Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Servers Used In Sony Playstation Hack

Posted by samzenpus on from the bad-clouds dept.

the simurgh writes "Amazon servers may have been used to carry out the massive Playstation hack that compromised the personal information of more than 100 million Playstation Network users. According to a report from Bloomberg, sources close to the ongoing investigation say the attack was mounted from Amazon Web Service's cloud computing platform."

20 of 135 comments (clear)

  1. A cloud attacks another by mehrotra.akash · · Score: 3, Funny

    Will there be a thunderstorm?

    1. Re:A cloud attacks another by somersault · · Score: 3, Insightful

      You mean it actually had a meaning before?

      --
      which is totally what she said
  2. So it came from an Anonymous Cloud? by toygeek · · Score: 4, Funny

    Is it an Anonymous Cloud or Anonymous' Cloud?

    So if the attack came from a cloud, then wouldn't it be a lightning attack instead of a "hacking" attack?

    We really need to get this internet meteorology right.

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
    1. Re:So it came from an Anonymous Cloud? by AvitarX · · Score: 2

      Too bad English is a living language.

      Though in general things lean the way you've said it, there is definitely space to do it either way with a "polysyllabic word ending in a sibilant" (generally based on intention of how it is to be said).

      And "some contemporary writers omit the extra s in all cases"

      http://en.wikipedia.org/wiki/Apostrophe#Standardisation

      I don't see the issue with the "new" way of adding an apostrophe only for words ending in "s" and an "'s" for words that don't, and in 15 years, I bet that's how it goes.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  3. I don't see it... by Junta · · Score: 2

    I suspect most all of the people that are amazon customers only vaguely know what's going on and won't bother to learn the detail on the hosting provider for the attackers systems.

    I suspect the minority that are that inclined almost all know that in this specific scenario, Amazon was just a hosting provider and understand that means they aren't particularly responsible for what happened any more than AT&T would be responsible for a house downloading a video illegally.

    Sure, there is probably a very small population that will stumble upon the facts and falsely presume Amazon is an evil company for cracking into Sony's stuff (as opposed to an evil company for other reasons). I have a feeling that change in revenue would be lost in the noise and small compared to any arbitrary boycott over seemingly small and/or inane things Amazon does on any given day.

    --
    XML is like violence. If it doesn't solve the problem, use more.
    1. Re:I don't see it... by Anonymous Coward · · Score: 3, Insightful

      They cannot legally monitor for abuse... Or they can then get sued for "not finding abuse fast enough" and shit like that.

      It is the same reason why no shared or VPS hosting company says they actively monitor your usage / files. This is a form of liability control for them. The second they start taking responsibility for "catching pirates, hackers, crackers, and pedophiles" is the second they can then be named in a lawsuit and sued.

    2. Re:I don't see it... by datapharmer · · Score: 3, Insightful

      Seriously. I've grown tired of reporting abuse to amazon, whose policy is to "send the complaint on to the customer". I now just block their IP ranges. Unfortunate for anyone who legitimately wants to crawl my sites using their service, but if enough people block them they will start seeing customers head elsewhere. Blocking about a half dozen abusive ISPs has cut my attack logs down exponentially, so failure to regulate your service = banned appears to be an acceptable policy in many cases.

      --
      Get a web developer
  4. really? by cratermoon · · Score: 4, Interesting

    Considering how Amazon has become known for caving to the slightest pressure from law enforcement or even just a nosy senator, to host such an attack from EC2 seems extraordinarily stupid.

    It would make much more sense to launch it from somewhere hosted by a company that doesn't have a reputation for giving up their customer's data and shutting down even legitimate stuff that happens to run afoul of their vague guidelines.

    1. Re:really? by Hardhead_7 · · Score: 5, Insightful

      Considering how Amazon has become known for caving to the slightest pressure from law enforcement or even just a nosy senator, to host such an attack from EC2 seems extraordinarily stupid.

      It would make much more sense to launch it from somewhere hosted by a company that doesn't have a reputation for giving up their customer's data and shutting down even legitimate stuff that happens to run afoul of their vague guidelines.

      Nah, once you do something on the scale of the PSN hack, it doesn't matter if the service provider caves too easily or not, because everyone gives up information when they get served a warrant. And there will be warrants. They just had to make sure Amazon has no way to trace it back to them, and it seems very unlikely the perpetrators accessed Amazon's servers from anything other than a laptop bought at a yard sale with a fake MAC address on a public wi-fi hotspot.

      And the cloud services were paid for with a Visa gift card that was bought with cash.

    2. Re:really? by DrXym · · Score: 2

      Nah, once you do something on the scale of the PSN hack, it doesn't matter if the service provider caves too easily or not, because everyone gives up information when they get served a warrant. And there will be warrants. They just had to make sure Amazon has no way to trace it back to them, and it seems very unlikely the perpetrators accessed Amazon's servers from anything other than a laptop bought at a yard sale with a fake MAC address on a public wi-fi hotspot.

      You'd like to think so but hackers can do stupid things, or fail to cover their tracks sufficiently, e.g. can't wipe logs. It's also possible that if anonymous were responsibles that internal ructions over the attack could lead to the person being identified via an informant which in turn leads to a raid which in turn leads to information being found that way.

    3. Re:really? by drolli · · Score: 2

      Why? If you stole the credit card numbers before to buy the computation time, its not a big deal it they later fine the virtual machine afterwards. I would obviously only use the EC2 to collect and encrypt the data, but obviously not process it. If you need a lot of bandwidth to handle the incoming data, but you can afford a few days to transfer them out.

  5. Was the cloud hacked too? by Anonymous Coward · · Score: 4, Interesting

    Wait a minute... Amazon's cloud crashed 4/21, the day after Sony realized they'd been pwned and took down PSN.

    Is there something Amazon isn't saying, like maybe they were pwned too??

    1. Re:Was the cloud hacked too? by ColdWetDog · · Score: 5, Funny

      Wait a minute... Amazon's cloud crashed 4/21, the day after Sony realized they'd been pwned and took down PSN.

      Is there something Amazon isn't saying, like maybe they were pwned too??

      And it was the day after 4/20 - therefore it had something to do with stoners.

      George Bush didn't support legalization of marijuana.

      Goddamnit. It's GEORGE BUSH'S FAULT!

      --
      Faster! Faster! Faster would be better!
  6. Is This Supposed To Be News? by RoFLKOPTr · · Score: 2

    So the hackers chose to bounce their packets off a server rented from Amazon. They could have chosen a server rented from a thousand others. Hell, they could have done it with a server rented from me. Thankfully, they did not. But really who the hell cares?

    1. Re:Is This Supposed To Be News? by RoFLKOPTr · · Score: 2

      Just wait for this upcoming week's headlines...

      "Logitech Mice Used In Sony Playstation Hack" "64-Bit Processors Used In Sony Playstation Hack" "Store-Brand Clothing Used In Sony Playstation Hack" "Mountain Dew Used In Sony Playstation Hack"

      "Sony VAIO Used In Sony Playstation Hack"

  7. "Hosted by" Amazon? by identity0 · · Score: 4, Funny

    An attack from Anonymous? Pshaw, yeah right.

    We all know Amazon really did the hack themselves, because they were mad they couldn't get Sony on the One-Click patent, since PS3 users don't use mice.

  8. Outpriced by Amazon? by malacandrian · · Score: 2

    Presumably, they chose Amazon's network as they were cheaper than renting time on a botnet. I'm intruiged as to the ramifications on the distributed computing black market as it were, whether it will force their prices down in this age of cheap computing (especially as none of the resources used are theirs per say) or they'll raise them as a charge for the anonymity Amazon and Google would never provide.

  9. Amazon Prime Members? by tgeek · · Score: 4, Funny

    Shame the hackers weren't Amazon Prime members - then they could have had everything they wanted in 2 days at no extra charge.

  10. Re:sources close to the investigation by Platinum+Dragon · · Score: 2

    In other words, about as much evidence as other claims that Anonymous, PS3 hackers, or Osama bin Laden were involved.

    Hey, gotta fill that news cycle. Gotta draw eyeballs for advertisers. Content is just a vehicle for making money. Truth is incidental, and at this point often accidental.

    --

    Someday, you're going to die. Get over it.
  11. Re:sources close to the investigation by eulernet · · Score: 2

    TFA is totally bullshit.

    I think that the hackers used a few open L1 proxies on Amazon AWS.

    In my list of open proxies, there are around 20 proxies on Amazon AWS, of the form
    ec2-??-??-??-???.us-west-1.compute.amazonaws.com:80
    ec2-??-??-??-??.ap-southeast-1.compute.amazonaws.com:80
    ec2-??-??-??-??.compute-1.amazonaws.com:80
    ec2-??-??-??-??.eu-west-1.compute.amazonaws.com:80
    where ??-??-??-?? is an IP address.