While testifying in front of the House of Representatives, Microsoft’s President Brad Smith slammed Amazon’s AWS for lack of transparency regarding the Solarwinds attack, which compromised more than 18,000 companies.
AWS admitted Thursday the SolarWinds hackers used its Elastic Compute Cloud (EC2) in their attack.
“You have other companies, some of the largest companies in our industry, that are well-known to have been involved in this, that still have not spoken publicly about what they felt,” Smith said. “There’s no indication that they even informed customers.”
Smith told Congress Microsoft has published 32 blog posts on the topic and Amazon has published nothing.
Amazon in fact refused to testify in front of Congress, with some Representatives threatening to subpoena Amazon representatives.
DomainTools Senior Security Researcher Joe Slowik said Amazon’s AWS could contribute financial information on how the SolarWinds hackers paid for its services, network traffic data showing whom the hackers interacted with on the internet, and data stored on AWS servers themselves showing what other activity the hackers were engaged in and possibly what other tools they were using.
“I’m worried that, to some degree, some other companies – some of our competitors even – just didn’t look very hard,” Smith said. “If you don’t look, you won’t find, and you’ll go to bed every night being blissfully ignorant thinking you don’t have a problem when, in fact, you do.”
“Silence is not going to make this country stronger,” Smith said. “And so, I think we have to encourage, and I think, even mandate that certain companies do this kind of reporting … We at Microsoft have been reporting this kind of information, sharing data and publishing blogs without any legal duty to do so.”