Is Amazon Cloud a breeding ground for hack attacks?

Earlier in the week, we reported that Sony were compromised by hackers renting servers from Amazon. This hacker used Amazon's Elastic Computer Cloud (EC2) service to attack Sony's online entertainment systems last month. The intruder set up a fake name to use the account, and managed to get away with it. Amazon have since disabled the account. It asks an important question however, will Amazon change anything?

The incident is one of the biggest hacks in history, being the second largest online data breach in U.S. History. Jeff Bezos, Amazon's cloud computing service is inexpensive and very deadly in the wrong hands. The Sony breach is an indication of just how deadly, with over 100 million customer accounts potentially compromised.

Pete Malcolm, chief executive officer of Abiquo, Inc, a company based in California who specialise in helping customers manage data internally and through cloud computing said “Anyone can go get an Amazon account and use it anonymously. If they have computers in their back bedroom they are much easier to trace than if they are on Amazon’s Web Services.”

Sony have hired three security firms to investigate the breach and are working with law enforcement officials. Sony are still dealing with the aftermath of the incident and many customers have lost faith in the brand name and the online services they provide.

Bloomberg has said that they feel the Federal Bureau of Investigation will more than likely subpoena Amazon to seek a search warrant to access the history of transactions and to trace who had access to the internet address at the time and get details on payment data. You can be sure that if this person is smart enough to hack into Sony's network that he (or she) has covered their tracks.

Amazon Web Services lease computing space to companies so they don't have to buy their own servers to store data or handle spikes in traffic.

Looking at Amazon's rates, EC2 services cost from 3 cents to $2.48 an hour for users in the East Coast of the U.S. When you sign up an email address, password, phone number, credit card and billing address information is required. When this is completed Amazon then send out an automated call and users have to verify with a four digit code to complete the registration.

Malcolm answered the question relating to security of the Amazon online services. “Realistically, Amazon can’t do anything to prevent it, There is no way of telling who’s a good guy and who’s a bad guy.”

These web services are a good source of income for Amazon, as they generated around $500 million last year – translating to around 1.5 percent of their income.

Why use Cloud services for hacking? They are useful because the use of multiple servers can help with processing power to crack passwords. Much more than a single home machine could ever hope to generate. Hackers can also hide behind proxies across the world, giving out fake locations, making them hard, or almost impossible to track.

The bad news is that reports indicate that malicious attacks in the U.S. are on the increase. They make up 31 percent of data breaches in 2010, up from 24 percent a year before.

Sony have kept their statements simple and to the point. They said that last months attack was “very carefully planned, very professional, highly sophisticated criminal cyber attack.” The end result of the attack has been very costly for Sony, with estimates ranging around $1 billion.

KitGuru says: How can Amazon stop this from happening again?

Become a Patron!