Amazon Cloud Linked to Sony’s Recent Global Security Breach

By Caroline Dobson
Caroline Dobson
Caroline Dobson
May 16, 2011 Updated: October 1, 2015

A customer watches a monitor of Sony's videogame PlayStation 3 at a Tokyo electric shop on April 27. (Yoshikazu Tsuno/AFP/Getty Images)
A customer watches a monitor of Sony's videogame PlayStation 3 at a Tokyo electric shop on April 27. (Yoshikazu Tsuno/AFP/Getty Images)
Sony Corp.’s PlayStation Network (PSN) security breach, marking the second largest cyber-attack in U.S. history, has found a link to Amazon’s virtual cloud services.

Sony released a blog post on May 16 explaining that its PlayStation system and Qriocity operations had been reinstated since the hacking incident and subsequent closure since April 20. As a result of the outage, hackers compromised 77 million PlayStation customers’ data.

Although the Japanese electronics and entertainment company issued a public apology to its users, it claims that there have been precautionary procedures installed to prevent and warn of future attacks.

"I can't thank you enough for your patience and support during this time," said Kazuo Hirai who is the second in charge on a video message on the PlayStation Network blog.

He also said, "We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment."

It seemed a hacker utilized Amazon’s Elastic Computer Cloud, or EC2, as an avenue to interrupt the services of Sony’s online entertainment systems.

In an interview with Bloomberg, Pete Malcolm, chief executive officer of Abiquo Inc., a Redwood City, California-based company, which provides services for customers to manage information through the cloud platform, said, “Anyone can go get an Amazon account and use it anonymously. … If they have computers in their back bedroom they are much easier to trace than if they are on Amazon’s Web Services.”

The expense of operating EC2 can cost between 3 cents to $2.48 per hour for those on the East Coast of United States. The process of subscribing to the service is similar to many online products where a name, e-mail, address, password, phone number, billing contact information, and credit card details are requested. Therefore, it seems to be a convenient avenue for hackers to use this methodology to attack other online products.

The key issue highlighted by Abiquo’s Malcom is that the type of activity conducted on the cloud network is not monitored, so abuse or illegal activities can be conducted and identification of the perpetrator is challenging to identify, given the opportunity to use alias identification.

“Realistically, Amazon can’t do anything to prevent it,” Malcolm said in a Bloomberg report. “There is no way of telling who’s a good guy and who’s a bad guy.”