Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor

Network Bandwidth Monitor
NBMonitor displays real-time details about your network connections & bandwidth usage.

   
Network Access Monitoring

Network Access Monitoring
ShareAlarmPro monitors network access to shared folders and resources.

   
Product Key Finder
Product Key Finder

Product Key Explorer retrieves over 3000 software product keys from network computers.
   
Network Shares Monitoring

Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy.

 
 

Network Security News

Anonymous not off the hook for the Sony PlayStation Network attack

May 4 2011

The worldwide hacker group Anonymous may have played a role - even unwittingly - in the theft of personal data from 77 million Sony PlayStation Network customers, according to a letter from Sony's chairman to a Congressional committee.

Forensics teams have tracked the attack that netted the information to a file named "Anonymous" on an internal Sony server including the words "We are Legion", which is part of the hacker group's motto.

"Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous," says Kazuo Hirai, Sony's chairman, in the letter.

PAST DDOS DEBACLES: DDoS Hall of Shame

That attack and the threat of more had Sony network security staff focused on DDoS defense, which might have distracted them from discovering the breach earlier, the letter says, "perhaps by design."

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped in to providing cover for a very clever thief, we may never know. In any case, those who participated in the denial of service attacks should understand that - whether they knew it or not - they were aiding in a well planned, well executed, large scale theft that left not only Sony a victim, but also Sony's many customers around the world."

Anonymous earlier issued a statement that it wasn't responsible, but acknowledged that individual members might have acted independently to break in and steal the data.

The letter to Congress was prompted by a set of questions sent from a Congressional committee to Sony seeking information about the breach, how it happened and what Sony was doing about it.

The letter says that the attackers exploited a software vulnerability in one of the applications in the network that supports PlayStation Network, the online gaming site for Sony PlayStation customers.

The network consists of 130 servers, 50 software programs and 77 million registered accounts, the letter says. In all, Sony came to believe 10 of those servers had been compromised.

The letter says Sony knows the personal data was compromised because it found records of queries being made for it and large data transfers being made out in response. There were no logs of request for credit card information or corresponding outbound transfers, which is why Sony says credit card information might have been compromised but it just doesn't know.

"Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network," the letter says, which led Sony to conclude that "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers" had been used.

"At the same time that the experienced attackers were carrying out their attack, they also attempted to destroy the evidence that would reveal their steps."

The worst moments in network security history

The company says it has taken six steps to prevent future breaches:

* Added automated software monitoring and configuration management to help defend against new attacks;

* Enhanced levels of data protection and encryption;

* Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns;

* Implementation of additional firewalls;

* Expediting a planned mover of the system to a new data center in a different location with enhanced security;

* Naming of new chief information security officer directly reporting to the chief information officer of Sony Corp.

To make up to its customers, Sony plans to offer U.S. members complementary identity theft protection services.

It is creating a Welcome Back program including selected PlayStation entertainment content for free. All consumers returning to PSN will get 30 days free membership in PlayStation Plus premium subscription service. Current PlayStation Plus customers will have subscriptions extended for the number of days PSN and Qriocity services were unavailable and get an additional 30 days of free service, Sony says.

Sours From

View more news

 
  Most Popular
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software Information Security
 

 

Sponsored Links
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

BlueAuditor - Monitor YourBluetooth Network
BlueAuditor detects and monitors Bluetooth devices in a wireless network and allows network administrators to audit wireless networks against security vulnerabilities associated with the use of Bluetooth devices. For more information, please visit:
nsauditor.com/bluetooth_network_scanner.html