14 DAY TRIAL // Unnamed sources close to the Sony PlayStation Network data breach investigation claim the hackers launched their attack from Amazon's EC2 platform.
Bloomberg reports that attackers used a fake identity to rent a server on Amazon's cloud computing platform and used it to hack into Sony's systems.
According to the news outlet, Sony, Amazon and the FBI refused to comment on this claim, but said that all leads are being pursued.
Unfortunately there are no details about how Amazon's service was used in the attack, whether its computing power was actually leveraged in some way by the attackers.
It might well be that Sony leveraged Amazon's EC2 for some services and hackers decided to proxy through a server on the same platform in order to bypass IP restrictions or hide their traffic as friendly activity.
Either way, Sony described the attack, which led to the compromise of personal and financial records of over 77 million customers, as carefully planned, very professional and highly sophisticated.
Following the security breach, the PlayStation Network and Qriocity services were taken offline and have remained like that for 23 days and counting, to the dismay of PlayStation users.
A week later the company revealed that Sony Online Entertainment (SOE) systems which include the gaming servers for popular MMORPG games like EverQuest and DC Universe Online, were also compromised, and took them offline too.
Amazon's Elastic Compute Cloud (EC2) platform has been used for cyber attacks before. Back in 2009, someone used the service to host a command and control (C&C) server for a ZeuS-based botnet.
Then last year, a German security enthusiast named Thomas Roth, leveraged its computing power to demonstrate brute-force WPA key cracking attacks at a speed of 400,000 attempts/second.