Hey, You Should Read This: Sony Responds to Congress

  • 118 results
  • 1
  • 2
  • 3
Posted by patrickklepek (2212 posts) -

Sony's answers to Congress spanned eight pages, with plenty of new details on the attack.
When Congress knocks, you answer. Sony has filed their response to a subcommittee inquiry regarding the PlayStation Network security intrusion, which I've spent the morning reading through and pulling the most relevant details.

The company has continued to face criticism over waiting several days to inform consumers about the intrusion on their personal data. Early in the document, PlayStation executive Kaz Hirai answered that critique directly.

"Sony Network Entertainment America immediately hired a highly regarded information technology firm and supplemented that firm with additional expertise and resources over several days," explained Hirai. "Sony Network Entertainment then released information to its customers we we and those experts believed that information was sufficiently confirmed. The truth is that retracing the steps of experienced cyber attackers is a highly complex process that takes time to carry out effectively."

Hirai's answers provide an update on the evidence Sony has against the intruders. The popular theory has been infamous hacker organization Anonymous, who declared their intentions to disrupt Sony's operations, following a lawsuit against hacker GeoHot, who essentially cracked the PlayStation code. Anonymous had publicly distanced itself from the PSN debacle, but Sony points to tangible evidence.

== TEASER =="When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen," said Hirai, "it also discovered that the intrduers had planted a file on one of the servers named 'Anonymous' with the words 'We are Legion.'" 

Asked point blank whether it had positively identified the intruders, however, the company could not.

According to Sony's timeline, the hackers--possibly Anonymous--gained access while its servers were experiencing denial of service attacks. The company became aware on April 19 at 4:15 p.m. PST, with systems performing unscheduled reboots. Sony claims its response to the attack was slow due to the "sophistication of the intrusion" and the attack funneled through a "system software vulnerability." Sony was unable to determine whether those who gained access during the denial of service attacks were knowingly working in cahoots with the people actually perpetuating the denial of service attacks.

Sony informed the FBI on April 22. At the time, the company says it didn't know the full extent of the attack and scheduled a meeting to inform law enforcement on April 27. On April 26, Sony collected what it knew, published some details to the public and contacted regulatory agencies in states nationwide.

And while Sony still cannot rule out whether credit card information was definitely not taken, it has received no reports of mass fraud from any financial institutions assumed to be connected to PSN. The company believes 10 million credit cards were exposed but cannot determine if details were taken.

"Our forensics team have not seen queries and corresponding data transfers of the credit card information," said Hirai.

How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States.

Sony's congressional answers represent our best look yet into the who, what, where and whys of the PSN attack. It's too bad Sony didn't make this same information available to its 77 million consumers.
#1 Posted by patrickklepek (2212 posts) -

Sony's answers to Congress spanned eight pages, with plenty of new details on the attack.
When Congress knocks, you answer. Sony has filed their response to a subcommittee inquiry regarding the PlayStation Network security intrusion, which I've spent the morning reading through and pulling the most relevant details.

The company has continued to face criticism over waiting several days to inform consumers about the intrusion on their personal data. Early in the document, PlayStation executive Kaz Hirai answered that critique directly.

"Sony Network Entertainment America immediately hired a highly regarded information technology firm and supplemented that firm with additional expertise and resources over several days," explained Hirai. "Sony Network Entertainment then released information to its customers we we and those experts believed that information was sufficiently confirmed. The truth is that retracing the steps of experienced cyber attackers is a highly complex process that takes time to carry out effectively."

Hirai's answers provide an update on the evidence Sony has against the intruders. The popular theory has been infamous hacker organization Anonymous, who declared their intentions to disrupt Sony's operations, following a lawsuit against hacker GeoHot, who essentially cracked the PlayStation code. Anonymous had publicly distanced itself from the PSN debacle, but Sony points to tangible evidence.

== TEASER =="When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen," said Hirai, "it also discovered that the intrduers had planted a file on one of the servers named 'Anonymous' with the words 'We are Legion.'" 

Asked point blank whether it had positively identified the intruders, however, the company could not.

According to Sony's timeline, the hackers--possibly Anonymous--gained access while its servers were experiencing denial of service attacks. The company became aware on April 19 at 4:15 p.m. PST, with systems performing unscheduled reboots. Sony claims its response to the attack was slow due to the "sophistication of the intrusion" and the attack funneled through a "system software vulnerability." Sony was unable to determine whether those who gained access during the denial of service attacks were knowingly working in cahoots with the people actually perpetuating the denial of service attacks.

Sony informed the FBI on April 22. At the time, the company says it didn't know the full extent of the attack and scheduled a meeting to inform law enforcement on April 27. On April 26, Sony collected what it knew, published some details to the public and contacted regulatory agencies in states nationwide.

And while Sony still cannot rule out whether credit card information was definitely not taken, it has received no reports of mass fraud from any financial institutions assumed to be connected to PSN. The company believes 10 million credit cards were exposed but cannot determine if details were taken.

"Our forensics team have not seen queries and corresponding data transfers of the credit card information," said Hirai.

How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States.

Sony's congressional answers represent our best look yet into the who, what, where and whys of the PSN attack. It's too bad Sony didn't make this same information available to its 77 million consumers.
#2 Posted by SIL (6 posts) -

I just love it...

#3 Posted by Tesla (1945 posts) -

This looks like the work of one Crash Override.

#4 Posted by DriveupLife (919 posts) -

fucking 4chan.

#5 Posted by Chumm (245 posts) -

Looks like that Kaz quote wasn't transcribed right, got a "we we", shoudl be ". We" I think

#6 Posted by Meltbrain (2976 posts) -

I feel like they should have disclosed this to the consumers as well.

#7 Posted by brocool (701 posts) -

Send Hobbs after them

#8 Posted by Hamz (6846 posts) -

Seem's like Sony just can't catch a break lately.

#9 Posted by krazy_kyle (715 posts) -

Anonymous are just a bunch of nerdy computer geeks who think they are doing justice, but instead they are wasting people's time and inconveniencing others.
#10 Posted by Seraphim84 (415 posts) -

Anonymous is really more of a not-organization.


Whatever the case, Sony still should've been more upfront no matter how bad the situation is.
#11 Posted by AuthenticM (3803 posts) -
@brocool said:
" Send Hobbs after them "
#12 Posted by StriderNo9 (1149 posts) -

Wow, this keeps getting uglier. So Sony says they have evidence.

#13 Posted by BoneChompski (242 posts) -

Sony relied on point of entry protection and did not deploy sufficient heuristic or otherwise internal monitors.  The problem that this intrusion has exposed is that Sony has a bull $h!t attitude towards safety and sub-competent IT management.

#14 Posted by THRICE (167 posts) -

Every time someone mentions Anonymous I immediately envision them less Matthew Lilliard in Hackers and more the player killer from the Make Love Not WarCraft episode of South Park. 

#15 Posted by MuttersomeTaxicab (676 posts) -
@Tesla said:
"This looks like the work of one Crash Override. "


Well shit on me. *puts on mirrorshades*

 

...

 

 

....

 

.....

 

......

 

 

 

YEAHHHHHHHHHHHHHHHHHHHHHHHH.

#16 Posted by umdesch4 (771 posts) -
@Chumm said:
" Looks like that Kaz quote wasn't transcribed right, got a "we we", shoudl be ". We" I think "
I read it as "when we", as he's trying to justify the delay in getting info out.
#17 Posted by Refugee (24 posts) -

Reportedly the attack was due to a documented send_mail bug in an out dated version of Apache.

#18 Posted by wickedsc3 (1046 posts) -

The very last sentence says it all. 

#19 Posted by TadThuggish (912 posts) -
#20 Posted by SBYM (1219 posts) -

Damn you, Zero Cool!

#21 Posted by Bumpton (457 posts) -

Now, I don't have a PS3 or anything, but this whole thing has been super entertaining to read. I'd be kind of annoyed if it happened to XBL... I don't really play any multiplayer stuff though, so I can't imagine freaking out too much.
#22 Posted by Double0hFor (410 posts) -

Sony should stick to TVs and surround sounds

#23 Posted by MaFoLu (1859 posts) -

Just because they found a file named Anonymous doesn't have to mean they were really behind it, right? I mean the hackers could have put that there to mislead them.


Or maybe they didn't, but it's possible...
#24 Posted by Undeadpool (4997 posts) -

Just remember: they stole your information and credit card numbers (and probably sold them) for YOUR benefit! They're sticking it to The Man by selling your info! Now THANK THEM!

#25 Posted by phish09 (1110 posts) -

Did Patrick write this article?  Just asking because of the final line "How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States."  I take it Patrick is not trying to say it is any less of an inconvenience for people that don't live in the States, and he is writing the article from in the States, however, this is the internet and it is not inherently American.  So I'm reading this article in Canada, and I read "Here in the States" and I think to myself "What does he mean?  We're reading this in Canada". 

Not a big deal or anything...but with online journalism I think it's should be assumed that your audience is going to be worldwide and the writing should probably reflect that in some way or another.

#26 Posted by Kjellm87 (1722 posts) -

  While I'm not a fan of this "Anonymous", I think that file seems a little too perfect.
There could be someone else who puts the blame on them.

#27 Posted by Nazgul11 (2 posts) -
@brocool said:
" Send Hobbs after them "
#28 Posted by Slaker117 (4843 posts) -

This ordeal continues to be crazy.

Online
#29 Posted by Commando (1877 posts) -

Maybe they'll finally be able to shut down 4chan. They're just a bunch of attention whores.

#30 Edited by Milkman (17320 posts) -

At this point, I think it's everyone's best interest to just get goddamn PSN back up and running. Fuck 4chan and all this other bullshit. As a customer, what it comes down to is that I just want to play my damn games.

#31 Posted by NoXious (1353 posts) -
@phish09:
This letter from Sony is to Congress. You know, the American one, so the response is as literal as it gets. This is the response Sony gives to the US Congress, that the potential Credit Card fraud might not be as big as they expected because of the "low" amount of them being from the US.
It baffled me but that's how Sony looks at it, fuck it that we lost the PRIVATE DATA of 77 million customers across the World.
#32 Posted by guypussy (29 posts) -
 Asked point blank whether it had positively identified the intruders, however, the company could not.

But, but, the text file they left!
#33 Posted by Schlorgan (257 posts) -

"We Are Legion?"
FUCK! IT'S THE REAPERS!!!

#34 Posted by Milkman (17320 posts) -

That being said, I hope the FBI busts into every basement of every mother of every 14 year old responsible for this and makes the little bitches cry. 

#35 Posted by LittlemanBodie (126 posts) -

Is it just me or does it seem like the same story is now being posted everyday?

#36 Posted by Chumm (245 posts) -
#37 Posted by Nomin (983 posts) -

Sony better prop up some military AI into their ICE so even a Kuang grade virus can't infiltrate it. 

#38 Posted by CapnMikeM (13 posts) -

i have zero confidence that the PSN is coming back any time soon.  I think, in their minds, having to answer to Congress has bought them more time.  Would be shocked to see the service back up before next Monday.

#39 Posted by dagas (2928 posts) -

Why would they leave a file and then claim they had nothing to do with it? Makes no sense. Either they would leave the file and claim responsibility or not leave a file and not claim responsibility. 

#40 Posted by mordukai (7185 posts) -

Doesn't the congress have better things to do ? I guess when the government you work in and the country you "work for" is that perfect then you need something to fill the time. 

#41 Posted by Jayzilla (2571 posts) -

I am glad(at the moment) that I don't own a PS3 or play any SOE games. Hackers need to start getting punished to the letter of the law though. Hurting people's entertainment is dumb.

#42 Posted by LoktarOgar (410 posts) -

"We are Legion"
next story posted on GiantBomb:
"Mass Effect 3 Delayed into Early 2012"

Sony not too keen on having Anonymous representative Legion in Mass Effect 3, forces Bioware to take him out of the story. Lair of the Shadow Broker pretty much confirmed that Legion's into hacking servers.

#43 Posted by crusader8463 (14429 posts) -

Why is it just the US legal system doing stuff about this? Last time I checked this affected the entire world.

#44 Posted by HydraHam (1338 posts) -
@Undeadpool said:
" Just remember: they stole your information and credit card numbers (and probably sold them) for YOUR benefit! They're sticking it to The Man by selling your info! Now THANK THEM! "
Anon proved to the world along time ago they aren't for the people, they are for themselves and i will say it again, FUCK everyone involved with, FUCK anon and at night i pray to god FBI knocks down the basement doors and drags them from their parents basement and locks them up.

I hope they get everything coming to them because they are nothing but petty no-life mother fuckers.
#45 Posted by blackjosh (55 posts) -
@Chumm said:
" Looks like that Kaz quote wasn't transcribed right, got a "we we", shoudl be ". We" I think "
so all this time kaz was french! holy shit.

mindsploded
#46 Posted by Milkman (17320 posts) -
@Mordukai said:
" Doesn't the congress have better things to do ? I guess when the government you work in and the country you "work for" is that perfect then you need something to fill the time.  "
Millions of people had their credit card information potentially stolen. To us, it may just seem like "oh, those silly video games." But this could be huge issue.
#47 Posted by CrazedJoker (321 posts) -

My email has started sending people weird spam shit. Kinda of wondering if this has to do with PSN...

#48 Posted by Jensonb (1769 posts) -

It's high time someone knocked Anonymous down a peg. Even if they're only being framed for the intrusion - and there's no way of knowing if they are or not - the DDoS was their doing.

#49 Posted by MrAristocrates (194 posts) -
@guypussy:  It's impossible to know whether it's a member of Anonymous who thought it would be amusing to screw everyone else over, or just the real hacker trying to frame someone. Poorly.
#50 Posted by quicksand31 (72 posts) -

props for using the word "cahoots."

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.