Hackers used Amazon’s Elastic Cloud Computing service to wage an attack on Sony’s PlayStation network last month, according to a report by Bloomberg News. If it’s true, it’s the first acknowledgement that a cloud service — billed as a cheap, dynamic solution for safely storing data and ramping up processing power — has been used as a platform for a cyber attack.
Bloomberg cites “a person with knowledge of the matter,” who said a hacker used a fake name to set up a bogus Amazon EC2 account. Amazon’s servers were not hacked; rather, someone purchased computing power and used it to attack Sony’s network, compromising the personal information of 100 million users.
Amazon’s Web Services division allows users to buy processing power and space so they don’t need their own physical servers. EC2 prices range from 3 cents to $2.48 an hour for users on the East Coast, depending on your data needs; details can be found on Amazon’s website.
Extra computing power could also enable hackers to crack passwords and obtain other information more efficiently, as Bloomberg’s report explains.
Several computer security experts quoted in the story explain that there’s not much, if anything, Amazon can do about it: “There is no way of telling who’s a good guy and who’s a bad guy,” said Pete Malcolm, chief executive officer of Abiquo Inc., a California-based cloud services firm.
The PlayStation network went back online in the U.S. over the weekend, nearly a month after the intrusion, which Sony labeled a deliberate and sophisticated attack. It’s still not back online in Japan.
Hackers have been known to use hijacked or rented servers, as Bloomberg’s report points out, but this appears to be a first — hackers buying legitimate time on a cloud platform, just like any other customer, but for nefarious purposes.
Sounds like the White House’s new International Strategy for Cyberspace, announced this weekend, has something else to consider.