The House Subcommittee on Commerce, Manufacturing and Trade asked Sony to testify at a hearing called "The Threat of Data Theft to American Consumers," so the company could answer a series of questions about its recent PlayStation Network security breach. Sony declined to attend the meeting, but the company did answer a series of questions put to them about the attack, and the letter to committee chairwoman Rep. Mary Bono Mack (R-CA) has been published on the official PlayStation Blog.
Rep. Bono Mack slammed Sony for not showing up in person; during later questioning, she held up Sony's letter and said that her office had received it this morning. The document contains interesting details about the attack, as well as more evidence that Anonymous was involved (perhaps unwittingly) in what went down.
On April 19, Sony noticed that some of the 130 servers in the PlayStation Network had rebooted themselves, an activity that was not officially scheduled. The network service team began digging into the logs to find out what was going on, and on April 20 they found evidence of the attack and reason to believe information had been stolen. "At the time, the network service team was unable to determine what type of data had been transferred, and they therefore shut the PlayStation Network system down," said the letter. On April 26, we were told that our personal data had been compromised.
So how did the attackers gain entrance? Around two weeks ago, Sony was defending itself against constant denial of service attacks, and it seems the entirety of their online team was busy dealing with that threat.
"Detection was difficult because of the sheer sophistication of the intrusion," Sony wrote in the letter. "Second, detection was difficult because the criminal hackers exploited a system software vulnerability." A company executive had previously stated that the hacker gained entrance through a "known vulnerability" that the company was unaware of. Sony also claims that because its team was so busy defending against the denial of service attacks, detection of the hack was even more difficult. Sony claimed that this was "perhaps by design."
Sony also claimed it found a files on its server named "Anonymous," with the text "We are Legion." The document also places the blame of the denial of service attacks directly on Anonymous.
"In any case, those who participated in the denial of service attacks should understand that—whether they knew it or not—they were aiding in a well-planned, well-executed, large-scale theft that not only left Sony a victim, but also Sony's many customers around the world," Sony stated.
Sony didn't provide information on the breach to the FBI until April 22. A briefing to give law enforcement details of the breach was scheduled for April 27. Sony has also revealed that 12.3 million account holders worldwide have credit card information on file with the company, and that number includes both current and expired cards. "As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack," Sony claimed.
Rep. Bono Mack slammed Sony for not showing up in person; during later questioning, she held up Sony's letter and said that her office had received it this morning. The document contains interesting details about the attack, as well as more evidence that Anonymous was involved (perhaps unwittingly) in what went down.
On April 19, Sony noticed that some of the 130 servers in the PlayStation Network had rebooted themselves, an activity that was not officially scheduled. The network service team began digging into the logs to find out what was going on, and on April 20 they found evidence of the attack and reason to believe information had been stolen. "At the time, the network service team was unable to determine what type of data had been transferred, and they therefore shut the PlayStation Network system down," said the letter. On April 26, we were told that our personal data had been compromised.
So how did the attackers gain entrance? Around two weeks ago, Sony was defending itself against constant denial of service attacks, and it seems the entirety of their online team was busy dealing with that threat.
"Detection was difficult because of the sheer sophistication of the intrusion," Sony wrote in the letter. "Second, detection was difficult because the criminal hackers exploited a system software vulnerability." A company executive had previously stated that the hacker gained entrance through a "known vulnerability" that the company was unaware of. Sony also claims that because its team was so busy defending against the denial of service attacks, detection of the hack was even more difficult. Sony claimed that this was "perhaps by design."
Sony also claimed it found a files on its server named "Anonymous," with the text "We are Legion." The document also places the blame of the denial of service attacks directly on Anonymous.
"In any case, those who participated in the denial of service attacks should understand that—whether they knew it or not—they were aiding in a well-planned, well-executed, large-scale theft that not only left Sony a victim, but also Sony's many customers around the world," Sony stated.
Sony didn't provide information on the breach to the FBI until April 22. A briefing to give law enforcement details of the breach was scheduled for April 27. Sony has also revealed that 12.3 million account holders worldwide have credit card information on file with the company, and that number includes both current and expired cards. "As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack," Sony claimed.
No comments:
Post a Comment