, especially if it isn’t Earth shattering news. 9/11, fine, a week later the world knew. This, even if true, even in years from now, you’ll find a huge amount of people never even exposed to the "news".

  5. 0
    Grif says:

    *Sigh* Asking Grif to do your work for you again, are you? Fine.

    This, among some of the other arguments I make, are in the realm of what some would call "common knowledge".

    Interestingly enough, those three links are the first three to pop up. I didn’t have to do any intense digging just to prove myself right. I’m not a gambling man, but I’m willing to bed that it took less time than it would have taken to make a post asking someone to "prove it", let alone waiting for a response.

    I shouldn’t have to prove that 1+1=2, or that the sky is blue, or that Fox News is retarded, but since you want me to prove everything for you, here you go.

    Asking someone to prove something that everyone else around you already knows just makes you look like a jackass and a troll. That kind of crap flies around 4chan, but not here.

    Asking for proof of common knowledge is at best insulting, and at worst proof that you’re too lazy to do your own research.


    "Power means nothing without honor and pride." My video game review site.

    Atlanta Video Games Examiner for

  6. 0
    DorthLous says:

    If you can put 300, 3 shouldn’t be a problem. Telling others to Google it is at best insulting, at worst a way to hide you have no proof.

  7. 0
    Grif says:

    Allegedly, frequent GP troll Thad enjoys finding words where there aren’t any, and makes thinly-veiled personal attacks behind the guise of obscure short stories most have read in the sixth grade, since he apparently can’t rebut a point directly.

    Addendum: Grif only says "Google it" when he doesn’t feel like putting 300 links in a post to prove a single point.
    He also apparently enjoys talking in the third person.


    "Power means nothing without honor and pride." My video game review site.

    Atlanta Video Games Examiner for

  8. 0
    Thad says:

    Allegedly frequent GP poster Grif lures men to his private island and hunts them for sport.

    I don’t have any actual evidence to back this up, and if you ask me for any I’ll just tell you you should Google it.  But I read it somewhere, so I’m sure it must be true.

  9. 0
    Grif says:

    Anonymous probably didn’t steal the information, since this was a sophisticated attack. We all know Anonymous isn’t good for anything except their one trick, DDoS attacks, so since they’re not as great as they think they are, they couldn’t possibly have done it.

    However, there was a allegedly a DDoS attack that occurred just before the massive breach that led to Sony being forced to take down the PSN.

    Curious, that.


    "Power means nothing without honor and pride." My video game review site.

    Atlanta Video Games Examiner for

  10. 0
    Neeneko says:

    Well, as I understood the dev hack, it allowed modified consoles to access regions of the network and billing systems they normally could not.  Thus the attack vector was the console via the internal network, not thier Appache farm and not attacked via outside servers.

  11. 0
    Lou says:

    Yes it was. I would love to hear why you believe that it didn’t had anything to do with console hacks just because they used amazon web services for the attacks.

  12. 0
    Neeneko says:

    I guess I could see that… but I am thinking back to pushing out security updates in the past where we slipped in other stuff we wanted to propegate too, even though it was not related to the issue….

  13. 0
    Neeneko says:

    Hrm… if this is the case, then that means it was not related to that firmware dev hack.

    In which case, why did they push out new firmware?

Leave a Reply