Close
Report Comment to a Moderator Our Moderators review all comments for abusive and offensive language, and ensure comments are from Verified Users only.
Please report a comment only if you feel it requires our urgent attention.
I understand, report it. Cancel

Third cyber-attack on Sony planned - rumour

Fri 06 May 2011 8:36am GMT / 4:36am EDT / 1:36am PDT
Online

Online gossip points to new breach, as U.S. Congress hears expert testimony

Sony Computer Entertainment

Sony Computer Entertainment is a Japanese videogame company specialising in a variety of areas in the...

playstation.com

Online reports suggest that a group of hackers are planning a third wave of attacks on Sony this weekend, apparently as "retaliation" for Sony's handling of the original security breach.

According to CNET, discussion on IRC channels suggest that hackers already have access to some Sony servers. It is claimed they plan to publicise all or some of the information they copy from Sony's servers - potentially including customer names, addresses, and credit card numbers.

CNET suggests that the third attack will be by "the same group of hackers that was able to infiltrate the PSN servers", but does not speculate on whether they are associated with the Anonymous collective - as suggested by Sony Computer Entertainment boss Kaz Hirai.

In related news Purdue University security expert Dr. Gene Spafford has claimed in a report to the U.S. Congress House Energy and Commerce Subcommittee (PDF) that many companies and organisations that store large amounts of user data routinely run outdated operating systems without sufficient protection.

Although Spafford referred to the PlayStation Network incident he admitted he had no first-hand knowledge of Sony's security precautions, but he did offer this general summary of industry attitudes:

"My personal conclusion from reviews of reports in the press and discussions at professional meetings is that operators of these systems... continue to run outmoded, flawed software, fail to follow some basic good practices of security and privacy, and often have insufficient training or support."

Online reports claim that Sony was running an outdated version of the Apache Web server software without a firewall when it was originally attack, although this is still yet to be substantiated.

31 Comments

Stuart Cripps Creative Lead, Evolution Studios

2 0 0.0
When will these imbeciles realise how much they are hurting the consumer they claim to protect/serve!?

Posted:3 years ago

#1

Justin Titus Writer

13 0 0.0
Guess this will be a good test of Sony's new system. I find it hard to believe the already have server access, if all the servers are currently offline.
My guess its just glory seekers, I mean anyone can claim this stuff, lets see what happens.

Posted:3 years ago

#2

Andrew Goodchild Studying development, Train2Game

1,253 418 0.3
But it's flawless logic hey? They are claiming this is in retalliation for Sony's handling of the last attack, suggesting they are sticking up for the consumer, but then threaten to publish user data.
I doubt the perpetrators will all get caught, but if some do, I hope the book will be thrown at them, after all, it shouldn't be some civil case this time, that can be settled out of court, it will presumably be a criminal case.

Posted:3 years ago

#3

Justin Titus Writer

13 0 0.0
Yeah this is a criminal case and not a civil case. Kind of stupid to basically announce you are coming, I would guess the FBI will be watching.

Posted:3 years ago

#4
Some wannabes probably think it's a good idea to do this attack to gain notoriety, they will try and fail. Sony will then come out with a "Well our new system is foolproof, they tried to hack it and failed miserably" statement at which point a bunch of proper hackers will think "Oh really?" And so on and so forth...

Posted:3 years ago

#5

SenZ Freelance Writer 4Gamers.be

12 0 0.0
They are proving their point the wrong way, and by doing so hurting the consumer.. This is very sad news.

Posted:3 years ago

#6

Jim Webb Executive Editor/Community Director, E-mpire Ltd. Co.

2,270 2,439 1.1
Did 3 of you guys just suggest the hackers were from Anonymous when Anonymous has repeatedly said they have nothing to do with these hacks? Come on, fellas. This is why information gets skewed across the Internet so easily.

Posted:3 years ago

#7
It might be annonymous, it might be a splinter group or it might indeed be a group acting like annonymous, nontheless a file has been found which point in their direction, if it was them or not remains to be seen.

I feel nothing for these hackers, who claim they're helping the consumer but they're not helping at all, they wanna tackle the big bad companies that supposedly nobody can touch, yet they can get away with everything...get a life please...

EDIT: edited for typo's

Edited 2 times. Last edit by Joffrie Diependaele on 6th May 2011 1:01pm

Posted:3 years ago

#8

Jake Clayton

54 0 0.0
Its not exactly the most trustworthy company in the world who has found this file remember.

and harming customers goes against everything anonymous is about, and so its either being framed by sony, (seriously wouldn't surprise me, their immature attitude to security and the way they smack talk everyone all the time) or being framed by some hackers. (would surprise me to be honest)

Posted:3 years ago

#9

Jim Webb Executive Editor/Community Director, E-mpire Ltd. Co.

2,270 2,439 1.1
Sure, the hackers are certainly being as much a public nuisance as they are a corporate nuisance but I don't think the "file" found on the server proves much since any hacker could post that there. And why leave a file announcing your involvement only to say you had nothing to do with it? Sounds to me like a scapegoat file to point investigators away from themselves and toward Anonymous.

Posted:3 years ago

#10

Andrew Goodchild Studying development, Train2Game

1,253 418 0.3
@ Jimmy. Re:"Did 3 of you guys just suggest the hackers were from Anonymous when Anonymous has repeatedly said they have nothing to do with these hacks? "
Bit confused, this comment was the first mention of Anonymous on the cooment thread :/
If I was one of the 3 you refered to I was in no way linking Anonomous, in any way. I was refering to the threats reported on here, and the hackers that made them. I'd guess the other comments were doing the same.

Posted:3 years ago

#11

Paul Shirley Programmers

178 150 0.8
If Sony have fixed their mistakes this is little more than an annoyance.

If Sony were premature in relaunching this is a timely reminder and a chance for them to reconsider.


Another little snippet Sony don't want publicised: anonymous called off the DDOS when it became obvious they were hurting PSN customers more than Sony. While that doesn't stop the large number of pissed off Sony customers continuing the attack, anonymous look like they care about Sony's customers a lot more than Sony did. Not surprising really, anonymous are flash mob vigilantes not criminals.

Posted:3 years ago

#12

Andrew Goodchild Studying development, Train2Game

1,253 418 0.3
@Jake, so you keep insisting Anonymous are stand up guys and a force for good. Whilst I do not think they did this attack (it looks more financially oriented), did I miss something, or did some members of anonymous not dig up Howard Stringer's family details and encourage people to harass/cyber-bully his kids? Does not going after his children seem as ethical as going to an animal rescue to kick puppies?

Posted:3 years ago

#13
Aye well as I said it might be anyone, and as said before it might be Sony looking for a scapegoat, it might be annonymous lying, it might be an other group acting as Anon, we'll never know, but I do not place my trust in the word of a hacker group, nor the lies a big corporation spews out.

Point is, hack has been done, we got our details out, Sony got rep damage, people can't play their PS3's online, etc etc...

Was it really worth it to prove their security was weak? Nobody should be pointing us out they have weak security by hacking it. Whoever it was they're criminals, even if Sony is trying to blame someone for it, the hackers behind it are criminals.

In a perfect idialistic world nobody would need security as there would be no thefts or crimes, ofc we all know this is wishfull thinking as it will never happen, either way, the hackers had no bussiness on Sony's servers the 1st time (Anon) and the 2nd time (Hackers) and perhaps the 3rd time.

They don't need to protect the consumer, We didn't ask for their help, they don't need to make an example...

I'm quite annoyed by this matter as these hackers just hide behind a PC unable to trace them, so whats next after Sony, they might aswell hack anything and still get away with it...and even if Anon is worried about the consumer, this probably hasnt been done by Anon, so that means there are more dangerous hacker groups out there that we should be worried about, where does it end...?

Edited 4 times. Last edit by Joffrie Diependaele on 6th May 2011 4:22pm

Posted:3 years ago

#14

James Verity

132 25 0.2
I think Sony should ditch keeping all Customer Details, and just use PSN cards for everything...

Posted:3 years ago

#15

Andrew Goodchild Studying development, Train2Game

1,253 418 0.3
If they stopped keeping card details, they would lose a lot of sales. People have to think about buying a card, then remember to do so as well as finding time to go to a store. When I buy digital games I 9 times out of ten do it spur of the moment. And just becuase sony stop keeping details, that wouldn't give Microsoft, Steam or Apple an incentive to follow suit. So the result is that for people who pay by card, PSN would be more hassle to buy games on than their major rivals.

Posted:3 years ago

#16

Joe Neate Producer, SUMO Digital

3 0 0.0
" potentially including customer names, addresses, and credit card numbers."

So also, potentially NOT publishing ANYTHING of the sort, but just other confidential Sony information which would be harmful to the company and not the consumer?
If they've said they're going to publish consumer details, please provide a source for that, and if not, let's not scaremonger, tabloid-style, eh?

Posted:3 years ago

#17

Phil Stewart Studying Games Design & Production Management, University of Abertay Dundee

2 0 0.0
I severely doubt they can do anything just now as PSN is down. Probably just more idiots trying to scare the consumers. If there is a better security system being put in place by Sony I can only pray that if there is 'another attack' that they get caught out royally and to the point they never get to even touch any sort of computer related stuff ever again.

Posted:3 years ago

#18

Anthony A Studying Msc Management, Lancaster University

5 0 0.0
"nor the lies a big corporation spews out."

Everyone lies. "Big" corporations are by no means unique in that regard.

Sounds like a bunch of idiots just doing more to damage Sony's consumers. Sad.

Posted:3 years ago

#19

Nicholas Russell writer

23 0 0.0
So, anyone else feel like turning vigilante, arming yourself with a torch and pitchfork, and hunting down this new group of hackers with a bloodlust usually reserved for Mortal Kombat?

Posted:3 years ago

#20

Jim Webb Executive Editor/Community Director, E-mpire Ltd. Co.

2,270 2,439 1.1
Nicholas, I'm just as pissed at Sony for not keeping their Apache up to date. It's free software. Why leave it vulnerable? The last stable release was over 6 months ago. They were even warned of the attack back in February.

Posted:3 years ago

#21
Sony's Failure to provide useful updates and not patches to their network. It wouldn't be surprised if you actually looked at their network from the developer side and it was pretty basic stuff protecting your valuable information ounce you got through the network jargon.

Then to Jimmy "Why leave it vulnerable?" Isn't that a simple business question? Its cheaper and it works.(was working) Why fix something thats not broken.(Now broken which is why their fixing it.)

Posted:3 years ago

#22

Jim Webb Executive Editor/Community Director, E-mpire Ltd. Co.

2,270 2,439 1.1
Part of being a network administrator is balancing the costs of upgrading software (and hardware) vs the costs of an attack. Given that their vulnerability was with the Apache server and that's free software, I find absolutely no excuse for leaving it vulnerable. As we are seeing, the costs of an attack far outweigh the costs of the software update. And Sony has hired new network administrators that understand that.

Posted:3 years ago

#23

Stefan Pettersson Specialist Consultant, Fat Tuna

77 19 0.2
It's obvious where Sony put their money.

You can't jailbreak a PS3 by hardware as far as I know.

But you can hack both Sony Online and PSN and get 100+ million user accounts.

It's Sony responsiblity to keep their customers data safe, and they failed miserably. Now face the consequences. I don't support the hackers, but I blame Sony for not keeping my data (and credit card!) safe.

Edited 1 times. Last edit by Stefan Pettersson on 6th May 2011 8:00pm

Posted:3 years ago

#24

David Amirian Writer

59 3 0.1
when a store is robbed i blame the owner for not having more security rather than the people who went in and robbed it all.

Posted:3 years ago

#25

Jamie Watson Studying Bachelor of Games & Interactive Entertainment, Queensland University of Technology

179 0 0.0
i agree with the others, this is some simple "oh no hackers attacked sony" its sony having bad method in place to protect customers against theft of data like this.

piece of advice - Sony,next time dont go shouting "out system is hack proof" because that is how you get the hackers (the bad ones_ to do something like this.

@stefan: you cant hack the PS3 by hardware mods (like you used to back in the PS2,xbox 1 days) but you can still jailbreak the system (not PSN etc, but the console itself)

Posted:3 years ago

#26

Adam Yaure Studying MSc Games Programming, University of Hull

18 0 0.0
Hopefully they can defend against the hackers this time with the help of those top security firms.
Feels like end of the world if the hackers manage to win lol.

Posted:3 years ago

#27

Gregory Hommel writer

91 53 0.6
I would not dare to guess who's behind this attack. Although two Anonymous veterans have stated that it's "likely that newer members of the group are responsible." All I know is that this is a broad attack on Sony. This was to, and still will be the year Sony takes back any market share it lost on the PS3. This new console has been running into brick walls since it's inception. No one gave it any credit. Not for it's specs. Not for it's options. Now years later not even for it's superior capabilities. There has been a mass effort to stall the momentum of this console so it is no surprise at all that when the cycle was about to run it's course, and Sony was going to end up on top, something "awful" popped up. In my opinion all that has really happened is light has been shed on just how addicted approx. 75 million users, including me, are to online gaming.

Posted:3 years ago

#28

Stefan Pettersson Specialist Consultant, Fat Tuna

77 19 0.2
David, seriously - you can't compare a store with the id-theft of 100+ million user accounts due to lax security. It's Sonys responsibility to keep user data safe and they failed so of course they should pay if their data is used in id-theft. If you can't keep user data safe, don't keep user data at all. Now go catch the hackers!

Posted:3 years ago

#29

Ben Meadows Senior QA Engineer, Thomson Reuters

7 0 0.0
I thought the FBI was working on this case? Is it really that hard to find the guys who broke into the servers in the first place? I know about proxies and all that jazz but there has to be something that the FBI can go on here. If some people were caught and punished to the full extent of the law I doubt anyone else would be making threats about hacking Sony.

And to Sony... three letters... RSA! I do not understand how you can allow remote access to servers without basic protection in place. There is no way that you should ever allow people to access a server's file structure without further authenticating their identity, especially when people's credit card information is at stake. Ridiculous!

Posted:3 years ago

#30

Tom Keresztes Programmer

682 335 0.5
@Ben,

All you need to hide your identity is to use public or WiFi networks without protection. Buy an USB network adapter, pay via cash, and the chance of identification converges to nil. Keep moving (around a big city), and it takes a genius (or a carefuly written software) to even identify the MAC adapter in question...

Posted:3 years ago

#31

Login or register to post

Take part in the GamesIndustry community

Register now