Amazon's Cloud Servers Possibly Used in Sony Attack
After nearly a month offline, Sony's PlayStation Network was switched back on Sunday (May 15), though not without a couple of hiccups.
Meanwhile, a noted security expert came forward to say he had found more holes in Sony's Internet-connected internal networks, some of which could be discovered through Google searches.
And an unnamed source told Bloomberg News that the still-unidentified hackers who carried out the Sony network intrusions used Amazon's cloud-computing EC2 service as a base from which to launch the attack.
Sony's PlayStation Network, which lets users of PlayStation 3 (PS3) and PlayStation Portable game consoles play against each other, and its Qriocity entertainment service were both shut down on April 20 following the discovery of the intrusions. The shutdown affected 77 million registered users worldwide.
On May 1, Sony discovered that its Sony Online Entertainment network, which connects players of massively multiplayer online games using computers and PS3's, had also been breached. That shutdown affected 24.6 million users.
Attack from the cloud
In a story published by Bloomberg News on Friday (May 13), a source described as "a person with knowledge of the matter" said the hackers had bought time on Amazon's Elastic Compute Cloud (EC2) virtual supercomputer using a false name.
Amazon has vast networks of "cloud" servers that it rents out to third parties, ranging from long-term clients such as Netflix, which uses them to stream movies to customers, to casual users who can rent server space by the hour.
The Bloomberg story did not specify how the intruders used the EC2 service to launch the attack on Sony, but access to the service's massive and inexpensive processing power would drastically speed up "brute force" attacks against encrypted passwords.
In January, a German security researcher showed how EC2 allowed him to crack strong Wi-Fi network passwords in a matter of minutes.
The source told Bloomberg News that the Amazon EC2 account has been deactivated.
John Bumgarner, an expert with the government-funded nonprofit U.S. Cyber Consequences Unit, told Reuters in a story published Friday that Sony still had many serious flaws in its network security, including many that could be found via Google searches.
Not only did Bumgarner independently discover the "Santa Sweepstakes" Excel file that was exposed last week by a Japanese hacker, but he also found a way into a server that controlled employee logins to the Sony Pictures Entertainment servers.
Another server gave Bumgarner access to the names, Facebook identities and Internet Protocol addresses of people who played Sony games on Facebook.
Bumgarner pointed out that most of the security holes were in networks other than those penetrated by the PlayStation Network hackers, and that he had not cracked any passwords or done any real hacking.
Instead, he had simply used modified Google searches, using parameters such as "site" to limit the search to a particular domain, or "file" to limit it to specific filetypes.
Sony could have avoided such problems by using the common "robots.txt" protocol, which tells the automated "spiders" that index websites for Google and other search engines which parts of a site they should not reveal.
"No one should be able to point a Web browser at Sony and see a security management console or find their identity management system that has been indexed by Google," Bumgarner told Reuters.
Sony quietly reactivated the PlayStation Network, Qriocity and Sony Online Entertainment on Saturday evening and Sunday morning North American time, rolling out the activation bit by bit across the world.
However, because re-accessing the PlayStation Network required users to first download a firmware update to their PS3's and then change their passwords, there were some hiccups.
"We're currently experiencing an extremely heavy load of password resets, and so we recently had to turn off services for approximately 30 minutes to clear the queue," read a blog posting on the official U.S. PlayStation site on Sunday.
(Sony Online Entertainment did not ask users to update any software in its announcement, though it did require some to change their passwords.)
Kazuo Hirai, second-in-command at Sony and head of the division that includes the affected networks, addressed PlayStation Network users in flawless American English in a video posted Saturday.
"We're taking aggressive action at all levels to address the concerns that were raised by this incident," Hirai said. "Our upgraded system includes components such as advanced security technology, increased levels of encryption, additional firewalls and an early-warning detection system for any unusual activity that could signal an attack on the network."
"I wish we could have restored the network services faster, but these attacks were serious and sophisticated, and it simply took time to install and test the new security measures across our entire system," he added. "The last few weeks have been tough for all of us, and please know that we are doing everything we can to fully restore network services around the world and to regain your trust over the days, weeks and months to come."