Did the Playstation Network become self-aware at 17:00 hours on April 19, realizing the incompetence of those it worked for it quickly tried to bug out. According to the Terminator TV Series, “The Sarah Connor Chronicles” April 19 was the date that Skynet became self-aware, a little spooky maybe.
The Play Station Nightmare goes a little something like this, Sony on the 19th April took the PSN and Qriocity services completely offline. For clarity’s sake we need to say that this was just the date Sony took the services offline, no one is sure exactly when the PSN servers were first hacked. Sony is saying officially that sometime between April 17 and 19 they became aware of external intruders on the PSN. For 6 days after taking the servers down – April 19 – Sony made no comment, on the seventh day there was light and explanation.
Sony admitted they had suffered the largest single network intrusion in history. Over 80 million user accounts had been compromised both user data and credit card details were compromised..
Initially the timing of GeoHot’s court case with Sony which had only just wound up – over chipping/hacking the PS3′s – led some to believe that this was direct payback. If this was a one man invasion tracing it would have been much quicker than the two weeks it’s taken Sony so far. This was a large-scale multi point breach.
The Anonymous group had been sending out threats to Sony for the last couple of weeks and again the timing was purely coincidental, especially since half of Anonymous are known to authorities and had been interviewed already regarding the Wikileaks incidents. Also Anonymous generally use DDOS attacks – Deliberate Denial of Service, a technique of flooding web servers and shutting down access to a site temporarily – as their tools of the trade, they are attention seekers that have a message to go along with their attacks on sites. By its nature a DDOS attack isn’t an internal intrusion, it is just the three stooges effect in action, with DDOS you are sending so many requests to a site at once that the doorway becomes blocked with stooges.
This is very different from the attack on the PSN.Patric Seybold, Sr. Director, Corporate Communications & Social Media released the following statement on April 26, “We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have: Temporarily turned off PlayStation Network and Qriocity services;, Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information. We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. “
This leaves the final theory as the most likely. Recently a custom firmware for the PS3 was released – Rebug – that gave the user developer rights on the PSN. This allowed users of the chipped PS3′s to use fake credit cards to purchase games from the shop, it may also have given these users access to the backend servers. Sony is keeping very tight-lipped about what access developers were given but it is looking like they had admin rights or were able to escalate their rights to the admin level – admin rights give you total control -. If this is the case then it is possible that the intrusions actually began when the Rebug firmware was released in early April, with the easy to use stealth version being released on April 15.
Sony is taking a lot of flak for the delay in announcing the intrusion. Most PS3 owners knew there was a pretty major issue by the third day of the PSN being in maintenance. It all made sense once the truth had bubbled to the surface but that was after a week of maintenance. Sony’s explanation for this delay is that they had to bring in external security experts to investigate the intrusion, this may well be true but still they could have managed the situation better.
It is disturbing that Sony have needed to totally shut the network down to fix its issues. If this was just a typical security whole – think Microsoft patch – they would have just patched the whole, rebooted and moved on. The actions they have taken would tend to suggest that the structure of the security on PSN was built incorrectly, from the ground up. Once the network returns developers won’t have the same access rights and you can bet Sony will also crack down on chipped PS3′s on its network, no more chippies kids.
Sony does seem to be taking this problem seriously, moving the whole network to new servers, with new staff operating it is no easy feat. It may also implicate the staff of the old server farm, are they under suspicion of involvement. Was it an inside job ? The company is said to be working with law enforcement and is “proceeding aggressively” to find the people responsible for the criminal actions. It added that it is working with a recognised technology security firm for a separate investigation, but it did not specify which firm. The most interesting word in that statement is people, this was not the work of a single person, GeoHot or even Anonymous
In the most extreme scenario, with full access to the PSN servers hackers could install customized firmware on any PS3 connecting to he PSN, making one of the most powerful zombie networks ever. With millions of PS3′s crunching away no encryption would be safe. If this scenario were true it will take Sony a long time to establish a cure for the zombie firmware, Resident Evil takes an interesting twist, you could be playing Resident Evil on a zombie PS3 while Sony tries to work out a cure.
What are the implications of this on the shift to the Clouds, especially with the Amazon down time and other incidents this month. Sony isn’t the only company to have had troubles over the last month, Amazons EC2 virtual servers have only just come back online after unknown problems. So the reality of the cloud starts to set in, they are powerful and essential to the growth of the internet but they aren’t perfect. As a backup tool they may not be the most practical. As long as we don’t make the old address book mistake – when mobiles first hit big everyone thought the old address books were a thing of the past till they lost they’re phone or switched sim cards – we shouldn’t rely solely on Cloud computing, its is an important part computer technology but not without down sides.
Our favourite theories so far are that it was an attempt to build a network of zombie PS3′s or it was a plain old straight up heist, old school credit card fraud. Security experts are already reporting PSN credit card numbers for sale on hacker forums, $100,000 for around 2.2million credit card numbers. So keep an eye on your credit cards, once the PSN is back online change all of your passwords.
Not only did Sony get lazy with the encryption used within the network – none used at all, if it were encrypted the data gained by the hackers would have been useless – but at a Hacker conference in 2010 a presentation was given demonstrating Sony’s use of a fixed encryption key/seed instead of a random seed, just plain lazy. No encryption on user details or credit card info is inexcusable and smacks of ivory tower syndrome, Sony honestly believed its network were impenetrable. It looks like the network won’t be back online for another week, early May looks most likely. Life in an Ivory Tower often ends in a big fall, it’s all roses till then but spectacular once it all falls down.
You must be logged in to post a comment.