Sony: “DDOS attacks” gave hackers chance to hack into PSN
Sony supplied a written statement to the U.S House of Representatives earlier today which detailed literally everything about the Playstation Network security breach and how hackers could successfully hack into their servers.
One striking revelation was made, as Sony said they found a file on one of their servers which contained the words – “Anonymous” and “We are Legion“. Although, this might have been done on purpose by the cyber criminals in order to send Sony on a wild goose chase, but another fact found after reading through their statement confirms that Anonymous group’s denial of service attacks against the hardware giant played a key role in getting the security of the network compromised.
Sony told that due to the “DDOS” attacks, most of their engineers were busy protecting Sony’s websites from that, which enabled the hackers to exploit a vulnerability in their security system unnoticed. They told that one or more cyber criminals could gain access to their servers as a result of this large-scale DDOS attacks by Anonymous.
They also cited two other reasons as the cause of being unable to detect this intrusion -
- Because of the sheer sophistication of the intrusion
- Criminal hackers exploited a system software vulnerability
You can read their entire statement which confirms that a file with “Anonymous” message was put into their servers aswell as the fact that hackers gained access to the network around the same time that the large-scale DDOS attack against the giant were being carried out by the Group, two weeks or so ago below:
When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of those servers named “Anonymous” with the word “We are Legion.” Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous. The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker.
While protecting individuals’ personal data is the highest priority, ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and business will have to come together to ensure the safety of commerce over the Internet and also find ways to combat cybercrime and cyber terrorism.
Almost two weeks ago, one or more cyber criminals gained access to PlayStation Network servers at or around the same time that these servers were experiencing denial of service attacks. The Sony Network Entertainment America team did not immediately detect the criminal intrusion for several possible reasons. First, detection was difficult because of the sheer sophistication of the intrusion. Second, detection was difficult because of the criminal hackers exploited a system software vulnerability. Finally, our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly- all perhaps by design.
This is really unfortunate and although we don’t think “Anonymous” were involved in the breach into their servers themselves, but it is a fact that their actions against Sony in the past month has resulted in this security breach, as it caught the attention of cyber criminals worldwide and they took advantage of it.
We hope PSN users won’t suffer much as a result of this and Sony can recover from this crisis soon.
PSN services are said to resumed later in the week.
Here’s a copy of their statement:
