A pair of Senate Democrats called on the Federal Trade Commission Thursday to investigate whether Amazon violated federal law by neglecting to secure the breached servers Capital One rented from the tech giant during the July hack that compromised millions of Americans’ personal information.
Sens. Ron Wyden, D-Ore., and Elizabeth Warren, D-Mass., penned a letter to FTC Chairman Joseph Simmons, urging him to open an investigation into how potential negligence from Amazon could’ve caused that attack. The senators note that the Capital One hacker used a popular cyberattack technique—server side request forgery, or SSRF—to steal the data from servers the bank was leasing from Amazon’s cloud-based computing platform, Amazon Web Services.
“Amazon knew, or should have known, that AWS was vulnerable to SSRF attacks. Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to businesses, government agencies, and to the general public,” the senators wrote. “As such, Amazon shares some responsibility for the theft of data on 100 million Capital One customers.”
The senators attached correspondence they received in August from the technology company, in which Amazon acknowledges that the incident exploited an SSRF vulnerability. Warren and Wyden wrote that two of the company’s largest competitors, Google and Microsoft, have equipped their products with mandatory protections against SSRFs for years.
The senators also said that it’s likely that the tech giant was aware that its AWS products could be threatened by such ..
Support the originator by clicking the read the rest link below.
