PlayStation Network (PS3)
Platform »
The PlayStation Network is the online service by Sony Computer Entertainment, providing downloads of games, trailers, themes and much more. The service is free, but also offers a paid version for various benefits.
Hey, You Should Read This: Sony Responds to Congress
When Congress knocks, you answer. Sony has filed their response to a subcommittee inquiry regarding the PlayStation Network security intrusion, which I've spent the morning reading through and pulling the most relevant details.
The company has continued to face criticism over waiting several days to inform consumers about the intrusion on their personal data. Early in the document, PlayStation executive Kaz Hirai answered that critique directly.
"Sony Network Entertainment America immediately hired a highly regarded information technology firm and supplemented that firm with additional expertise and resources over several days," explained Hirai. "Sony Network Entertainment then released information to its customers we we and those experts believed that information was sufficiently confirmed. The truth is that retracing the steps of experienced cyber attackers is a highly complex process that takes time to carry out effectively."
Hirai's answers provide an update on the evidence Sony has against the intruders. The popular theory has been infamous hacker organization Anonymous, who declared their intentions to disrupt Sony's operations, following a lawsuit against hacker GeoHot, who essentially cracked the PlayStation code. Anonymous had publicly distanced itself from the PSN debacle, but Sony points to tangible evidence.
== TEASER =="When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen," said Hirai, "it also discovered that the intrduers had planted a file on one of the servers named 'Anonymous' with the words 'We are Legion.'"
Asked point blank whether it had positively identified the intruders, however, the company could not.
According to Sony's timeline, the hackers--possibly Anonymous--gained access while its servers were experiencing denial of service attacks. The company became aware on April 19 at 4:15 p.m. PST, with systems performing unscheduled reboots. Sony claims its response to the attack was slow due to the "sophistication of the intrusion" and the attack funneled through a "system software vulnerability." Sony was unable to determine whether those who gained access during the denial of service attacks were knowingly working in cahoots with the people actually perpetuating the denial of service attacks.
Sony informed the FBI on April 22. At the time, the company says it didn't know the full extent of the attack and scheduled a meeting to inform law enforcement on April 27. On April 26, Sony collected what it knew, published some details to the public and contacted regulatory agencies in states nationwide.
And while Sony still cannot rule out whether credit card information was definitely not taken, it has received no reports of mass fraud from any financial institutions assumed to be connected to PSN. The company believes 10 million credit cards were exposed but cannot determine if details were taken.
"Our forensics team have not seen queries and corresponding data transfers of the credit card information," said Hirai.
How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States.
Sony's congressional answers represent our best look yet into the who, what, where and whys of the PSN attack. It's too bad Sony didn't make this same information available to its 77 million consumers.
When Congress knocks, you answer. Sony has filed their response to a subcommittee inquiry regarding the PlayStation Network security intrusion, which I've spent the morning reading through and pulling the most relevant details.
The company has continued to face criticism over waiting several days to inform consumers about the intrusion on their personal data. Early in the document, PlayStation executive Kaz Hirai answered that critique directly.
"Sony Network Entertainment America immediately hired a highly regarded information technology firm and supplemented that firm with additional expertise and resources over several days," explained Hirai. "Sony Network Entertainment then released information to its customers we we and those experts believed that information was sufficiently confirmed. The truth is that retracing the steps of experienced cyber attackers is a highly complex process that takes time to carry out effectively."
Hirai's answers provide an update on the evidence Sony has against the intruders. The popular theory has been infamous hacker organization Anonymous, who declared their intentions to disrupt Sony's operations, following a lawsuit against hacker GeoHot, who essentially cracked the PlayStation code. Anonymous had publicly distanced itself from the PSN debacle, but Sony points to tangible evidence.
== TEASER =="When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen," said Hirai, "it also discovered that the intrduers had planted a file on one of the servers named 'Anonymous' with the words 'We are Legion.'"
Asked point blank whether it had positively identified the intruders, however, the company could not.
According to Sony's timeline, the hackers--possibly Anonymous--gained access while its servers were experiencing denial of service attacks. The company became aware on April 19 at 4:15 p.m. PST, with systems performing unscheduled reboots. Sony claims its response to the attack was slow due to the "sophistication of the intrusion" and the attack funneled through a "system software vulnerability." Sony was unable to determine whether those who gained access during the denial of service attacks were knowingly working in cahoots with the people actually perpetuating the denial of service attacks.
Sony informed the FBI on April 22. At the time, the company says it didn't know the full extent of the attack and scheduled a meeting to inform law enforcement on April 27. On April 26, Sony collected what it knew, published some details to the public and contacted regulatory agencies in states nationwide.
And while Sony still cannot rule out whether credit card information was definitely not taken, it has received no reports of mass fraud from any financial institutions assumed to be connected to PSN. The company believes 10 million credit cards were exposed but cannot determine if details were taken.
"Our forensics team have not seen queries and corresponding data transfers of the credit card information," said Hirai.
How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States.
Sony's congressional answers represent our best look yet into the who, what, where and whys of the PSN attack. It's too bad Sony didn't make this same information available to its 77 million consumers.
Anonymous are just a bunch of nerdy computer geeks who think they are doing justice, but instead they are wasting people's time and inconveniencing others.
Anonymous is really more of a not-organization.
Sony relied on point of entry protection and did not deploy sufficient heuristic or otherwise internal monitors. The problem that this intrusion has exposed is that Sony has a bull $h!t attitude towards safety and sub-competent IT management.
"This looks like the work of one Crash Override. "
Well shit on me. *puts on mirrorshades*
...
....
.....
......
YEAHHHHHHHHHHHHHHHHHHHHHHHH.
Just because they found a file named Anonymous doesn't have to mean they were really behind it, right? I mean the hackers could have put that there to mislead them.
Just remember: they stole your information and credit card numbers (and probably sold them) for YOUR benefit! They're sticking it to The Man by selling your info! Now THANK THEM!
Did Patrick write this article? Just asking because of the final line "How many credit cards are even in the system? Sony says PSN account data shows 12.3 million credit cards across the 77 million registered accounts, though only 5.6 of them are here in the United States." I take it Patrick is not trying to say it is any less of an inconvenience for people that don't live in the States, and he is writing the article from in the States, however, this is the internet and it is not inherently American. So I'm reading this article in Canada, and I read "Here in the States" and I think to myself "What does he mean? We're reading this in Canada".
Not a big deal or anything...but with online journalism I think it's should be assumed that your audience is going to be worldwide and the writing should probably reflect that in some way or another.
This letter from Sony is to Congress. You know, the American one, so the response is as literal as it gets. This is the response Sony gives to the US Congress, that the potential Credit Card fraud might not be as big as they expected because of the "low" amount of them being from the US.
It baffled me but that's how Sony looks at it, fuck it that we lost the PRIVATE DATA of 77 million customers across the World.
"We are Legion"
next story posted on GiantBomb:
"Mass Effect 3 Delayed into Early 2012"
Sony not too keen on having Anonymous representative Legion in Mass Effect 3, forces Bioware to take him out of the story. Lair of the Shadow Broker pretty much confirmed that Legion's into hacking servers.
Why is it just the US legal system doing stuff about this? Last time I checked this affected the entire world.
" Just remember: they stole your information and credit card numbers (and probably sold them) for YOUR benefit! They're sticking it to The Man by selling your info! Now THANK THEM! "Anon proved to the world along time ago they aren't for the people, they are for themselves and i will say it again, FUCK everyone involved with, FUCK anon and at night i pray to god FBI knocks down the basement doors and drags them from their parents basement and locks them up.
I hope they get everything coming to them because they are nothing but petty no-life mother fuckers.
" Doesn't the congress have better things to do ? I guess when the government you work in and the country you "work for" is that perfect then you need something to fill the time. "Millions of people had their credit card information potentially stolen. To us, it may just seem like "oh, those silly video games." But this could be huge issue.
My email has started sending people weird spam shit. Kinda of wondering if this has to do with PSN...
Please Log In to post.
This edit will also create new pages on Giant Bomb for:
Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.Comment and Save
Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.
Log in to comment