Third attack against Sony planned

Sony has quite a bit of work on their hands trying to restore the PlayStation Network by the end of this week and dealing with a possible breach of customers' credit card details thanks to a string of attacks from an unknown group of hackers. While they're dealing with service restoration and a $1 billion lawsuit, they've got another problem on their hands - the same hackers that broke into the PlayStation Network and led to the two week-long shutdown of PSN, Qriocity, and Sony Online Entertainment servers are back for more attacks.

According to a CNET source, hackers in an IRC channel are planning this retaliation in what they see as Sony's poor response to patching up their servers. Their plans won't win them any support from affected customers, unfortunately - they're planning to make public any information they can copy from the servers. That includes names of customers, addresses, and even credit card numbers. The hackers claim they currently have access to a few of Sony's servers, despite Sony's work around the clock to plug up any security breaches.

It is not clear who is behind this most recent plan. Sony has pointed a finger at Anonymous earlier this week, although the decentralized group's "leadership" continues to maintain that they are not interested in engaging in credit card theft.

If the threats continue to hold water, the attacks may happen this weekend.

Report a problem with article
Previous Story

Playstation Network getting closer to restoration

Next Story

Red Robin forces phone number as password, says not to share

64 Comments

Commenting is disabled on this article.

i'm a PC and xbox user myself but i think its very childish to gloat at sony's misfortune . I don't think the hackers will be quite so smug when they are staring down a long term jail sentence. I would be surprised if they arent caught and sitting in a jail cell for a long time. They only have to catch one of them and i'm pretty sure they will start singing like a canary when faced with 10-20 years.

Do people read the statement theyt made? YHes personal info was left in plain text. but ~Credit Card info was nmot. and the security code was not left or saved. So with the verified by visa security on every website, good luck on buying stuff?
Plus it isnt just Sony's data being attacked atm, there was a store about xfactor's personal data being hacked.
So proof it can happen to anyone l, no matter how big or how much money they get. Could be Microsoft next Seeing as everybody has to pay monthly using there creditcard.. Why wouldnt they try hacking Microsoft next, they would have a feild day with all the details.

samo123_uk said,
Do people read the statement theyt made? YHes personal info was left in plain text. but ~Credit Card info was nmot. and the security code was not left or saved. So with the verified by visa security on every website, good luck on buying stuff?
Plus it isnt just Sony's data being attacked atm, there was a store about xfactor's personal data being hacked.
So proof it can happen to anyone l, no matter how big or how much money they get. Could be Microsoft next Seeing as everybody has to pay monthly using there creditcard.. Why wouldnt they try hacking Microsoft next, they would have a feild day with all the details.

MS can 'use' those military encryptions if they want, but how often do US military servers/networks get hacked? oh yea.. frankly quite often

If Sony did indeed rebuild their network infrastructure with an emphasis on security, then they shouldn't have much to worry about. White hat > Black hat. Let this be a lesson to Sony; don't remove features you sell with your products (i.e. otherOs).

Jakal said,
If Sony did indeed rebuild their network infrastructure with an emphasis on security, then they shouldn't have much to worry about. White hat > Black hat. Let this be a lesson to Sony; don't remove features you sell with your products (i.e. otherOs).

then dont update your PS3 and you could still use OtherOS. Your choice wether to use OtherOS or PSN. Go blaim the people that been trying to hack the system for the removal of OtherOS.

Shadowzz said,

then dont update your PS3 and you could still use OtherOS. Your choice wether to use OtherOS or PSN. Go blaim the people that been trying to hack the system for the removal of OtherOS.
It shouldn't come down to a choice, as OtherOs and PSN are features that were sold with the PS3. You wouldn't expect to buy a brand new car, then have the manufacturer tell you that you have a choice of keeping the CD Player or the Air Conditioning, but not both.

Jakal said,
It shouldn't come down to a choice, as OtherOs and PSN are features that were sold with the PS3. You wouldn't expect to buy a brand new car, then have the manufacturer tell you that you have a choice of keeping the CD Player or the Air Conditioning, but not both.

Not anywhere close. OTHER OS was *never* a major feature or selling point.

Not to mention, what about all the other features Sony ADDED? All I hear about is the "Other OS", and quite frankly, it was stupid for people to buy it solely as a Linux machine.

perochan said,
whoever is doing this should STOP NOW! my ps3 is collecting dusts... and i need to use PSN...

They have probably stopped after reading this comment, good job.

They should fix the problem but damn, i didn't buy a 399 dollar system to have it sit there and not be able to get online. Hopefully they'll catch this ******** doing it and throw his ass in jail. Thankfully i've got my 360 to keep me occupied, all the PS3 is good for right now is Blu-Ray...

If Sony fail to protect their stuff, then hell with the PS3 and PSN, I will be selling my PS3 and closing any CC related to it getting to a point where I am faith in them shaken ... I find it ridiculous that a corporation of Sony's stature is finding it difficult to plug the holes. If console security is a problem they release firmware updates instantly pretty much and patch the console. If customer information security is a problem they find it hard to plug the holes...

When you have other's personal information stored in a plain text file, instead of an highly encrypted data file, then this is what happens....fail more Sony.

Quite frankly, Sony shouldn't be allowed to run any form of on-line activity until they can demonstrate that they are capable of running it competently and securely.

Quite frankly, Sony shouldn't be allowed to run any form of on-line activity until they can demonstrate that they are capable of running it competently and securely.

Ricardo Dawkins said,
Maybe SONY should ask Microsoft about a deal for placing Xbox Live in their Playstation devices.

+2

Maybe Microsoft should create a disc that installs xbox live and the dashboard (optional) so people can enjoy one great service and still be able to play PS3 games.

Peter van Dam said,

+2

Maybe Microsoft should create a disc that installs xbox live and the dashboard (optional) so people can enjoy one great service and still be able to play PS3 games.

Why would Sony want to do that? The moment you can use Xbox Live on their system, you can just as easily ditch PSN along with your PSN+ subscription (If paying for one) considering how XBL would have more users than PSN.

NeoNut said,
They should create a GUI interface using Visual Basic…see if they can track an IP address

Is that before or after i've distracted them whilst you ping their IP address?

Got to love CSI.

NeoNut said,
They should create a GUI interface using Visual Basic…see if they can track an IP address

On IRC? Good luck, it's a hackers' paradise where nothing is logged...like ships in the ocean.
-Numb3rs if I remember correctly

smooth_criminal1990 said,

On IRC? Good luck, it's a hackers' paradise where nothing is logged...like ships in the ocean.
-Numb3rs if I remember correctly

Wrong. Been an IRC Admin, so I know exactly how much logging you can have enabled. Heck, you can even log PMs (though most don't). Now, if the admins of the network in question advertise that they don't log anything at all, that's an entirely different matter, but worst case scenario, an IRC Admin will be able to pull an IP address based solely off a timestamp + IRC nickname.

Sony took away advertised features like PS2 compatibility and OS install after some people paid $600 for a PS3. They've embedded rootkits in their CDs without even telling their customers, then denied responsibility when their rootkits created security vulnerabilities and destroyed OS installs to the point that the OS had to be reinstalled. They sued an individual for taking apart a product he paid for and talking about it online. And now they've had to learn the hard way what happens when you don't implement proper security practices in your data center.
Sony has preyed on, taken advantage of, deceived, ripped off, and stolen from its customers enough over the past decade. It's about time the people get to take something back from them.

xpxp2002 said,
Sony took away advertised features like PS2 compatibility and OS install after some people paid $600 for a PS3. They've embedded rootkits in their CDs without even telling their customers, then denied responsibility when their rootkits created security vulnerabilities and destroyed OS installs to the point that the OS had to be reinstalled. They sued an individual for taking apart a product he paid for and talking about it online. And now they've had to learn the hard way what happens when you don't implement proper security practices in your data center.
Sony has preyed on, taken advantage of, deceived, ripped off, and stolen from its customers enough over the past decade. It's about time the people get to take something back from them.

My PS3 still plays PS2 games. Just saying.

xpxp2002 said,
Sony took away advertised features like PS2 compatibility and OS install after some people paid $600 for a PS3. They've embedded rootkits in their CDs without even telling their customers, then denied responsibility when their rootkits created security vulnerabilities and destroyed OS installs to the point that the OS had to be reinstalled. They sued an individual for taking apart a product he paid for and talking about it online. And now they've had to learn the hard way what happens when you don't implement proper security practices in your data center.
Sony has preyed on, taken advantage of, deceived, ripped off, and stolen from its customers enough over the past decade. It's about time the people get to take something back from them.

With some part I agree with you. Those rootkits on cd's is the worst thing companies can do. They should have been paying tons of money for spreading virusses, but for some reason gouverments think it's ok when a big company like sony does such thing.

But I do agree with Sony and Microsoft for protecting their products against piracy, and you can make it sound nice, but all those other os crap is simply for pirating games. You can't deny it. And many of those pirates destroy everything what is good in online multiplayer.

So you are against sony and microsoft for doing their best to prevent that from happening? Just a few games are really making money these years, companies spending millions on it to make. And you think it's ok for people to just download those games illegaly and use it on 'their' ps3. Thats just wrong.

However, used games however are in my opinion the solution, and those basterds like EA games asking for money when somone sold their game is just plain stupid.

NeoTrunks said,

My PS3 still plays PS2 games. Just saying.


Yup, then go buy an old Fatboy, its just the slim that doesnt play PS2 games.

And for xpxp2002, if hackers didnt attempt to break the PS3, they wouldnt have removed the OtherOS function. And in europe they did NOT advertise with OtherOS at all, it was just in the featurelist at that time.
and want to keep it? FINE your own choice and keep it, then do not update your PS3 and then dont complain on the internet they took your precious OtherOS functionality.

day2die said,
Since Anonymous is a decentralized group, anyone can claim to "Anonymous".

Which indeed is the paradox of "AnonOps" not being responsible. Who the hell cares if "AnonOps" isn't responsible if it really turns out to be that some kid under the moniker of "Anonymous" decided to do it?

Back to square one. Scapegoat, scapegoat, scapegoat.

Sony isn't any smarter in all this, but Anon isn't exactly the "rush-in-there-and-save-the-day" type of hero either.

as bad as this news is, lets look at the bright side. lets say these hackers are just telling sony where to shove it because of the lawsuits. I am not agreeing or disagreeing with either side... but I am very proud that there are talented people out there who will make their voice be heard one way or another without resorting to outright violence.

and honestly 2 weeks off PSN means 2 weeks out in the sun. it's really NOT that big of a deal.

more power to whoever is making their statement. the internet needs to decide how we will voice our opinions in the future when starting a topic on a forum just isn't enough.

User info and old credit card info out in the wild... Yea to making their voice heard. So in the future if some company you use has the same thing happen to it will you be proud of people making their voices heard while you call your credit/debit card company?

What statement does stealing customer data make exactly, bearing in mind credit card data is for sale according to some reports?
Its not Sony's board of directors data that was taken.

capr said,
as bad as this news is, lets look at the bright side. lets say these hackers are just telling sony where to shove it because of the lawsuits. I am not agreeing or disagreeing with either side... but I am very proud that there are talented people out there who will make their voice be heard one way or another without resorting to outright violence.

and honestly 2 weeks off PSN means 2 weeks out in the sun. it's really NOT that big of a deal.

more power to whoever is making their statement. the internet needs to decide how we will voice our opinions in the future when starting a topic on a forum just isn't enough.

So in other words, if someone walks into a mall, shoots around killing tons of innocents, it's ok as long as he leaves a note saying "I don't like the yellow wall"?

thommcg said,
What statement does stealing customer data make exactly, bearing in mind credit card data is for sale according to some reports?
Its not Sony's board of directors data that was taken.

It tells Sony to get off their backsides and patch their servers properly.

If they'd done that in the first place, these attacks might not have happened, or might not have been as bad.

Yikes. This is getting insane. I double-checked on Sony's website to see if I have any account info with them, and thankfully do not. Hopefully Sony makes sure their user info is bulletproof before taunting and annoying hackers in the future.

NateB1 said,
Yikes. This is getting insane. I double-checked on Sony's website to see if I have any account info with them, and thankfully do not. Hopefully Sony makes sure their user info is bulletproof before taunting and annoying hackers in the future.

And people who they feel is illegally affecting their business is allowed to taunt? Even major corporations have to make a stand somewhere. It could be any business that have issues with hackers who then retaliate.

If the United States suffers another terrorist attack, are we going to say lets not fight a war against terror until we can stop them? No. Because they will keep doing it. Where the line is drawn can be debated. If you ask me, these hackers are good as criminals that should be locked out for any (pathetic) punishment we give to corporate theft. If they can't pay the fine, throw them in jail.

You don't tolerate people trashing a mall. It is one thing to protest against business's ethics, it is one thing to damage their assets. I really don't give a damn if they spread almost malware like pop ups around the internet about their perceived injustice from Sony and wave banners outside their store. This? No. This is cyber crime. Jail is where they belong.

Eddo89 said,

And people who they feel is illegally affecting their business is allowed to taunt? Even major corporations have to make a stand somewhere. It could be any business that have issues with hackers who then retaliate.

If the United States suffers another terrorist attack, are we going to say lets not fight a war against terror until we can stop them? No. Because they will keep doing it. Where the line is drawn can be debated. If you ask me, these hackers are good as criminals that should be locked out for any (pathetic) punishment we give to corporate theft. If they can't pay the fine, throw them in jail.

You don't tolerate people trashing a mall. It is one thing to protest against business's ethics, it is one thing to damage their assets. I really don't give a damn if they spread almost malware like pop ups around the internet about their perceived injustice from Sony and wave banners outside their store. This? No. This is cyber crime. Jail is where they belong.

Hey - I'm not condoning the hackers here - they're definitely in the wrong. I was merely making a comment that Sony should be more careful next time, because hackers, right or wrong, are not above doing things like this. It's like making sure you're adequately protected before going after an armed criminal.

Jebadiah said,
Good. I am loving this.

I'm not a Sony fan, nor a fan of the Sony Defense Force by any stretch of the imagination, but these attacks have gone *way* too far. Having suffered from identity theft in the past, I wouldn't wish it on anyone - even the most ardent Sony fanboy.

Jebadiah said,
Good. I am loving this.
And then the XBox Live attack will come, will you still be loving it? How about when the 17 users on Wii are attacked, still loving it then?

zeke009 said,
And then the XBox Live attack will come, will you still be loving it? How about when the 17 users on Wii are attacked, still loving it then?

Wake me up when XBL gets hacked for poor security. You get what you pay for, that $50/year doesn't just go towards running the servers, you know.

zeke009 said,
And then the XBox Live attack will come, will you still be loving it? How about when the 17 users on Wii are attacked, still loving it then?
Yes. It's time for people to realize that they can't trust these corporations (Sony, Google, Facebook, Ashampoo, Microsoft, Apple, JP Morgan Chase, Capital One, etc.) with their personal information, which should have a ripple effect that will reach the govt. which, I expect, would pass strict privacy laws that rape these bloody corporations that are getting a free ride at YOUR expense. In fact, in situations such as this one, it is of utmost importance that Sony be punished with billions of dollars in fines.

I have no respect for corporations. They were created with the notion of doing social good, but things have gone in the opposite direction.

They are making money off YOU without your explicit permission. I am sure if you were given a Yes/No question whether your personal information can be used to make Google some cash, you would say No.

I want more regulation on the corporations which is better for the common people. Only pressure from the common people like YOU can make it happen. I want people to open their windows and scream, "I am mad as hell and I am not gonna take this anymore." [- The Network] And hopefully people will be mad enough to *do* something about it because screaming is not enough.

I find it extremely ridiculous that some people choose to stick up for Google, Facebook, etc. when they have absolutely ZERO control over what they do. On the other hand, you have some control over what your government does because you can vote for or against it.

Edited by Jebadiah, May 6 2011, 5:07am :

LiquidSolstice said,

Wake me up when XBL gets hacked for poor security. You get what you pay for, that $50/year doesn't just go towards running the servers, you know.

Isn't your data stored on servers?

thommcg said,

Isn't your data stored on servers?

No one is getting into Xbox Live in a hurry, MS has fortified it like fort Knox and use military grade encryption on their servers. Good luck to any fool trying to break in

Xerxes said,

No one is getting into Xbox Live in a hurry, MS has fortified it like fort Knox and use military grade encryption on their servers. Good luck to any fool trying to break in

Because we all know military servers *never* get hacked. Ever. Have fun in fantasy land.

lostmongoose said,

Because we all know military servers *never* get hacked. Ever. Have fun in fantasy land.

Yup, you're such a fountain of knowledge. I bet you could totally do it all on your own and never get caught.

Good luck.

Jebadiah said,

They are making money off YOU without your explicit permission. I am sure if you were given a Yes/No question whether your personal information can be used to make Google some cash, you would say No.

I said yes.

They do tell you: http://www.google.co.uk/intl/en/privacy/privacy-policy.html

I actually think you are a little bit mental now.
I have no respect for corporations. They were created with the notion of doing social good, but things have gone in the opposite direction.

They are making money off YOU without your explicit permission. I am sure if you were given a Yes/No question whether your personal information can be used to make Google some cash, you would say No.

I want more regulation on the corporations which is better for the common people. Only pressure from the common people like YOU can make it happen. I want people to open their windows and scream, "I am mad as hell and I am not gonna take this anymore." [- The Network] And hopefully people will be mad enough to *do* something about it because screaming is not enough.

I find it extremely ridiculous that some people choose to stick up for Google, Facebook, etc. when they have absolutely ZERO control over what they do. On the other hand, you have some control over what your government does because you can vote for or against it.

Xerxes said,

No one is getting into Xbox Live in a hurry, MS has fortified it like fort Knox and use military grade encryption on their servers. Good luck to any fool trying to break in

I'm guessing you know this because you're a ignorant for thinking that something can't get broken into. It may be harder to break into something, but it definitely isn't impossible. FACT: electronics made by humans can be hacked by humans.

thehosh said,

I'm guessing you know this because you're a ignorant for thinking that something can't get broken into. It may be harder to break into something, but it definitely isn't impossible. FACT: electronics made by humans can be hacked by humans.

I'm guessing you cannot read? where did I say it would never be hacked? I merely said it won't happen any time soon due to the higher level of security and good luck to anyone who thinks that can hack it and walk out with most/all the data (like what happened to Sony). I'm sure someone could hack Xbox Live and get some data off it, but to pull something to the scale of what happened on PSN? it's possible but doubtful (due to how much effort would be involved). That is my 2 cents, take with a grain of salt.

Edited by Xerxes, May 6 2011, 8:44am :

Jebadiah said,

I have no respect for corporations. They were created with the notion of doing social good, but things have gone in the opposite direction.

I thought corporations were created to create profit for shareholders. I think you're confusing corporations with charities.

I'll assume you're not a PSN user and that is why you find it so easyto love all of this. I am a PSN user and I can assure you I am not happy with the situation and seeing people so delighted about this whole mess is just depressing. So thanks for that.

Xerxes said,

No one is getting into Xbox Live in a hurry, MS has fortified it like fort Knox and use military grade encryption on their servers. Good luck to any fool trying to break in
Source?

tanjiajun_34 said,
Source?
There isn't one. However, back when Xbox Live was first unveiled MS said it will employ military encryption (google it, you'll find plenty of articles on it). So while you can argue Xbox Live doesn't have miltary encription and what I say is BS, MS have never said different. It's also mentioned in the unofficial Xbox Live Technical FAQ (on the official forums) but I won't bother linking it because MS don't support anything said in it and therefore it can only be taken as hearsay. There is my very unhelpful 2 cents

zeke009 said,
How about when the 17 users on Wii are attacked, still loving it then?

Not that I'm condoning hacking either one, but you do know there's over 30 million more Wii consoles out there than the PS3 right?

Max Norris said,

Not that I'm condoning hacking either one, but you do know there's over 30 million more Wii consoles out there than the PS3 right?
i don't think he was being serious

Jebadiah said,
Yes. It's time for people to realize that they can't trust these corporations (Sony, Google, Facebook, Ashampoo, Microsoft, Apple, JP Morgan Chase, Capital One, etc.) with their personal information, which should have a ripple effect that will reach the govt. which, I expect, would pass strict privacy laws that rape these bloody corporations that are getting a free ride at YOUR expense. In fact, in situations such as this one, it is of utmost importance that Sony be punished with billions of dollars in fines.

I have no respect for corporations. They were created with the notion of doing social good, but things have gone in the opposite direction.

They are making money off YOU without your explicit permission. I am sure if you were given a Yes/No question whether your personal information can be used to make Google some cash, you would say No.

I want more regulation on the corporations which is better for the common people. Only pressure from the common people like YOU can make it happen. I want people to open their windows and scream, "I am mad as hell and I am not gonna take this anymore." [- The Network] And hopefully people will be mad enough to *do* something about it because screaming is not enough.

I find it extremely ridiculous that some people choose to stick up for Google, Facebook, etc. when they have absolutely ZERO control over what they do. On the other hand, you have some control over what your government does because you can vote for or against it.

It's the corporations! The corporations! They're behind it all! It's the corporations! They're all out to get us! *scream of terror*

Max Norris said,

Not that I'm condoning hacking either one, but you do know there's over 30 million more Wii consoles out there than the PS3 right?

Someone forgot their sarcasm pill this morning

Jebadiah said,
Yes. It's time for people to realize that they can't trust these corporations (Sony, Google, Facebook, Ashampoo, Microsoft, Apple, JP Morgan Chase, Capital One, etc.) with their personal information, which should have a ripple effect that will reach the govt. which, I expect, would pass strict privacy laws that rape these bloody corporations that are getting a free ride at YOUR expense. In fact, in situations such as this one, it is of utmost importance that Sony be punished with billions of dollars in fines.

Yes, because it's Sony's fault that someone wanted to hack their servers...

Meph said,

Yes, because it's Sony's fault that someone wanted to hack their servers...
I disagree with the guy's rant, and I realize the semantics are different, but it is entirely Sony's fault that they were hacked so badly because they simply did not update their software.

It was apparently like an open invitation with so much information available for the taking. Hind sight is always 20/20, but this definitely should have been foresight for the people actually managing the servers and other infrastructure.