Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Amazon Servers Used In Sony Playstation Hack

samzenpus posted more than 3 years ago | from the bad-clouds dept.

Cloud 135

the simurgh writes "Amazon servers may have been used to carry out the massive Playstation hack that compromised the personal information of more than 100 million Playstation Network users. According to a report from Bloomberg, sources close to the ongoing investigation say the attack was mounted from Amazon Web Service's cloud computing platform."

cancel ×

135 comments

Sorry! There are no comments related to the filter you selected.

It's a conspiracy. (1)

Anonymous Coward | more than 3 years ago | (#36133608)

Obviously. Who is better equipped to take down Sony than the elusive Amazon?

A cloud attacks another (3, Funny)

mehrotra.akash (1539473) | more than 3 years ago | (#36133614)

Will there be a thunderstorm?

Re:A cloud attacks another (1)

Gaelinda (2132256) | more than 3 years ago | (#36133852)

This gives a whole meaning to the slogan "To the cloud"!

Re:A cloud attacks another (3, Insightful)

somersault (912633) | more than 3 years ago | (#36133868)

You mean it actually had a meaning before?

Re:A cloud attacks another (1)

Killall -9 Bash (622952) | more than 3 years ago | (#36134776)

Part of a meaning, apparently.

Re:A cloud attacks another (1)

cyber-vandal (148830) | more than 3 years ago | (#36135300)

Those adverts are so fucking patronizing - I want to kill everyone involved in making them.

Re:A cloud attacks another (1)

the_humeister (922869) | more than 3 years ago | (#36133860)

So Amazon brought down Sony, but their banning yaori. Are they good or evil???

Re:A cloud attacks another (0)

Anonymous Coward | more than 3 years ago | (#36133884)

No idea what yaori is, but Amazon also banned wikileaks [mashable.com]

Re:A cloud attacks another (1)

Anonymous Coward | more than 3 years ago | (#36133986)

yaoi*

Lern to spellz teh enrgish

Re:A cloud attacks another (1)

lostthoughts54 (1696358) | more than 3 years ago | (#36134704)

Lern to spellz teh enrgish

Yaoi is a Japanese word. If u are going to be a douche, the least you could do is be right.

Nihongo superu o manabu. there fixed.

Re:A cloud attacks another (1)

pandrijeczko (588093) | more than 3 years ago | (#36135394)

Sony and "Yaoi" - a pair of crappy Japanese comics.

Re:A cloud attacks another (0)

Anonymous Coward | more than 3 years ago | (#36134720)

It's "they're" you fucking moron...

Re:A cloud attacks another (0)

Anonymous Coward | more than 3 years ago | (#36136452)

I fail to see the evil part. Both are good, hence Amazon is good.

So it came from an Anonymous Cloud? (4, Funny)

toygeek (473120) | more than 3 years ago | (#36133626)

Is it an Anonymous Cloud or Anonymous' Cloud?

So if the attack came from a cloud, then wouldn't it be a lightning attack instead of a "hacking" attack?

We really need to get this internet meteorology right.

Re:So it came from an Anonymous Cloud? (0, Offtopic)

larry bagina (561269) | more than 3 years ago | (#36133658)

Anonymous's [bartleby.com]

Re:So it came from an Anonymous Cloud? (1, Informative)

Anonymous Coward | more than 3 years ago | (#36134056)

I simply do not like those rules in your link. The English that I learned says that toygeek did it right. Word's ending in "s" should not get the "'s" after them, the apostrophe is sufficient.

Re:So it came from an Anonymous Cloud? (1)

larry bagina (561269) | more than 3 years ago | (#36134222)

Not liking something doesn't make it wrong. Learning something doesn't make it right.

Re:So it came from an Anonymous Cloud? (0)

Anonymous Coward | more than 3 years ago | (#36134260)

Then, do pray tell, what's an "anonymou"? If that's how you speak and write English, then you are a stupid, asshole, motherfucking piece of shit.

P.S. http://www.britannica.com/EBchecked/topic/264162/Hesss-law-of-heat-summation [britannica.com]

Re:So it came from an Anonymous Cloud? (1)

Vectronic (1221470) | more than 3 years ago | (#36134438)

An anonymou is the singular of anonymii. "that anonymou really stands out from the rest of the anonymii", and anonymous is a pejorative, like emos. "being unidentifiable is a characteristic of anonymous's"

now you know.

Re:So it came from an Anonymous Cloud? (1)

PCM2 (4486) | more than 3 years ago | (#36135476)

The English that I learned says that toygeek did it right. Word's ending in "s" should not get the "'s" after them, the apostrophe is sufficient.

I do not think you learned the rule completely. Look carefully at what Strunk & White says in the linked text: "Form the possessive singular of nouns with 's." Words that end with S that are not singular still just take the apostrophe, as you say. So it would be "the witch's cauldron," but in the case of Shakespeare's MacBeth, it would be "the witches' cauldron." For singular words, though, adding the apostrophe-S is generally preferred, because it helps avoid ambiguity. If you think about it, though, this almost never applies to anything but proper names. There really aren't many (any?) words in the English language that end in S but have the same form whether they are plural or singular. Most add -es to make them plural, in which case they just take the apostrophe.

Re:So it came from an Anonymous Cloud? (2)

AvitarX (172628) | more than 3 years ago | (#36134270)

Too bad English is a living language.

Though in general things lean the way you've said it, there is definitely space to do it either way with a "polysyllabic word ending in a sibilant" (generally based on intention of how it is to be said).

And "some contemporary writers omit the extra s in all cases"

http://en.wikipedia.org/wiki/Apostrophe#Standardisation [wikipedia.org]

I don't see the issue with the "new" way of adding an apostrophe only for words ending in "s" and an "'s" for words that don't, and in 15 years, I bet that's how it goes.

Re:So it came from an Anonymous Cloud? (0)

Anonymous Coward | more than 3 years ago | (#36134714)

I don't see the issue with the "new" way of adding an apostrophe only for words ending in "s" and an "'s" for words that don't, and in 15 years, I bet that's how it goes.

Which shows just how aware of linguistics you really are. You honestly expect a debate that's been going on for over a hundred years to be resolved in the next fifteen?

Re:So it came from an Anonymous Cloud? (1)

lostthoughts54 (1696358) | more than 3 years ago | (#36134936)

Too bad English is a living language.

\

living language= a language so butchered it has no true rules, making it illogical and inefficient.
Even at 7 i knew there was a issue with having to learn, "For every rule there is a rule breaker."
English would be much better if people just followed rules. Exceptions only when absolutely necessary. But instead we make rules then break them at our leisure and as long as others like the rule breaker, it is now considered correct. It due to this stupid mentality that i still have difficulty with the English language(my native language, even if i grew up in the Southeast U.S.) , but i had absolutely no problems in Spanish or Japanese(Japanese, i just started learning).

and in 15 years, I bet that's how it goes.

in 15 years u will need this. http://en.wikipedia.org/wiki/Mandarin_Chinese [wikipedia.org]

Re:So it came from an Anonymous Cloud? (1)

Bing Tsher E (943915) | more than 3 years ago | (#36135240)

Please don't harp on other people about the way they butcher language, and then use 'u' as a word. This isn't your little chatspeak den here.

so here all this time amazon (1)

chronoss2010 (1825454) | more than 3 years ago | (#36133676)

so here all this time amazon going no anonymous attacks failed and yet you have the dos and a REAL hack and it used to do some real fun other stuff. GOOD show....SONY deserves it.

It produces MUSHROOM CLOUDS! (0)

Anonymous Coward | more than 3 years ago | (#36134086)

BOOM... so much for "cloud computing" (I first heard the term back in the early to mid 1990's, and figured it was bullshit then, just like it's turning up to be now).

Re:So it came from an Anonymous Cloud? (0)

Anonymous Coward | more than 3 years ago | (#36134170)

I don't know; can you rephrase your question in a car analogy?

lightning attack (1)

nurb432 (527695) | more than 3 years ago | (#36134498)

we called that blitzkrieg in wwii

Amazon PR Disaster (0)

longacre (1090157) | more than 3 years ago | (#36133666)

Revenue from cloud services: 1.5%
Retail revenue lost from consumers who will forever link one of the greatest breaches in history with the Amazon brand: Priceless

I don't see it... (2)

Junta (36770) | more than 3 years ago | (#36133728)

I suspect most all of the people that are amazon customers only vaguely know what's going on and won't bother to learn the detail on the hosting provider for the attackers systems.

I suspect the minority that are that inclined almost all know that in this specific scenario, Amazon was just a hosting provider and understand that means they aren't particularly responsible for what happened any more than AT&T would be responsible for a house downloading a video illegally.

Sure, there is probably a very small population that will stumble upon the facts and falsely presume Amazon is an evil company for cracking into Sony's stuff (as opposed to an evil company for other reasons). I have a feeling that change in revenue would be lost in the noise and small compared to any arbitrary boycott over seemingly small and/or inane things Amazon does on any given day.

Re:I don't see it... (0)

TooMuchToDo (882796) | more than 3 years ago | (#36133882)

Competent hosting companies monitor for this abuse. Amazon doesn't, and turns a blind eye towards it (because it would greatly reduce the margin on their computing resources they sell if they had to monitor for abuse).

Re:I don't see it... (0)

Anonymous Coward | more than 3 years ago | (#36134114)

The entire reason fraud and abuse proliferate online is the need for "instant access"

If every company stepped out of this mindset and had a "human" verify every signup, eg calling them on the phone and verifying the signup information, much less fraud would be possible as it eliminates the anonymity. The banks have no problems doing this, and make tonnes of money. It takes about a week to get a bank account via online versus going into the bank itself and having one in about an hour.

Because the general populous is against national ID cards, there is simply nothing that can be verified to begin with that can't be faked. So let's put this the other way around, let's open "Verify Online" physical presence stores, and all they do is verify the ID of people in person and email them back a verified token to activate the account. The online service pays for it, and if they are too cheap to afford it, they shouldn't be in business. I believe we call these Notary Public. Just extend it to this.

Any company or person who wishes to sign up for an account that has any form of "credit" (virtual or real, eg "points" "dollars" "credits" "gold") must be verified in person.

Why would this reduce fraud you might ask?
- Nearly all fraud online involves the theft of billing credentials (credit cards, bank account numbers, and the addresses), the very same information used to signup.
- Paypal, banking and credit card sites all use some kind of physical token , actually mailing, sending a SMS message or phoning to verify, the fraud is often caused by the theft of the login information and then subsequently "sending money" to someone to cash out immediately.
- Online games are often an used for money laundering, by putting all the ill gotten money into the "Credit" system of the game, either from virtual purchases, or the game gold or points itself, and then in turn those are sent to another player with a different id, to sell all those back for real world cash aka RMT (eg back via paypal) to gold buyers or other stupid players. Therefor eroding the gameplay. Simply "losing" in online gambling to other players can be laundering it, where the other player is in cahoots. Do you see why the government goes nuts about online gambling?

All in all, the money is funneled into criminal enterprises, terrorism, drugs, etc if it's not siphoned off by idiots who don't know what they just did. So by having the verification at the time of account creation, you eliminate the fraudulent signups, since part of the convenience of signing up instantly is that you can signup outside your place of residence. Instead the fraudulent activity then has to occur at the stolen-account or from mules (jobs cashing checks.)

So all that data taken from Sony means that there is potentially millions of billing data out there that could be used to create millions of legit-looking accounts with credit-bearing companies. Everything has been explained above.

As for Amazon, the only thing they could have done to prevent this is firewall off all EC2 instances from connecting outside without implicit permission. That in itself isn't verifiable since many external sites allow API access.

Re:I don't see it... (1)

Pseudonym Authority (1591027) | more than 3 years ago | (#36134272)

That is so stupid. There is no way I would bother with a provider that I had to talk to. Also, my rebuttal is in your comment.

calling them on the phone and verifying the signup information, much less fraud would be possible as it eliminates the anonymity. The banks have no problems doing this

And just how much bank fraud does that stop exactly? HINT: NONE.

Online games are often an used for money laundering, by putting all the ill gotten money into the

OH YAH, I can just imagine some hard looking mafia types trading gold on Runescape, with the FBI monitoring them and hiding as a noob while waiting for the transaction to complete. How totally ridiculous.

The online service pays for it, and if they are too cheap to afford it, they shouldn't be in business.

Fascism! Socialism! Unamerican! But really, that is just a way to further consolidate power and money for the large corporation, which it is quite clear that you are just shilling for, you asshat fucktard apologist.

Re:I don't see it... (1)

dakameleon (1126377) | more than 3 years ago | (#36136284)

Online games are often an used for money laundering, by putting all the ill gotten money into the

OH YAH, I can just imagine some hard looking mafia types trading gold on Runescape, with the FBI monitoring them and hiding as a noob while waiting for the transaction to complete. How totally ridiculous.

Actually, that's not as utterly ridiculous as you make it out to be: http://www.policeone.com/police-technology/articles/3115040-Online-games-are-new-choice-for-money-laundering/ [policeone.com]

Re:I don't see it... (1)

ipwndk (1898300) | more than 3 years ago | (#36135060)

The banks in Denmark certainly doesn't require you to identify yourself over the phone, or physically. I created an account yesterday in five minutes flat.

Of course they use a digital signature that is linked to my citizen ID that all the Danish banks made together in collaboration to remove that very check you are describing.

This can however be exploited as well as you describe :S Problem here is that it's my citizen ID. It's not just money then. They can change my name, my taxes, healthcare services and anything else that is between me and the state. Ack, I began the comment to say that we're far more advanced, but the pitfall with a totally digitalized citizenship is that our identify is at stake :|

Re:I don't see it... (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36134628)

They cannot legally monitor for abuse... Or they can then get sued for "not finding abuse fast enough" and shit like that.

It is the same reason why no shared or VPS hosting company says they actively monitor your usage / files. This is a form of liability control for them. The second they start taking responsibility for "catching pirates, hackers, crackers, and pedophiles" is the second they can then be named in a lawsuit and sued.

Re:I don't see it... (1)

turbidostato (878842) | more than 3 years ago | (#36134638)

"Competent hosting companies monitor for this abuse. Amazon doesn't, and turns a blind eye towards it"

Just like competent gun makers will monitor for gun abuses? Is this the "Colt should pay for murderings produced using its weapons" argument?

Re:I don't see it... (1)

grcumb (781340) | more than 3 years ago | (#36135048)

Just like competent gun makers will monitor for gun abuses? Is this the "Colt should pay for murderings produced using its weapons" argument?

If Colt were renting out the firearms by the hour and selling ammunition by the crate, then yes, you could reasonably expect them to monitor who is using them and for what stated purpose.

Re:I don't see it... (1)

Rakishi (759894) | more than 3 years ago | (#36135124)

So Hertz has to have a guy sitting in every car that people rent to prevent someone from using the rented car to commit a crime?

Re:I don't see it... (3, Insightful)

datapharmer (1099455) | more than 3 years ago | (#36136424)

Seriously. I've grown tired of reporting abuse to amazon, whose policy is to "send the complaint on to the customer". I now just block their IP ranges. Unfortunate for anyone who legitimately wants to crawl my sites using their service, but if enough people block them they will start seeing customers head elsewhere. Blocking about a half dozen abusive ISPs has cut my attack logs down exponentially, so failure to regulate your service = banned appears to be an acceptable policy in many cases.

Re:I don't see it... (1)

the_humeister (922869) | more than 3 years ago | (#36134036)

Or maybe they'll like the fact that they were utilized in attacking Sony.

Re:Amazon PR Disaster (0)

Anonymous Coward | more than 3 years ago | (#36133760)

I'd spin it as "Amazon cloud: crackers give up botnets for it!"

Re:Amazon PR Disaster (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36133922)

Hey, not every VPS service has the advanced management APIs that make operating 7 proxies on demand hassle free...

Re:Amazon PR Disaster (0)

Anonymous Coward | more than 3 years ago | (#36133978)

I'd spin it as "Amazon cloud: crackers give up botnets for it!"

How do you know they're white? :D

Re:Amazon PR Disaster (1)

Charliemopps (1157495) | more than 3 years ago | (#36133876)

I think you underestimate the revenue growth "The Cloud" generates for it's vendors.
I also think you over estimate how many people will ever even hear that Amazon was involved, much less care about it.

Re:Amazon PR Disaster (-1)

Anonymous Coward | more than 3 years ago | (#36133948)

This will be huge. Everyday people will lose so much faith in Amazon that they might as well shut their servers down now. Woot will be the first to go followed by the dismantling of everything else Amazon all at once. You're right, this is the beginning of the end.

Ok, truth: No one gives a shit about the PSN except a few rabid fanboys whose retardation nearly reaches that of the Apple fanboys that roam around here when there are stories about how iPods will kill you. I have a PS3 and enjoyed the PSN. I've cancelled and started playing on XBox Live. In my life there is no significant difference. Why is that? Because it's just a fucking video game. No one with a real life gives a shit, other than wondering if their credit card was compromised. I now need to know what ISP you're using so that I can ridicule them for all time for allowing such retardation to be spewed forth.

Let me reiterate one last time in a language you understand: DUH NO ONE CARE ABOUT UR STOOPIDIDIDTY.

Re:Amazon PR Disaster (1)

maxwell demon (590494) | more than 3 years ago | (#36134066)

Revenue from cloud services: 1.5%

Retail revenue lost from consumers who will forever link one of the greatest breaches in history with the Amazon brand: Priceless

You mean, just like the customers are fleeing the Windows platform in droves?

Re:Amazon PR Disaster (0)

Anonymous Coward | more than 3 years ago | (#36134158)

Or not, because really, let's be honest, the only people who aren't secretly chuckling to themselves that Sony got fucked over, rather than fucking consumers over like it usually does are Sony fanboys, who are, despite the loudness of their outcries, thankfully only small in number.

Re:Amazon PR Disaster (0)

Anonymous Coward | more than 3 years ago | (#36135498)

What are you talking about? I still trust Amazon, they didn't hack Sony. That's like saying it's Microsoft's fault that someone used a Windows computer to write a virus.

Or that it is a gun maker's fault that someone shot another person.

It's a tool, the people to blame are the ones using the tool to accomplish illegal goals.

Liability (1)

Sprouticus (1503545) | more than 3 years ago | (#36133688)

It will be interesting to see what sony does with this if it is true. I mean, it is not like they care about burning bridges. I could totally see them suing Amazon, if only to give them a PR black eye.

Re:Liability (1)

houstonbofh (602064) | more than 3 years ago | (#36134018)

It will be interesting to see what sony does with this if it is true. I mean, it is not like they care about burning bridges. I could totally see them suing Amazon, if only to give them a PR black eye.

Your post was not totally clear. Is the intent to give Amazon a PR Black Eye, or to freshen up the Sony PR Black Eye? I think Amazon would actually end up with a PR win if they handled it right.

Re:Liability (1)

jhoegl (638955) | more than 3 years ago | (#36134510)

I dont know that this kind of law suit would go anywhere anyways. Amazon provides a service, much like ISPs provide service. If you sue one, you would have to sue all.
However, if Sony were smart, they would put pressure on Congress to require companies to gain stronger knowledge about those they lease server space to.

Re:Liability (1)

MaxBooger (1877454) | more than 3 years ago | (#36135912)

Amazon does a lively business selling Playstation 3 consoles and games. I doubt Sony will want to bite one of the hands that feeds it.

In other news.. (1)

Anonymous Coward | more than 3 years ago | (#36133696)

Thieves were recently caught shoplifting. They wearing clothes from Gap, calling into question the influence and security of such clothing.

Yes, the story makes about as much sense as that...

Re:In other news.. (1)

mehrotra.akash (1539473) | more than 3 years ago | (#36133724)

More like using a pepper spray (meant for self defence) to steal stuff from others

Re:In other news.. (1)

moonbender (547943) | more than 3 years ago | (#36133730)

Not a very good analogy. This is more like (car analogy time) hiring a tow car for a vehicle you don't own as a way of stealing it. The tow car driver facilitates the crime without being aware that they are doing anything illicit.

Re:In other news.. (1)

zarzu (1581721) | more than 3 years ago | (#36134234)

Not really. It would be more like a tow car rental company. Amazon only provides the basic hardware, they were used as anonymizer, just like a rental would if you provide fake information (which was done in this case).

Re:In other news.. (0)

Anonymous Coward | more than 3 years ago | (#36135914)

Not really. Amazon doesn't provide any of the components required to do the task - they just rent the computers, so it would be more like a tow car parts rental company, where you assemble the parts to make the tow car.

really? (4, Interesting)

cratermoon (765155) | more than 3 years ago | (#36133740)

Considering how Amazon has become known for caving to the slightest pressure from law enforcement or even just a nosy senator [talkingpointsmemo.com] , to host such an attack from EC2 seems extraordinarily stupid.

It would make much more sense to launch it from somewhere hosted by a company that doesn't have a reputation for giving up their customer's data and shutting down even legitimate stuff that happens to run afoul of their vague guidelines.

Re:really? (1)

VortexCortex (1117377) | more than 3 years ago | (#36133848)

Considering how Amazon has become known for caving to the slightest pressure from law enforcement or even just a nosy senator [talkingpointsmemo.com] , to host such an attack from EC2 seems extraordinarily stupid.

It would make much more sense to launch it from somewhere hosted by a company that doesn't have a reputation for giving up their customer's data and shutting down even legitimate stuff that happens to run afoul of their vague guidelines.

?? Huh?

If you're in the business of stealing credentials, why not use some of the Amazon services those credentials allow you to access in order to get even more credentials?

As a benefit this also allows moronic assumpteers to take a distracting trip down "IP + Credentials == People" or "Shoot the Messenger" lane. If UPS delivers you a bomb or an envelope full of anthrax, it's not UPS's fault -- It's the malcontent that sent the package (Well, it's partially your fault too for accepting mail from a company who's name is "Oops!"). Of course the return address is a fake, unless, you assume the identity thieves are careless with their own identities...

Re:really? (5, Insightful)

Hardhead_7 (987030) | more than 3 years ago | (#36133950)

Considering how Amazon has become known for caving to the slightest pressure from law enforcement or even just a nosy senator [talkingpointsmemo.com] , to host such an attack from EC2 seems extraordinarily stupid.

It would make much more sense to launch it from somewhere hosted by a company that doesn't have a reputation for giving up their customer's data and shutting down even legitimate stuff that happens to run afoul of their vague guidelines.

Nah, once you do something on the scale of the PSN hack, it doesn't matter if the service provider caves too easily or not, because everyone gives up information when they get served a warrant. And there will be warrants. They just had to make sure Amazon has no way to trace it back to them, and it seems very unlikely the perpetrators accessed Amazon's servers from anything other than a laptop bought at a yard sale with a fake MAC address on a public wi-fi hotspot.

And the cloud services were paid for with a Visa gift card that was bought with cash.

Re:really? (2)

DrXym (126579) | more than 3 years ago | (#36134154)

Nah, once you do something on the scale of the PSN hack, it doesn't matter if the service provider caves too easily or not, because everyone gives up information when they get served a warrant. And there will be warrants. They just had to make sure Amazon has no way to trace it back to them, and it seems very unlikely the perpetrators accessed Amazon's servers from anything other than a laptop bought at a yard sale with a fake MAC address on a public wi-fi hotspot.

You'd like to think so but hackers can do stupid things, or fail to cover their tracks sufficiently, e.g. can't wipe logs. It's also possible that if anonymous were responsibles that internal ructions over the attack could lead to the person being identified via an informant which in turn leads to a raid which in turn leads to information being found that way.

Re:really? (1)

colinrichardday (768814) | more than 3 years ago | (#36135938)

And the cloud services were paid for with a Visa gift card that was bought with cash.

The last time I purchased a Visa gift card with cash, I had to show ID.

Re:really? (1)

Anonymous Coward | more than 3 years ago | (#36136052)

Which wasn't yours. So, there.

Re:really? (0)

Anonymous Coward | more than 3 years ago | (#36136184)

You can walk into a Safeway or a 7-Eleven and buy those things for cash... Hell, you could pay someone just as easily to walk in and buy it for ya if you were worried about the cameras...

Re:really? (2)

drolli (522659) | more than 3 years ago | (#36134280)

Why? If you stole the credit card numbers before to buy the computation time, its not a big deal it they later fine the virtual machine afterwards. I would obviously only use the EC2 to collect and encrypt the data, but obviously not process it. If you need a lot of bandwidth to handle the incoming data, but you can afford a few days to transfer them out.

Lieberman and PNAC, Version 2.0 (1)

sgt_doom (655561) | more than 3 years ago | (#36136276)

Nosy senator? Did you mean Joey Lieberman, a member of that ultra-neocon Foundation in Defense of Democracies (whose, one wonders???), PNAC version 2.0?

Recently, they have financed a pile of drivel, in support of the Cheney-Rumsfeld conspiracy theory on 9/11, and attacking all those critics who know stuff like math, science, engineering, aviation and are retired intelligence professionals and military professionals, as well as former heads of state (i.e., really "flaky" guys as opposed to goatherds like Cheney and Rumsfeld, no doubt?).

Yup, sure wouldn't ever want anyone to investigate the backgrounds of those 64 passengers aboard the four commericial airliners involved that day.

After all, in homicide cases, it is always routine to investigate the background of the victim or victims, as in the majority of cases the murderer knows their victims. And on 9/11/01, the certain group of victims were those passengers with ahead-of-time reservations that day!

DANGER! Corny alert (1)

xeroedouttwice (1873324) | more than 3 years ago | (#36133756)

Looks like the "cloud" rained on PS3 network's parade, so to speak. Hyuk-Hyuk-Hyuk!!! (Imitates Goofy Disney character)

Was the cloud hacked too? (4, Interesting)

Anonymous Coward | more than 3 years ago | (#36133812)

Wait a minute... Amazon's cloud crashed 4/21, the day after Sony realized they'd been pwned and took down PSN.

Is there something Amazon isn't saying, like maybe they were pwned too??

Re:Was the cloud hacked too? (5, Funny)

ColdWetDog (752185) | more than 3 years ago | (#36133964)

Wait a minute... Amazon's cloud crashed 4/21, the day after Sony realized they'd been pwned and took down PSN.

Is there something Amazon isn't saying, like maybe they were pwned too??

And it was the day after 4/20 - therefore it had something to do with stoners.

George Bush didn't support legalization of marijuana.

Goddamnit. It's GEORGE BUSH'S FAULT!

Re:Was the cloud hacked too? (1)

wmbetts (1306001) | more than 3 years ago | (#36134162)

Finally someone with some sense and logic posting on this story. I wish more people realized it was all his fault.

Re:Was the cloud hacked too? (1)

ColdWetDog (752185) | more than 3 years ago | (#36134346)

Everything is George Bush's fault. Well, except for a few things that are Ronald Regan's fault....

Re:Was the cloud hacked too? (1)

maxwell demon (590494) | more than 3 years ago | (#36134076)

Or maybe Sony fought back? :-)

It's not easy being amazon (0)

Anonymous Coward | more than 3 years ago | (#36133820)

So they used Amazon. They could just as well have used any other of the 1000's of 'rent a vm' providers out there. But I guess it's news just because it's amazon.

If amazon has any access logs they will probably find out that the attackers either bounced themselves though another vm host or though some form of anonymiser service and they will be just as surprised by that as they are with this news. "What? The hacker didn't attack Sony by directly using his own computer?!"

used != may have been used (0)

Anonymous Coward | more than 3 years ago | (#36133838)

Why does the headline differ from the summary? Is it that hard to write a headline that isn't sensationalist?

Re:used != may have been used (1)

easyTree (1042254) | more than 3 years ago | (#36134020)

Is it that hard to write a headline that isn't sensationalist?

The question is, why would you want to?

sources close to the investigation (1)

doperative (1958782) | more than 3 years ago | (#36133872)

> sources close to the ongoing investigation say the attack was mounted from Amazon Web Service's cloud computing platform ..

What evidence is there that Amazon Cloud was the source and why the need to keep the source of these allegations anonymous.

Web Services cloud- computing unit was used by hackers in last month’s attack against Sony Corp. (6758)’s online entertainment systems, according to a person with knowledge of the matter

I see, asome 'person'

Re:sources close to the investigation (2)

Platinum Dragon (34829) | more than 3 years ago | (#36134422)

In other words, about as much evidence as other claims that Anonymous, PS3 hackers, or Osama bin Laden were involved.

Hey, gotta fill that news cycle. Gotta draw eyeballs for advertisers. Content is just a vehicle for making money. Truth is incidental, and at this point often accidental.

Re:sources close to the investigation (2)

eulernet (1132389) | more than 3 years ago | (#36134546)

TFA is totally bullshit.

I think that the hackers used a few open L1 proxies on Amazon AWS.

In my list of open proxies, there are around 20 proxies on Amazon AWS, of the form
ec2-??-??-??-???.us-west-1.compute.amazonaws.com:80
ec2-??-??-??-??.ap-southeast-1.compute.amazonaws.com:80
ec2-??-??-??-??.compute-1.amazonaws.com:80
ec2-??-??-??-??.eu-west-1.compute.amazonaws.com:80
where ??-??-??-?? is an IP address.

Is This Supposed To Be News? (2)

RoFLKOPTr (1294290) | more than 3 years ago | (#36133932)

So the hackers chose to bounce their packets off a server rented from Amazon. They could have chosen a server rented from a thousand others. Hell, they could have done it with a server rented from me. Thankfully, they did not. But really who the hell cares?

Re:Is This Supposed To Be News? (1)

Captain Spam (66120) | more than 3 years ago | (#36134380)

Just wait for this upcoming week's headlines...

"Logitech Mice Used In Sony Playstation Hack"
"64-Bit Processors Used In Sony Playstation Hack"
"Store-Brand Clothing Used In Sony Playstation Hack"
"Mountain Dew Used In Sony Playstation Hack"

Re:Is This Supposed To Be News? (2)

RoFLKOPTr (1294290) | more than 3 years ago | (#36134506)

Just wait for this upcoming week's headlines...

"Logitech Mice Used In Sony Playstation Hack" "64-Bit Processors Used In Sony Playstation Hack" "Store-Brand Clothing Used In Sony Playstation Hack" "Mountain Dew Used In Sony Playstation Hack"

"Sony VAIO Used In Sony Playstation Hack"

Re:Is This Supposed To Be News? (1)

nickb64 (1885128) | more than 3 years ago | (#36135076)

maybe MY stolen VAIO was used in the attack.

It was stolen randomly less than a week before PSN went down, coincidence, I think not.

/puts on tin foil hat

Re:Is This Supposed To Be News? (0)

Anonymous Coward | more than 3 years ago | (#36135132)

I'm kind of hoping they did it from OtherOs.

Re:Is This Supposed To Be News? (1)

pandrijeczko (588093) | more than 3 years ago | (#36135242)

It's just so the PS3 fanbois can feel a bit more comfortable renting their rectums back to Sony & paying for the privilege when the PSN comes back online because it will all have been Amazon's fault, not Sony's.

Re:Is This Supposed To Be News? (1)

lev400 (1193967) | more than 3 years ago | (#36135686)

Agreed. What does it matter what servers they used to attack from? Normaly attacks are done from zombie PC's or hacked web serers but guess they wanted a good connection to PSN etc. Also title is mis-leading. It should read "Servers Rented from Amazon Used In Sony Playstation Hack".

"Hosted by" Amazon? (4, Funny)

identity0 (77976) | more than 3 years ago | (#36133956)

An attack from Anonymous? Pshaw, yeah right.

We all know Amazon really did the hack themselves, because they were mad they couldn't get Sony on the One-Click patent, since PS3 users don't use mice.

Outpriced by Amazon? (2)

malacandrian (2145016) | more than 3 years ago | (#36133958)

Presumably, they chose Amazon's network as they were cheaper than renting time on a botnet. I'm intruiged as to the ramifications on the distributed computing black market as it were, whether it will force their prices down in this age of cheap computing (especially as none of the resources used are theirs per say) or they'll raise them as a charge for the anonymity Amazon and Google would never provide.

a third way (1)

OrangeTide (124937) | more than 3 years ago | (#36134366)

stealing a few AWS accounts is cheaper than either of the options you mentioned.

Good (1, Offtopic)

JockTroll (996521) | more than 3 years ago | (#36134006)

Would be cool to see Sony and Amazon sue the hell out of each other. A bit like two rapists/murderers buttfucking and then disemboweling each other. Unfortunately such huge corporations always reach some sort of agreement in these cases - smart thieves don't steal from each other. A shame, because watching them fighting it out, maybe sending their security teams to do battle in their rival's offices, while we laugh on the faces of grieving widows and throw dog feces at weeping orphans would be AWESOME.

how dare (0)

Anonymous Coward | more than 3 years ago | (#36134138)

internet was used ? no !?!?

Amazon Prime Members? (4, Funny)

tgeek (941867) | more than 3 years ago | (#36134310)

Shame the hackers weren't Amazon Prime members - then they could have had everything they wanted in 2 days at no extra charge.

The Truth (0)

Anonymous Coward | more than 3 years ago | (#36135234)

We are dealing with a new group. Amozynous!

Big Business Security (1)

lordkamon (1015949) | more than 3 years ago | (#36135566)

If a large corporation's site like the Sony site could be so easily compromised, how are we supposed to guage the level of security of any other site? Another question, if the security of Sony was compromised by using Amazon in some way, doesn't that mean that those who use Amazon are potentially at just as much risk as those who were compromised at Sony? So let's say nono it's a completely different thing, how can you 100% guarantee that? On a more constructive note, how do we eliminate this kind of access in future? My suggestion.... eliminate anonymous internet access permanently.

see it weekly, at least... (0)

Anonymous Coward | more than 3 years ago | (#36135578)

I work in infosec, and not a week goes by where we don't see an attack of some kind that originates from AWS, with us as the target. It's easy and cheap to setup a fairly powerful and distributed AWS system for this purpose. We're giving serious thought to blocking all incoming AWS traffic due to this.

IF (0)

Anonymous Coward | more than 3 years ago | (#36135726)

If they are being rented, they are no longer "Amazon's servers." It's simply a dumb pipe, and the dumber, the better. If they can't find the perp from the (hopefully limited) info given by Amazon's records, tough shit.

Hosted BackTrack OS (1)

elephantsaroundhere (2160118) | more than 3 years ago | (#36135760)

In the future the attackers may want to go straight to this new hosting provider : http://www.hostedbacktrack.com/ [hostedbacktrack.com] All the required tools are already installed as they are planning on offering hosted BackTrack Operating Systems.

How legitimate companies sign up (1)

nacturation (646836) | more than 3 years ago | (#36135968)

The hackers didn’t break into the Amazon servers, the person said. Rather, they signed up for the service just as a legitimate company would, using fake information.

And to think that by providing accurate information, I've been doing things wrong all this time.

They obviously didn't use S3 then! (1)

mysqlbytes (908737) | more than 3 years ago | (#36135978)

Because the hack, and Amazons S3 outage occured at about the same time!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?