Sony has offered new details on the cyber-attack that compromised account details of nearly 100 million users of its online gaming and music services -- and casts suspicion on the hacker collective Anonymous.
In a letter to Congress signed by the number two man at Sony Computer Entertainment America, Kazuo Hirai, the company gave a timeline of the attacks. The letter reveals that while the suspicious activity was discovered in their systems on April 19 it took another day to figure out what was wrong. Sony technicians shut the PlayStation Network and Qriocity services down soon after that. When a similar breach was discovered on the Sony Online Entertainment's systems, those were shut down as well.
So far nobody has publicly identified the source of the hacking attacks. But Sony noted in its letter that they came soon after a string of denial of service (DoS) attacks from the hacker collective Anonymous. The hackers left a file in the system with the words we are legion, which is part of the group's motto.
Anonymous, however, said they were not behind the intrusion. On April 22 the collective put out a release that says, For Once We Didn't Do It, though it also states rogue members might try attacking Sony.
Sony hasn't given any details of how the breach happened, in part because the company says it might expose vulnerabilities of other companies as well. The data stolen from the PlayStation Network was the login information including the passwords, as well as name, address and birth dates. Similar information, though on a smaller scale, was taken from Sony Online Entertainment's servers. The credit card data is encrypted. The personal data is not (though the passwords are hashed, or turned into strings of coded characters).
No credit card companies have reported any new fraudulent activity. But there are 12.3 million credit card numbers in the PSN systems, with 5.6 million of them in the United States.
According to the letter, Sony discovered its systems had been broken into on April 19 at about 7:15 p.m. Eastern Time, or 9:15 a.m. on April 20 in Japan. Several PSN servers rebooted themselves, and there was a lot of unplanned activity. That raised the suspicions of Sony technicians who started looking at logs to see if there was a problem.
By the next day, they found evidence of a hack. They didn't know what kind of data was stolen, but they decided to shut the PSN down to prevent any further intrusions. Meanwhile, the company hired a security firm to do some forensic analysis. On April 21, a second security consulting firm was taken on, as the analysis grew so complex more people were needed. The PSN, Sony says, is a complex network, with 130 servers and 50 programs running on it, in addition to 77 million users.
On April 22 Sony finished mirroring nine of the 10 servers suspected of being hacked. By April 23 the investigators confirmed that intruders had used sophisticated and aggressive techniques to get into the systems. They were smart enough to delete log files to hide their activity, and give themselves high-level privileges within the servers. That prompted hiring a third security consulting firm. It took another two days to find the scope of the data that had been stolen.
The same day, Sony notified the Federal Bureau of Investigation that their systems had been broken into. The company set up a meeting with the FBI on April 27. The day before that meeting was scheduled to take place, Sony Network Entertainment America and Sony Computer Entertainment America decided to tell the public about what had happened.
Sony outlined plans to improve security, and has a Welcome Back plan in place to entice customers to stay, involving free downloads and service time. The improved security centers on adding better automatic monitoring, more encryption of data, and more firewalls. Sony will also hire a chief information security officer and expedite a move to a new data center.