Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Sony Games

Sony Online Entertainment Services Follow PSN Down 184

nam37 writes "Sony Online Entertainment's various services seem to be down and a message on the official site does not give much information on the particulars. According to a short post on the site, the services were taken down after an investigation revealed a deeper 'intrusion' than expected at first. This is the first we have heard that Sony's MMORPG arm had some sort of security breach. This could be part of Sony's plans to beef up security for the PlayStation Network, but this message seems to indicate that something more serious going on."
This discussion has been archived. No new comments can be posted.

Sony Online Entertainment Services Follow PSN Down

Comments Filter:
  • by Anonymous Coward

    Time to throw in the towel Sony. Epic fail.

    • No, Sony should have been gone a while ago. Perhaps this will be the push over the edge they need and can never fully recover.

    • I'm no Sony apologist, I've boycotted them for over a decade; However: Microsoft could have the same sort of breach tomorrow.

      Now I'm an XBox live user, I've used the service for years, and have purchased a large collection of indie games from the arcade (All of which I can re-download at no extra charge, btw).

      If MS had this level of security breach tomorrow, why THERE'S NO F'ING WAY HACKERS COULD GET MY CREDIT CARD NUMBER. It's not that MS has such awesome security, it's that I do, and MS gave me the

      • Credit cards have more security than a debit card, though it sounds like you're using a prepaid card. Assuming your identity isn't totally hosed and they only got a credit card number, you can call the bank and cancel it pretty quickly and are not liable for fraudulent charges.

        That's the main reason this Sony breach hasn't gotten me too bothered. They got already public information and a password hash (Sony updated their site to say that indeed they were hashed). I don't use the passwords elsewhere so not r

  • Sony really needs to get better at communicating with their users and the press about these issues. Leaving everyone in the dark just fuels speculation and makes for infuriated consumers. Just give us a high-level explanation of what is happening and a reasonable estimate of how long it will take to fix, please, and stop jerking us around.
    • by Sir_Sri ( 199544 ) on Monday May 02, 2011 @09:57AM (#36000360)

      from the sounds of it they don't have a high level explanation to give. There may be cultural things about not explaining how exactly you fucked up that go with it too, but given that we're seeing this quite a bit later than the initial breach it seems like they may still be figuring out just how bad things are.

      • I do think there's some sort of disconnect, perhaps cultural. Sony has done a great deal to incur the wrath of an awful lot of geeky people, and their failure to understand that aspect of the market may be their downfall.
        • Comment removed (Score:5, Insightful)

          by account_deleted ( 4530225 ) on Monday May 02, 2011 @10:20AM (#36000568)
          Comment removed based on user account deletion
          • Yeah, I've ranted about Sony before with great vigor but have still purchased several Sony products after swearing to stay away. And they actually ripped me off directly so I've got reason to dislike them. "Oh, if that was an out-of-warranty repair, it would cost $$$ but, since you broke it, the repair will cost $$$+50." Because, every once in a while, they produce the exact product that I want which outshines the competition in some way. I've got my Sony ebook reader (because it was more open than the

            • I feel ya. I am REALLY pissed at Sony about the events of the last few years, but i LOVE my playstation 3. Hardware wise its the best console hands down, no question. It has the same charms that made me love my Walkman and Discman and my 32" Sony Trinitron. (which was a beast for its time). I HATE the things that Sony does, but they can at times make sublime hardware.
              • Hardware wise its the best console hands down, no question.

                Sure, if you don't include the stats on reliability. If you do, then the Wii would spank both the Xbox 360 and the PS3.

                • I have head of exactly ZERO PS3 failures of people in my social circle, but almost EVERY Xbox 360 owner i know has had to replace it at the bare minimum once. There is no argument that the PS3 is the best piece of hardware in this current generation. To be quite frank its not even fair to add the Wii to that comparison because the Wii is a Gamecube on steroids. They took an existing chipset, ran up the clock and called it good. Hardware wise the Wii is a joke. Hence why they are launching first in this ro
            • Yeah, I've ranted about Sony before with great vigor but have still purchased several Sony products after swearing to stay away. Because, every once in a while, they produce the exact product that I want which outshines the competition in some way.

              Every once in a while, Sony makes something that I want, but I want not to be screwed by Sony more. If they ever make anything I need, and a competitor makes something that pales in comparison, bt works the way I need with a little fiddling, then I'll buy the lesser product. If the item is unique to Sony and I merely want it, then I'll do without.

          • by Sir_Sri ( 199544 )

            The thing is, until we know *who* did the hacking it's hard to fault Sony for anything other than their failure to disclose, and even that is tough since they don't seem to quite know what's going on.

            No matter how good you are at security, it's always possible someone can compromise your data (see the RSA hack for example). Within an organization there are always people you trust, no matter how much that is 'trust but verify' it's simply impossible to secure everything. People can be bribed, the best secu

    • by Anonymous Coward

      Hirai or some other high ranking executive, footage be posted to Failblog and Youtube, then we reconsider, thank you.

    • Just give us a high-level explanation of what is happening and a reasonable estimate of how long it will take to fix, please, and stop jerking us around.

      This is Sony. You may be waiting a while on that bit.

    • by Plekto ( 1018050 )

      It's important to remember that Sony is a Typical Old-School Japanese Company (tm) that operates as such. So PR is always a high priority and when it does have a problem, it never admits to anything if it can help it. When they do, it's glacially slow as management is convinced of its own greatness and as such sees every problem as either not initially serious or something that can be fixed quickly by delegating the task to the workers and telling them to get it done. Expect to never officially know the

  • by Anonymous Coward on Monday May 02, 2011 @09:48AM (#36000246)

    Someone tried to play a Sony music CD in one of their Windows servers during a maintenance window, and the SBRK (Sony-blessed rootkit) decided it had found some pirate MP3...

    • by medv4380 ( 1604309 ) on Monday May 02, 2011 @10:17AM (#36000526)
      Now that would be funny. What would be funnier would be if they actually used the same master key for PSN and Sony Online that was in the PS3.
    • No need for the "found mp3" scenario. IIRC, the Sony rootkit opened up remote exploits. Listening to a Sony CD on a windows server (without autoplay turned off!?) would be asking for trouble. I wish it were true though; it sounds so poetic.
    • by Nyder ( 754090 )

      Someone tried to play a Sony music CD in one of their Windows servers during a maintenance window, and the SBRK (Sony-blessed rootkit) decided it had found some pirate MP3...

      That would be funnier if the same joke wasn't reused from the PSN network down story.

  • by vlm ( 69642 ) on Monday May 02, 2011 @09:49AM (#36000260)

    Bury that thing in concrete, push it into the ocean, or inject seawater.
    Every day, they admit its getting a little bit worse. Just a teenie tiny little itty bitty bit worse.
    It might take months, years, maybe, but we'll finally learn its a complete utter disaster.
    They are doing a good job of keeping themselves in the news by releasing a little bad news each day. No such thing as bad publicity, I guess.
    Oh wait, were we talking about Sony or the reactors here?

    • by hduff ( 570443 )

      Every day, they admit its getting a little bit worse. Just a teenie tiny little itty bitty bit worse.
      Oh wait, were we talking about Sony or the reactors here?

      Talking about the Sony nuclear reactors, of course. Built like the Titanic, they are the pride of Sony.

  • They sold the info and covered it up with this 'break in' ruse to avoid possible criminal charges..

    • by Khyber ( 864651 )

      That's not going to stop criminal charges once it's revealed their security was so lackluster AND the fact they violated PCI-DSS and multiple Data Protection Laws in multiple countries.

  • Sony email (Score:5, Interesting)

    by symes ( 835608 ) on Monday May 02, 2011 @09:53AM (#36000308) Journal

    I received an email yesterday evening from Sony (presumably) to say that all the info I had given them might have been accessed. Funny thing is, although I have a PS3 I've never signed up to PSN, and would certainly not have provided the email address that I received the email on. I have, however, given sony my details when registering Sony products, warranties and so on. So I'm thinking that either that email from Sony was a scam, but there was no real scam element to it, or there is something a lot more serious going on. Maybe I'm paranoid.

    • by Anonymous Coward

      I purchased a computer back in the day, Pentium 75. Did the 100 free AOL hours, having never given AOL my credit card for the trial.
      All of a sudden, the charges are showing up on my card.
      CompUSA gave AOL the card number that I used to purchase the machine.
      Apparently they are "partners" and I gave permission to share that information.

  • by Anonymous Coward

    We can find the password and take it out, but it might help to beef up security.
    Oh. Beef up, huh?
    How about screwed up?
    We did all that and he broke in again.
      - Wargames

  • by elrous0 ( 869638 ) * on Monday May 02, 2011 @09:57AM (#36000356)

    That will really piss off dozens of people, you know.

    • by Tridus ( 79566 )

      I'm sure all five Vanguard players are furious too. Boycott!!!

    • by fallen1 ( 230220 )

      Hey, maybe during the downtime someone will pull an old backup and put Star Wars Galaxies back to pre-CU status! I'd actually play the game again, then.

      Yes, yes, I know - it needed some work back then. It did not need the Combat Upgrade and New Game Enhancement that was, basically, tossed to the masses and then SOE tells everyone "Deal with it."

    • I think SOE did enough damage to the people who played SWG without also losing their credit cards 5 years later
  • Vigilante Justice (Score:5, Interesting)

    by mlwmohawk ( 801821 ) on Monday May 02, 2011 @09:59AM (#36000376)

    I'm sure no one believes that this is not an example of vigilante justice being played out against Sony. This is deeply concerning.

    As police, lawmakers, judges, and governments become more and more puppets of corporate interests at the expense of the rights of citizens, I fear that vigilante justice will be the only avenue through which to seek justice. The basis of a working society is a working justice system. If citizens can not find justice officially, then they will find it unofficially.

    I am reminded of a quote from "Young Frankenstein" "A riot is an ugly thing, and I think it is just about time we had one."

    • How is fucking over tens of millions of people "justice"? If anything, it'll only get their backs up and give more support to companies like Sony going after those purporting to be speaking for the "common man".
      • by ElectricTurtle ( 1171201 ) on Monday May 02, 2011 @10:30AM (#36000664)
        I think you might want to reexamine the history of high-profile robberies. People like Bonnie and Clyde or D. B. Cooper are romanticized, aggrandized, and sometimes in some circles elevated even to folk heroes. So long as it doesn't personally affect them, people frequently think that daring acts, even crimes, are admirable. Human nature can take some interesting twists.
        • "So long as it doesn't personally affect them"

          Key words here.

          A few people have already reported unauthorized credit card usage following the PS3 break-in.
          No word on anything widespread yet, but it's more likely going to lead to a rash of cases of identity theft.
          So yes, this will effect people personally.

          However, I don't think this will make people cling harder to corporate interests, rather I think it will make them more suspicious and less trusting of corporations and web services in general. Just look at

      • How is fucking over tens of millions of people "justice"? If anything, it'll only get their backs up and give more support to companies like Sony going after those purporting to be speaking for the "common man".

        Collateral damage.

        How many innocent lives were lost in the quest for Osama Bin Laden? Sadam? Al Capone?

    • by Attila Dimedici ( 1036002 ) on Monday May 02, 2011 @10:13AM (#36000474)
      I do not believe that this is an example of vigilante justice. I believe that it may be an example of vigilante justice. However, simple criminal greed would also explain what happened here. It is possible that some criminal hacker targeted Sony because they thought there was a particluar weakness in Sony's security that they could take advantage of and, that of the likely targets, Sony was the one most likely to yeild a large amount of profitable information. Of course, it could also be someone who targeted Sony because of Sony's various transgressions and figured that anyone who did business with Sony deserved to be ripped off. At this point, there is insufficient evidence to reach a conclusion.
      • I don't think it is merely "criminal greed," If it were simply greed, they would not have brought down the system. A "thief" would not want to leave any indication that they were ever there. A person who steals for greed or need seldom goes out of their way to damage. A person who defaces things will also steal, but the motivation isn't merely greed, there is retribution involved.

        • Sony claims that THEY took down the system after they discovered the breach, presumably to mitigate the damages. Assuming this is true, it makes criminal greed infinitely more believable than mob justice.
          • Sony claims that THEY took down the system after they discovered the breach

            This is something I find funny. I've worked on a number of high scale systems and have yet to see one that truly has the ability to track access violations. We have one of two possibilities to consider: (1) Sony has a system that can detect and report a data breach, yet, is taking them weeks to fix or (2) Sony is lying to save face.

            Ummm, I know which scenario is most likely.

            • Credit card companies have LOTS of systems to track violations. My bet would be that one of those companies warned Sony and then panic ensued.

        • Sony claims to have taken down the systems themselves. You claim in a later post that you think it improbable that Somy was able to detect the data breach and yet have to take an extended time to fix the problem. This does not seem at all improbable to me. There have been several cases where companies have reported data breaches where the companies were not particularly computer savvy. It does not seem at all improbable that Sony became aware that there had been a data breach but was not sure (or maybe flat
        • What if it were a thief looking to take advantage of an opportune time. Lets say group A. and group B, are 2 completely unrelated groups, never met, never communicated, A dosn't even know B exists. Group A is a hacktivism group, group B. Greedy thieves. Hacktivists make as much noise, do as much collateral damage as they possibly can, group B notices the security is extremely distracted in dealing with group A, and sees a perfect opportunity to move in and steal information.
      • Comment removed based on user account deletion
        • by mlwmohawk ( 801821 ) on Monday May 02, 2011 @10:34AM (#36000716)

          Sony pissed off a lot of geeks, many of whom are smart and amoral

          I think it is too easy to dismiss hackers as "amoral." I think very much it it probably not the case. I think hackers probably consider themselves as very "moral."

          The problem with morality is that it is a subjective term.

          • The problem with morality is that it is a subjective term.

            No. No, it's not.

            • The problem with morality is that it is a subjective term.

              No. No, it's not.

              So, you find girls in bikinis morally offensive? Do you think woman who have sex out of wedlock should be stoned to death?

              To some people, these are moral questions and obviously affirmative.

            • by chinakow ( 83588 )

              "No. No, it's not."

              Not subjective? Okay try this one on. Assume it is a bad thing to lie. Now assume you are Oskar Schindler and smuggling a hundred Jews out of Germany on a boat during WWII. Nazis board you boat and ask if you have any Jews on board. Are you saying that there is no subjective room to wiggle in a gigantic lie at this point?

              Yes, I am well aware of Godwin's Law [wikipedia.org].

      • I believe that it may be an example of vigilante justice. However, simple criminal greed would also explain what happened here.

        Are these really mutually exclusive? Lots of comments here seem to break down into the hackers being (a) righteous vigilantes handing Sony their just desserts or (b) thieves and hooligans. There's nothing about having a legitimate complaint against a major corporation that prevents you from being a greedy sociopath.

      • It could be both. They wanted to rip a company off, and they just picked the one whose head was sticking up the highest from among the crowd.

        After all, people keep breaking Sony's security in their products. They probably figured it'd give them a head start.

    • I'm sure no one believes that this is not an example of vigilante justice being played out against Sony. This is deeply concerning.

      I don't believe it is. This is too big, and too deep an intrusion to simply be people trying to get back at Sony for being royal assholes. This has all the makings of a large-scale criminal hack with the intention of obtaining lots of information on Sony's customers and (at least hopefully) their credit card information. And there have been reports from people that claim that the credit cards they used with PSN have been seeing unauthorized charges, so it's possible that those responsible for the break-i

      • None of the "evidence" you are using actually suggests that this is anything other than vigilante justice. You'd want to use the credit cards, or give them to someone who would, to have the maximum impact.

  • All Your Base Are Belong to Us

    / obligatory

  • by Andy Smith ( 55346 ) on Monday May 02, 2011 @10:18AM (#36000544)

    The voices in my head keep saying words like karma, comeuppance, just deserts... and then laughing maniacally. We live in an age when large companies can no longer treat people badly with impunity.

    (*) Yes only one 's' in deserts.

  • karma is in overdrive it seems.
  • Not surprising (Score:5, Interesting)

    by j1976 ( 618621 ) on Monday May 02, 2011 @10:25AM (#36000630)

    I have gotten my SOE account "hacked" (using SOE's terms). So has a close friend, and several other people I know of. Ok, if it had only been me I would have assumed it was an isolated incident even though I can't even begin to guess how my password got out in the wild. When this many people got their accounts taken over in such a limited time, I do no longer believe this was a problem on my side. However, trying to get anything other than "update your antivirus" out of the SOE customer support is an exercise in futility.

    My qualified guess is that the recent security breaches aren't in any way exceptions: Most likely Sony/SOE have had security problems for several months now and have tried to keep a lid on it. But as said, that's just my guess.

    • Doesn't SOE offer some kind of security token like Blizzard does?

      Hell, Blizzard only has two games that require an online presence... SOE's entire business model is based around it!

    • My qualified guess is that the recent security breaches aren't in any way exceptions: Most likely Sony/SOE have had security problems for several months now and have tried to keep a lid on it. But as said, that's just my guess.

      More likely they've been compromised for several months and either didn't know it, or refused to believe the reports of hacked accounts/etc. were anything other than customers being stupid.

      • As someone who used to deal with SOE customer support until I got fed up and stopped giving the idiots money, I can believe this theory 100%.

    • by sarysa ( 1089739 )
      I don't know which way to reply to this video, so I'll reply both ways:

      1. They offered us their heads in traditional fashion, and we didn't take them?

      2. Apparently all hackers operate deep within a cave, lit only by their own LCD screen, are in their mid 40's, male, wear glasses, and type in a non-frenetic pace. And most definitely, hackers never have mountain dew, pop tarts, or gamer swag in background.
  • by medv4380 ( 1604309 ) on Monday May 02, 2011 @10:38AM (#36000754)
    Did Sony use the same PS3 root key to encrypt their password files or is their a simpler bonehead explanation.
  • Many months ago (Score:5, Interesting)

    by __aaqvdr516 ( 975138 ) on Monday May 02, 2011 @10:40AM (#36000782)

    A few months ago my Station account was hacked. I had not used it in around 5 years. On that day my SWG account was reactivated with a monthly subscription using a credit card with my name on the account. The credit card had an address listed in a state I've never lived in. I saw the same story in forum threads when I was looking for information on how this happened.

    I'm betting that they've been testing the water with the accounts they scraped for months.

  • by AftanGustur ( 7715 ) on Monday May 02, 2011 @11:03AM (#36001024) Homepage

    Sony puts some basic PSN services back online.. and in the process opens for DNS services for top-secure servers behind 4 firewalls (as could be seen in the Sony slides)..

    This allows malicious code running on those servers to resolve the name of the C&C servers and start beaconing out ..

    Security specialists on site see it, say WTF!, and shut the whole network down ..

  • TFA/TFS:

    investigation revealed a deeper "intrusion" than expected

    Parapraxis [wikipedia.org] or did they actually expected to be hacked, only not that "deep"?

    If the second, then Suck Fony [wikipedia.org] (actually, doesn't matter if the first or the second, thuck fem anyway).

  • Anyone else recall reading something about Sony moving the servers to a different physical location as part of the cleanup? Sounded like part of an inside job with not much to do with leet crackers.
  • OK I just watch the anime: Ghost in the Shell: Stand Alone Complex Solid State Society.

    Story reminded me me of Section 9, investigating some servers, but it was a virus trap... They were unable to shut down, controls unresponsive...

    Break the glass and grab the fire axe, now find a power conduit and start chopping! :)

    (Envisioned some roided out Sony Exec breathing heavy wielding a huge axe standing over sparking freshly cut power cable...)

  • I never believed in karma, but this is making me rethink it. :-)

    Sony is reaping what they've sown. I can't say I feel bad for them, nor for Sony shareholders. They've been too greedy for too long, between root kits, proprietary connectors and memory cards, eliminating the UMD from the PSP, unreasonable DRM on blu-ray, and now apparently the straw that broke the camel's back was the bait-and-switch they tried to pull with the Playstation. They're only getting what they deserve after they've been screwing cu

  • A few days before the hack was noticed, over 200 SoE employees were laid off. It could be that Sony noticed that the PSN hack came from the SoE department, not that SoE itself was hacked.

  • Sony has updated the page with a full notification of what happened, see: http://www.soe.com/securityupdate/ [soe.com]

    "Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the f

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...