Sony PlayStation Network Hacked Again - Another massive data breach

 

Hacker groups such as Anonymous has attacked many different targets

The hacker group known as Lulz Security has leapt to prominence by carrying out a series of attacks on Sony, Nintendo, and broadcasters Fox and PBS.

What is Lulz Security? Like many hacker groups, LulzSec appears to be a loosely organized collective in which no-one is really in charge.
It claims to specialize in finding poorly protected websites to attack. Information they steal is sometimes posted to the web.
Sony has been prominent among its victims. In early June Lulz Security broke into the servers behind the sonypictures.com, sonybmg.nl and sonybmg.be websites.
The group gained access to around one million user accounts and published details of several thousand online.
Why Lulz? Lulz is a corruption of the famous web abbreviation

The logo of Lulz Security suggests the group does not take what it does too seriously

LOL which stands for "Laugh Out Loud".
Humour forms part of the group's agenda, as outlined on its website.
"Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year," declares a message on the front page.
The humour references seem to be intended to separate the group from others that hack for money.
But not everything LulzSec does is for the fun of it.
The group also hacked the website of America's Public Broadcasting Service because it made a documentary critical of Wiki-leaks.
Who are they? No-one knows.
The internet and the web make it easy to be superficially anonymous and LulzSec has done a good job of hiding its tracks.
We do not even know if it is a group or just an individual with lots of time on their hands.
How long has LulzSec been active? Since early May.
One of the first documents the group posted was a list of US X Factor contestants complete with names, date of birth, e-mail addresses and phone numbers.
However, it is impossible to know whether members of Lulz Security were active in other groups before they joined this one.
It is possible that LulzSec was formed by people who were disillusioned with other groups and wanted to cause a stir on their own. Members of LulzSec may also still be part of other hacking groups.
Can't they be tracked down? Not really.
Net analysis suggests that the computers handling their website are located in Palo Alto, California. However, it is easy to administer a website from far away, so that is no guide to their location.
Some have tried to look at the group's Twitter stream to see when they post messages and to work out their time zone.
Even that could be misleading because the Tweets could be posted automatically or by a member of the group in that part of the world.
Any reasonably competent hacker group will pipe what they do through a series of machines that sit in different jurisdictions to complicate any attempt to track them down.
LulzSec are likely to find themselves getting more attention from law enforcement following their recent attack on Unveillance, a non-profit organization affiliated to the FBI.
How good are they at what they do? Hard to say.
The tricks they have used to winkle out information from websites are well-known and tools to carry them out are available for free all over the net.
In the case of the recent Sonypictures.com hack, the group used an SQL injection - a relatively straightforward attack on the website's log on system.
Their success may have more to do with the security failings of their targets than it does with their command of computer code.
Are there lots of hacking groups? Hundreds.
They range from disinterested academics and professionals through teenage trouble-makers to out-and-out criminals.
At one end of the scale are "white hat" hackers who find vulnerabilities and inform website owners so they can fix them
"Black hat" hackers represent the other extreme - they are typically criminals or hackers working for criminals looking to access information for profit.
In the middle are "Grey hat" hackers who are generally intent on mischief making. At the moment, LulzSec seems to fall into this category.

Related post:
Hackers Have Stolen Name and Passwords PSN

Another massive data breach at Sony PlayStation Network - Reset Security

Hackers have stolen names and passwords belonging to users of Sony Europe's website and published them to the Internet.

It's the latest in a series of attacks which have hammered the electronics multinational. Security researchers have counted about a dozen breaches since the beginning of this year, including two particularly serious ones which exposed 100 millions users' personal details.

Europe - Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the Sony's cybersecurity program.
Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.
"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.
"They are becoming the whipping boy of the computer underground," he said.
In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action "to protect against further intrusion."

"We have also retained a respected team of experts to conduct the forensic analysis of the attack," the statement said. It did not go into details about specific actions that will be taken to prevent future security breaches.
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for "laugh out loud"— boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.
Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file — something it called "disgraceful and insecure."
Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.

"Hey innocent people whose data we leaked: blame Sony," it said.
Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.

PlayStation Network Back up : After outage wrap-up (update)

After the huge PlayStation Network Security Breach and weeks of little to no communication between Sony and their customers. Now Playstation Network is back up and running in some states in the U.S. at least. It is currently up in California, New York, Vermont, New Hampshire, Massachusetts, Rhode Island, Connecticut, New Jersey, and more as of the time this article was written and the Playstation blog will keep users updated with a map that shows where the service is up and down inside the United States. In the states that have the Playstation Network service running, though, there may be problems connecting because it will take time for the servers to “populate fully.” It was just yesterday that, while recording a podcast, we discussed how long it would take for Sony to bring the Playstation Network services completely back up and guessed that it would be by the beginning of Summer. Now Sony has taken their sweet time bringing it back up. As Sony said, it should be back up for the whole U.S. by the end of May. For foreign users we have no news yet. View the Sony Playstation Network updating map.
PlayStation Network has finally back online yesterday in many Territories. But some believe that PlayStation Network should remain offline for security reasons

Sony may have to brace itself for another hack this coming weekend

According to a report by CNET, Sony may have to brace itself for another hack this coming weekend.  Yes, another one.

An outsider of  IRC channel used by hackers says that the third major attack is planned for Sony's website, as punishment for the way Sony has handled the PlayStation network breach. The company only alerted customers a full week after the initial network hack, though it should have been much sooner.
To lay it on thick, the hackers also want to go a step beyond infiltrating the site. CNET says that they “plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.”




Sony recently admitted that the hackers stole personal information from “all of the approximately 77 million PlayStation Network and Qriocity service accounts" in a response to U.S. House of Representatives Committee investigating the matter. Gee whiz, dudes. Like that's not bad enough compared with all of the credit card information exposed.
Weeks before ago, several Sony websites were forced down by what some people believe is the work of hacker group Anonymous. They group is believed to be responsible for the PlayStation network breach, though Anonymous has said they do not “condone credit card theft.”
Regardless whether the planned attack is hearsay or not, Sony should step up their game to ensure nothing close happens. It's the last thing that the company really needs and would be, let's just say, less than ideal given what it's been through in the recent weeks.

Search Amazon.com for xbox playstationSearch Amazon.com for xbox playstationSearch Amazon.com for xbox playstation

Here's a quote from the letter Anonymous sent to Sony a week before the Hack Attacks .

“Congratulations, Sony. You now have now received the undivided attention of Anonymous. Your recent legal action against our follow hackers, Geohot and Graf_Chokolo, has not only alarmed us, it has been deemed wholly unforgivable.

 Read More

Sony President and CEO Howard Stringer apologizes for the trouble caused by PSN downtime

In an open letter on the PlayStation Blog, Sony President and CEO Howard Stringer apologizes for the trouble caused by PSN downtime and explains what the company is doing to make up for it.

Sony Chairman, President and Chief Executive Officer Howard Stringer, the big cheese himself, has something he wants to say. He knows you're frustrated with the PlayStation Network fiasco, and he wants you to know that Sony is throwing everything it has into investigating the attack and getting its services back online. Unfortunately, he doesn't appear to have any idea about when that might actually happen.

But the news isn't all bad. Stringer said there's no evidence at this point that any stolen credit card information has been misused and also confirmed that U.S. PlayStation Network and Qriocity customers will be enrolled in the AllClear ID Plus identity theft protect program, that includes a $1 million insurance policy against identity theft, for one year at no charge.
A "Welcome Back" package will be offered to customers as well once the services are back online, which will include a month of free PlayStation Plus membership for all PSN customers and an extension of existing PlayStation Plus and Music Unlimited subscriptions to make up for lost time. Other as-yet-unrevealed benefits will also be offered.

Stringer acknowledged that it was "fair" to question whether the company waited too long to notify its customers of the breach, but said it acted as quickly as it could. "As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened," he explained. "I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had - or had not - been taken."


"As a company we - and I - apologize for the inconvenience and concern caused by this attack," he wrote. "Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible."

Stringer's open letter to PSN customers can be read in full at the U.S. PlayStation Blog

Most of us hardcore online players are left to wonder what is gonna happen with the PSN Network.
What to do with your PlayStation if there is no Network?
Sone has to get a move on if they don't want to loose more customers.
the good thing about the PSN is that it will still be free. some members were rumoring that Sony was planning all this to be able to start charging it's customers for the Network, as Xbox Live does with it's customers. I'm sure they will take advantage of this opportunity to cash-in on the PSN downtime...

Which has been ruled out by Sony, the service will continue to be free!
When Will it be fully restored?