Forgot your password?
typodupeerror
Crime Networking Piracy PlayStation (Games) Sony Games

PSN Outage Continues, Console Hack Claimed To Be Responsible 404

Posted by Soulskill
from the house-of-cards dept.
Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.
This discussion has been archived. No new comments can be posted.

PSN Outage Continues, Console Hack Claimed To Be Responsible

Comments Filter:
  • I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I

    • by tripleevenfall (1990004) on Tuesday April 26, 2011 @03:33PM (#35945820)

      A one-week outage does not make Xbox live better.

      • by xMrFishx (1956084) on Tuesday April 26, 2011 @03:37PM (#35945860)
        On the other hand, PSN can't actually get worse by being down.
      • by Anonymous Coward on Tuesday April 26, 2011 @03:38PM (#35945876)

        It makes just about anything else better, for a week.

      • by elrous0 (869638) *

        No, it doesn't change the respective merits of either online service. But I bet Mikey would still have a seizure if I asked him how his Steam coop play is going.

      • by Bobfrankly1 (1043848) on Tuesday April 26, 2011 @03:48PM (#35946000)

        A one-week outage does not make Xbox live better.

        Yeah, it's not the outage that makes Xbox live better, it's the external intrusion. Nothing quite like an external intrusion into a company that holds your credit/debit card data to make you wish you could pay for better service.

        • by nschubach (922175) on Tuesday April 26, 2011 @03:53PM (#35946090) Journal

          Even if Sony offered a pay service, the same would have likely happened. I don't see the validity in your complaint.

          • Re: (Score:2, Insightful)

            by smelch (1988698)
            There's the whole fact that it is, you know, actually better. Xbox Live is just about fucking perfect. You can bitch all you want about paying less than a WoW subscription to play all of your console games online, but that doesn't make the PSN even close to XBox Live. PSN always makes me feel like I'm playing multiplayer in 1998. I mean that literally not as a slam. I enjoy games from 1998 still. This may have more to do with the fact that Halo has amazing multiplayer if you are in to the game, and there is
          • Re: (Score:3, Funny)

            by GNious (953874)

            Even if Sony offered a pay service[...].

            They should make one ... call it Playstation Plus or something ....

        • Re: (Score:3, Informative)

          by Seumas (6865)

          Sony does offer a paid service. It's called PSN Plus and it's $60/yr. It's the same service with discounts on a few download titles plus automatic patch downloading.

          Having a paid service wouldn't make it any better, anyway. They're not a little startup. It's Sony. I'm pretty sure they can bootstrap a service on their own dime without a significant impact to the bottom line. Especially when it's used to bolster the userbase for their mainline product.

          Also, don't forget when XBOX Live had an outage for . . .

      • by Culture20 (968837)
        It does if the fad is killed with a week of inactivity. I'm reminded of the Simpsons episode where the children go outside after the Krusty the Clown show is canceled. People will find something else fun to do. If Xbox is that other thing, then it is better by default.
      • by harl (84412)

        It doesn't need to be. Before this is was leaps and bounds above PSN. After this is will be leaps and bounds above PSN.

        The PSN is embarrassingly feature poor.

      • by Spewns (1599743)

        A one-week outage does not make Xbox live better.

        Uh, it doesn't? What other console have you owned that locked you out of playing games for a week?

        • I can still play any of my games, and Netflix still works. I just noticed that I couldn't play multiplayer the other day. meh. I'll do something else for a few days.

          It still doesn't make up for the few hundred dollars I'd have spent on Xbox live the past couple of years.

  • Speculation (Score:5, Insightful)

    by Sonny Yatsen (603655) * on Tuesday April 26, 2011 @03:29PM (#35945754) Journal

    I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?

    Also, I've met Dick Blumenthal. He's a very nice man. However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".

    • Re:Speculation (Score:5, Informative)

      by ThePhish (154000) on Tuesday April 26, 2011 @03:45PM (#35945974)

      You are correct, he is not the government...but he was CT's Attorney General for 20 years, and has long championed consumer rights and technology . So, him picking this battle as a freshman senator is technically accurate, but it does not reflect his multi-decade experience in the arena.

    • Re:Speculation (Score:4, Informative)

      by Anonymous Coward on Tuesday April 26, 2011 @04:30PM (#35946574)

      Well, here's some "speculation" from Patrick Seybold // Sr. Director, Corporate Communications & Social Media.

      http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

      "... an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

      Looks pretty bad to me. Anybody that reads and understands the above will never provide their real name or birthdate to a corporation online again. Ever.

      • I always was very hesitant to provide Sony with my credit card. I simply don't trust them. I hate the way the PS3 always tries to dump you into the Playstation Store. It just feels obnoxious and disrespectful. And now hearing about their technical negligence, I am even more happy with my decision. Honestly, I have never had any need or desire to buy anything on PSN.

    • I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?

      When it's that interesting, when there's not much other information to go on, when it's explicitly marked as speculation/hypothesis without any pretense that it's more authoritative than that, AND when the speculation is over something as inconsequential as a videogame network, I don't see any harm.

      -It is exactly the type of story that we would be interested in, moreso if and when it becomes more than speculation.

      -Sony is basically encouraging speculation by keeping tight-lipped about it.

      -Doesn't degr

    • by Hatta (162192)

      Also, I've met Dick Blumenthal. He's a very nice man.

      He's a politician. He has to be personable. That doesn't mean he's nice, just nice to you on the occasion that you met him.

  • Valve (Score:5, Interesting)

    by bazald (886779) <bazald@zeniDEBIANpex.com minus distro> on Tuesday April 26, 2011 @03:42PM (#35945932) Homepage

    It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.

    • by Tukz (664339)

      I'm on this boat as well.
      I see my roommate and several of my steam friends play Portal 2, but I can't log into PSN with my PS3 version to unlock my PC version.

      I'm somewhat surprised that Valve didn't do something about this by now or at least made an official statement, the forum is running rather hot.

  • by ToasterMonkey (467067) on Tuesday April 26, 2011 @03:44PM (#35945960) Homepage

    One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
    He acknowledges that this theory is speculation.

    Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.

    This whole "new media" thing is unconvincing.

    • by H0p313ss (811249)

      nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.

      There was no need to bring the G word into the conversation, that's just uncalled for.

  • by Goffee71 (628501) on Tuesday April 26, 2011 @03:51PM (#35946064) Homepage
    At least Amazon were up front about the failure and remedy for its service... Sony should be learning that lesson - fast! http://www.cmswire.com/cms/enterprise-20/the-aftermath-amazon-ec2-sony-playstation-network-recover-from-cloud-crashes-010954.php [cmswire.com]
    • by Goffee71 (628501) on Tuesday April 26, 2011 @03:58PM (#35946146) Homepage
      Oh, Sony takes that very minute to make full confession:

      Press the NUKE button now!

      Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

      We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.



      Valued PlayStation Network/Qriocity Customer: We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

      Temporarily turned off PlayStation Network and Qriocity services; Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

      We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228. We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. res
      • Also possibly relevant is the PSN Outage FAQ they posted: [link] [playstation.com].
      • by DaveGod (703167)

        For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.

        Thanks for that advice.

        Good to know I should take my sensitive information seriously.

        Thanks for the concern.

        No, really.

        Thanks.

  • by ShaggusMacHaggis (178339) on Tuesday April 26, 2011 @03:57PM (#35946128) Homepage

    "We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.

    Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
    "

    http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ [playstation.com]

    • by xMrFishx (1956084)
      So basically "all your personal data, which we hold, because reams of data is fun, was probably copied by someone." As Barney says, "Good luck out there buddy, you're gonna need it."
  • Take note (Score:3, Interesting)

    by ravyne (858869) on Tuesday April 26, 2011 @04:02PM (#35946192)
    If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.

    What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.

    When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.

    Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.
    • Assuming that that hack is what this is all about, wouldn't it have been simpler to shut off "developer" PSN for however long, rather than all PSN? It's not adding up.

    • Re:Take note (Score:5, Interesting)

      by afidel (530433) on Tuesday April 26, 2011 @04:54PM (#35946836)
      Nope, all personal data stored with your PSN account has been compromised. It's taken this long for the forensic team to verify what people suspected. Everything including name, address, birth date, the answers to your account reset questions (used by *many* sites), email address, and *passwords* (haven't they heard of a f'ing hash!). Obviously Sony has a worst case scenario here and they wanted to be absolutely sure it was as bad as they feared before coming forward. This probably means legal trouble for them in the EU, and it might actually get Congress off their arse to enact some privacy legislation.
      • Re:Take note (Score:4, Insightful)

        by cbhacking (979169) <been_out_cruising-slashdot@yahoo. c o m> on Tuesday April 26, 2011 @05:23PM (#35947096) Homepage Journal

        *passwords* (haven't they heard of a f'ing hash!)

        This is the company that used a constant instead of a random value to feed a critical encryption algorithm in their flagship product. You really think they understand password security? Even if they hashed the passwords, what do you figure the odds are that they salted, much less peppered, them? Apply rainbow tables and go home happy, since i can't imagine many of the users would have bothered with a particularly secure password.

    • by tlhIngan (30335)

      If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.

      It's Sony's custom.

      Think about it. GeoHot did a mostly theoretical demonstration of a possible flaw in the PS3 hardware (RAM glitchi

  • Obligatory... [penny-arcade.com]

  • I can see Sony's response already "These data breaches were caused by unauthorized tampering of proprietary hardware by criminal hackers in violation of federal DMCA laws and has caused considerable and irreparable damage and losses to our networks as well as preventing our users from fully enjoying their console experience in a lawful manner."
  • by Daniel Phillips (238627) on Tuesday April 26, 2011 @04:21PM (#35946472)

    To tell the truth, I do not believe a think Sony says. Sony credibility has fallen to zero, or negative even. So if Sony says their system was brought to its knees by a "console hack" I naturally tend to assume that the real cause was an inside job. And then I go on to speculate about what kind of employee abuse goes on inside Sony that might trigger such a thing, not that I condone it.

  • by Mysteray (713473) on Tuesday April 26, 2011 @04:32PM (#35946606) Homepage
    I'd written a blog post [extendedsubset.com] speculating about a worst-case scenario involving attackers using the leaked firmware signing keys to push a malicious firmware update from Sony's compromised backend servers. Personally, I've disconnected my PS3 from the network until the all-clear sounds from Sony.
  • by Drakkenmensch (1255800) on Tuesday April 26, 2011 @04:37PM (#35946666)
    Bought the two big titles that came out a week ago. Can't play Mortal Kombat on my PS3 because PSN is down. Can't play Portal 2 on my Xbox360 because it red ringed on me. Isn't the latest technology grand?
  • Sony announced today basically all personal info has been comprised by the hacker(s): http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ [playstation.com]
  • Cultural effect? (Score:4, Insightful)

    by vlm (69642) on Tuesday April 26, 2011 @04:46PM (#35946758)

    Lets look at two problems with a Japanese company. PSN down and TEPCO's reactor. Both had similar reactions.

    Silence, followed by small admissions, followed by admissions its much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.

    Is this possibly a Japanese cultural thing?

    • by Prien715 (251944)

      Maybe. One was caused by the worst earthquake in Japanese recorded history* the other was caused by bad security practices.

      The other cultural difference (we'll see how Americanized they became) is that the people responsible may take responsibility and leave in disgrace. If this were America and your name was BP, you'd get a fat bonus check...for you know, performance.

      * Technically, the reactor survived the earthquake but was damaged beyond repair by the tsunami. But the earthquake caused the tsunami er

    • by manaway (53637) * on Tuesday April 26, 2011 @06:45PM (#35947736)

      Lets look at every problem with any company. (E.g. BP Oil spill, Three Mile Island, TEPCO's reactor, Sony's rootkit, Exxon Valdez, Apple's antenna, Microsoft's uhhh everything, various company's spinach, peanuts, milk, salmonella in meat, etc.) They all have similar reactions.

      Silence, followed by small admissions, followed by admissions it's much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.

      Is this possibly a corporate thing?

      Answer: yes

    • Re:Cultural effect? (Score:4, Informative)

      by foetusinc (766466) on Tuesday April 26, 2011 @07:09PM (#35947906)
      Yes - the Japanese as a rule will not speculate on worst case scenarios the way westerners do. They will say what they know has happened or is wrong, not what could be wrong or might have happened. This is often perplexing to both sides, so that they'll think we're being hyperactive or paranoid, and we'll assume they're being obfuscatory or secretive.
    • by doctor_no (214917) on Wednesday April 27, 2011 @12:26AM (#35949850)

      Sorry, but this is plain racist.

      We've had industrial accidents in West as well, as systems that have been hacked into. BP is the most recent example, and Union Carbine's Bhopal disaster is another (which killed 3,700 people and inured close to half a million). Cover ups, slow-response, not very unique to one country or company.

      None of it is "cultural thing". In fact, Sony isn't very Japanese these days, its run by a British-born American, and Western executives pull a lot of sway, especially in the music division, movie studios and Playstation division where a lot of its is centered in the US. Their phone division is split with Ericsson, their music division with Germany's BMG.

  • by tekrat (242117) on Tuesday April 26, 2011 @04:51PM (#35946810) Homepage Journal

    If Sony had never removed "other OS" feature, they would never have encountered the focused rage of the entire enthusiast community.

    Now, it's possible that the Playstation Network, and possibly the entire PS3 platform, is finished.

    You reap what you sow, Sony....

  • Translation :
    newbie outsourced tech typed "sudo rm -rf *.*" and we don't have a backup.

    If Sony ran a supermarket: if one guy was caught shoplifting, they'd close down the supermarket and deny an entire neighborhood any food.

    This is their rootkit fiasco all over again. Deny, deny, deny, blame it on "hackers", don't admit that THEY fucked up.

  • by tekrat (242117) on Tuesday April 26, 2011 @05:20PM (#35947056) Homepage Journal

    The anime film "Summer Wars" predicted this EXACT scenario, except a little more extreme and with more dire consequences, but pretty darn close.

    http://www.anime.com/Summer_Wars/ [anime.com]

  • by Harald Paulsen (621759) on Tuesday April 26, 2011 @06:46PM (#35947750) Homepage

    Does this mean PSN stored passwords in cleartext?

    If the password was hashed I'm not that concerned. You won't find my password in a rainbow-table.

    But if it was unhashed, a looooot of people should change their passwords.

    This XKCD [xkcd.com] comes to mind

RADIO SHACK LEVEL II BASIC READY >_

Working...