Sony PSN Hackers Used Amazon EC2 in Attack

By Fahmida Y. Rashid  |  Posted 2011-05-16

Even with the Sony PlayStation Network data breach, Amazon can't catch a break. The PSN hackers leased servers from Amazon Elastic Compute Cloud (EC2) to launch their attack in April, according to a report from Bloomberg, which cited "a person with knowledge of the matter."

Sony was forced to shut down the PlayStation Network, Qriocity music and video service, and Sony Online Entertainment in mid-April after attackers stole account information belonging to more than 100 million users. Sony began restoring PSN and Qriocity on May 14 after nearly a month offline in a phased approach.

Last month's attack was a "very carefully planned, very professional, highly sophisticated criminal cyber attack," Sony said.

The attackers did not compromise Amazon servers. Instead, they simply set up a legitimate account with Amazon EC2 using fake company information. To create an EC2 account, the user just needs to enter a name, email address, phone number, billing address and credit card information. The fraudulent account has since been disabled, Bloomberg reported.

Companies and independent developers can easily rent computing power for pennies from Amazon EC2 for certain big projects. Amazon EC2 prices range from 3 cents to $2.48 an hour.

Malware developers and other cyber-criminals can use the Amazon infrastructure for their own nefarious purposes, as well. Two security researchers first demonstrated how criminals can launch a denial-of-service attack using EC2 infrastructure during DEF Con in August 2010. German researcher Thomas Roth used EC2 to crack 14 SHA1-encrypted hashes in November and brute-forced the password on a WPA-PSK protected wireless network in January.

It's a little unclear what the attackers did through EC2 to bring down Sony. Sony claimed that the attackers used "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators and escalate privileges inside the servers." The attackers also deleted log files in order to hide the extent of their work and activities, Sony said.

However, Amazon EC2 is best used in brute-force attacks, which is the most unsophisticated way to hack a password. The attack involves using all possible permutations of keys until the exact password is discovered. Cracking long passwords is mathematically more intensive and requires more processing power, which is why EC2 is quite useful in this kind of scenario.

Rocket Fuel