There's no information in the article about how they did it - whether using EC2 was actually necessary (because they needed a lot of processing power) or whether they just used it to cover their tracks a bit further (using a stolen credit card, and connecting to the instance through a set of proxies). Without that, this is about as useful as saying that the attack was launched from a server running Linux.