This is some shit I only had seen in the movies, its kind of dope that its actually possible for some motivated minds to fuck with corporate giants.
Part 1 begins about a week ago:
AS SURE as night follows day, Internet hacktivist group Anonymous made good on its threats and started its campaign against
Sony.
Earlier this week,
Anonymous publicly called out Sony over its handling of Playstation hacker George Hotz, better known by his Internet handle geohot. At the time Anonymous didn't mention who or what it would be targeting, but some obvious and very public targets have already been hit.
Anonymous claims it has successfully carried out a distributed denial of service (DDoS) attack on Playstation.com, the Playstation store and the
Playstation Network. However a hardcore splinter faction of Anonymous has also emerged with plans to go after Sony executives, employees and their families.
Previously Anonymous had focused on companies rather than individuals, although
ACS Law's founder Andrew Crossley and
HBGary Federal CEO Aaron Barr were personally tormented by the group. However the Anonymous offshoot calling itself Sony Recon is targeting not only high-ranking Sony employees but wants to gather information on their families.
One report claims that the Sony Recon group has
published private details regarding Robert Wiesenthal, a group executive of Sony Corporation. It also claims that one Anonymous member asked, "No one found ANY info on Stringers kids?", referring to Sony CEO Howard Stringer.
Aside from Sony websites, the Anonymous also took down the website of the law firm handling Sony's Playstation jailbreaking lawsuit against Hotz.
Sony was not willing to say whether downtime on the Playstation
Network was due to actions by Anonymous, simply providing The INQUIRER a boilerplate answer of "We are currently investigating issues with PlayStation Network, our engineers are working to restore and maintain the services, and we appreciate our customers' continued support."
Sony would not comment that Playstation.com had been knocked offline by Anonymous and whether it is taking any further precautions to protect its employees and their families.
Few will have much sympathy for Sony after its treatment of Hotz and its attempts to suppress publicly available information and those who want to view it. However, going after the families of Sony employees might be seen by some as going a step too far. ยต
Part 2: Shit gets REAL
A few days after this, the SonyPlaystation Network and Sony Entertainment Network went down completely.
Sony made no comment at all for a couple of days, while millions of users around the world who knew nothing of why this was happening started relming.
Sony finally came out and admitted they had been hacked, and the FBI issued arrest warrents for 40 'Anon' hackers.
Hacker group Anonymous said today they are not claiming responsibility for this particular outage, however.
The statement in full from Senior Director of Corporate Communications Patrick Seybold can be read below:
An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th.
Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share. |
You have ignored this user.
Anon in a humerous response denied responsibility:
A self proclaimed moderator of the PSN chimed in with his speculation based on known facts and it seemed to make some sense:
"Ok, I've seen a bunch of speculation of why people think PSN is down, and I thought I should just post what the community knows in comparison to what Sony is telling everyone. The truth is, there was a new CFW (custom firmware) released known as Rebug (
http://rebug.me). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore. Edit: To those of you saying that this is speculation, you are correct. But, it is speculation based on a lot of facts and the outcome seems to make the most sense.
1. Rebug was released on 3/31/11.
2. First guides of how to use the dev network to get back on COD games on 4/3/11. 3. Word of "shady" sites finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website). 4. PSN goes down on 4/20/11
Now, you can believe Sony's PR team which has kept you completely in the dark, or you can see the list of events above and come to your own conclusion. Now, this isn't the first time Sony has fought back against the PS3 modders from getting on PSN. A couple of months ago we had a utility called f*ckPSN that changed the necessary header information that was being sent to Sony to allow modified consoles back online. We were able to use it for about a month. Then came the new TOS, the mass e-mail to PS3 customers, and software update 3.56 and 3.60. So, once again, yes this is all speculation, but it is speculation based on previous actions and known facts."
http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/
not necessarily reputable but interesting none the less.
4 DAYS LATER Sony finally makes a statement, its about as Worst Case as Sony could have hoped for:
" Sony has finally come clean about the "external intrusion" that has caused the company to take down the PlayStation Network service, and the news is almost as bad as it can possibly get. The hackers have all your personal information, although Sony is still unsure about whether your credit card data is safe. Everything else on file when it comes to your account is in the hands of the hackers.
In other words, Sony's security has failed in a spectacular fashion, and we're just now finding out about it. In both practical and PR terms, this is a worst-case scenario.
What did they get?
Here is the data that Sony is sure has been compromised if you have a PlayStation Network Account:
* Your name
* Your address (city, state, and zip)
* Country
* E-mail address
* Birthday
* PSN password and login name
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained," Sony announced. While the company claims that there is "no evidence" that credit card information has been compromised, it won't rule out the possibility.
Their advice is to be safe, rather than sorry. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
What can you do?
You are warned to keep watch over your accounts, and to be aware of your heightened risk of fraud due to the security breach. "For your security, we encourage you to be especially aware of e-mail, telephone, and postal mail scams that ask for personal or sensitive information," the company said. "Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information."
Sony has also provided a wealth of sources for data and protection against identity theft.
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
To be fair, Sony does apologize for the inconvenience. There is still no update on when service will be restored, but that is the least of your concerns if you have a PlayStation Network account. It's time to change your passwords, at the very least, and if you're like to be completely safe it's not a bad idea to cancel your credit or debit cards and request replacements.
We'll continue to follow this story as it develops."
arstechnica.com/gaming/news/2011/04/sony-admits-utter-psn-failure-your-personal-data-has-been-stolen.ars Moral of the story: if you have your credit card details on PSN cancel it and get a new one.
And don't piss of Hackers.
No comments:
Post a Comment