Quantcast

The Playstation Network Intrusion, a timeline.

You’ve been trying every day for more than a week now to log onto PSN. Portal 2 just released and you’re excited to take advantage of the cross-platform functionality of Valve’s STEAM service and play some co-op with your buddies—however, you may be waiting longer. Here is a detailed timeline of what has happened so far on the Playstation Network security breach of 2011.


April 20th:

The PSN and Qriocity network goes offline. Sony issues a statement that’s short and sweet, stating:

“We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.

Thank you for your patience.”

April 21st:

The company then states that it is still investigating the cause of the outage, and that it will be a “full day or two” before everything is back to normal. Sony Europe’s Playstation Blog suggests the networks have been attacked, but later remove the post. According to several media outlets, it had stated:

“Our support teams are investigating the cause of the problem, including the possibility of targeted behaviour by an outside party.”

This is the first sign that the outage is more than just scheduled maintenance or failure, but rather could be a security issue.

April 22nd:

The previous day’s suspicion of an outside attack becomes truth when Sony reveals the cause of the problems.

“An external intrusion on our system has affected our Playstation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off Playstation Network and Qriocity services.“

This came from their official statement. At this moment in time, we have no time or the slightest idea when the services will be online again.

April 23rd:

Another 24 hours of no service, Sony again updates their customers, saying that they are now completely rebuilding their network infrastructure. They deem it time-consuming, but necessary to provide the system with additional security.

April 25th:

An official spokesman for Sony in Tokyo says that a thorough investigation is underway. Sony has not discovered yet if customers’ personal information has been compromised, but, at the same time, states that if that was the case, they would let them know as soon as possible. It’s also claimed that the computer security experts called in have concluded that a breach of data had occurred when the network was hacked. They did not, however, announce this information until the following day.

April 26th:

Sony releases their lengthiest and most detailed statement to date. Included in the paper is the confirmation that personal information has been stolen. This includes names, addresses, birth data, e-mail addresses, and other info. They don’t specifically say that banking information is compromised, but “we cannot rule out the possibility.” They urge customers to watch their accounts for any suspicious activity. We finally get a release window of “within the week” for when both the Playstation Network and Qriocity will be back online.

April 27th:

Shares of the company fall 2 percent. Also, a class action lawsuit is filed against Sony for their data breach. Details over at cnet about the case. Finally, a detailed Q&A is released, shedding some light on the state of the security of banking information. Sony claims that the data was stored encrypted, however, “We have no evidence that credit card data was taken.”

April 28th:

Piling upon the previous 2 percent, Sony shares drop another 4.5 percent. Also, George Hotz, who was involved with the company earlier for posting code that could be used to circumvent system design and “jailbreak” a Playstation, says that the attack on the PSN was due to Sony’s “War on Hackers.” He continues, saying, “They (Sony) whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts.” This is also the first mention of a form of compensation to their ever-so-patient customers.

April 29th:


Based on posts and chat logs, it’s conclusive that the hackers responsible for the attack have credit card numbers and are trying to sell them off. Other details include an attempt by the hackers to sell the information back to the company. Their offer is refused by Sony, who claim that the information was safe no matter what.

 

April 30th:

Sony continues to receive criticism—this time with a letter from the United States House of Representatives Subcommittee on Commerce (what a mouthful, eh?). Addressed to Kaz Hirai, deputy president, it asks questions about the nature of the breach, and Sony’s response to their customers. It’s also released that Hirai will be addressing the media publically about the breach and outage at 2 P.M Tokyo time, or 1 A.M. EDT.

May 1st:

Kaz Hirai addresses the public at an official Sony press conference to address concerns about the breach, and also announce more details. The official press release outlines that not only will PSN and Qriocity services will be available by the end of the week, but also newly-implemented security measures. From the release:

The new security measures implemented include, but are not limited to, the following:

  • Added automated software monitoring and configuration management to help defend against new attacks
  • Enhanced levels of data protection and encryption
  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
  • Implementation of additional firewalls

Also, Sony will be launching a “Welcome Back Appreciation” program as a token of their appreciation for their customers’ patience:

Central components of the “Welcome Back” program will include:

  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
  • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
  • Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.

However, this isn’t limited to the list, but will expand over the following weeks as the service returns to normal operation.

May 2nd:

The official U.S Playstation blog updates again, and offers more details and crucial clarification. The previous news of whether Sony offered to buy back the credit card numbers is quickly debunked:

“One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge, there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.”

The post also addresses the assumption that passwords and customer data were not encyprted and were easily accessible to those in possession of said data:

“One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures, which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.”

The post then wraps up with assurances that Sony will not contact customers directly for any information.

But recent developments show that it in’t only the PSN and Qriocity that have been hit by hackers. Coming from a subscription-based news outlet, it seems that the Sony Online Entertainment has been breached, supposedly with a release of 12,700 credit card numbers and other info as well. It’s rumoured that the stolen data was dated 2007, and could have been a previous backup of a system.

May 4th:

Responding to the letter that was sent earlier to them by the US House of Representatives’ Subcommittee on Commerce, Manufacturing, and Trade, Sony replied with an open letter  outlining their principles for dealing with the outage, and breaches. The letter can be viewed in its entirety on flickr. Details include:

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

  1. Act with care and caution.
  2. Provide relevant information to the public when it has been verified.
  3. Take responsibility for our obligations to our customers.
  4. Work with law enforcement authorities.

It also states that they had discovered a file on one of the SOE servers entitled “Anonymous” and “We are Legion.” However, they have still to identify those responsible for the attack.

Finally, the Welcome Back program is further detailed. Sony will be offering free downloads, Playstation Plus memberships, and Qriocity to those subscribers. It will be 30 days, plus the length of the outage. (via Joystiq)

The Playstation Network outage and hack is surely going to be one of the biggest stories of the year in gaming. This isn’t good publicity for a service that considers its ridiculously low price an advantage. Many loyal fans are already contemplating switching to other consoles such as Xbox Live or Steam (which have been quoted as saying their services are working smoothly). Fans are even suggesting that mandatory payment be part of the PSN subscriber system, saying that “the revenue would create a better online experience than the one that they aren’t using as of now.” What was planning to be a major year for the company began with a rocky start. The fact that the intrusion went farther than expected indicates that this is a very serious issue of security, and could lead many to re-examine who they trust with their information in exchange for entertainment.

Do you think the program compensates for the hassle? Can Sony bounce back to their previous reputation? Or is the image of their online service forever stained? Leave us a comment below!

 

Sources: The Official Playstation U.S blog, Cnet.com, engadget.com, g4tv.com, Joystiq

This entry was posted in Gaming, Internet and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

30 Comments

  1. Posted 08/07/2014 at 12:55 PM | Permalink

    Great post. I was checking constantly this blog and I
    am impressed! Very useful info specially the last part :) I care for such info
    much. I was seeking this certain information for a
    long time. Thank you and best of luck.

  2. Posted 12/08/2014 at 2:27 AM | Permalink

    That additionally requires quit a little bit
    of capital expense. This game has been downloaded and install millions of times by gamers and
    has actually obtained good scores because of its excellent graphic and appealing
    degrees. The University has reported the data breach incident to the Information Commissioners Office (ICO).

  3. Posted 26/09/2014 at 6:16 AM | Permalink

    Wonderful post but I was wanting to know if you could write a
    litte more on this subject? I’d be very grateful if you could elaborate a little bit further.
    Kudos!

  4. Posted 30/09/2014 at 1:41 PM | Permalink

    I have read so many articles or reviews about the blogger lovers but this paragraph is really a good paragraph, keep it up.

  5. Posted 02/10/2014 at 4:46 AM | Permalink

    A noteworthy article, special thanks from a huge gajes fan!.

  6. Posted 02/10/2014 at 11:54 AM | Permalink

    Hello! Quick question that’s completely off topic. Do you know how to make your site mobile friendly?
    My blog looks weird when viewing from my iphone. I’m trying to find a theme or plugin that might be
    able to resolve this issue. If you have any recommendations, please share.
    Appreciate it!

  7. Posted 02/10/2014 at 12:47 PM | Permalink

    Write more, thats all I have to say. Literally, it seems as though you relied on the
    video to make your point. You obviously know what youre talking about, why
    waste your intelligence on just posting videos to your site when you could be giving us something informative to read?

  8. Posted 04/10/2014 at 5:19 PM | Permalink

    Hello There. I found your blog the usage of msn. That is a very well written article.
    I will make sure to bookmark it and come back
    to learn more of your helpful info. Thank you for the post.
    I will certainly comeback.

  9. Posted 08/10/2014 at 12:34 PM | Permalink

    An outstanding share! I have just forwarded this onto a colleague
    who was conducting a little homework on this.
    And he in fact ordered me dinner because I discovered it for him…
    lol. So let me reword this…. Thank YOU for the meal!!
    But yeah, thanks for spending the time to discuss this subject here on your
    web site.

  10. Posted 16/10/2014 at 3:01 AM | Permalink

    Hello to all, the contents existing at this web page are genuinely
    amazing for people experience, well, keep up the
    nice work fellows.

4 Trackbacks

  1. By Angry Birds Epic lucky coins cheats on 04/09/2014 at 8:27 AM

    Angry Birds Epic lucky coins cheats…

    The Playstation Network Intrusion, a timeline. – TechRant…

  2. By publicize on 11/09/2014 at 3:46 PM

    publicize…

    The Playstation Network Intrusion, a timeline. – TechRant…

  3. By Megapolis Hack on 22/09/2014 at 2:08 PM

    Megapolis Hack…

    The Playstation Network Intrusion, a timeline. – TechRant…

  4. By Gods Among Us Hack on 01/10/2014 at 2:14 PM

    Gods Among Us Hack…

    The Playstation Network Intrusion, a timeline. – TechRant…

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Welcome to TechRant…

    We are a group of techies from emerging students to full blown professionals who are enthusiastic about technology related subjects. Everyone has opinions and feelings about things, sometimes stronger than others. On TechRant, we will be sharing those opinions, and have a good ol' rant! We may also do non ranting type articles, like news, reviews, tutorials, tips and tricks, how-tos and even the odd interview.

  • Authors

  • Categories

  • Archives