Sony Says Playstation Blog Attacked in Revenge for Lawsuit Against Hacker

http://www.bloomberg.com/news/2011-05-11/sony-playstation-blog-access-disrupted-after-security-boost.html

Sony Corp. (6758), struggling to restore online entertainment services after a record theft of user data, said its PlayStation blog has been partially disrupted after the website was attacked by hackers.

Sony boosted the blog’s security system following attacks on the site last month, Makiko Noda, a spokeswoman for the Tokyo-based company, said by phone today. The new system is likely the reason why some access by users outside the U.S. has been denied, she said.

The maker of PS3 game consoles was targeted in a “large- scale, coordinated denial-of-service attack” in April by the group called Anonymous in a protest against Sony for suing a hacker, Kazuo Hirai, the company’s executive deputy president, said in a statement last week. The PlayStation blog was among the services attacked, Noda said.

Japan’s biggest exporter of consumer electronics took down its PS Network and Qriocity services April 20 because of data theft affecting 77 million users. Sony Online Entertainment, a U.S. unit that offers online games, also shut its network May 1 after discovering personal information from approximately 24.6 million accounts may have been compromised.

Nevermind the fact that Sony was running its PSN on unpatched, outdated and unsecured servers and that they failed to address these issues when they were brought up 3 months prior to the credit-information-revealing attack (with which Anonymous denies any involvement). http://slashdot.org/story/11/05/05/1455249/Sony-Running-Unpatched-Servers-With-No-Firewall

the timing of the two attacks for some member of Anon to not be involved even if the group as a whole didn't plan it. I have no patience for hackers, they are not heroes in the slightest.

I've had too many personal run-ins with the basement crawlers. They're criminals just like any other thief.

but that still doesn't mean that they aren't victims of this, but yes, the penalty for the benefit of getting all that money/cc info is you get the blame when it's compromised.

The fact that hackers were even able to compromise their server and the information stored there says a lot about their coding skills and security. I'm not saying it's impossible to hack into any site but there should be failsafes in place to prevent this large amount of data theft. There should have been some warning they were being hacked and the hackers should have been immediately shut out.

I'm not saying the hackers who took them down and stole the data aren't responsible for their actions as well but Sony needs to take their share in the blame too and I haven't heard much from them on that front. It amazes me it's actually taking them this long to get things back online and that is very telling about how bad the system was in the first place.

I think Sony has gotten a ton of blame for this, and the hackers very little.

Sony should have had a better handle on the situation theres no doubt in that, but in the end this is the hackers fault. Saying that its 100% Sony's fault is like saying the people who died in a terrorist attack are responsible for not protecting themselves enough.

When you give over your information to a website, you have a right to feel as though that information is protected and the company holding that information has a duty to protect that information. It's nothing like a terrorist attack at all. There's a reason why that information is hidden behind SSL, it's to show the end-user (in this case PSN customers) that the information they've given that website is safe. When you walk into a building or onto a plane, prior to 9-11 anyway, there was no assurance that you were safe. You took an acceptable risk leaving your house.

Sony was using outdated security protocols, period and that makes them highly culpable and why people keep pointing it out. No matter how good a hacker is, they should NEVER be able to get that much data from a server.

http://massively.joystiq.com/2011/05/05/expert-says-sony-knew-of-psn-security-weakness/

"During his testimony, Spafford claimed that Sony was well aware of the security holes in the PlayStation Network, asserting that PSN was using old software that was "unpatched and had no firewall installed." He also noted that these security issues were brought to the table in a Sony-moderated forum, but no action was taken as a result."

the DOD would never see their sites hacked, and yet...

Again, agreed that Sony should have done better, but the main crime/criminal is/are the hackers.

up to snuff. I'll reiterate that he hackers are the criminals in this but, IMO as a web professional, the fact that Sony was using outdated software and didn't have the info behind a firewall is criminal as well. Because they didn't safeguard the information as they should have, almost 100 million people had their information stolen. This isn't a situation where Sony couldn't have prevented this, it could have been totally prevented, or at least with better software and a firewall, could have lessened the impact to the end-user.

totally prevented. There are ways for hackers to swipe information AS IT PASSES from the consumer to the database. Heck, the standard is to not store some of this information online at all, much less behind a firewall, but that in no way guarantees that a good hacker couldn't get the information, it just makes it harder.

I will reiterate that Sony will pay for not having minimally adequate protections, although I will note that as of yet no one has reported actual credit card fraud (not that I don't check my bank account daily!) and they've offered or will offer reportedly fraud monitoring for the next year free with a 1 million dollar insurance policy for anyone who ends up being defrauded. That plus the freebies they will offer should soak most if not all damage (although it still won't stop some folks from, understandably, simply not trusting Sony again).

But at the end of the day, if someone robs a bank, I'm more prone to blame the bank robbers then the bank that had old security systems. Both are at fault, but one is a lot more at fault then the other.