For three pennies an hour, hackers can rent Amazon.com’s servers to wage cyber attacks such as the one that crippled Sony Corp’s PlayStation Network and led to the second-largest online data breach in US history.
A hacker used Amazon’s Elastic Computer Cloud, or EC2, service to attack Sony’s online entertainment systems last month, a person with knowledge of the matter said. The intruder, who used a bogus name to set up an account that’s now disabled, didn’t hack into Amazon’s servers, the person said.
The incident helps illustrate the dilemma facing Chief Executive Officer Jeff Bezos: Amazon’s cloud-computing service is as cheap and convenient for hackers as it is for customers ranging from Netflix Inc to Eli Lilly & Co. Last month’s attack on Sony compromised more than 100 million customer accounts, the largest data breach in the US since intruders stole credit and debit card numbers from Heartland Payment Systems in 2009.
“Anyone can go get an Amazon account and use it anonymously,” said Pete Malcolm, chief executive officer of Abiquo Inc, a Redwood City, California-based company that helps customers manage data internally and through cloud computing. “If they have computers in their back bedroom they are much easier to trace than if they are on Amazon’s Web Services.”
NETWORK RESUMPTION
Sony on May 14 partially restarted its PlayStation Network and Qriocity services, which had been shut since April 20 because of the intrusion. The company has hired three security firms to investigate and is working with the law enforcement officials. Sony has faced a backlash from regulators and customers over the time it took to warn customers that their data may have been stolen.
Drew Herdener, a spokesman for Seattle-based Amazon, the world’s largest online retailer, declined to comment. Amazon didn’t respond to a request to speak with Bezos. Patrick Seybold, a US spokesman for Tokyo-based Sony, declined to comment beyond public statements made on the matter.
The Federal Bureau of Investigation will likely subpoena Amazon or seek a search warrant to access the history of transactions, trace who had access to the specific Internet address at the time and get details on payment data, said EJ Hilbert, president of the security company Online Intelligence and a former FBI cyber-crime investigator.
FBI PROBE
FBI Special Agent Darrell Foxworth, a spokesman for the agency’s San Diego office, said he couldn’t comment on whether the bureau served Amazon with a search warrant or subpoena and that investigators are following up “each and every lead.” Amazon’s Herdener declined to say whether his employer had been subpoenaed or served with a search warrant.
Amazon Web Services leases computing space to companies so they don’t have to buy their own servers to store data and handle a surge in visitors.
Prices for EC2 range from 3 cents to $2.48 an hour for users in the east coast of the US, according to its website.
