Rumor: Amazon Servers Aided PSN Attack

[JDKJ]

The person "with knowledge of the matter" could always be schizophrenic Fred that lives in the Pizza Shack dumpster down the street, so this information is not confirmed.

Personally, I picture a group of extremely handsome, serious hackers in a strategically dimly lit room all typing extremely fast and saying things to each other like, "I'll whip up a quick GUI so you can infiltrate their firewall and destroy their quantum bugs."
I dunno, that's just me.

Someone has been reading Cracked.

This seems like a likely candidate. From what, admittedly little, I know about hacking, they would need some massive processing power to hack PSN like they did. Far more than even the best computer that anyone on the Escapist has. Basically, I'd say it was either this or they had a virus linking multiple private PCs together without the users knowledge to produce the same basic effect. I know there's a term for that, but it escapes me.

Botnets or zombies. They link together a gaggle of compromised computers without the owners' knowledge or control (the hackers can control them via a single IRC channel). That's how DDoS attacks are launched. All those millions of zombies trying to log on to a website at the same time.

 

[Saltyk]

The person "with knowledge of the matter" could always be schizophrenic Fred that lives in the Pizza Shack dumpster down the street, so this information is not confirmed.

Personally, I picture a group of extremely handsome, serious hackers in a strategically dimly lit room all typing extremely fast and saying things to each other like, "I'll whip up a quick GUI so you can infiltrate their firewall and destroy their quantum bugs."
I dunno, that's just me.

Someone has been reading Cracked.

This seems like a likely candidate. From what, admittedly little, I know about hacking, they would need some massive processing power to hack PSN like they did. Far more than even the best computer that anyone on the Escapist has. Basically, I'd say it was either this or they had a virus linking multiple private PCs together without the users knowledge to produce the same basic effect. I know there's a term for that, but it escapes me.

Botnets or zombies. They link together a gaggle of compromised computers without the owners' knowledge or control (the hackers can control them via a single IRC channel). That's how DDoS attacks are launched. All those millions of zombies trying to log on to a website at the same time.

See? I knew what I was talking about even if I didn't know what I was talking about.

Thanks for filling in the blank for me. Couldn't this same concept be used to hack computers as well, though? I was pretty sure that I've heard of such things.

 

[BabyRaptor]

OK, but if anybody actually tries to blame Amazon...Ugh. I'm so sick of this crap.

 

[sheic99]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

 

[JDKJ]

The person "with knowledge of the matter" could always be schizophrenic Fred that lives in the Pizza Shack dumpster down the street, so this information is not confirmed.

Personally, I picture a group of extremely handsome, serious hackers in a strategically dimly lit room all typing extremely fast and saying things to each other like, "I'll whip up a quick GUI so you can infiltrate their firewall and destroy their quantum bugs."
I dunno, that's just me.

Someone has been reading Cracked.

This seems like a likely candidate. From what, admittedly little, I know about hacking, they would need some massive processing power to hack PSN like they did. Far more than even the best computer that anyone on the Escapist has. Basically, I'd say it was either this or they had a virus linking multiple private PCs together without the users knowledge to produce the same basic effect. I know there's a term for that, but it escapes me.

Botnets or zombies. They link together a gaggle of compromised computers without the owners' knowledge or control (the hackers can control them via a single IRC channel). That's how DDoS attacks are launched. All those millions of zombies trying to log on to a website at the same time.

See? I knew what I was talking about even if I didn't know what I was talking about.

Thanks for filling in the blank for me. Couldn't this same concept be used to hack computers as well, though? I was pretty sure that I've heard of such things.

I'd assume so but don't take my word for it. Hacking computers ain't exactly my area of expertise.

 

[JDKJ]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

Are you sure about that? That doesn't appear to be entirely clear at this point in time. I'm thinking that it could just as likely be for the lulz. Or to make some twisted political point. Or a disgruntled ex-employee. Or George Hotz? Who knows?

 

[sheic99]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

Are you sure about that? That doesn't appear to be entirely clear at this point in time. I'm thinking that it could just as likely be for the lulz. Or to make some twisted political point. Or a disgruntled ex-employee. Or George Hotz? Who knows?

At this point I'd have to dig through a bunch of news stories, but I remember Sony did confirm that Credit Card information was stolen.

 

[JDKJ]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

Are you sure about that? That doesn't appear to be entirely clear at this point in time. I'm thinking that it could just as likely be for the lulz. Or to make some twisted political point. Or a disgruntled ex-employee. Or George Hotz? Who knows?

At this point I'd have to dig through a bunch of news stories, but I remember Sony did confirm that Credit Card information was stolen.

Yes, that's true. But that doesn't explain "why" the credit card information was stolen. Just like if a thief steals a car, it doesn't explain "why" he stole it. He may have wanted to chop it up and sell off the parts so he could afford to send his mother on an all-inclusive three-day cruise of the Caribbean. Or he may just have decided that he wanted to drive home instead of walking all the way.

 

[kajinking]

Lol, hackers in the olden days had to hack a bunch of zombie servers to set up an attack, now you can just rent them, casualisation is hitting all fronts it seems

So you mean for a mere $14.99/week I can bring down the Pentagon's network and erase all the data on wallstreet?

 

[sheic99]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

Are you sure about that? That doesn't appear to be entirely clear at this point in time. I'm thinking that it could just as likely be for the lulz. Or to make some twisted political point. Or a disgruntled ex-employee. Or George Hotz? Who knows?

At this point I'd have to dig through a bunch of news stories, but I remember Sony did confirm that Credit Card information was stolen.

Yes, that's true. But that doesn't explain "why" the credit card information was stolen. Just like if a thief steals a car, it doesn't explain "why" he stole it. He may have wanted to chop it up and sell off the parts so he could afford to send his mother on an all-inclusive three-day cruise of the Caribbean. Or he may just have decided that he wanted to drive home instead of walking all the way.

There's not a whole lot that you can do with credit car numbers though. If he was in it for the challenge, then why would he want those. He was already in the system.

 

[dnadns]

See? I knew what I was talking about even if I didn't know what I was talking about.

Thanks for filling in the blank for me. Couldn't this same concept be used to hack computers as well, though? I was pretty sure that I've heard of such things.

Botnets are primarily used for four different kinds of tasks:

- spam mails
- dDOS Attacks
- proxy services
- distributed hashtable cracking

dDOS and spam are the most prominent uses and the Amazon service was most likely used for simple traffic generation to overload PSN servers.
The latter two are only really used for cracking attempts where a proxy service basically obfuscates your entry path (think, instead of breaking in yourself, you hire someone who hires another one to break in).
Hashtable cracking is used for breaking encrypted passwords. While someone might use them to crack a single password faster, it is usually more commonplace to calculate so-called rainbow tables which are basically a dictionary of hashes and the cleartext name. The tables themselves are then used in a dictionary attack which saves the time of calculating hashes and simply works quicker.

I guess that the attackers used a botnet as a proxy to break in via direct exploits to vulnerable software. The sony statement said that they elevated their priviliges afterwards (you only have the rights of the service you attacked, initially) and worked their way through multiple servers. The statements also notes that admins got curious as multiple machines started rebooting, which can be taken as a sign the exploits did backfire and bring some services down.
They still got through, though, and downloaded the userdata which may or may not be cracked with the method mentioned above.
While some people on the internet seem to know more and say that passwords of users were not encrypted, i don't recall reading that in any official statement and just assume that those were hash'ed at least.

Hope that clarifies things a bit

 

[JDKJ]

Interesting disguise but I just hope to god there's some way it can be traced down to the person who did it (fool's hope I know.)

I'm just getting so tired of this c**p and want the PSN to return so I can enjoy a nice weekend of Battlefield:BC2.
What I find most irritating is the hacker didn't even have a point. S/he just did it for the sake of making people's lives hell.

Give some small credit though...least my coursework is getting done faster than it normally would

The hacker did have a point. Money. You can make quite a chunk of change for the amount of Data that was stolen

Are you sure about that? That doesn't appear to be entirely clear at this point in time. I'm thinking that it could just as likely be for the lulz. Or to make some twisted political point. Or a disgruntled ex-employee. Or George Hotz? Who knows?

At this point I'd have to dig through a bunch of news stories, but I remember Sony did confirm that Credit Card information was stolen.

Yes, that's true. But that doesn't explain "why" the credit card information was stolen. Just like if a thief steals a car, it doesn't explain "why" he stole it. He may have wanted to chop it up and sell off the parts so he could afford to send his mother on an all-inclusive three-day cruise of the Caribbean. Or he may just have decided that he wanted to drive home instead of walking all the way.

There's not a whole lot that you can do with credit car numbers though. If he was in it for the challenge, then why would he want those. He was already in the system.

If for no other reason than the credit card information was most likely to be the information that was encrypted or otherwise more securely stored than all other information. If the asshole is doing it for the sheer challenge and can walk away with usable credit card information, then they've risen to a higher challenge than merely walking any with e-mail addresses.

 

[Steve the Pocket]

Ironic. Wasn't AWS itself hacked just about a week before PSN was?

 

[Jaime_Wolf]

Ah "cloud computing" again. And this time the impossibly vague term gets a sinister undertone too! Translating the pointless terminology of the article and Amazon: there's some nebulous evidence that the perpetrators used hardware and bandwidth rented from Amazon to enable the attack.

 

[Arizona Kyle]

that is pretty clever and sneaky, although it is really annoying for PS3 owners, it was well done

Disclaimer: I am in no way supporting the action of the hacker/s, i am just stating that they were pretty cunning

Hacker FanBoy... >.>

LOL just messing with you

And ya it was hella cunning on there part and ill bet that they didnt just use this as a base im sure there was alot of points of attack on the PSN as well

 

[Arizona Kyle]

that's old news... since yesterday i've been hearing about that... now that PSN, Amazon and Square Enix got hacked, what will happen next? a UNATCO anti hacking police?

#%^&@ Now they are going to do that

 

[AngryMongoose]

I like how you put it "An anonymous source". It seems to imply "An Anonymous source" without actually saying it.

 

[GonzoGamer]

Bloomberg reports that an anonymous source "with knowledge of the matter" says that EC2 services were used to attack Sony.

Nice, they use the exact same line in tabloids when they are talking about what celebrities are doing.

I get the feeling Anon is trying to become a celebrity.
I guess the psn attack was their equivalent of a coke fueled, hotel room trashing, hooker bender.