Sony PlayStation Network Hacked Again - Another massive data breach

 

Hacker groups such as Anonymous has attacked many different targets

The hacker group known as Lulz Security has leapt to prominence by carrying out a series of attacks on Sony, Nintendo, and broadcasters Fox and PBS.

What is Lulz Security? Like many hacker groups, LulzSec appears to be a loosely organized collective in which no-one is really in charge.
It claims to specialize in finding poorly protected websites to attack. Information they steal is sometimes posted to the web.
Sony has been prominent among its victims. In early June Lulz Security broke into the servers behind the sonypictures.com, sonybmg.nl and sonybmg.be websites.
The group gained access to around one million user accounts and published details of several thousand online.
Why Lulz? Lulz is a corruption of the famous web abbreviation

The logo of Lulz Security suggests the group does not take what it does too seriously

LOL which stands for "Laugh Out Loud".
Humour forms part of the group's agenda, as outlined on its website.
"Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year," declares a message on the front page.
The humour references seem to be intended to separate the group from others that hack for money.
But not everything LulzSec does is for the fun of it.
The group also hacked the website of America's Public Broadcasting Service because it made a documentary critical of Wiki-leaks.
Who are they? No-one knows.
The internet and the web make it easy to be superficially anonymous and LulzSec has done a good job of hiding its tracks.
We do not even know if it is a group or just an individual with lots of time on their hands.
How long has LulzSec been active? Since early May.
One of the first documents the group posted was a list of US X Factor contestants complete with names, date of birth, e-mail addresses and phone numbers.
However, it is impossible to know whether members of Lulz Security were active in other groups before they joined this one.
It is possible that LulzSec was formed by people who were disillusioned with other groups and wanted to cause a stir on their own. Members of LulzSec may also still be part of other hacking groups.
Can't they be tracked down? Not really.
Net analysis suggests that the computers handling their website are located in Palo Alto, California. However, it is easy to administer a website from far away, so that is no guide to their location.
Some have tried to look at the group's Twitter stream to see when they post messages and to work out their time zone.
Even that could be misleading because the Tweets could be posted automatically or by a member of the group in that part of the world.
Any reasonably competent hacker group will pipe what they do through a series of machines that sit in different jurisdictions to complicate any attempt to track them down.
LulzSec are likely to find themselves getting more attention from law enforcement following their recent attack on Unveillance, a non-profit organization affiliated to the FBI.
How good are they at what they do? Hard to say.
The tricks they have used to winkle out information from websites are well-known and tools to carry them out are available for free all over the net.
In the case of the recent Sonypictures.com hack, the group used an SQL injection - a relatively straightforward attack on the website's log on system.
Their success may have more to do with the security failings of their targets than it does with their command of computer code.
Are there lots of hacking groups? Hundreds.
They range from disinterested academics and professionals through teenage trouble-makers to out-and-out criminals.
At one end of the scale are "white hat" hackers who find vulnerabilities and inform website owners so they can fix them
"Black hat" hackers represent the other extreme - they are typically criminals or hackers working for criminals looking to access information for profit.
In the middle are "Grey hat" hackers who are generally intent on mischief making. At the moment, LulzSec seems to fall into this category.

Related post:
Hackers Have Stolen Name and Passwords PSN

PlayStation Network Back up : After outage wrap-up (update)

After the huge PlayStation Network Security Breach and weeks of little to no communication between Sony and their customers. Now Playstation Network is back up and running in some states in the U.S. at least. It is currently up in California, New York, Vermont, New Hampshire, Massachusetts, Rhode Island, Connecticut, New Jersey, and more as of the time this article was written and the Playstation blog will keep users updated with a map that shows where the service is up and down inside the United States. In the states that have the Playstation Network service running, though, there may be problems connecting because it will take time for the servers to “populate fully.” It was just yesterday that, while recording a podcast, we discussed how long it would take for Sony to bring the Playstation Network services completely back up and guessed that it would be by the beginning of Summer. Now Sony has taken their sweet time bringing it back up. As Sony said, it should be back up for the whole U.S. by the end of May. For foreign users we have no news yet. View the Sony Playstation Network updating map.
PlayStation Network has finally back online yesterday in many Territories. But some believe that PlayStation Network should remain offline for security reasons

Sony President and CEO Howard Stringer apologizes for the trouble caused by PSN downtime

In an open letter on the PlayStation Blog, Sony President and CEO Howard Stringer apologizes for the trouble caused by PSN downtime and explains what the company is doing to make up for it.

Sony Chairman, President and Chief Executive Officer Howard Stringer, the big cheese himself, has something he wants to say. He knows you're frustrated with the PlayStation Network fiasco, and he wants you to know that Sony is throwing everything it has into investigating the attack and getting its services back online. Unfortunately, he doesn't appear to have any idea about when that might actually happen.

But the news isn't all bad. Stringer said there's no evidence at this point that any stolen credit card information has been misused and also confirmed that U.S. PlayStation Network and Qriocity customers will be enrolled in the AllClear ID Plus identity theft protect program, that includes a $1 million insurance policy against identity theft, for one year at no charge.
A "Welcome Back" package will be offered to customers as well once the services are back online, which will include a month of free PlayStation Plus membership for all PSN customers and an extension of existing PlayStation Plus and Music Unlimited subscriptions to make up for lost time. Other as-yet-unrevealed benefits will also be offered.

Stringer acknowledged that it was "fair" to question whether the company waited too long to notify its customers of the breach, but said it acted as quickly as it could. "As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened," he explained. "I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had - or had not - been taken."


"As a company we - and I - apologize for the inconvenience and concern caused by this attack," he wrote. "Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible."

Stringer's open letter to PSN customers can be read in full at the U.S. PlayStation Blog

Most of us hardcore online players are left to wonder what is gonna happen with the PSN Network.
What to do with your PlayStation if there is no Network?
Sone has to get a move on if they don't want to loose more customers.
the good thing about the PSN is that it will still be free. some members were rumoring that Sony was planning all this to be able to start charging it's customers for the Network, as Xbox Live does with it's customers. I'm sure they will take advantage of this opportunity to cash-in on the PSN downtime...

Which has been ruled out by Sony, the service will continue to be free!
When Will it be fully restored?

The PlayStation Network ( PSN ) is Still Down -Anonymous Claims Innocence -

When Will the PlayStation Network be back up and running in at all. What group could have done this?
Sony's PlayStation Network being down, entered into a fourth-day. Alot of reports indicate a Cyber attack may be at fault by a group called Anonymous.
It's been recently released, Anonymous. Claims they are not responsible for this act.

Anonymous claims they are NOT responsible for the recent hack into the PlayStation Network some four days ago.
Patrick Seybold, Sony's senior director of corporate communications and social media, released an online post apologizing for the outage, and admitting the breach of security.
He said: 'An external intrusion on our system has affected our PlayStation Network.
'We are doing all we can to resolve this situation quickly, and we once again thank you for your patience.'

PCWorld's Keir Thomas said the phrasing Sony used - talking of an 'external intrusion' - indicated that the attack wasn't a Distributed Denial of Service (DDoS) attack, which is one of Anonymous's most popular weapons.
He wrote: 'Instead, this seems to be an individual breaking into the network and this is probably why it's taking so long to clean-up - Sony has to trace every corner of their systems affected by the hacker and repair it or restore files.'

The group said that the mishap was due to internal issues with Sony's own servers, and those fingering Anonymous were "taking advantage of Anonymous' previous ill-will towards the company." A message to the company's PlayStation blog in Europe had said that Sony was investigating "the possibility of targeted behavior by an outside party," but since had been removed.

"Sony is incompetent... While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it," Anonymous wrote in a public statement.

Sony has provided little information on what may have caused the outage other than acknowledging issues beginning on Wednesday evening, and saying in a status update on Thursday that the issue could extend through the weekend. Either way, the complication cripples the gaming console for many.

Console applications like Netflix, MLB.tv, and others require a PSN login in order to function, and now are inoperable. This week also saw several highly anticipated games, with online play, released -- Mortal Kombat and SOCOM 4 to name two -- and the latter heavily leans on the PSN and online game play.

+ leukoplast on April 22nd, 2011 at 12:13 am said:
I just hope Sony doesn’t use this as an excuse to start charging for PSN access.


Obviously, PS3 owners are not happy, criticizing the company's silence on the cause, and slowness in getting it fixed. "SONY needs better engineers to secure the PSN,"user 'Moeeed' wrote in the PlayStation Blog.