Make us your home page
Instagram

Sony case demonstrates ease of hacking Amazon's Cloud service

SAN FRANCISCO — For 3 pennies an hour, hackers can rent Amazon.com's servers to wage cyber attacks such as the one that crippled Sony's PlayStation Network and led to the second-largest online data breach in U.S. history.

A hacker reportedly used Amazon's Elastic Computer Cloud, or EC2, service to attack Sony's online entertainment systems last month. The intruder, who used a bogus name to set up an account that's now disabled, didn't hack into Amazon's servers.

The incident helps illustrate the dilemma facing CEO Jeff Bezos: Amazon's cloud-computing service is as cheap and convenient for hackers as it is for customers ranging from Netflix to Eli Lilly. Last month's attack on Sony compromised more than 100 million customer accounts, the largest data breach in the United States since intruders stole credit and debit card numbers from Heartland Payment Systems in 2009.

"Anyone can go get an Amazon account and use it anonymously," said Pete Malcolm, chief executive officer of Abiquo, a Redwood City, Calif., company that helps customers manage data internally and through cloud computing. "If they have computers in their back bedroom, they are much easier to trace than if they are on Amazon's Web Services."

The FBI will likely subpoena Amazon or seek a search warrant to access the history of transactions, trace who had access to the specific Internet address at the time and get details on payment data, said E.J. Hilbert, president of the security company Online Intelligence and a former FBI cyber-crime investigator.

Amazon Web Services leases computing space to companies so they don't have to buy their own servers to store data and handle a surge in visitors.

Prices for EC2 range from 3 cents to $2.48 an hour for users in the eastern United States, according to its website. Signing up requires a name, e-mail address, password, phone number, billing address and credit card information. Users get an automated call from Amazon and are asked to dial in a four-digit verification code to complete the registration process.

That's not enough to scare off hackers seeking to conduct attacks anonymously, and Amazon doesn't have the means to detect illegal uses of its servers, Abiquo's Malcolm said.

"Amazon can't do anything to prevent it," Malcolm said. "There is no way of telling who's a good guy and who's a bad guy."

As companies from Amazon to Microsoft build server farms worldwide, the services can help hackers hide their tracks, Hilbert said. Cloud services are also attractive for hackers because the use of multiple servers can facilitate tasks such as cracking passwords, said Ray Valdes, an analyst at Gartner Inc.

In some cases, hackers hide their tracks beneath several layers of proxy servers that can span the globe. A recent attack against computers in South Korea was controlled from servers in more than 20 countries, according to Georg Wicherski, a security analyst at McAfee.

Malicious attacks in the U.S. are on the rise. They made up 31 percent of data breaches in 2010, up from 24 percent a year earlier, with each event costing U.S. businesses an average of $7.2 million, according to a March report by the Ponemon Institute.

Sony case demonstrates ease of hacking Amazon's Cloud service 05/18/11 [Last modified: Wednesday, May 18, 2011 10:15pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, Bloomberg News.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. Carrollwood fitness center employs scientific protocol to help clients

    Business

    In 2005, Al Roach and Virginia Phillips, husband and wife, opened 20 Minutes to Fitness in Lakewood Ranch, and last month they opened the doors to their new location in Carrollwood.

    Preston Fisher, a personal fitness coach at 20 Minutes To Fitness, stands with an iPad while general manager/owner Angela Begin conducts an equipment demonstration. The iPad is used to track each client's information and progress. I also included one shot of just the equipment. The center recently opened in Carrollwood. Photo by Danielle Hauser.
  2. Olive Tree branches out to Wesley Chapel

    Business

    WESLEY CHAPEL — When it came time to open a second location of The Olive Tree, owners John and Donna Woelfel, decided that Wesley Chapel was the perfect place.

    The Olive Tree expands its offerings of "ultra premium?€ extra virgin olive oils (EVOO) to a second location in Wesley Chapel. Photo by Danielle Hauser.
  3. Massachusetts firm buys Tampa's Element apartment tower

    Real Estate

    TAMPA — Downtown Tampa's Element apartment tower sold this week to a Massachusetts-based real estate investment company that plans to upgrade the skyscraper's amenities and operate it long-term as a rental community.

    The Element apartment high-rise at 808 N Franklin St. in downtown Tampa has been sold to a Northland Investment Corp., a Massachusetts-based real estate investment company. JIM DAMASKE  |  Times
  4. New York town approves Legoland proposal

    News

    GOSHEN, N.Y. — New York is one step closer to a Lego dreamland. Goshen, a small town about fifty miles northwest of the Big Apple, has approved the site plan for a $500 million Legoland amusement park.

    A small New York town, Goshen approved the site plan for a $500 million Legoland amusement park. Legoland Florida is in Winter Haven. [Times file  photo]
  5. Jordan Park to get $20 million makeover and new senior housing

    Real Estate

    By WAVENEY ANN MOORE

    Times Staff Writer

    ST. PETERSBURG —The St. Petersburg Housing Authority, which bought back the troubled Jordan Park public housing complex this year, plans to spend about $20 million to improve the 237-unit property and construct a new three-story building for …

    Jordan Park, the historic public housing complex, is back in the hands of the St. Petersburg Housing Authority. The agency is working to improve the 237-unit complex. But the latest plan to build a new three-story building for seniors will mean 31 families have to find new homes. [LARA CERRI   |   Tampa Bay Times]