Forgot your password?
typodupeerror
PlayStation (Games) Security Sony Games

Sony Blames 'External Intrusion' For Lengthy PSN Outage 321

Posted by Soulskill
from the satisfaction-is-not-guaranteed dept.
Several readers have noted that outages on Sony's PlayStation Network have prevented online play for the past few days. The company has now blamed an 'external intrusion' for the trouble, saying they took down the network to "conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward." Some suspect an attack by Anonymous, who declared war on Sony earlier this month, but Anonymous has disavowed knowledge of such an attack. Meanwhile, others are asking whether Sony should compensate users for the inability to play PS3 multiplayer modes, and even single-player modes on a few downloadable games.
This discussion has been archived. No new comments can be posted.

Sony Blames 'External Intrusion' For Lengthy PSN Outage

Comments Filter:
  • Right... (Score:4, Funny)

    by Haedrian (1676506) on Saturday April 23, 2011 @08:49PM (#35918032)

    "Meanwhile, others are asking whether Sony should compensate users..."

    Right, and while we're there I'd like some world peace too.

    • by History's Coming To (1059484) on Saturday April 23, 2011 @09:27PM (#35918244) Journal
      Looks like you'd enjoy Finland being in charge then. They ruled that removal of the OtherOS function was valued at around 100 euros ($145).
      Slashdot thread [slashdot.org]
      • Re:Right... (Score:4, Funny)

        by Anonymous Coward on Saturday April 23, 2011 @09:40PM (#35918294)

        I am, in principle, not against Finland conquering the globe. They have a few nice things going, and the bit about Rome and the aqueducts from "Life of Brian" comes to mind.

      • by murdocj (543661)

        100 Euros seems a bit steep... that seems like a fairly high percentage of the retail cost, given that Other OS isn't the major function of the box.

        • Re: (Score:3, Insightful)

          by tjhart85 (1840452)
          They took away a piece of functionality that it was advertised as having. If I had a PS3, I'd want them to take the whole thing back & credit me the full retail price (if I liked it, I'd pick up a used one ... at least then Sony wouldn't directly get my money).

          I know there are a lot of analogies floating around out there, but to me the fact of the matter is it doesn't matter how big the functionality was, it was an advertised feature. What if it was blueray playing functionality that they decided t
    • I want Sony to compensate me for not being able to play multiplayer for the past several months. I haven't updated my PS3 since they removed OtherOS and decided they'd change the EULA to say they had the right to install and execute programs on my PS3 without my knowledge or consent. I'm also unable to get updates and DLC for the games I've legally purchased because of this. I doubt I'll ever get just recompense.

    • "Meanwhile, others are asking whether Sony should compensate users..."

      Right, and while we're there I'd like some world peace too.

      Microsoft usually gives out a free game or something for extended (non-scheduled) outages. Of course, you're explicitly paying them for Live.

    • by dave562 (969951)

      In this case you get what you pay for and users do not have a leg to stand on because the online play is free. It is not like the Xbox where you have to pay a monthly fee to play online.

      I'm a PS3 owner and this has irked me, but it's not the end of the world. It just meant that instead of playing Medal of Honor during my game play time, I went back to Fallout: New Vegas and am working on finishing it.

  • Anonymous (Score:4, Informative)

    by Bovius (1243040) on Saturday April 23, 2011 @08:49PM (#35918036)

    I love the implication that Anonymous has a representative that can "disavow knowledge of such an attack."

    Anonymous is not an organization! It's a bunch of jerks on the internet.

    • anonymous was a team there http://hackus.org/blog/ [hackus.org]

    • by Nyder (754090)

      I love the implication that Anonymous has a representative that can "disavow knowledge of such an attack."

      Anonymous is not an organization! It's a bunch of jerks on the internet.

      Sony isn't a company that cares for it's customers, it's just a bunch of jerks in business suits.

      Generalization is great, isn't it?

  • Wow (Score:5, Interesting)

    by headhot (137860) on Saturday April 23, 2011 @08:52PM (#35918056) Homepage

    PSN has been down since Tuesday night, blowing the launches of Portal 2 (plus steam) and Mortal Kombat 30. The system is not still down for forensic or investigational issues, its down because they haven't figured out how to bring it back up. They are losing too much money and credibility having it down so long. My guess is they are poring though back up tapes right now. Some one owned them good.

    Also, this didn't feel like a DDOS, with intermittent problem. PSN seems to have gone down hard. When Sony says "infiltrated," I think totally raped their systems.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      It's not just the US/North American PSN that's down. It's Europe, Japan, and probably the rest as well.

      I doubt very much that an unsophisticated attack would be able to simultaneous take down or infect all three networks (to a point they are at least somewhat individual networks). I am inclined to believe Sony who has stated that they have taken the PSN down themselves. I would speculate that could mean there have either been security breaches with regard to PSN Store encryption or consumer credit card info

    • I don't really agree it can't be because they don't know how to bring it back up.

      If they feel all their systems are compromised, then they want to keep it down until it is completely deloused, otherwise they could risk an intruder turning every PS3 into a member of a botnet!

      So they may be starting over from scratch or just having trouble finding a safe point to return to. This does show a level of incompetence (incomplete mastery of their own systems), but I don't really agree it has to be the full level of

    • Re:Wow (Score:5, Insightful)

      by cgenman (325138) on Saturday April 23, 2011 @09:49PM (#35918342) Homepage

      The system is not still down for forensic or investigational issues, its down because they haven't figured out how to bring it back up.

      Generally, the worst attacks are the ones when you can't figure out how much access people still have, what they did while they were there, and whether or not it is safe to bring the system back online. If someone got root on Sony's update servers, you'd better believe those are staying offline. A problem there could leave Sony on the hook for the cost of 50 million very expensive plastic bricks. Similarly, someone with deep PSN access might be able to leverage that into accessing Sony's other internal systems, which could include things like VAIO firmware, manufacturing robots, sony picture entertainment, and baseball fields full of money.

      Keep 'em down for a few days to do your security homework, or suffer a bigger break later.

      • Re:Wow (Score:5, Interesting)

        by powerlord (28156) on Saturday April 23, 2011 @10:39PM (#35918514) Journal

        If someone got root on Sony's update servers, you'd better believe those are staying offline.

        Then feel secure that those aren't the problem.

        I was playing a Demo recently and it informed me there was an update available. System downloaded the update and loaded it, even though PSN is still down and I still can't log in.

        I heard a rumor that they found people circumventing the checkout/purchase system in some way. If that is true, then they may be keeping the system down while they fix that.

        Two more plausible explanations:

        1) someone used the fact that PS3s internal key has been exposed to try to craft code to go after the Login/Pay servers through the PS3 directly, on the idea that Sony programmed those interfaces on the assumption that they are secure, and only produced well formed code, leaving a chink in the armor. If that IS the case, then Sony may have shut down the whole system rather than letting it sit open and exposed once they detected the intrusion, in an effort to head off data theft (while they rewrite the interface?).

        2) someone could have been performing a Denial of Service attack, again through internal PS3 calls which were expected to be well formed.

    • by steelfood (895457)

      Maybe those recent storms took out Sony's data center?

      Anonymous as a force is likely not capable of such an act. Based on the duration and nature of the outage, it's not like a DDoS or some simple network issue but that there's some physical damage, somewhere between wiped or crashed drives to outright fried servers.

      An individual with a vendetta I can see "infiltrating" into their server farm and taking it out, but Occam's Razor says that it's probably the weather.

    • The system is not still down for forensic or investigational issues, its down because they haven't figured out how to bring it back up

      It's down because they're trying to make sure PSN users credit card information wasn't compromised asshole. They could bring it up now if they wanted to, but first they're making sure the user accounts are safe.

  • by Psychotria (953670) on Saturday April 23, 2011 @08:53PM (#35918066)

    I guess it's great for the content providers and their DRM, but when I can't play a single player game because either their servers are down, or I don't happen to have a connection at the time is annoying and stupid. (I don't have a Playstation, but several single player games on Steam behave in the same, or similar, way; e.g. f1-2010 I can't save progress without the internet because apart from steam, which launches the game just fine, there is the crazy Live-Games for Windows (or whatever it's called). Why I can't save progress is beyond me as the save games appear to be local files, but that's just how it is.

    • I guess it's great for the content providers and their DRM, but when I can't play a single player game because either their servers are down, or I don't happen to have a connection at the time is annoying and stupid.

      FWIW, I do own a PS3 and I haven't been prevented from playing single-player games nor watching Netflix. In fact, the Netflix application claims to require a PSN connection, but if you keep allowing the PSN authentication to fail you discover that the warning is more bark than bite.

      • by hedwards (940851)

        Not really, isn't the PSN requirement to download the app and for updates? At least that was my impression and the main reason why it annoyed me that they got rid of the disc.

        • by powerlord (28156)

          Game Updates are working fine now (don't know about earlier), even though PSN itself is still down and can't log in.

          They might be related services, but they seem to be different servers.

          Now, I'd LOVE to know why the Hulu+ program needs me to log in, when I also had to tie the PS3 to my Hulu+ account. Wish that worked the way the Netflix clients seem to be.

      • by cmeans (81143)
        I had Netflix working earlier today, but later in the evening I was unable to get anything to playback...that was after even logging into my Netflix account directly through the Netflix app on the PS3.
    • by dave562 (969951)

      You can play single player games, and in fact the entire system is not offline. I fired up Fallout: New Vegas and I have not played it in months. It told me that I needed to upgrade the game to the latest version, and I figured I was SOL. I clicked on OK and it downloaded the 22mb patch file just fine.

      I'm miffed about the whole thing. I'm miffed about losing access to NetFlix. But there are not any problems playing single player games.

    • by trawg (308495)

      That is not a failing of "online". That is a failing of the online model that Sony have chosen to employ. These sorts of problems don't plague "the old style" of online games, like your Counter-Strikes and your Quakes, which use a decentralised model that is resistant to failure. If servers go down, you just go to another server. If the master server list goes down, you just connect directly using an external game client. The only thing that might stop you playing is if the auth server is offline; I remembe

  • by Anonymous Coward on Saturday April 23, 2011 @08:57PM (#35918078)

    This has been the best time that my 15 year old son and I have had since the PlayStation arrived in December. With the network dead, we went bicycling and bowling (his top score was 134); he showed me how to solve the last layer (well the OLL) of the Rubik's Cube.

    I deeply thank whoever did this, and I wish you only the best!
      -CS in Berkeley

  • by Jafafa Hots (580169) on Saturday April 23, 2011 @09:04PM (#35918110) Homepage Journal

    At least an external intrusion is better than an internal extrusion.

  • Personal Data? (Score:5, Insightful)

    by thecombatwombat (571826) on Saturday April 23, 2011 @09:44PM (#35918316)
    What blows my mind is that people are asking whether or not they should be compensated, when will the service will be back up, and who's responsible, but not so much "is my credit card that the PSN stores secure?" How is this not the first thing Sony gives an update on when they officially say this is due to an attack?

    I've been looking at the comments on every post I see about this. At first I was hoping for an answer, and now I'm mostly just curious. This seems to be the very least of everyone's concerns.
    • by feepness (543479)
      If I find unauthorized charges on my credit card... as I have doing something as simple as visiting a local bar... I simply call and have them reversed.

      This is if they don't contact me for odd charges to begin with.
  • Who's Sony been suing lately?
    This might be named party's counter-offer.... ^_^

    Sony and their Lawyers...
    If you can't beat them.. DDoS'em! ^_~

  • First it came for our google. Now it has gone after Sony PS. Do you need more proof? Are we going to wait for it to attack something important like Facebook or Twitter?

    I'm glad I have a dog as part of our family...

  • At first I thought that it was Sony's revenge on me for this: http://slashdot.org/submission/1535196/Why-doesnt-SONY-like-Canadians [slashdot.org]

    Then, when I realized that no one else could log in either I relaxed a bit.
    I am still concerned about whether my Credit Card is safe.

  • Scapegoat (Score:5, Insightful)

    by JavaBear (9872) on Sunday April 24, 2011 @01:49AM (#35919248)

    Anonymous is fast becoming the preferred scapegoat when a large corporation have an outage.

    --
    Maybe I should have posted this as "Anonymous Coward"?

  • I'm not in a position to say anything on this subject with any authority, but it seems plausible that this "intrusion" could be related to the recent launch of Steam connectivity for the PS3. If it is, I doubt it's actually due to Steam or the PSN software directly - it's more likely to be poorly-designed interface code to get the two connected. Just my 0.13 yuan worth.

Nothing is impossible for the man who doesn't have to do it himself. -- A.H. Weiler

Working...