Sections

Report: Amazon cloud servers used to hack PSN

Saturday, 14th May 2011 14:28 GMT By Stephany Nunneley

A report over on Bloomberg states that Amazon cloud servers were used to attack PSN.

To the Cloud
Citing an anonymous source, the report (via Venture Beat) states that the account with Amazon was legitimate, although the hackers used an alias to set up the data center rental agreement.

Once the account with Amazon’s Elastic Compute Cloud service for web-based business was launched, the hacker attacked the PSN servers. Obviously, the account with Amazon has since been shuttered.

Amazon both declined to comment on the source’s claims to Bloomberg, and there’s no word whether or not the legal officials involved will be able to trace the culprit through the service or not.

SCEA’s Patrick Seybold told Bloomberg that since the investigation into the hacking of PSN was still ongoing, it “will not comment further on this matter.”

Sony sends a letter

Meanwhile, Sony’s SVP of publisher relations, Rob Dyer, has corresponded with the company’s publishing and development partners and in the letter stated it was a “top priority to restore,” PSN and “see that business is returned to usual as soon as possible.”

“We are working around the clock to restore service, but will do so only when we can ensure that the network can operate safely and securely,” he wrote. “In the meantime, we greatly appreciate your patience, understanding and goodwill.”

The letter, posted by Industry Gamers, goes on to explain what happened that fateful day back in April, and said the hackers used “very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators and escalate privileges inside the servers.”

Dyer then went on to describe exactly what Sony was doing to “give consumers peace of mind,” as well as secure the firm’s security systems moving forward by enhancing the network infrastructure.

The letter goes on to state that the firm is doing the following:

“Adding additional automated software monitoring and configuration management to help defend against new attacks; implementing enhanced levels of data protection and encryption, as well as additional penetration and vulnerability testing; employing new capabilities to detect software intrusions within the network, unauthorized access and unusual activity patterns; installing additional firewalls; expediting a planned move of the system to a new data center in a different location with enhanced security; and hiring a new Chief Information Security Officer.”

Looking ahead, Dyer stated that after the new measures are in place, the firm is “confident,” that its “consumer data will be protected by some of the best security measures available today.”

“As a valued partner we aim to keep the lines of communication open so that you are aware of our progress,” he said in closing. “Our focus has been to confirm the security of the networks, protect customer data and get the services back on line as quickly as possible. We will do our best to respond to all of your inquiries and we will do everything we possibly can to support you.

“We are doing everything we can to bring these services back online as soon as possible. We will update you with more information as soon as we can, but please call your account executive if you have further questions. We thank you for your patience and look forward to moving ahead together in the months and years to come.”

Sony took the PSN network offline on April 19, and SOE took its severs offline on May 1. The firm has yet to state when all servers will be brought back online, but has said it will be “soon,” and will rolled out intermittently as each of the networks offerings becomes secure.

Latest

16 Comments

  1. G1GAHURTZ

    “Adding additional automated software monitoring and configuration management to help defend against new attacks; implementing enhanced levels of data protection and encryption, as well as additional penetration and vulnerability testing; employing new capabilities to detect software intrusions within the network, unauthorized access and unusual activity patterns; installing additional firewalls; expediting a planned move of the system to a new data center in a different location with enhanced security; and hiring a new Chief Information Security Officer.”

    Talk about red flag to a bull!!

    #1 4 years ago
  2. get2sammyb

    @1: What else are they supposed to say?

    #2 4 years ago
  3. G1GAHURTZ

    I dunno… What is Anonymous asking for?

    #3 4 years ago
  4. NeoSquall

    @3 I’d rather offer them a specially handcrafted dakimakura OR

    a bullet

    in the head.

    #4 4 years ago
  5. KrazyKraut

    mh..funny. u can do awesome stuff with those amazon super computers. a dude in our neighbour decrypted a wlan-key in 20 minutes with them.

    #5 4 years ago
  6. Cygnar

    This is the sort of information we have waited for a long time to hear. If any of this is true, then we are finally beginning to learn about the nature of the intrusion, and we will soon be able to evaluate whether Sony “left the front door open.” We don’t know enough to call either way. In any case, I expect more of the same hysteria from some blogs and commentators, but hopefully the rest of us can wait for more evidence before we jump to conclusions.

    #6 4 years ago
  7. TheWulf

    This is the work of someone after data parading as Anonymous, just for those who haven’t figured it out yet. It’s patently obvious. If that wasn’t the case then why go after SOE? It was the perfect smokescreen.

    The problem was, of course, that Sony expected the PS3 to be their only necessary line of defence. As anyone in the security field will tell you… that was stupid. So they got hacked. Biiiig surprise. They likely won’t get hacked now that they actually have some security in place.

    The thing is is that #1 is wrong. Sorry #1. Data thieves, like any thieves, look for an easy target. They don’t look at fort knox when they can just rob a nearby jewellery store which hasn’t had its alarms fitted yet. Fraudsters like that aren’t the bravest people, they don’t go after the difficult marks.

    In fact, I can promise you that if Sony had actually not had an open door policy for hackers in the first place, and had actually had some security there, then none of this would have happened.

    Valve has security like #1 cited, and they haven’t been hacked, now have they?

    Think about it.

    This is really a stop and think about it moment, because that’s something you need to let percolate. The idea that people go after the most secure targets is a myth, it’s completely against the criminal psychology. People go after easier targets. They have to know there’s something there worth taking, but the easier the target, the better.

    What #1 cited, right there, would be terrifying to the averagely educated black hat hacker whose only interest is in fraud. They’d bugger off and find something easier to attack.

    Interestingly though, what #1 mentioned there is what Sony should have done in the first place. But we all realise that now. Before you start yelling at me though, Sony realises it too. Please note this very important part of the quote: “[...] and hiring a new Chief Information Security Officer.”

    So they’re hiring a better security guy. That’s about time, Sony, because in all fairness your last one was piss poor at his job.

    It seems that Sony really has learned something from this–at least in regards to their own security–and I can only hope that those lessons spread out to the rest of their corporate body, so that the next time something like this happens, they’ll handle it better.

    I had so much respect for Sony before this.

    #7 4 years ago
  8. TheWulf

    @4

    You’re upholding the notion (however idiotic that it might be) that it was actually Anonymous (probably some Middle-Eastern Cell funded by Osama Bin Laden if you stand with the TEA strain of Anonymous conspiracy theories) that did this.

    Going by the data snatching that went on, it just looks like a bunch of fraudsters who were using just the right moment to perform a snatch and run, whilst Sony’s pants were down.

    The thing is is that it would have been easy for a bunch of black hat hackers following this whole mess to have figured out all they needed for themselves, perform a snatch, and then parade themselves as Anonymouos for the entire thing. It’s a standard misdirection tactic and you fell for it.

    I have a bridge to sell you, if you’re interested. Really nice, only been walked over a few thousand times, barely worn at all!

    #8 4 years ago
  9. Cygnar

    @7
    “Sony expected the PS3 to be their only necessary line of defence”

    This is a very popular assertion, but the facts don’t support it. PSP users without PS3s have had to use PSN on PCs for years in order to download games. The Playstation Store, a part of PSN that is tied directly to the personal information of users, has been accessible through nearly any computer with internet access for years. Sony has delivered PSN services to non-console hardware for the better part of a decade, and so it will take more evidence than a gut reaction to support your feelings that Sony never contemplated that people would use PCs to access PSN.

    #9 4 years ago
  10. Gekidami

    @ TheWulf
    Cool story bro!

    …It was totally Anonymous btw.

    #10 4 years ago
  11. McLovin85

    Right that’s it I’m not using Amazon anymore as they can’t be trusted. Play.com lost lots of emails so they can’t be trusted anymore. Eidos lost all their details too as did SOE.
    Basically the internet can’t be trusted. I’ve decided to lock my laptop in a chest and never touch it again once I’ve finished writing this otherwise anything I might say or do could be hacked and precious details about me could be leaked onto god knows where.
    Is it possible to create a sex-tape of me purely from the text I write in the comments section? Pretty sure it is and that’s the next thing that will happen. Damn you internet!!!

    #11 4 years ago
  12. OrbitMonkey

    @10 Don’t you just love TheWulfs fairy tales though? This is his version of Goldilocks, with Sony as the 3 bears (totally asking for it, btw) & Anonymous as Goldilocks (except its not Anonymous, their good guys honest!)

    :)

    #12 4 years ago
  13. Dannybuoy

    Anonymous source? Ironic

    #13 4 years ago
  14. NeoSquall

    @8 I’m not upholding any notion you might think.

    My assumption is pretty simple.

    - Hotz tried to hack PS3 using hacked Linux on PS3 to gain low level access and succeded
    - Sony removed Other OS to prevent Hotz’s work
    - Hotz tried to hack harder and dedicated entire months of his worthless life waiting for other people to decode PS3 root key
    - Other people successfully decoded PS3 root key, Hotz snatched it and released it on public claiming fame
    - Sony sued Hotz as a deterrent for anyone trying further
    - Other people used “Hotz’s work” to build a CFW which enabled them to gain developer access to PSN
    - These other people used the CFW to mess up with PSN, dumping entire games from the store and accessing 77.000.000 registered users details and maybe 25.000.000 credit card details
    - Other people (the same as the previous point?) hacked in SOE by means still unknown (maybe still an hacked PS3) and messed with it too, accessing an old CC database

    These people don’t have identities yet, so we can claim it’s Anonymous until proven otherwise, plus Hotz is an accomplice in all this because these people used “his work” to build the CFW.

    That’s pretty simple.

    #14 4 years ago
  15. sg1974

    Hey Pat why havent you had time to report on Anonymous turning on each other over the Psn thing and hacking there own sites? Kotaku, Vgcharts, sixaxis and others have all reported it but not you – too busy acting as their PR and mouthpiece for every statement they put out perhaps?

    #15 4 years ago
  16. Mike

    Pat hacked PSN.

    #16 4 years ago

Comments are now closed on this article.