Brief History
Around the middle of April 2011, Sony servers were attacked with DDoS techniques, bringing down the network. On April 20, the PSN (playstation network) was brought down by hacker(s) using similar techniques, exposing the credit card and personal information of every single Playstation Network customer. Sony denies the severity of the attack, and says that the information is not being sold on the black market. Evidence from the eastern part of this globe says otherwise.
Nations and regimes across the world are criticizing Sony for its lack of security measures. The United States wants answers, Japan has denied access to PSN until the security issues are resolved, and many more nations are demanding answers.
On May 25th, Sony was hacked again, this time against Ericsson and Sony Music Entertainment websites. Customer information was exposed. On May 26, an organized hacker group, Lulzsec, attacked Sony Pictures websites, again exposing customer information. The group has claimed (like many other groups) that these attacks were simple in nature.
Sony Has Little Response to the Attacks
Sony announced two things: 1) the shutdown of the PSN, and 2) investment in identity theft protection. It has offered goodies to its customers that stay with them. The PSN however has been shut down for over a month, either being inaccessible or partially repaired. Sony has yet to state any confidence in the future of their networks, and has an amazing amount of work to do in order to win back the trust of their former customers.
Motive for Lone Agents and Conglamarates
Groups like LulzSec are attacking Sony to distribute a message: why should you trust in this company when we can perform simple attacks and steal this data? Other agents are hackers from Eastern Europe and China, attempting to make a fast dollar on selling user information on the black market. The original DDoS attacks were delivered in response to Sony's crackdowns on people who modified Playstation 3's. The outrage over seeking damages in court started the movement to convert Sony's online networks into punching bags.
Will we hear more from Sony?
It is possible we will hear more from Sony. They are taking a tough stance on the issue right now, but are utterly failing to walk the walk. Little data on Sony networks (if any) is encrypted. Sony has a lot of work to do, especially at E3, to ensure customer data integrity. It is embarassing in the first place to mention this at the expo, but Sony will continue to suffer until it changes.
Why are people not attacking Microsoft?
Microsoft may have legal trials ongoing for Xbox modifiers, but their online systems are much more rigid and harder to break into. Microsoft probably detects many attempts each day when others attempt to hack them, but Microsoft is a harder nut to crack. Sony has invested little in its security, and is virtually like throwing an acorn through a metal fence.
"“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now,” the group wrote, “From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”"
~Lulzsec
____________
Sony Hacked Again: How to Not Do Network Security
No comments:
Post a Comment