If you’re looking for the source of the network attacks that brought down Sony’s PlayStation Network—yes, it’s still down—look no further than Amazon. The online retail giant didn’t bring down the PlayStation Network per se, but an undisclosed source speaking to Bloomberg News has indicated that hackers used Amazon’s cloud services to fuel the break-in.
According to the source, the hackers posed as a normal business and signed up for a legitimate server rental through Amazon’s EC2 service—otherwise known as Amazon Elastic Compute Cloud. It’s unclear how the hackers specifically used EC2 to push the attack out, which is almost as unknown a figure as the exact treasure trove of data the attackers were able to access within Sony’s network.A leaked letter sent from Rob Dyer, Sony’s senior vice president for publisher relations, to the company’s various publishing and development partners sheds a bit more light on the exact nature of the attack. According to Dyer, Sony first noticed the intrusion when a batch of servers unexpectedly rebooted themselves in conjunction with “unplanned and unusual activity” within Sony’s network.
“Sony mobilized a larger internal team to assist the investigation of the four suspect servers. That team discovered the first credible indications that an intruder had been in the PlayStation Network system, and six more servers were identified as possibly being compromised,” Dyer wrote. “Sony immediately decided to shut down all of the PlayStation Network services in order to prevent any additional damage.”
A subsequent investigation by Sony forensics teams uncovered the scope of the methods used during the attack.
“The forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators and escalate privileges inside the servers. Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network,” Dyer wrote.
As for what the hackers were able to run away with, Sony claims that there’s no evidence to indicate that PlayStation Network credit card numbers were stolen in the attack—merely the “personal data” for more than 77 million PlayStation Network and Qriocity accounts.
This isn’t the first time that Amazon’s EC2 service has been used by a third party for shady purposes. A German researcher showed earlier this year that one could use EC2 to launch brute-force attacks against a WPA-ASK-protected wireless network. For the grand cost of $1.68 and twenty minutes of time, Thomas Roth successfully forced his way into the secured network without issue. A brute-force attack isn’t the most sophisticated of techniques, but it’s certainly cheap, easy, and successful: Roth estimates that he’d be able to cut the time down to six minutes.
As for the PlayStation Network, the most recent update from Sony indicates that the company does not have an expected date for the restoration of its gaming service. Sit tight, gamers.