An anonymous source claims the person who hacked into Sony’s Playstation network did so using Amazon’s cloud computing servers. If true, it would suggest previous warnings of the potential for misuse were very much valid.
An unnamed Bloomberg source says the Sony hacker carried out the attack using Amazon’s EC2 service which, unlike more basic forms of cloud computing that are mainly for storage or document editing, allows users to carry out the data processing of their choice on a pay-per-use basis.
Sensibly enough, the hacker is said to have used a bogus name to set up the EC2 account and has since disabled the account. Amazon — which can probably expect a visit from the FBI if the story is true — does have measures to keep track of who uses its services, such as requiring a valid phone number and credit card. There are ways round both of those checks, though it would require a little more determination.
It’s not just the potential for anonymity that can make cloud computing services attractive, however. Back in January a German security consultant said he’d been able to use EC2 to successfully break a wireless password in 20 minutes and that he believed he could cut that to six minutes. That’s not just an issue of saving time, but also money: with Amazon’s pricing structure, a six-minute attack could cost under $2.
If EC2 was indeed used in the Sony attack, it’s clearly going to have been a slightly more sophisticated technique than a brute force attack on a wireless password (in effect, guessing every possible answer, usually starting with dictionary words.) But the basic principle remains the same: using cloud computing allows access to intensive processing without the hardware costs.
Amazon has previously noted that its acceptable use policy bars customers using EC2 for unauthorized hacking, though it isn’t clear if or how it attempts to stop such behavior.
LINK TO OUR HOME PAGE :