The playstation breach for Sony has gotten reasonable publicity, but little intelligence on the attack, methods, and results have been shared sufficient to enable others to learn and be more resilient. A nice article on The Register details information indicating that the attackers leveraged the power of Amazon EC2 to execute the attack as paid customers.
The article can be found here http://ow.ly/1sY8TW with links to the Bloomberg article here (http://www.bloomberg.com/news/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.html)
While not new to leverage these cloud services, what is intriguing and worth deeper consideration is how much can we extend cloud beyond what is already being applied by companies and security researchers. Super computer processing; rapid instant access, and globally accessible yet still being used uncreatively to host web sites and such?!? Using the example from the article, if one can spend less than a dollar to break good encryption, could we not also leverage that for rotating keys at a similar cost benefit model?
I digress, the consideration of clouds being weaponized harks to the day of defense by blocking entire country IP address blocks. Perhaps naive in simplicity, but when customers become robots (like Amazon’s Mechanical Turk) then these cloud IP addresses need to be reconsidered. Looking forward to a greater discussion here…
(produced on iPad)