Sony PlayStation Network Outage - Day 5

Published: 2011-04-25
Last Updated: 2011-04-25 21:20:07 UTC
by Rob VandenBrink (Version: 1)
15 comment(s)


The Sony PlayStation Network and Qriocity service have been down since Wednesday the 20th. Sony is still working on bringing them back online. Sony is communicating regularly on this - you can find their original and current updates here:

http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/

and

http://blog.us.playstation.com/2011/04/25/psn-update/

Reading between the lines, they seem to be following the methodology for Incident Response, commonly phrased in these steps that I learned in SEC504: 

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned

Given that we're a number of days in, I hope that they are working on later phases of Eradication, making sure that the original attack vector is taken care of so that once they bring the service back online they won't see a recurrance of the event.

Hats off to them - they're doing all the right things, and communicating regularly with their client community as they do it ! I feel for them, given the length of the outage though.

===============

Rob VandenBrink

Metafore

15 comment(s)

Comments

Given that the probable root cause is that they tried to shut the barn door after the code-signing keys got out and ticked off a bunch of people by lawsuitting GeoHot, I'm not sure the correct people learned anything or are doing much right. They effectively painted a big sign on their back reading "Kick Me" and the folks at HBGary Federal learned how well that approach works.

Sony was forewarned a couple of months ago when they started banning modded consoles and people figured out there was a very easy way to turn the process back on Sony and ban virtually anybody.

http://www.neowin.net/news/can-playstation-3-hackers-now-unban-themselves-and-ban-innocent-gamers

"A post on the SKFU blog states that bans are currently based just on user accounts and the PlayStation 3 console IDs. The way around this is that hackers can modify the information that is sent and received by the PlayStation 3, thus they could not only get themselves unbanned, they could in theory, cause innocent users to get a ban.

The theory even goes on to suggest that a simple Windows application could be created that would go through all PlayStation console IDs and get the world's consoles banned in around 24 hours."

An unauthenticated DoS? I wonder what else Sony left unauthenticated.
Huh? Those six steps are just plain common sense. Of course they're doing something along those lines.

As for "communicating regularly" ... Sony aren't particularly renowned for being forthcoming with information. Two or three days between updates is pretty weak, even by their standards.

"Unfortunately, I don’t have an update or timeframe to share at this point in time" ... says it all.
Quite honestly, I have to agree with Bob. Communicating regularly is not something that Sony is good at.

If you happen to follow any of the PS3 discussion boards and research this incident further, you'll note it is alleged by some posters that both personal and credit card information for PSN accounts was breached as well.

Sony needs to address these concerns one way or the other very quickly, as it has been 5+ days since the breach was discovered. That gives someone with the alleged credit card data a pretty good head start at using it, and is making a lot of PSN users very anxious.
Incident Response aside, I hope that during lessons learned they can communicate to 3rd parties the importance of not relying on network login to verify application! I get no Hulu on PS3 during this outage :( and they use both Hulu authentication AND PSNet authentication to start up application.
Some speculation on the actual incident itself here:
http://www.escapistmagazine.com/news/view/109545-Speculation-About-PSN-Outage-Turns-to-Custom-Firmware
Sony have confirmed they were hacked as well as what details were taken (basically everything) - http://blog.eu.playstation.com/2011/04/26/psnqriocity-service-update/
I wonder where the is going to shake out in comparison to the T.J. Maxx compromise in 2007? And 6+ frickin' days to publicly advise that credit card information may have been (it's only posted on the EU website)? T.J. Maxx mostly only affected North American (err.. American) customers. This one here is world wide.

I'm some glad I only gave only the mandatory required info when I created my account, and didn't use my primary email of my email.

Wow - what an ugly mess! No amount of PR is going to help them with this.
This is why I use a Discover Card for online purchases. Their "secure online account numbers" give you a unique card number linked to your real account, but it can only be used by the original place it was used. Steal it all you want, just be sure you can process the charge through the company you hacked.

70 million compromised according to some reports. This will keep Verizon's 2010 report conclusions from being used in their 2011 report. :-)
Citibank has "Virtual Account Numbers" as well which are generated on the fly. Only good for the remainder of the month, and only good at that particular merchant....been using those for years.....
I just came across this article. PII was apparently stolen. Hopefully this will get vetted shortly

http://kotaku.com/#!5795913/sony-comes-clean-playstation-network-hackers-have-stolen-personal-data

Diary Archives