Hacker Offers Insight On Sony PSN Breach

Thursday, May 19, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

In late April, Sony announced that the company's PlayStation network servers had been hacked, exposing the records of more than 70 million customers.

During the course of the investigation, Sony discovered that the company's Online Entertainment network had also been compromised, exposing another 25 million customer records.

Sony has yet to release details on the intrusion, but security experts are describing the assault as characteristic of a sophisticated Advanced Persistent Threat operation carried out over several months that exploited multiple vulnerabilities to ultimately gain access to the most sensitive areas of Sony's networks.

"The depths they went indicates that this hack wasn't arbitrary," said Kyle Adams, a former hacker and currently the lead architect at Mykonos Software.

The goal of the operation was most likely to access private customer data including login credentials, billing information, and credit card details.

"They perceive value in the site they're going after. There's a whole lot of value in the data Sony had. There's always a buyer out there," said Adams.

The breaches forced Sony to shut down both the PSN and Online Entertainment networks. Sony has since been the subject of a great deal of criticism regarding the company's delay in notifying authorities and customers of the exposure of account details, as well as for alleged security lapses leading to the breach.

Dr. Gene Spafford offered Congressional testimony that Sony was running outdated and obsolete software on the PlayStation and Online Entertainment Networks, leaving the systems extremely vulnerable to attack. Sony has since denied the allegations.

Adams believes the hackers exploited a vulnerability in the Sony blog apparatus, which was using an older version of Wordpress software that is known to be susceptible to SQL injection exploits.

"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams said.

As far as the perpetrators of the hack, Adams believes the rogue movement Anonymous was most likely not involved, though the group had conducted a distributed denial service (DDoS) attack against the same systems just a few weeks prior to the breach.

Adams does believe that the Anonymous DDoS attack could have ultimately aided the hackers in their operations by exposing vulnerable aspects of the network that may have been utilized in the breach.

"It's possible for another group to go through an open backdoor," Adams said.

Last weekend, Sony began a phased relaunch of the PlayStation Network, complete with updated software and the promise of much higher standards for security.

Reports surfaced late yesterday that the PSN network had experienced another hacker attack, and Sony moved quickly to dispel the rumors by issuing a statement saying that there was no "hack", but the company did temporarily suspend the login page while an "exploit" that would allow unauthorized access to member accounts was patched.

Sony stated, "we temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."

Possibly Related Articles:
15759
Breaches
SQl Injection Wordpress Advanced Persistent Threats Headlines Sony hackers breach PlayStation PSN
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.