Bloomberg reported Friday that Amazon servers may have been used to perform the massive Playstation hack that compromised the personal data of more than 100 million Playstation Network users.
Today, Bloomberg reports in extensive detail exactly how the Playstation data was compromised through Amazon. Apparently, the hacker used Amazon’s Elastic Computer Cloud service, also known as EC2, to infiltrate Sony’s online entertainment systems last month. EC2 is fairly cheap, 3 cents to $2.48 on the east coast. The hack had to be performed by a person with knowledge of the matter. The intruder used a fake name in order to set up an account. The account is now disabled. However, the intruder didn’t hack into Amazon’s servers. The hacker then rented servers in the cloud to carry out the exploit.
In an earlier statement, Sony indicated organized collective Anonymous, known criminals, where behind the hack. Their trademark calling-card phrase “We are Legion” was found on Sony’s servers. But, Anonymous countered with an out of character absolute denial.
The servers have been shut down since April 20 for obvious reasons, but Sony on May 14 partially restarted its PlayStation Network and Qriocity services with Japan the only area without service as of today. The company has hired three security firms to investigate and coordinated with the law enforcement officials. Plus, Sony has increased its security protocol.
Sony told Bloomberg the incursion was “very carefully planned, very professional, highly sophisticated criminal cyber attack.”
I am sure individuals and companies are reorganizing how they handle their data on a cloud and rethink the security applications on cloud systems. From what I have read on this breach of security, it will be cheaper to rethink and reprocess security than be confronted with the ramifications of a hacker.