[tptacek]

One article I saw implicated a Rackspace server in the attacker's side of event. I presume that meant Slicehost.

If I was breaking into computers "off the clock", I'd probably look to just-a-CC# no-questions-asked hosting providers (probably overseas) as my staging ground. This is something new. Commodity virtualized VPS systems like Slicehost are an awfully convenient way to launder attacks.

It's only been in the last couple years that VM slices have been so quick and easy to buy.

[cmelbye]

Right, that's why cloud services like EC2 and Rackspace Cloud Servers are being used for stuff like spam. Spammer can just buy a temporary instance for a few cents then take it down. That's also why many "cloud IPs" are being added to some spam blacklists, unfortunately.

[ErrantX]

End of last year we had someone attacking a clients network using commodity server instances.

If you can figure out a cut-out way to pay for the server time then there isn't much anyone can do to track it without getting on the ground and forcing local police forces into at least trying to make some headway.

So in effect it is kinda the same as it used to be (overseas, no questions providers) but instead of the servers being the overseas bit it is just the payment (and I guess they rely on the fact intrusion is hard to detect, unlike say spam, coupled with the sheer number of people buying instances daily now).

(our stuff led to Eastern Europe so it is unrelated - but the principle is similar).

[mikeliu]

Except to pay for one of these, you still pay via credit card, paypal, etc. that links to real identifiable info. I was wondering why, if one of the attackers instances were discovered by google, they didn't just hand it over to the authorities and have them get a subpoena for the account info? or maybe they did

[rms]

If you can stage an attack like this, you can steal credit card numbers or phish your way to a Paypal account

[tptacek]

Not that it matters (I'm sure if they're actually paying for VM's they're using stolen cards), but you can trade cash for anonymous credit card numbers in a number of places. Simplest example: Google "Vanilla VISA".