PS3 News: Report: PSN Hackers Used Amazon's Cloud Service - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

Report: PSN Hackers Used Amazon's Cloud Service

Now that the PlayStation Network is back up, everyone is wondering: how did the hackers do it?

For the record, we at PSXE couldn't possibly care less. But according to a Bloomberg report, Amazon.com's cloud computing unit was used by hackers in the attack on Sony's online systems. Essentially, the hackers used an alias to sign up to rent a server through Amazon's EC2 service and launched the assault on the PSN from there. Obviously, that account has been shut down. According to the source, this incursion was "a very carefully planned, very professional, highly sophisticated criminal cyber attack." Amazon didn't respond to request for comment, although it should be made clear that these criminals didn't break into Amazon's servers. They signed up for a service as any legitimate company might; they just used fake information. So don't start thinking your personal information at Amazon is in any danger; that really isn't the case.

We have too much to worry about these days...let's not add needless concern for no reason.

Tags: psn, psn outage, playstation network, sony, amazon

5/15/2011 8:44:34 PM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (38 posts)

NoSmokingBandit
Sunday, May 15, 2011 @ 10:02:59 PM
Reply

At first i thought it was anon, but i can't imagine they are organized enough to pull off something like this. DDOS is more of their style.

I wouldnt be one bit surprised if Hotz and his crew were directly involved. Hotz is incredibly smart, already went up against sony (and didnt fare too well), and has tons of supporters donating cash he could use to buy server space.

I'm not accusing him, i'm just saying he has a means and a motive.

Agree with this comment 5 up, 0 down Disagree with this comment

EddPm6
Sunday, May 15, 2011 @ 10:08:43 PM

Its a good thesis that hotz did it. But it could have been anything from him, to an old employee with knowledge of the system, to M$, to anything really. But yeah either way it was someone very smart and with some sort of motivation.

Agree with this comment 4 up, 0 down Disagree with this comment

Beamboom
Monday, May 16, 2011 @ 2:40:43 AM

No, it could not be Microsoft. Let's just put that particular speculation to rest, please.

Lord knows I'm no Microsoft supporter but this is not their work, straight and simple.


Last edited by Beamboom on 5/16/2011 2:41:05 AM

Agree with this comment 2 up, 5 down Disagree with this comment

___________
Monday, May 16, 2011 @ 2:58:47 AM

u nuts?
holtz is not that dumb!
due to his sellout in the courts, doing this would be putting his neck in the noose!
no freaking way he was evolved with this!

Agree with this comment 2 up, 3 down Disagree with this comment

Fane1024
Monday, May 16, 2011 @ 2:59:30 AM

It can't have been M$. The attack worked.

;D

Agree with this comment 14 up, 2 down Disagree with this comment

Beamboom
Monday, May 16, 2011 @ 5:12:57 AM

Fane: ROFLOL! That is *the* quote of the month!

Agree with this comment 1 up, 0 down Disagree with this comment

___________
Monday, May 16, 2011 @ 8:50:25 AM

you owe me a new keyboard.......

Agree with this comment 0 up, 1 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 4:10:49 PM

I completely agree with Beamboom, this was not Microsoft's doing. Absolutely not. There's no way they'd ever be behind anything like this. Even discounting all the many real reasons why they would *not* be behind something like this, the potential downside of being caught would be utterly catastrophic. There's simply no way at all that they were involved.

I don't think it was Hotz either, but someone may have used his work....

Agree with this comment 0 up, 0 down Disagree with this comment

BikerSaint
Sunday, May 15, 2011 @ 10:20:44 PM
Reply

Whoever it was, they need to be knocked down a few pegs.....

and I absolutely mean......physically!!!!!

Agree with this comment 8 up, 0 down Disagree with this comment

kraygen
Sunday, May 15, 2011 @ 10:35:58 PM
Reply

Jerk turkeys. Sucks that the internet has just become a free playground for criminals.

Agree with this comment 2 up, 0 down Disagree with this comment

Douchebaguette
Sunday, May 15, 2011 @ 10:42:01 PM
Reply

Damn. Wouldn't of even guessed they'd use Amazon to fulfill what they did; makes you wonder how Eidos got hacked.

Agree with this comment 1 up, 0 down Disagree with this comment

Alienange
Sunday, May 15, 2011 @ 11:03:57 PM
Reply

At least SOMEONE'S using Amazon's cloud service.

Agree with this comment 7 up, 1 down Disagree with this comment

Simcoe
Monday, May 16, 2011 @ 12:41:51 PM

Um, actually from what I've been reading, Amazon's Elastic Compute Cloud is doing very well the company.

Agree with this comment 2 up, 0 down Disagree with this comment

BikerSaint
Sunday, May 15, 2011 @ 11:19:25 PM
Reply

Damn, I'll bet they even got "free shipping" on their hack.

Last edited by BikerSaint on 5/15/2011 11:20:34 PM

Agree with this comment 4 up, 0 down Disagree with this comment

Highlander
Sunday, May 15, 2011 @ 11:58:23 PM
Reply

Well, no one is really commenting on this Amazon cloud thing - officially at least. I'm not sure this necessarily rules out Anonymous. The fact that people who have previously claimed to represent Anonymous concede that some of their members may have been involved is a bit of a smoking gun as far as I am concerned.

I have also read a couple of articles that suggested that the Rebug firmware may also have played a part in the initial breach of perimeter security.

We also have to remember that the portion of the Amazon cloud that was apparently used went down at about the same time as PSN did - coincidence?

Finally, earlier in the year (February I think) RSA was hacked, and data relating to how the SecureID tag product worked was obtained. It's conceivable that if Sony used SecureID tags for securing their remote access sessions (many organizations use such security tokens, they generate a number every 60 seconds based on a specific seed and algorithm). If hackers had the ability to mimic those tokens they could possibly have managed to open a VPN connection into Sony's systems, which would completely bypass the perimeter. Once they were inside they would operate as if they were connected to the local network inside Sony.

Oh, I really can't wait for the story of this one to some out. There are so many interesting possibilities, it will make an interesting read.

Oh, yeah, and does anyone want to guess on the number of zeros attached to the number on the lawsuit Sony files against Amazon if their service was used as a springboard to attack Sony?

Last edited by Highlander on 5/15/2011 11:59:49 PM

Agree with this comment 4 up, 0 down Disagree with this comment

Qubex
Monday, May 16, 2011 @ 12:22:16 AM

It will be a long and protracted affair - If Sony do succeed in suing Amazon they may get some of the money lost back. The money is one thing, a damaged brand is another; and Sony know what it will take to re-build the brand.

We will only get a full idea of the damage done (if any), once more sales figures roll out in the coming month or two. Some have stated here it will be a blip, and only a blip. To be honest, this may very well be the case now... because Sony do have some fantastic titles coming along the way.

Titles like Uncharted 3 and The Last Guardian may go some way in appeasing the general opinions that people may have toward Sony, especially the people that make a mountain out of a mole hill. But then again, the PSN outage and the way Sony handled certain aspects of the outage may have riled some people up the wrong way, whilst others not so much. It depends on the individuals attitude.

Personally, PSN outages were not such a big concern as losing OtherOS, as I deemed it a necessary and very useful feature for me; however others may have different priorities; and may have been riled up because they couldn't get high on their COD. Whatever the cases, whatever personal and individualistic reasons people may have to either love or hate Sony, Sony has been affected by this news and their actions. We may not see the effect of this immediately, we may see some sales blip; BUT, what we may see is far greater damage having being done to their future business...

What I mean by this is, people may get over this particular blip, may forgive and forget somewhat; however, when it comes to the next time, the time when you are about to part with your hard earned money to buy a PS4; that day, the day where that decision will make your wallet feel somewhat lighter; that is the day when one may think very hard about another Sony purchase; it will be the day when owning a powerful PC may be better than owning a console, for all the flexibility and "next generation" abilities it brings...

Of course, it will depend again on the individuals attitude, but long term, I feel, there will have been some damage done to Sony and peoples purchasing decisions concerning their products.

I for one will continue to enjoy my PS3, for what it is. I will buy a few good games per year, worthy of the collection. All of us here will continue to enjoy Sony's offering... nonetheless... a corporate is a corporate and it is out to make as much money as possible.

Don't be fooled... no matter what offers are on the table. There is no such thing as a free lunch... it is so true... because, in the end, some how, you will be made to pay for what whatever was "given" upfront.

Q!

"play.experience.enjoy"

Last edited by Qubex on 5/16/2011 12:27:40 AM

Agree with this comment 2 up, 1 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 12:37:10 AM

Indeed Qubex, I anticipate that in the short term the effects of this will not look like a blip in the media, but in the long term it will be little more than a bump in the road.

However, one thing that really troubles me about this particular incident is the reaction of the news media and the public.

The big numbers sound terrible, 77 million PSN accounts, 25 million SOE accounts, all with personal information compromised. The potential for more or less 13 million credit/debit card to have been stolen (still no evidence that they were), and a monstrous 900 active card numbers stolen from an old backup/development database held by SOE. Of the 77 million PSN accounts there are considerably fewer than 77 million individual users behind those accounts.

But really, considering all of that and the information that was apparently stolen, this data breach is really not that serious. In the scale of things all that has been taken is names, dates of birth, email and postal addresses. No social security numbers, and other than the 900 active cards at SOE, there's no indication that any Card information was taken from the primary databases (at this time).

If you compare that against other breaches, such as Helth.Net who lost 1.9 million customer account details including names, dates of birth, addresses, social security numbers and credit/debit account information in a data breach. Or Heartland Payments with up to 130 million card records stolen.

If you consider the kind of information known to have been taken from Sony, and compare it against other known data breaches, you really do have to wonder why there was such an explosion about it. Did anyone else here much about Heartland or Health.Net?

Exactly.

Well, I'm going to reply again with a link to a story in ComputerWorld that discusses the PSN attack with a bit more perspective, and it's interesting because it quotes industry security professionals saying much the same things I and a few others have been saying. They also believe (as do I) that Sony came forward extremely quickly, and did not delay. In fact they wonder if Sony may have come forward too fast. It's an interesting read.

Link to follow.

Agree with this comment 4 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 12:37:30 AM

Here's the link to the Computerworld story;

http://www.computerworld.com/s/article/9216724/Is_Sony_getting_a_bad_rap_on_its_data_breach_

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 12:55:44 AM

Oh, one other thing, if owning a more powerful PC was better than owning a console, I'd never have got past my PS1. Consoles cost a fraction of what a 'powerful' PC costs, that will always be a very strong argument against a big PC.

Agree with this comment 4 up, 0 down Disagree with this comment

Beamboom
Monday, May 16, 2011 @ 2:44:20 AM

I would be very surprised if Amazon in *any* way can be held responsible for this. It's like holding a rental firm responsible if you use their car to rob a bank.



Last edited by Beamboom on 5/16/2011 2:45:32 AM

Agree with this comment 4 up, 1 down Disagree with this comment

Fane1024
Monday, May 16, 2011 @ 3:05:39 AM

Devil's advocate: Amazon could have checked the false info used to rent the server.

Agree with this comment 1 up, 0 down Disagree with this comment

Qubex
Monday, May 16, 2011 @ 3:14:43 AM

Wise words Highlander... your post was very balanced, and you took everything into consideration equally.

I agree with you. I think the console has its "conveniences"... maybe, just maybe... the best is actually to have both if one can afford it.

The PC gives you longevity. Even though processing power may diminish quicker over time; therefore, if one has purchased a "good" motherboard from a reputable company such as MSI, the one crucial and evident aspect is the ability to continually enhance the system's overall bandwidth by upgrading the graphics card every 24 to 36 months.

If one had to buy a top of range PC today, with some of those stonking motherboards that permit dual i7 quad cpu's and x3 or x4 SLI Nvidia/ATI GPU cards... it is probably you will have a PC that would last you through the life cycle of the PS4... So a top of the arrange PC today with a very good, low latency, expandable motherboard... should last you 6 to 8 years from today, if you are willing to add and expand it as time goes on...

Just a few additional thoughts Highlander... I do have a few friends that "pirate" PC games. It is fairly easy to do if you know what to do and where to get the games from. What was an interesting, but rather academic procedure, was to try to work out the difference in cost... *Note though, that 2 of my friends in particular actually do purchase games (the top titles), but a few in their collections are pirated; games they feel they would have not bought in the first place, especially after having tried them out.

Anyway, if one had to calculate the amount of money spent throughout the PS generations; PS1, PS2 and PS3, inclusive of the hardware and a "reasonable" collection of games per console - let us say 20 to 30 games per console... what approximate total would one get? Would the amount be equal to the cost of having bought a top of the range PC, let's say 6-8 years ago, and monies spend to keep it upgraded and "up to date"? Considering that PC games are cheaper generally, and your PC can do so much more than playing games, including running linux with GPU access, to your hearts content... it is quite a value proposition is it not?

Reason why I state this, is that when I think of how PC and PC gaming has changed over the years, in particular; i.e. the actual eco-system that surrounds PC gaming today - which is very similar to console gaming bar the cost of entry; there is a strong case that getting a PC to game specifically is a far better proposition than it used to be.

M$ seems to be trying to commoditise PC gaming like they have done with the xBox. I would go as far as to say that M$ would like to take the portion of PC gaming and make it into an "xBox experience" rather than just plain gaming on Windows experience. Do you not feel M$ really wants to try an own this market fully, essentially enhancing their xBox reach to encompass the xBox and PC... making them as one to some degree?

It is a difficult pull either way... continue gaming on consoles, and enjoy the exclusives with the added premium of having to have a specific platform to play these games on; or just become a general gamer and enjoy the fact that PC gaming is becoming so similar to console gaming we will soon not be able to tell the difference, except for the cost of entry. Admittedly you can purchase console controllers for the PC. You can also run things like Kinect in a PC environment, with M$ pushing hard to commoditise that as well...

Come back to the point, if one can afford it; is it best to have both, just because you can?

Q!

"play.experience.enjoy"

Last edited by Qubex on 5/16/2011 3:25:12 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Monday, May 16, 2011 @ 5:20:41 AM

This is forking into two different topics now, but oh well :)

@Fane: True, but the same can be said about practically *every* web based service, _including psn_. And there are those who defend our *right* to be able to hide our identity. That it is a human right, that we *need* that against the "big brother scenario". I find that camp's arguments to make sense, although the sensible way to go is probably as with everything else in life: Somewhere in the middle.


Last edited by Beamboom on 5/16/2011 5:21:29 AM

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 9:48:50 AM

@Fane & Beamboom,

If Amazon's service was used to attack Sony and the information given to open the account used was fake, the Amazon has a duty of care. If a person walks into a Walmart and buys a hunting rifle with fake credentials and credit card information, and then subsequently shoots someone in an attack, do you imagine that Walmart would escape liability for some of what happened?

@Qubex,
Oddly enough, my PC at home is a 6 year old one that I build myself. I spent about $900 on it. When it was new, it was an OK system, but I'd have needed to spend about another $300 to make it a real gaming rig. The CPU is a Pentium D 805 which really wasn't enough for a real gamer even when it was new, I'd have needed a Pentium D 9XX CPU, and the video card was originally a Geforce 7300GS which in reality I bought because it was better than the integrated graphics, but wasn't really good enough for many games. I spent good money on a decent ASUS board, a good thermaltake PSU and Coolermaster case. Late last year I had to replace the video card with a GT430 - much better, and upgraded the RAM. But at 6 years old it's really not up to much moer than web browsing, playing old games and the occasional photo processing session (if I'm prepared to wait) Total cost including upgrades is over $1000.

I recently priced a semi-decent i7 system, and the potential price went past $1000 quite quickly. there's just no way in my mind to justify the cost of these systems. I guess I could purchase a commodity system from the likes of Dell, but in the end, every Dell I've ever used was obsolete within 2 years. Even though my home system was built deliberately to be middle of the road (and reliable), it retained relevance for a good three year before finally becoming too slow to compare. To me, that $1000 mark is about the threshhold for a base level gaming rig. Anything less and it's an inferior system.

Consoles will always be cheaper than that.

Agree with this comment 2 up, 0 down Disagree with this comment

Jed
Monday, May 16, 2011 @ 12:22:53 AM
Reply

So would this make it easier or harder to catch the hackers? Or is it just another clue?

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 12:39:21 AM

Just another clue...but clues are what is needed.

Agree with this comment 4 up, 0 down Disagree with this comment

___________
Monday, May 16, 2011 @ 3:00:12 AM
Reply

LMFAO this is hilarious!

Agree with this comment 0 up, 4 down Disagree with this comment

shadowscorpio
Monday, May 16, 2011 @ 3:08:43 AM
Reply

Well frankly I do care. The reason being that the more knowledge people have, they better they can prevent something like this from happening again. Sony and Amazon as well as other companies need to bind together in order to fight against a common goal. So many critics against Sony in this whole fiasco, but once it happens to them it's no longer a laughing matter. All companies and businesses that are associated with the cyber world are potential victims.

It's sad that we just pass it off simply because they weren't affected this time.

Agree with this comment 2 up, 0 down Disagree with this comment

BikerSaint
Monday, May 16, 2011 @ 6:38:54 PM

I also sent this article in around 10Pm last night, & someone else could have even sent it in before either us, but who knows as Ben could have still used any one of his own many networking resources too.

But your right, it always feels good to see an article you sent pop on here right after.

And least the group of us that do, can feel good that we're always trying to better our PSXE & helping to keep our site up to date

Agree with this comment 0 up, 0 down Disagree with this comment

oONewcloudOo
Monday, May 16, 2011 @ 8:29:38 AM
Reply

When/if they they get cought it would make a good movie.

Agree with this comment 1 up, 0 down Disagree with this comment

Excelsior1
Monday, May 16, 2011 @ 8:54:19 AM
Reply

if i understand correctly cloud based servivces have been used in the past to crack administrator acoounts with brute force attacks. aren't there ways to minimize that? have a few second delay between password entry. if they repeatedly fail pasword attempts then kick them out or force them to use an alternate login method. i don't know. i will be watching this closely.

i'm very interested in knowing what defenses sony had in place before this attack, and how exactly they lost info on EVERY account they had.

gotta say i'm thrilled psn is up.

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 9:49:49 AM

Well, I'd bet that in future, one of the security precautions will be to block incoming traffic from any cloud computing source.

Agree with this comment 0 up, 0 down Disagree with this comment

BikerSaint
Monday, May 16, 2011 @ 6:46:25 PM

Get Tigger to set up some sweet but sticky, honeypot traps!

Agree with this comment 0 up, 0 down Disagree with this comment

mehrab2603
Monday, May 16, 2011 @ 9:41:59 AM
Reply

If you think it is right for Sony to sue Amazon for this hack, then you are saying it is right for people to sue Sony too. Come on, Amazon is a victim here, just like Sony. Just my 2 cents.

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Monday, May 16, 2011 @ 9:50:35 AM

Not quite the same thing. Amazon was used as a tool by a criminal in a criminal action. Sony was the victim of a crime.

Agree with this comment 4 up, 2 down Disagree with this comment

Gone
Monday, May 16, 2011 @ 11:31:33 AM
Reply

Speaking of Amazon, right now they have the Blue and Black DS3 for $35.99 f/s.

Agree with this comment 1 up, 0 down Disagree with this comment

BikerSaint
Monday, May 16, 2011 @ 6:59:05 PM

ZXzZ,
Thanks.

But it's always better when you also add the link to it in your message.

(FYI, When you do, it will show up as needing a moderator's OK for a short bit, but just until he's checked it out).

Agree with this comment 0 up, 0 down Disagree with this comment

Robochic
Monday, May 16, 2011 @ 5:14:10 PM
Reply

Well thats not good, bet Amazon is like WTF.. I hate hackers, I really hope they get caught.

Agree with this comment 1 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

So, how's Far Cry 4?
Terrific, one of the best in 2014!
Good game but not amazing.
Okay; nothing special.
Eh, I'm disappointed.

Previous Poll Results