Sony PlayStation Network data breach timeline
Posted on | May 26, 2011 | 11 comments
Sony’s troubles with hackers continues. Reuters has just reported that Sony Ericsson’s Canadian eShop website was shut down by hackers, with personal data stolen from 2,000 more customers.
Earlier this week Sony disclosed that 8,500 Greek user accounts had been compromised and its sites hit in Thailand and Indonesia. That, of course, follows last month’s granddaddy denial of service attack and theft of personal data for more than 100 million customers of Sony’s PlayStation Network.
Sony CEO Howard Stringer has apologized in a letter to customers and said the company is “working with the FBI and other law enforcement agencies around the world to apprehend those responsible.â€
Sony's CEO Stringer
As a rule of thumb, corporations strive to publicly disclose as few details as they can, for as long as they can, about any data breaches they’ve suffered.
Yet the hack of Sony’s PlayStation Network has interestingly emerged as one of the most widely discussed data breaches in recent memory. Here is an illuminating timeline compiled by vulnerability management firm Lumension that may help you understand why.
Sony PlayStation breach timeline
- Apr. 20 – PlayStation experiences beginning of network outage
- Apr. 26 (9:30 a.m. PT) – PlayStation Network outage for 6 days and still no answers available for its customers
- Apr. 26 (1:00 p.m. PT) – Later that same day, Sony says billing addresses, user names, passwords and possibly credit card info belonging to its PlayStation Network Customers have been stolen
- Apr. 26 (1:00 p.m. PT) – Later that same day, Sony says billing addresses, user names, passwords and possibly credit card info belonging to its PlayStation Network Customers have been stolen
- Apr. 27 – News about how unhappy users are with the lack of information from Sony continues to run rampant and Sony is sued.
- Apr. 28 – A database of 2.2 million Sony customer credit cards is offered for sale on an underground Internet forum
- Apr. 29 – Government officials question what Sony is doing and how they will make things right with customers
- Apr. 30 – Sony PlayStation Network services announced they will be up and running later in the week and customers will get a free 30-day service and theft protection monitoring service
- May 2 – The PlayStation breach extends to Sony Online Entertainment
- May 4 – Reports surface about Anonymous’ potential involvement in the hack, but they deny it
- May 5 – NY attorney general subpoenas Sony and the same day the CEO offers the first apology and explanation for what may have happened
- May 6 – According to reports, a security expert testifies to a House subcommittee that Sony knew it was in possession of outdated security software
- May 7 – Sony says the PlayStation network might not be up and running as quickly as they thought due to more testing needed
- May 12 – Sony announces “perks†post-breach
- May 14 – Sony begins relaunch of PlayStation Network in stages
- May 16 – Japan’s government announces they are waiting for better security measures from Sony
- May 25 – Sony discloses compromise of 8,500 Greek user accounts and its sites hit in Thailand and Indonesia.
- May 27 – Sony discloses shut down and data loss from Sony Ericsson’s Canada website; data for 2,000 people, including names, email addresses and encrypted password, appear on The Hacker News web site.
Q & A with Paul Henry, Lumension security and forensic analyst
LW: What is a plausible scenario for how the Sony breach occurred?
Henry
Henry: It was initially a DDoS attack by Anonymous that failed as Sony contracted with Prolexic for DDoS defense. From the ICQ messages I have seen Anonymous knew the DDoS attacks were failing by simply looking at a trace-route for Sony traffic as the attack waned …. they were able to determine Prolexic had been engaged and had previously successfully defended multiple other Anonymous targets.
One of the last ICQ messages I read noted that Anonymous recognized the failure of the DDoS attacks and all on the ICQ chat knew they had to change tactics. It seems logical that the new tactic was a direct assault against Sony’s servers – some thing that Anonymous recently denied they were involved in, but later a rumor was circulating that a “fringe” group from Anonymous had actually done the subsequent penetration of the Sony network.
We have no hard data from Sony, but rumor has it the servers that were breached were running an old un-patched version of Apache on top of an old un-patched version of RedHat and were facing the public Internet without a firewall. This seems like it could very well have been the case because if they had a firewall and other traditional defenses in place their would have been logs that could have allowed Sony to answer the question as to whether credit card number had actually been removed from the network or not – something that they could not definitively answer.
LW: Why have data thieves begun to go after targets like Sony and Epsilon?
Henry: Sony was more of a hactivist action whereby allegedly Anonymous went after them originally because (revenge) of the legal action Sony took against the PlayStation Hacker – George Holtz. Once Anonymous or for that matter whoever it was that entered the Sony network realized that Sony had no formable defenses on their network it seems the gloves came off and they simply took revenge by plundering their environment at will.
As for Epsilon there was no hactivist motivation noted on the typical ICQ servers after the attack so I think it is safe to assume they were a target simply because of their lack of meaningful defenses.
LW: Do you expect this trend to accelerate?
Henry: Hactivism by individuals will accelerate and the next logical evolution will be State Sponsored Hactivism. We have already seen the rise of State Sponsored hacking related to intelligence gathering i.e Google Hack, etc hence States already know hacking is an effective tool to be used today and one can only expect States to support hactivist’s to drive their messages to their adversaries.
LW: What are the short term and longer term implications for companies and consumers?
Henry: Short term – it means that it is not only the intellectual property or PII you store that makes you a target – today anyone is a target if for no other reason then your political view. The bottom line is that the first to fall will be those environments that failed to exercise reasonable risk management and chose either minimal security or at best the use of yesterday’s obsolete signature based defenses i.e traditional AV, IDS & IPS.
Long term – the writing is on the wall;Â we are entering an age where as a public company how well your information is protected is clearly going to be reflected in the value of your publicly traded shares.
By Byron Acohido
Comments
11 Comments »
RSS feed for comments on this post.
Thanks to my father who shared with me about this website, this webpage is actually remarkable.
Comment by PlayStation Gossips — 2/13/2012 @ 4:08 pm
one can only expect States to support hactivist’s to drive their messages to their adversaries.
http://www.pcrow.com/
Comment by Belva Riddick — 5/11/2012 @ 12:26 am
I really love to play on games on a playstation. Gotta love those games and great graphics. *
Check out all of the most interesting write-up on our very own blog site
http://www.prettygoddess.com/
Comment by Carlita Moochler — 11/14/2012 @ 11:54 pm
A quite great information. I had been searching for it so long.
A warm thanks for the post. Really Cool.
Comment by Ethicak Hacking — 1/18/2013 @ 1:29 pm
Howdy, i read your blog from time to time and i own a
similar one and i was just wondering if you get a lot of spam remarks?
If so how do you reduce it, any plugin or anything you can advise?
I get so much lately it’s driving me mad so any assistance is very much appreciated.
Review my web site – Immigration Adviser endfiled
Comment by Immigration Adviser endfiled — 3/3/2013 @ 9:40 am
Great website. Lots of helpful info here. I am sending it to several
pals ans additionally sharing in delicious. And obviously,
thanks to your sweat!
My web-site … Immigration Advisers Barking
Comment by Immigration Advisers Barking — 3/3/2013 @ 9:49 am
Hello, just wanted to mention, I loved this blog post. It was helpful.
Keep on posting!
Comment by Workers Compensation Attorney Los Angeles — 3/3/2013 @ 9:53 am
I was curious if you ever considered changing the structure of your site?
Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better.
Youve got an awful lot of text for only having 1 or two images.
Maybe you could space it out better?
Comment by Immigration Advisers Westminister — 3/3/2013 @ 9:55 am
Very good info. Lucky me I discovered your site by accident (stumbleupon).
I’ve bookmarked it for later!
Also visit my web-site; Immigration Adviser Honslow
Comment by Immigration Adviser Honslow — 3/11/2013 @ 2:30 pm
Hmm it seems liκe уοur sіte аtе my first comment (it ωаs extгеmelу lоng) so Ι gueѕs ӏ’ll just sum it up what I had written and say, I’m thorοughly
enjoуіng yοur blog. I too am an aѕpirіng
blog bloggeг but І’m still new to everything. Do you have any tips and hints for beginner blog writers? I’d genuіnеly aρρгeсiаte
it.
Comment by auto insurance for teens — 4/8/2013 @ 3:01 pm
Hey! This is my 1st comment here so I just wanted to give a quick shout out and tell you I
truly enjoy reading through your blog posts. Can you recommend any other blogs/websites/forums that
go over the same subjects? Thanks a lot!
my site Immigration Lawyers in maidstone
Comment by Immigration Lawyers in maidstone — 4/30/2013 @ 11:50 am