Tuesday, May 3, 2011

Sony hacked again, before PSN is back, Insiders to blame?

It’s bad news piled on top of bad news for Sony.
Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, the company said on Monday. More than 20,000 credit card and bank account numbers were also put at risk. This is in addition to the recent leak of over 70 million accounts from Sony’s PlayStation Network and Qriocity services.
“We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyberattack,” Sony wrote in a statement on its website on Monday.
Sony Online Entertainment is a division of the company that publishes online multiplayer games like the recently released DC Universe Online. Sony turned off all SOE game services Monday after it learned of the intrusion.
Sony said that the compromised personal information includes customers’ names, addresses, e-mail addresses, birth dates, gender, phone numbers, logins and hashed passwords.
Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses. This information was stored in what Sony said was an “outdated database from 2007.”
Hackers may have had this information for more than two weeks now. The intrusion occurred April 16 and 17, Sony said.

Sony hacked again, before PSN is back

As part of a strategic decision to reduce costs and streamline its global workforce, SOE announced today that it will eliminate 205 positions and close its Denver, Seattle and Tucson studios. As part of this restructuring, SOE is discontinuing production of The Agency so it can focus development resources on delivering two new MMOs based on its renowned PlanetSide and EverQuest properties, while also maintaining its current portfolio of online games. All possible steps are being taken to ensure team members affected by the transition are treated with appropriate concern.
This strategic decision will have no impact on SOE's current portfolio of live games; additionally SOE will transition development efforts for the Denver and Tucson studios’ suite of products to its San Diego headquarters. This strategic alignment of development resources better positions SOE to remain a global leader in online gaming and deliver on its promise of creating entertaining games for players of all ages, and servicing the 20 million players that visited SOE servers in just the past year.

Sony to lay off 250 jobs in Sony Online Entertainment

When Sony finally admitted that the PSN shut down was the result of an “external intrusion” to their network, and not just the result of “widespread outages” as was first reported, my first thought was that Sony had been hacked by a small group of teenagers who carried out the act from the basement of their parent’s home. That is, after all, the general description of hackers given to us by today’s mainstream media.
As the days went by that first impression of who the dastardly hackers are that were responsible for the attack began to change because of some of Sony’s own statements. While Sony has not commented on who they think is responsible, there are some signs that seem to point to this hack being an inside job.
While browsing through the PSN hack Q&A posted on the PlayStation Blog one answer jumped out at me as being a little strange.
Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.
Initially this sentence made me chuckle because I had this mental image of Jack Tretton and Kevin Butler frantically trying to secure Sony’s servers by personally carrying them down the street to their new location. After the laughter subsided it occurred to me that moving the physical location of the data center didn’t make much sense when dealing with an outside threat.
If Sony had really been the target of an “external” hack, wouldn’t it make more sense to concentrate on securing the network rather than actually moving the physical location of the equipment? After all, the whole benefit to the hacker from making their attack from the outside is that it doesn’t really matter where the physical location of the server is. They can just kick back in Mom’s basement and carry out the attack from there.
Then when thinking about other statements Sony has made things really started to not add up. For example, the day that Sony found the hack, they shut down the services and brought in outside experts to figure out what went down. Now I’m sure there are many reasons to bring in outside people to look at the situation, but why do this on that very first day? Wouldn’t it make sense for Sony to have their own people try and figure out what happened before turning things over to some outside agency? That is, of course, unless there was some suspicion that the threat was still at the company.


Of course this could be a crazy coincidence, but many sites are reporting that Sony iced ~ 200 employees from ... get this -- their online (SOE) division! Whaaat? Really?
Come turnover time, March 31st, 2011, Sony issued 2-week notice layoffs and if you look at a calendar two weeks later is around the same time Sony shut down shop ... give or take a few days.
Out of 200 online now ex-employees, I'm sure someone would have the necessary know-how to pull this off. Very possible, but again it's circumstantial.

Blogs and syndicated news suggesting that the laid off employees may have aided in hacks

So it looks like the initial Sony hacks may or may not have been facilitated by employees that were to be laid off, but if you think about it, laying off mass numbers of employees would easily explain the shoddy security that was enacted on the PSN network, and how these hacks could be completed without detection. I'm starting to see Sony as a barebones crew of 20-something "Security Experts" that are fresh out of college, while they're laying off all the senior security experts that actually knew all the flaws/vulnerabilities that were ingrained in the PSN and SoE systems. The Seniors would have known that the systems needed patching and monitoring, but the newbies would have their amateur ignorant bliss would assume that the systems are completely secured and patched before they were handed over into their incompetent hands.

But what do you think after reading these articles?


MJ to IM said...

wow again??

Maquina said...

Sneaky motherfuckers

Ozzy said...

Too bad for Playstation fanboys.

d0t said...

Wow I love how it went from:
No need to worry PSN is just down .... to

Hackers took it down, but they just took it down...to
Those hackers MIGHT have gotten account info, but not CC's ...to

Yeah they got all your account info, but still no CCs... to

70 million CCs may be compromised...to

A few thousand CCs were definitely compromised

Anonymous said...

It seems 7/10 bloggers are PS owners; maybe that's the reason for the increase in blogs - since you can't do anything else ;p

Fortune said...

That's some good police work there Lou.

James said...

Poor ps owners. Will it ever end?

Furril said...

thats what you get for trying to stop hackers form using what they pay for :(

Post a Comment