News

Sony Provides Timeline of Attack Hinting at Anonymous' Involvement

| 4 May 2011 18:50
image

In an open letter to Congress, Sony reveals more details on the recent cyber-attack against it, and how it plans to make up for the theft of user's information.

Last week, the House of Representatives' Subcommittee on Commerce, Manufacturing, and Trade sent a letter to Sony, requesting further information on the nature of the recent intrusion into Sony's networks and the resulting theft of personal information associated with 77 million PSN accounts. Sony's reply, an open letter posted on Flickr, provides an in-depth timeline of Sony's discovery of and response to the attack:

  • On April 19, Sony's network team noticed strange server activity, including the reboot of several servers and a data transfer. The servers in question were taken offline and analyzed.
  • After a lengthy investigation by a large internal team, it was decided that there had been some form of unauthorized intrusion into the network. On April 20, PSN was taken down, and Sony hired a computer security and forensic firm to help discover exactly how wide-spread the intrusion was. On the 21st, the company hired a second firm.
  • After 2 days of investigation, it was discovered that "intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers." Upon finding this, Sony decided a third security firm was called for.
  • On April 25, Sony realized exactly how far-reaching the intrusion was, and that it had accessed the personal data of all 77 million PSN users. The company could not determine if the credit card data had been accessed.
  • On April 26, one week after the intrusion was first noticed, Sony announced to the public that their personal information had been compromised, and that their credit card data may or may not have been taken, as well.

During the investigation of the attack, Sony says that it discovered a file that had been created titled "Anonymous," and which read "We are Legion". This, obviously, points the finger at so-called hacktivist group Anonymous, which was carrying out denial of service attacks against several of Sony's websites at the time of the intrusion. While it could be an admission of guilt by the group, Sony admits that the file could very well be an attempt by another group to turn the blame to Anonymous, representatives of which have denied all involvement.

Whoever carried out the attack, Sony asserts on its blog that it is working around the clock to restore its services, and that it has several new security measures put in place to protect the networks from further intrusion, including several extra firewalls, enhanced encryption, and a brand new data center in an "undisclosed location."

Sony also detailed what it is calling the "Welcome Back" program that it will be offering to all PSN users, which will provide 30 days (plus one extra day per day of network outage) of free PlayStation Plus and Music Unlimited subscriptions, in addition to several free downloads.

Sony also reaffirmed that it will be providing complimentary identity theft monitoring to all affected users.

Source: Joystiq

RELATED CONTENT
Comments on