Amazon.com’s Web Services were used by hackers in the April attack against Sony’s online entertainment services, according to a Bloomberg report citing a "person with knowledge of the matter."
According to the report, hackers rented a server through Amazon’s EC2 service and launched the attack from that location, according to Bloomberg’s source. The source is obviously someone that either knows the hackers that rented the services or an Amazon insider because he or she also said that the account had been shut down.
The development sheds light on how hackers used the so- called cloud to carry out the second-biggest online theft of personal information to date. The incursion, which compromised the personal accounts of more than 100 million Sony customers, was “a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Sony has said.
Amazon spokesman Drew Herdener declined comment. Amazon didn’t respond to a Bloomberg request to speak with Chief Executive Officer Jeff Bezos.
Sony didn’t have a lot to say about the story either:
“We’re continuing to work with law enforcement in an ongoing investigation into the situation,” said Patrick Seybold, a U.S. spokesman for Tokyo-based Sony. “As such, we will not comment further on this matter.”
E.J. Hilbert, president of the security company Online Intelligence, told Bloomberg that using a hijacked or rented server to launch attacks from is a typical tactic for "sophisticated hackers." Hilbert added that the FBI is likely to subpoena Amazon as part of its ongoing investigation.
FBI Special Agent Darrell Foxworth from the San Diego office, said he couldn’t comment, saying only that they are "following up on each and every lead."