PlayStation Network Down Update: PSN Hack & Outage Explained by Sony, Anonymous Blamed

Tweet

While Sony declined to appear in front of the U.S. Congress’ Subcommittee on Commerce, Manufacturing and Trade, a move which I won’t understand for some time to come, the company issued a formal 8-page letter, signed by Kazuo Hirai, in order to address the recent events that affected the PlayStation Network and answer the questions asked by the Subcommittee.

We do have the 8 pages of the letter in the gallery below, and I highly suggest you check them out especially if you are one of the PSN subscribers affected in any way by the recent PSN hack, but I’ll also summarize it all for you in what follows.

In this detailed response, posted also on Sony’s Flickr account, the company explains, chronologically, what happened with its PlayStation Network from the beginning until now. Sony found out about the external intrusion on April 19, but only alerted its customers a week later after several security firms retained by the company were able to determine and confirm the fact that the hackers have accessed customers’ personal data.

The cyber-attack itself is deemed by Sony as highly professional, a targeted move meant to hurt Sony’s business. The hackers apparently managed to cover some of their tracks, but the security firms hired by Sony were able to determined after a lot of hours of work that queries for personal data have been made followed by subsequent downloads. Proof that the credit cards on file with some of the PSN accounts have been accessed by hackers have not been found, although, I ask, why else would anyone proceed with such an attack? Sure getting sensitive data on 77 million people is just as good, but why not go for the credit card details too while you’re there?

Yes, Sony confirmed that all 77 million accounts have been breached, so it’s fair to say that if you had a PSN account, then your personal details stored by Sony could be now part of some huge database currently on sale somewhere in the shadows. Of those 12.3 million accounts had credit card information on file, and 5.6 million of them are U.S. accounts that had credit card info stored on the PSN servers.

Sony doesn’t know yet who did it or why, but it discovered traces in its latest Sony Online Entertainment breach that point to the hackers that call themselves Anonymous:

When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of those servers named “Anonymous” with the words “We are Legion.”

Of course we do know that Anonymous denied everything already, don’t we?

Without naming Geohot in this answer to the U.S. Congress, Sony does mention its past legal proceedings with the famous hacker, which caused the initial DoS Anonymous attacks that affected the PlayStation Network a couple of months ago.

It’s also interesting to note, that Sony didn’t appear to increase security around PSN after the initial Anonymous attacks. After all wasn’t that a sign that something similar could happen, with far more important consequences? Sony does say that its PSN team worked around the clock to stop potential DoS attacks, but it’s strange to see that nobody at Sony could have foreseen a different scenario. In fact, after reading the letter, I got the impression that Sony discovered everything by mistake, considering “the sophistication of the intrusion,” which is quite disturbing for a company like Sony.

So, what’s next for Sony? We have no idea when the services will be back up, and we won’t know more details about the whole PSN hack except for the eight pages found here for a while as there’s a criminal investigation going on meant to discover, if possible, the authors of the PSN hack.

And while we talk about the future, here’s what the Welcome Back packet that Sony will offer you once PSN is back up will contain:

Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.

All consumers coming back to the PlayStation Network will be provided with 30 days of free membership in the PlayStation Plus premium subscription service. Current PlayStation Plus subscribers will have their subscriptions extended for the number of days PlayStation Network and Qriocity services were unavailable and, in addition, will receive 30 days of free service.

Music Unlimited subscribers (in countries where the service is available) will have their subscription extended for the number of days PlayStation Network and Qriocity services were unavailable and, in addition, receive 30 days of free service.

Sony will also offer complimentary identity theft protection services to U.S. account holders, while worldwide customers “may be offered in other territories.” Shouldn’t Sony offer the same perks to anyone affected by the PSN hack? After all, not just U.S. customers get their identities stolen, do they?

Let’s hear it from you, PlayStation fans, what do you think of Sony’s response to the U.S. Congress’ questions? Satisfied? Angry?