PSN Outage Continues, Console Hack Claimed To Be Responsible

Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.

There's some karma for you, Mikey

[elrous0]

I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I was going to have to give him a sedative to get him to shut up about how stupid I was to even consider the Xbox version, how great PSN is, how much Xbox Live sucks, etc., etc.

I'm tempted to rub this in his face, but it would probably only make him worse.

Valve

[bazald]

It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.

Theory, speculation, bullshit.

[ToasterMonkey]

One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
He acknowledges that this theory is speculation.

Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.

This whole "new media" thing is unconvincing.

Take note

[ravyne]

If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.

What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.

When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.

Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.

Forget CC#s, there is a worse scenario

[Mysteray]

I'd written a blog post [extendedsubset.com] speculating about a worst-case scenario involving attackers using the leaked firmware signing keys to push a malicious firmware update from Sony's compromised backend servers. Personally, I've disconnected my PS3 from the network until the all-clear sounds from Sony.

Re:Take note

[afidel]

Nope, all personal data stored with your PSN account has been compromised. It's taken this long for the forensic team to verify what people suspected. Everything including name, address, birth date, the answers to your account reset questions (used by *many* sites), email address, and *passwords* (haven't they heard of a f'ing hash!). Obviously Sony has a worst case scenario here and they wanted to be absolutely sure it was as bad as they feared before coming forward. This probably means legal trouble for them in the EU, and it might actually get Congress off their arse to enact some privacy legislation.

Re:There's some karma for you, Mikey

[Seumas]

Sony does offer a paid service and it is identical to the free one, except it offers discounts on some downloadable games and automated patch downloads. It's called PSN Plus. PSN Plus users are also down right now and they are also part of the same data breach. So, the paid service is identical to the free service and the paid service is just as insecure as the free service.

Re:There's some karma for you, Mikey

[Anonymous Coward]

This isn't karma, you're being a jerk. The whole XBox/Wii/PS3 fanboi deal is stupid. I agree there's little point in bragging about which system is better, but realize the shoe could be on the other foot.

Reality: He's a consumer who bought a product and Sony isn't living up to their end. This could happen with XBox Live or any other service like Steam.

Re:There's some karma for you, Mikey

[Daniel Phillips]

The fact that my password and credit card number have been pwned sort of screws the PSN in my eyes.

And of course you feel completely safe in Microsoft's hands, the company with a long and glorious history of high profile fiascos like the all-day trading outage on the London Stock Exchange [wsj.com] or turning a modern Navy frigate into a floating barge [wikipedia.org]