Sign in with
Sign up | Sign in
Your question

How did Sony get Hacked?

Last response: in Video Games
Share
April 29, 2011 7:06:05 PM

I am was a happy PS3 owner until Sony's recent Hack. I want to know is how exactly did this happen?

Word on the street is that PSN was taken offline by a DDoS attack...... and then Sony says nothing else. Anyone have any additional info as to the technical aspects of how this was pulled off? Because you don't lose 77 Million accounts with a DDoS.

Anyone have any guess as to who pulled this off either? Im guessing either Russian pro hackers getting PW's and CC #'s or a recreational hack. Any Ideas?


Sorry if this is a repost.

More about : sony hacked

April 29, 2011 9:08:25 PM

Anonymous is a Hacktivist group claiming responsibility. If you look their name up on WIKI you will see they have done much damage in the past to people they have deem against the ideas of freedom of speech & right to your products.

Only Anonymouse and Sony know what was launched and i'm sure neither group wants to reveal their secrets.

The issue is asking on here no one is going to want to tell you how they did it, because it could easily prompt you to try to do the same thing to someone else.

Just know Anonymouse has some extreamly skilled hackers.
a b î Playstation
May 2, 2011 12:55:20 PM

Ummm... Anonymous attacked the playstation website when the George Hotz lawsuit was going on. They never attacked the playstation network, only their web site.

In recent days since the playstation network has gone down, Anonymous has denied hacking the playstation network and bringing it down. They claim they are not responsible. Of course, we don't know if they are lying and they may know who is responsible.

Anyhow, Anonymous is not against the community or playstation members, just Sony. They would not want the bad publicity that comes from bringing down the playstaion network.
Related resources
May 2, 2011 1:04:43 PM

Yeah Anonymous (For what their word is worth.....) is not claiming responsibly for the attack. Therefore im leaning towards small time recreational hacker, hence why Sony flipped out.
"For once we really didnt do it"
May 2, 2011 10:30:40 PM

Really they have no one to blame but themselves for issuing challenges to the hacker community.
Not smart.
May 3, 2011 12:16:26 AM

easymark26 said:
Really they have no one to blame but themselves for issuing challenges to the hacker community.
Not smart.


So when did they challenge the hackers? I must of missed that
a b î Playstation
May 3, 2011 11:53:25 AM

johnners2981 said:
So when did they challenge the hackers? I must of missed that


It wasn't a direct challenge, but when you start taking away features you paid for, like install other OS, then you tell the public you are not allowed to use homebrew to get such a feature back, you are just begging the hacker community to do something about it. I think Sony trying to sue George Hotz was the final straw.
May 3, 2011 1:05:56 PM

FYI

Quote:
Between April 17 and 19, a so-far unnamed person illegally gained access to Sony's PSN servers in San Diego, Calif., by hacking into an application server behind a Web server and two firewalls. According to Sony Chief Information Officer Shinji Hajesima, the attack was disguised as a purchase, so it did not immediately raise any red flags. The vulnerability the attacker was able to exploit was known, according to Sony.
Sony flagged the attack on April 19 and on April 20 shut down PSN as well as Qriocity. The company hired security experts and contacted the FBI to investigate the exploit and find out what took place. Sony says it didn't actually learn for certain that personal information was exposed until April 25.
Sony described the attack as "very sophisticated" and still does not know the intruder's identity.
May 3, 2011 2:51:13 PM

@ wanamingo. Doesnt that just make you think of Uplink? ^_^
May 3, 2011 3:29:48 PM

Uplink, Uplink, Uplink - how I adore thee.

Just don't hack the banks to get millions as it ruins your game.
May 3, 2011 5:26:54 PM

wanamingo said:
FYI

Quote:
Between April 17 and 19, a so-far unnamed person illegally gained access to Sony's PSN servers in San Diego, Calif., by hacking into an application server behind a Web server and two firewalls. According to Sony Chief Information Officer Shinji Hajesima, the attack was disguised as a purchase, so it did not immediately raise any red flags. The vulnerability the attacker was able to exploit was known, according to Sony.
Sony flagged the attack on April 19 and on April 20 shut down PSN as well as Qriocity. The company hired security experts and contacted the FBI to investigate the exploit and find out what took place. Sony says it didn't actually learn for certain that personal information was exposed until April 25.
Sony described the attack as "very sophisticated" and still does not know the intruder's identity.



Actually that statement is an out and out lie. The hackers were able to access the network via the link between PSN and Steam. Steam, lacking security, allowed pc hackers access to a network that was unavailable until it was pushed live during the release of Portal 2. They were chomping at the bit waiting to get in through a wide open back door and did so. Hotz, Anonymous, and jailbroken ps3's had absolutely nothing to do with the attack. The attack actually took place on the 19th and not before hand. As for Sony knowing about the exploit, I really don't think so. They have almost no control over Steam so they weren't able to deal with the situation. In all honesty they should have fixed the breach and make the connection more secure before going live with the merger.
a b î Playstation
May 3, 2011 5:54:04 PM

Nexusflame said:
Actually that statement is an out and out lie. The hackers were able to access the network via the link between PSN and Steam. Steam, lacking security, allowed pc hackers access to a network that was unavailable until it was pushed live during the release of Portal 2. They were chomping at the bit waiting to get in through a wide open back door and did so. Hotz, Anonymous, and jailbroken ps3's had absolutely nothing to do with the attack. The attack actually took place on the 19th and not before hand. As for Sony knowing about the exploit, I really don't think so. They have almost no control over Steam so they weren't able to deal with the situation. In all honesty they should have fixed the breach and make the connection more secure before going live with the merger.


Being the type of person that takes everything he reads with a grain of salt... do you have references to back this up? Otherwise it's just hear say or speculation until proven otherwise.
May 4, 2011 4:15:46 AM

Hawkeye22 said:
Being the type of person that takes everything he reads with a grain of salt... do you have references to back this up? Otherwise it's just hear say or speculation until proven otherwise.



Everything he reads? No.. I didn't have to read anything at all to figure this out. For one I've used steam for years.. I know its vulnerabilities. If you use common sense you'll notice that the EXACT SAME DAY portal was released and steam was connected to the network they were broken in to. 1+1=2. As for breaking in using a playstation.. not possible. You're confusing a ps3 with a computer learn to know the difference and actually look up what Geo actually did to his. You'll realize that it actually had nothing to do with it. As for anonymous doing it.. they didn't and that I know for a fact because anonymous was working on other projects at the time quite a bit more important than Sony. I know this because I spend a great deal of my time working with them helping them with news reports, target information, and press releases. At that time we were working on New Zealand, a counter attack on Iran for what they were doing, and coming up with a list of other places, people, companies to deal with. Anonymous is for free speech and internet freedom, we do not stand for identify theft or making a buck off of stealing information from another person/company. We have and always will gladly step forward and say "we did it" when we did. We are proud of our work. This isn't typical of Anonymous and if you did some research and knew your history you'd realize this.
a b î Playstation
May 4, 2011 12:08:04 PM

Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it.

http://www.tomsguide.com/us/PSN-Hack-Exploit-Data-Theft...
May 4, 2011 1:43:04 PM

Hawkeye22 said:
Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it.

http://www.tomsguide.com/us/PSN-Hack-Exploit-Data-Theft...


Yes it was known.. the web application they're speaking of is the one that connects to steam. Everyone knows there was a massive vulnerability there. Like I said.. that's how they got in, has absolutely nothing to do with Geo or jailbroken ps3's. As for sony management not being aware of it.. I find that hard to believe. Most people who use steam or deal with it know about it's lack of security. I find that just to be an excuse on sony's part for dropping the ball. They know they screwed up now they're just trying to save face.
a b î Playstation
May 4, 2011 6:14:57 PM

Personally, I don't think it was anonymous, but according to today's PS Blog...

We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”.

http://blog.us.playstation.com/2011/05/04/sonys-respons...
May 4, 2011 9:07:12 PM

Hawkeye22 said:
Personally, I don't think it was anonymous, but according to today's PS Blog...

We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”.

http://blog.us.playstation.com/2011/05/04/sonys-respons...



Only have a couple of suggestions for that. 1. Sony is bullshitting and making an excuse. 2. The person involved is a "wanna be". or 3. It happened to be one of our members who acted alone without our knowledge. I doubt it's #3 though seeing as we would have heard something already. I speak with anonymous quite often and nobody as of yet has come forward stating or bragging that they did it. Like I said.. this isn't anon's MO. Theft of credit card numbers actually goes against what we do. We support privacy and internet freedom. Stealing credit cards is the opposite. More than likely though I'd say it's #1.. sony coming up with an excuse trying to save face. In all honesty I hope they catch the person and/or persons who did it. Just so those who had their cards stolen can get some kind of retribution and to clear Anon's name.
May 5, 2011 8:46:07 AM

For Immediate Distribution
Press Release
May 4, 2011
Anonymous Enterprises LLC (Bermuda)


Last month, an unknown party managed to break into Sony's servers and acquired millions of customer records including credit card numbers. Insomuch as that this incident occurred in the midst of Anonymous' OpSony, by which participants engaged in several of our standard information war procedures against the corporation and its executives, Sony and other parties have come to blame Anonymous for the heist. Today, in a letter directed to members of Congress involved in an inquiry into the situation, Sony claimed to have discovered a file on its servers, presumably left by the thieves in question, entitled "Anonymous" and containing a fragment of our slogan, "We are Legion." In response, we would like to raise the following points:

1. Anonymous has never been known to have engaged in credit card theft.

2. Many of our corporate and governmental adversaries, on the other hand, have been known to have lied to the public about Anonymous and about their own activities. HBGary, for instance, was caught lying a number of times to the press, to the public, and to Anonymous itself (in this phone call, for instance, ( http://tinyurl.com/68pbdj8) CEO Aaron Barr makes a number of untrue statements regarding the intent of his "research," claiming for instance that he never tried to sell the information to the FBI when e-mails acquired soon showed that he had been set to do just that; executive Karen Burke was also caught lying to Bloomberg about having not seen an incriminating e-mail that she had in fact replied to just a few days before). The U.S. Chamber of Commerce lied about not having seen the criminal proposal created by them for Team Themis; Palantir lied about not having any idea what their employees were up to; Berico publicly denounced a plan that they had actively engaged in creating; etc. There is no corporation in existence will choose the truth when lies are more convenient.

3. To the contrary, Anonymous is an ironically transparent movement that allows reporters in to our operating channels to observe us at work and which has been extraordinarily candid with the press when commenting on our own activities, which is why reporters prefer to talk to us for truthful accounts of the situation rather than fallacious public relations departments of our targets.

4. In the realm of criminal investigation, there is an important aspect of investigations that should never be overlooked. The 'modus operandi' of a criminal rarely changes. Whoever did perform the credit card theft did so contrary to the 'modus operandi' and intentions of Anonymous. Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards.

5. It should be remembered that several federal contractors such as HBGary and Palantir have been caught planning a variety of unethical and potentially criminal conspiracies by which to discredit the enemies of their clients. This is not a theory - this is a fact that has been reported at great length by dozens of journalists with major publications. Insomuch as that our enemies have either engaged in or planned to engage in false flag efforts, it should not be surprising that many of the journalists who have covered us, who know who we are and what motivates us - and who have alternatively seen the monstrous behavior of those large and "respectable" firms that are all too happy to throw aside common decency at the behest of such clients as Bank of America and the U.S. Chamber of Commerce - also have their suspicions that some capable party performed this operation as a means by which to do great damage to Anonymous in the public eye. Those who consider such a prospect to be somehow unlikely are advised to read about what was proposed by Team Themis in their efforts to destroy Wikileaks, and should otherwise take a few minutes to learn about COINTELPRO and other admitted practices by the U.S. intelligence community. The fact is that Anonymous has brought a great deal of discomfort to powerful entities such as Booz Allen Hamilton, Palantir, and much of the federal government; the Justice Department in particular is likely unhappy that our efforts revealed that it was they themselves who recommended the now-discredited "law firm" Hunton & Williams to Bank of America in order that the latter might better be able to fight back against Wikileaks. All of this is now public record, and those or other entities may have again engaged in unsavory tactics that they are known to have engaged in in the past.

If a legitimate and honest investigation into the credit card theft is conducted, Anonymous will not be found liable. While we are a distributed and decentralized group, our 'leadership' does not condone credit card theft. We are concerned with erosion of privacy and fair use, the spread of corporate feudalism, the abuse of power and the justifications of executives and leaders who believe themselves immune personally and financially for the actions they undertake in the name of corporations and public office.

Anonymous will continue its work in support of transparency and individual liberty; our adversaries will continue their work in support of secrecy and control. The FBI will continue to investigate us for crimes of civil disobediance while continuing to ignore the crimes planned by major corporations which use their services.

We do not forget, even if others fail to remember.
We do not forgive, even if others forgive our enemies for those things for which we are attacked.
We are legion, and will remain so no matter how many of our participants are raided by armed agents of a broken system.
We are Anonymous.
Expect us
a b î Playstation
May 5, 2011 11:47:52 AM

Like I said, I take everything with a grain of salt. I don't think Anonymous would ever go after credit cards, but they may have been unwilling participants.

http://arstechnica.com/gaming/news/2011/05/sony-wont-te...

I'd love to get a straight answer from Sony or at least have the culprits identify themselves or affiliated group.
May 5, 2011 3:42:49 PM

Hawkeye22 said:
Like I said, I take everything with a grain of salt. I don't think Anonymous would ever go after credit cards, but they may have been unwilling participants.

http://arstechnica.com/gaming/news/2011/05/sony-wont-te...

I'd love to get a straight answer from Sony or at least have the culprits identify themselves or affiliated group.


The person or persons who stole those cards definitely won't identify themselves. Whether or not the cards work.. that guy is going to get paid for them and get paid a lot. It would be like someone robbing a bank and then you expecting them to say "yeah.. I did it". Sony on the other hand could come forward and say exactly what the hell happened but I doubt they will. Sony is probably just going to say as little as humanly possible unless they're caught lying.
a b î Playstation
May 6, 2011 12:10:49 PM

Nexusflame said:
The person or persons who stole those cards definitely won't identify themselves. Whether or not the cards work.. that guy is going to get paid for them and get paid a lot. It would be like someone robbing a bank and then you expecting them to say "yeah.. I did it". Sony on the other hand could come forward and say exactly what the hell happened but I doubt they will. Sony is probably just going to say as little as humanly possible unless they're caught lying.


You're now a celebrity. ;)  (If that is you being quoted).

http://arstechnica.com/tech-policy/news/2011/05/anonymo...
May 6, 2011 4:35:35 PM

Yes that's me.. and I'm not looking to be "famous" I honestly could care less. That's not my goal.
a b î Playstation
May 6, 2011 5:51:53 PM

Nexusflame said:
Yes that's me.. and I'm not looking to be "famous" I honestly could care less. That's not my goal.


I know. I just thought it was highly coincdental that I'd run into you on a couple different sites.

I'm always all for putting the blame on the right party. Sure, Sony left their doors wide open, but that doesn't mean someone should just walk right in and take what they want. Sony is responsible, but someone else out there is just as responsible. Hopefully we'll all know soon.
May 6, 2011 6:08:45 PM

Hawkeye22 said:
I know. I just thought it was highly coincdental that I'd run into you on a couple different sites.

I'm always all for putting the blame on the right party. Sure, Sony left their doors wide open, but that doesn't mean someone should just walk right in and take what they want. Sony is responsible, but someone else out there is just as responsible. Hopefully we'll all know soon.



We'll keep our fingers crossed
May 9, 2011 2:05:10 PM

Still down :( 
May 9, 2011 2:28:18 PM

wanamingo said:
Still down :( 



Actually the servers are up, though they're not allowing any connections at the moment. It shows some promise.
May 11, 2011 7:45:17 AM

I would too be waiting eagerly for the final outcome.
May 11, 2011 1:25:25 PM

Ive heard the Japanese PSN has been up for a few days now. Can anyone verify?

a b î Playstation
May 17, 2011 5:33:43 PM

wanamingo said:
Ive heard the Japanese PSN has been up for a few days now. Can anyone verify?


Actually, they are the only ones still down.
May 22, 2011 12:35:43 AM

wanamingo said:
UPDATE: I know you all have been too busy actually playing your playstation to post but I found this tid bit the other day.

Looks like the Hacker(s) used Amazons cloud service to launch the attack.

http://www.bloomberg.com/news/2011-05-15/sony-attack-sh...



Great read. Some interesting details for sure.
June 4, 2011 2:28:28 PM

I only use the PSN for watching Netflix and bought one game download, and have been checking my cc account regularly. However I do qualify for the "welcome back" 2 free games download that PSN has been advertising to those with accounts established before 4/20.

Unfortunately, PSN is still screwed up - impossible to actually download any games, except for one guy who posted on the PSN forums - he snagged one game but no luck on the other. Lots and lots of complaints. Supposedly too much network traffic, so I'll try again early next week. However, Sony & PSN just look lame at this point..
a b î Playstation
June 5, 2011 2:34:31 PM

fazers_on_stun said:

Unfortunately, PSN is still screwed up - impossible to actually download any games, except for one guy who posted on the PSN forums - he snagged one game but no luck on the other. Lots and lots of complaints. Supposedly too much network traffic, so I'll try again early next week. However, Sony & PSN just look lame at this point..


Worked for me although I had to use this alternative method for the free games.

If at any point you can’t find the ‘Welcome Back Free Game 1 or 2’ products, the list of available titles or a game you’ve selected, go to your XMB>PlayStation Network>Account Management>Transaction Management>Services List>SCEA Promotions to complete the process

http://blog.us.playstation.com/2011/06/03/welcome-back/
June 8, 2011 12:12:22 AM

^ Yeah, saw that this weekend and tried it yesterday and finally got the two free games. Really slow download speeds - << 1Mbps - so I just left the PS3 downloading all night (InFamous is over 7.6GB).

Also, while I was busy doing something, my 4-yr-old son playing with the controller managed to sign up for Playstation Home (seems to be sorta like Second Life) - I hope that isn't some sort of pay service.. I guess mashing on the buttons randomly will eventually take you to the agreement screen, but of course I didn't see it - when I came back into the room, he was steering some female avatar around her apartment :p ..
June 13, 2011 6:43:17 AM

Judge ruled bank is not responsible for hacked accounts , personalmoneystore.com/moneyblog. With such incidence like this, banks should start taking steps to enhance security by offering their customers to software when it comes to their files. With our very modern technology, even robbers also have the capacity to modernize their stealth. Thus, banks should be more sure with the security and confidentiality issue of the costumers. Just like Sony been hacked, other companies should also be careful.
!