Posts Tagged ‘Amazon’

Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles

Friday, January 10th, 2014

EC2 service helps hackers bypass measures designed to protect LinkedIn users

LinkedIn is suing a gang of hackers who used Amazon’s cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day.

“Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,” company attorneys alleged in a complaint filed this week in US District Court in Northern California. “This practice, known as ‘scraping,’ is explicitly barred by LinkedIn’s User Agreement, which prohibits access to LinkedIn ‘through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.'”

With more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams. The allegations in the lawsuit highlight the unending tug-of-war between hackers who work to obtain that data and the defenders who use technical measures to prevent the data from falling into the wrong hands.

The unnamed “Doe” hackers employed a raft of techniques designed to bypass anti-scraping measures built in to the business network. Chief among them was the creation of huge numbers of fake accounts. That made it possible to circumvent restrictions dubbed FUSE, which limit the activity any single account can perform.

“In May and June 2013, the Doe defendants circumvented FUSE—which limits the volume of activity for each individual account—by creating thousands of different new member accounts through the use of various automated technologies,” the complaint stated. “Registering so many unique new accounts allowed the Doe defendants to view hundreds of thousands of member profiles per day.”

The hackers also circumvented a separate security measure that is supposed to require end users to complete bot-defeating CAPTCHA dialogues when potentially abusive activities are detected. They also managed to bypass restrictions that LinkedIn intended to impose through a robots.txt file, which websites use to make clear which content may be indexed by automated Web crawling programs employed by Google and other sites.

LinkedIn engineers have disabled the fake member profiles and implemented additional technological safeguards to prevent further scraping. They also conducted an extensive investigation into the bot-powered methods employed by the hackers.

“As a result of this investigation, LinkedIn determined that the Doe defendants accessed LinkedIn using a cloud computing platform offered by Amazon Web Services (‘AWS’),” the complaint alleged. “This platform—called Amazon Elastic Compute Cloud or Amazon EC2—allows users like the Doe defendants to rent virtual computers on which to run their own computer programs and applications. Amazon EC2 provides resizable computing capacity. This feature allows users to quickly scale capacity, both up and down. Amazon EC2 users may temporarily run hundreds or thousands of virtual computing machines. The Doe defendants used Amazon EC2 to create virtual machines to run automated bots to scrape data from LinkedIn’s website.”

It’s not the first time hackers have used EC2 to conduct nefarious deeds. In 2011, the Amazon service was used to control a nasty bank fraud trojan. (EC2 has also been a valuable tool to whitehat password crackers.) Plenty of other popular Web services have been abused by online crooks as well. In 2009, for instance, researchers uncovered a Twitter account that had been transformed into a command and control channel for infected computers.

The goal of LinkedIn’s lawsuit is to give lawyers the legal means to carry out “expedited discovery to learn the identity of the Doe defendants.” The success will depend, among other things, on whether the people who subscribed to the Amazon service used payment methods or IP addresses that can be traced.

Source:  arstechnica.com

Amazon is said to have tested a wireless network

Friday, August 23rd, 2013

Amazon.com Inc. (AMZN) has tested a new wireless network that would allow customers to connect its devices to the Internet, according to people with knowledge of the matter.

The wireless network, which was tested in Cupertino, California, used spectrum controlled by satellite communications company Globalstar Inc. (GSAT), said the people who asked not to be identified because the test was private.

The trial underlines how Amazon, the world’s largest e-commerce company, is moving beyond being a Web destination and hardware maker and digging deeper into the underlying technology for how people connect to the Internet. That would let Amazon create a more comprehensive user experience, encompassing how consumers get online, what device they use to connect to the Web and what they do on the Internet.

Leslie Letts, a spokeswoman for Amazon, didn’t respond to a request for comment. Katherine LeBlanc, a spokeswoman for Globalstar, declined to comment.

Amazon isn’t the only Internet company that has tested technology allowing it to be a Web gateway. Google Inc. (GOOG) has secured its own communications capabilities by bidding for wireless spectrum and building high-speed, fiber-based broadband networks in 17 cities, including Austin, Texas and Kansas City, Kansas. It also operates a Wi-Fi network in Mountain View, California, and recently agreed to provide wireless connectivity at Starbucks Corp. (SBUX)’s coffee shops.

Always Trying

Amazon continually tries various technologies, and it’s unclear if the wireless network testing is still taking place, said the people. The trial was in the vicinity of Amazon’s Lab126 research facilities in Cupertino, the people said. Lab126 designs and engineers Kindle devices.

“Given that Amazon’s becoming a big player in video, they could look into investing into forms of connectivity,” independent wireless analyst Chetan Sharma said in an interview.

Amazon has moved deeper into wireless services for several years, as it competes with tablet makers like Apple Inc. (AAPL) and with Google, which runs a rival application store. Amazon’s Kindle tablets and e-book readers have built-in wireless connectivity, and the company sells apps for mobile devices. Amazon had also worked on its own smartphone, Bloomberg reported last year.

Chief Executive Officer Jeff Bezos is aiming to make Amazon a one-stop shop for consumers online, a strategy that spurred a 27 percent increase in sales to $61.1 billion last year. It’s an approach investors have bought into, shown in Amazon’s stock price, which has more than doubled in the past three years.

Globalstar’s Spectrum

Globalstar is seeking regulatory approval to convert about 80 percent of its spectrum to terrestrial use. The Milpitas, California-based company applied to the Federal Communications Commission for permission to convert its satellite spectrum to provide Wi-Fi-like services in November 2012.

Globalstar met with FCC Chairwoman Mignon Clyburn in June, and a decision on whether the company can convert the spectrum could come within months. A company technical adviser conducted tests that showed the spectrum may be able to accommodate more traffic and offer faster speeds than traditional public Wi-Fi networks.

“We are now well positioned in the ongoing process with the FCC as we seek terrestrial authority for our spectrum,” Globalstar CEO James Monroe said during the company’s last earnings call.

Neil Grace, a spokesman for the FCC, declined to comment.

If granted FCC approval, Globalstar is considering leasing its spectrum, sharing service revenues with partners, and other business models, one of the people said. With wireless spectrum scarce, Globalstar’s converted spectrum could be of interest to carriers and cable companies, seeking to offload ballooning mobile traffic, as well as to technology companies.

The FCC issued the permit to trial wireless equipment using Globalstar’s spectrum to the satellite service provider’s technical adviser, Jarvinian Wireless Innovation Fund. In a letter to the FCC dated July 1, Jarvinian managing director John Dooley said his company is helping “a major technology company assess the significant performance benefits” of Globalstar’s spectrum.

Source:  bloomberg.com

Failure Cascading Through the Cloud

Wednesday, May 4th, 2011

Two major outages illustrate how complicated it is to keep a cloud system up and running

Recently two major cloud computing services, Amazon’s Elastic Compute Cloud and Sony’s PlayStation Network, have suffered extended outages. Though the circumstances of each were different, details that the companies have released about their causes show how delicate complex cloud systems can be.

Cloud computing services have grown in popularity over the past few years; they’re flexible, and often less expensive than owning physical systems and software. Amazon’s service attracts business customers who want the power of a modern, distributed system without having to build and maintain the infrastructure themselves. The PlayStation Network offers an enhanced experience for gamers, such as multi-player gameplay or an easy way to find and download new titles. But the outages illustrate how customers are at the mercy of the cloud provider, both in terms of fixing the problem, and in terms of finding out what went wrong.

The Elastic Compute Cloud—one of Amazon’s most popular Web services—was down from Thursday, April 21, to Sunday, April 24. Popular among startups, the service is used by Foursquare, Quora, Reddit, and others. Users can rent virtual computing resources and scale up or down as their needs fluctuate.

Amazon’s outage was caused by a feature called Elastic Block Store, which provides a way to store data so that it works optimally with the Elastic Compute Cloud’s virtual machines. Elastic Block Store is designed to protect data from being lost by automatically creating replicas of memory units, or “nodes” within Amazon’s network.

The problem occurred when Amazon engineers attempting to upgrade the primary Elastic Block Store network accidentally routed some traffic onto a backup network that didn’t have enough capacity. Though this individual mistake was small, it had far-reaching effects that were amplified by the systems put in place to protect data.

A large number of Elastic Block Store nodes lost their connection to the replicas they had created, causing them to immediately look for somewhere to create a new replica. The result was what Amazon calls “a re-mirroring storm” as the nodes created new replicas. The outage worsened as other nodes began to fail under the traffic onslaught, creating even more orphans hunting for storage space in which to create replicas.

Amazon’s attempts to fix the problem were stymied by the need to avoid interference with other systems. For example, Elastic Block Store doesn’t reuse failed nodes, since the engineers who built it assumed they would contain data that might need to be recovered.

Amazon says the problem has led to better understanding of its network. “We now understand the amount of capacity needed for large recovery events and will be modifying our capacity planning and alarming so that we carry the additional safety capacity that is needed for large scale failures,” the team responsible for fixing the network wrote in a statement.

However, some experts question whether this will really help prevent future outages. “It’s not just individual systems that can fail,” says Neil Conway, a PhD student at the University of California, Berkeley, who works on a research project involving large-scale and complex computing platforms. “One failure event can have all of these cascading effects.” A similar problem led to a temporary failure of Amazon’s Simple Storage Service in 2008.

One of the biggest challenges, Conway says, is that “testing is almost impossible, because by definition these are unusual situations.” He adds that it’s difficult to simulate the behavior of a system as large and complex as Amazon Web Services, or even to know what to simulate.

Conway expects companies and researchers to look into new ways of testing abnormal situations for cloud computing systems. “The severity of the outage and the time it took [Amazon] to recover will draw a lot of people’s attention,” he says.

Sony’s PlayStation Network, an online gaming platform linked to the PlayStation 3, has yet to be fully restored after its outage on April 20. The company took it down in response to a security breach and has been frantically reworking the system to keep it better protected in the future. In a press release, Sony offered some details of its progress to date. The company has added enhanced levels of data protection and encryption, additional firewalls, and better methods for detecting intrusions and unusual activity.

For both Sony and Amazon, these struggles are happening in public, under pressure, and under the scrutiny of millions. Systems as complex as cloud services are going to fail, and it’s impossible to anticipate all the conditions that could lead to trouble. But as cloud computing matures, companies will build more extensive testing, monitoring, and backup systems to prevent outages resulting in public embarrassment and financial loss.

Source:  MIT Technology Review

Amazon’s iPhone barcode scanner takes impulse buying to a new level

Wednesday, October 13th, 2010

Amazon for iPhoneThe latest version of Amazon Mobile, 1.2.8, contains a barcode scanner in its search screen. As with barcode scanners in other mobile apps, Amazon Mobile uses your iPhone’s camera to take in a product’s zebra-striped barcode. Amazon’s servers then find a match, and after you select the item, you can sign in to your account to purchase the product on the spot.

As on the regular Amazon Web site, you’ve got gift options and a choice of multiple shipping addresses. Just like before, you can also add the product to your wish list or cart for later purchasing.

Although the app won’t clear your latest search until you enter a new one, we would like the option of reviewing previously scanned items for later reference, especially if we find ourselves without the product later on.

Amazon’s iPhone app isn’t the first to match barcodes to items in a database, of course, and shopping comparison apps have existed for a couple of years. However, Amazon’s addition will be an effective way to convert barcode scanning into concrete sales with the touch of a finger. As one colleague commented, “Amazon just made the world its showroom.”

It’s a sure bet that the online superstore hopes this iPhone app will help prop up its flagging second-quarter earnings, which failed to meet Wall Street’s expectations.

Amazon Mobile is free. Barcode scanning wiAmazon for iPhonell work on iPhone 4 and iPhone 3GS devices running iOS 4.

Source:  http://reviews.cnet.com/8301-19512_7-20019420-233.html