Slashdot Mirror
Sony Blames 'External Intrusion' For Lengthy PSN Outage
Several readers have noted that outages on Sony's PlayStation Network have prevented online play for the past few days. The company has now blamed an 'external intrusion' for the trouble, saying they took down the network to "conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward." Some suspect an attack by Anonymous, who declared war on Sony earlier this month, but Anonymous has disavowed knowledge of such an attack. Meanwhile, others are asking whether Sony should compensate users for the inability to play PS3 multiplayer modes, and even single-player modes on a few downloadable games.
"Meanwhile, others are asking whether Sony should compensate users..."
Right, and while we're there I'd like some world peace too.
I love the implication that Anonymous has a representative that can "disavow knowledge of such an attack."
Anonymous is not an organization! It's a bunch of jerks on the internet.
PSN has been down since Tuesday night, blowing the launches of Portal 2 (plus steam) and Mortal Kombat 30. The system is not still down for forensic or investigational issues, its down because they haven't figured out how to bring it back up. They are losing too much money and credibility having it down so long. My guess is they are poring though back up tapes right now. Some one owned them good.
Also, this didn't feel like a DDOS, with intermittent problem. PSN seems to have gone down hard. When Sony says "infiltrated," I think totally raped their systems.
I guess it's great for the content providers and their DRM, but when I can't play a single player game because either their servers are down, or I don't happen to have a connection at the time is annoying and stupid. (I don't have a Playstation, but several single player games on Steam behave in the same, or similar, way; e.g. f1-2010 I can't save progress without the internet because apart from steam, which launches the game just fine, there is the crazy Live-Games for Windows (or whatever it's called). Why I can't save progress is beyond me as the save games appear to be local files, but that's just how it is.
This has been the best time that my 15 year old son and I have had since the PlayStation arrived in December. With the network dead, we went bicycling and bowling (his top score was 134); he showed me how to solve the last layer (well the OLL) of the Rubik's Cube.
I deeply thank whoever did this, and I wish you only the best!
-CS in Berkeley
A new kind of organization. I would say Anonymous is a cyber intelligence organization, not just a collection of jerks.
If you don't take them seriously or look at them as a joke then you won't have a clue about whats coming next. Anonymous is going the direction WIkileaks went. This means they will build comprehensive intel files (dox) on Sony employees and on the employees of target corporations. This means they just use the internet, it does not mean Anonymous is strictly an internet organization.
http://playstationlifestyle.net/2011/04/04/anonymous-gets-serious-attacks-sony-employees/
And it's a full fledged cyberwar with sides. You will have the commercial hackers who hack for corporations, and you'll have the hacktivists who hack for Anonymous. On top of this you'll also have informants for both groups. So if you side against Anonymous or against Sony, either or both sides will know about it. So at this time the best way to look at whats going on if you want to be smart about it is from a neutral stance. Don't diminish Anonymous unless you want to be targeted by Anonymous, and don't diminish Sony unless you want to be targeted by their hackers.
Remember Anonymous is also trying to take on the Koch Bros. They aren't going to be able to do that overnight as the Koch Bros have an intel network of their own of greater sophistication and funding. What Anonymous lacks is funding, a lot of the hard detective like work requires hiring private investigators. This is something Anonymous probably wont be able to afford unless private investigators volunteer their services to their operations or are extorted in some way into doing it.
But in the long term Anonymous is growing stronger at an exponential rate. Their only flaw at this moment in time is their relative inexperience and their silly tactics at times. They go from brilliant tactics at some points in time (such as hacking the email server at HBGaryFederal), to really dumb tactics like DDOSing Sony and taking down webpages. They don't seem to have strong leadership or a set methodology of objectives to pursue.
Dude... Can I have a hit off your bong?
Shh.
At least an external intrusion is better than an internal extrusion.
This space available.
It doesn't work like that. Assuming both sides are highly competent, securing something is a fundamentally harder problem than breaking in. To break in, you only need to figure out one vulnerability. To secure something, you need to make sure every component - as big as a data center and as small as every single instruction sent to the CPUs - in your system, is invulnerable. Hiring hackers would only help if the engineering team is highly incompetent to start with (like, they aren't even aware of basic things like why strcpy() to a fixed buffer can be a very bad idea).
Meant $50/year
Watch the video or maintain your ignorance on the subject.
http://www.youtube.com/watch?v=NhTfOL9_HBE
If Anonymous and Wikileaks don't represent cyberwarfare then there is no such thing as cyberwarfare.
Did Anonymous declare war? Yes.
Does Anonymous conduct operations? Yes.
Does Anonymous break the laws? Yes.
Does Anonymous have the capability to disrupt the economy? Yes.
Does Anonymous have a political objective? Yes.
And of course Anonymous has opposition groups who are also willing to break the laws and conduct operations to stop them. So if they aren't what you'd consider cyber warriors, and if this isn't a cyber war between Anonymous and their enemies, what would you call it?
It doesn't work like that. Assuming both sides are highly competent, securing something is a fundamentally harder problem than breaking in. To break in, you only need to figure out one vulnerability. To secure something, you need to make sure every component - as big as a data center and as small as every single instruction sent to the CPUs - in your system, is invulnerable. Hiring hackers would only help if the engineering team is highly incompetent to start with (like, they aren't even aware of basic things like why strcpy() to a fixed buffer can be a very bad idea).
You are underestimating the power of social engineers. If you have someones dox, if you have their social security number for example, and this someone happens to be either an employee for a rival corporation, within your own corporation, or anywhere else, it's very easy to build an intelligence file to find all their human vulnerabilities. Now if you want to see how vulnerable an entire corporation is, who is in charge of protecting the secret information or passwords or whatever? How psychologically stable as those people? If you have an intelligence file on every important employee within an organization, and you know which ones happen to be psychologically unstable, vulnerable to certain kinds of social engineering, etc, then you can probe the network for human weaknesses.
Which ones are most likely to write their passwords down and throw them in the trash? Which ones are most likely to go to an online dating service and meet a girl or guy? Knowing who is single, knowing who has what psychological disorder, knowing who cheats on their wife or husband, knowing anything which can be leveraged to compromise them. It's no different than in politics where politicians get targeted and corrupted over time, when enough eyes are on an employee then its only a matter of time before the employee does something which can put them in a compromised blackmailable position.
Once in that position then they have to choose between losing their wife/husband or losing their job. Once again blackmail, extortion, or outright social engineering where they think the boss told them to give the password, is usually all that is required to hack human networks. If you are trying to always hack it by technical means then yeah you'll have to hope there is some bug in the system but if you want to guarantee success you have to hack through all means, technical and social.
PSN is required to play Netflix streaming service on a PS3. While the network is down, I'm limited to the disks I have on hand. Some folks pay for streaming only and are left with nothing.
Once again, Xbox charges $50/year for the privilege of watching Netflix movies. You wanna pay $50/year, or accept the occasional service disruption?
the price of PSN is folded into the cost of the console. there is no monthly fee, but it isn't free.
For some reason, the Netflix program requires that the user be signed in to PSN so while it's down, no streaming movies.
I can't imagine a technical reason for this requirement - Netflix streaming works over the internet, so why require the PSN
sign-in?
It reminds me of the Amazon Appstore being required (installed and running) to run any apps downloaded with it.
I suspect they're speaking about the Plus subscribers... who do pay.
It's the Stay-Puft Marshmallow Man.
It isn't. Start netflix up, it will bring up a sign-on dialog. Pick sign-on, Netflix should start up, it will ask to sign-in again, attempt to sign-on again and you should be all set.
If you look at the purpose and objectives held by both organizations they are very compatible and very similar. Anonymous takes direct action while Wikileaks typically was more of an intelligence organization. Julian Assange now being in jail has changed the role of Anonymous. Anonymous is now becoming a true intelligence organization rather than just a political direct action organization. Anonymous proved this when they leaked the HBGaryFederal emails. This is a move we would have expected from Wikileaks. Anonymous is now in the leaking business.
Anonymous is now in the intelligence business because once you start the domino effect and trigger the cyber war it doesn't end until you either win it, or all your members are in prison. So now they don't have much of a choice but to create a network of informants and this requires they build a more traditional intelligence network.
If you think I don't know what I'm talking about. Check back here a few months from now. It's obvious you don't keep track of Anonymous and probably haven't read much about them.
Netflix is working even though PSN is down. When you start the Netflix app it prompts for a login about three times, but after that it works normally. I've used it a couple of times since the PSN troubles started. Just keep attempting to sign in and it'll eventually let you through.
Knowledge Brings Fear
I've heard that is actually isn't, although it can appear that way. It will give you a warning that PSN is down, but if you keep clicking through, then you can play it fine. See the discussion at ars.
Hrm...*scratching head*....never heard of Plus subscribers. Perhaps I spoke too soon :(
They hacked HBGaryFederal and they leaked gigs of emails. If they can do this then they are no longer an organization that can't do anything. They've done something.
Compensation?
Remember, if there is any level of compensation that Sony has every right to expect that if the hackers are caught the cost of this down time can be taken out of their ass.
Don't come back here and bitch when Sony wants a few million from them.
It's free? Funny, my Playstation cost something like $300. Please to explain the free.
You are generous; I do not cut Sony any slack at all.
PS3s are locked to use PSN or nothing. Right now, it may be free, but Sony can easily start charging, and people will either buy it, or dump their PS3s. Especially if PSN is required to authenticate games via a DRM mechanism [1]. If Sony had alternate methods for devices to communicate, having PSN go down is excusable, but because it is the only way to have PS3s interact with each other, even free, Sony has the responsibility to maintain it, that, or patch consoles to offer alternate methods. Sony chose to play hardball in this department, so they should not be garnering sympathy.
So, if Sony locks people in a walled garden, they have a responsibility to either be maintaining the plants and the statues, open the gates, or let it be known that they are unable to provide support for what they sell.
Blackhats are just another IT issue, same with faulty hard disks, and backhoes on the OC lines. If Sony gets hacked, they need to hire more security people, start doing post-mortems, and deal with it, just like every single IT department is tasked to do. Either deal with it, or drop the injunctions against Geohot so independents can fix Sony's problems for them.
[1]: Of course, in the game's EULA it will be stated that PSN is a requirement for access to the game.
We pay a monthly fee for the Qriocity music service. It too is down.
What blows my mind is that people are asking whether or not they should be compensated, when will the service will be back up, and who's responsible, but not so much "is my credit card that the PSN stores secure?" How is this not the first thing Sony gives an update on when they officially say this is due to an attack?
I've been looking at the comments on every post I see about this. At first I was hoping for an answer, and now I'm mostly just curious. This seems to be the very least of everyone's concerns.
Could it be that EC2's problems and PSN's are linked ? Have no clue myself, but seems to me PSN need large scalable bandwidth. Does anyone know where PSN is hosted ? How does it work says with COD ? Are COD servers on PSN or is PSN just a relay ?
sorry for the massive typos,
Say, mr. Anonymous, where were you a couple days ago?
With their dumb region locking and extremely anti-gamer policies.
Blizzard needs to get rid of region locks.
It depends on the nature of the group. Anonymous is a politically oriented cyber intelligence organization. They aren't after money, if they were they'd be working for corporations.
Who's Sony been suing lately?
This might be named party's counter-offer.... ^_^
Sony and their Lawyers...
If you can't beat them.. DDoS'em! ^_~
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
What's worse, an external intrusion or an internal extrusion?
I think they both sound pretty painful, tbh.
Can't your son still play single player games?
Sony has released absolutely no information blaming 4channers for this downtime or even for the downtime the 4channers took credit for.
You'd have to have a ridiculously high opinion of the 4chan vigilantes to think that Sony would take down their own network on a big release weekend just to smear them, especially when Sony isn't even bothering to make press releases smearing them.
How about this? We cannot put it past the 4channers to DDoS Sony again and just deny they are doing it because they don't like Sony but don't like taking heat for the customer inconvenience either.
I would suggest it is as mentioned elsewhere, that Sony has been throughly hacked by someone (perhaps the 4channers) and that their systems are so compromised they don't feel safe bringing them back online and risk further compromises or some compromised code in their system being activated remotely and triggering some kind of outgoing attack or action.
http://lkml.org/lkml/2005/8/20/95
Sure; its for "a better cause" but in the mean time no one bothers to think about those people who have no issue with any of this and were only looking into playing some cool PS3 games online this Eastern weekend.
No, we just have "to cope" because you arrogant asses think to have a beef with Sony.
Yet it seems you feel sooo strong about your cause that you couldn't do it alone and needed to disrupt the entire PSN userbase to get something going.
There is a catch here.. I don't like conspiracy theories but what if Sony did this to put blame on the other party? That we'll never know..
But considering the general way those "hackers" have portrayed themselves in the past and the rather explicit aggressive way some of them used wouldn't come as a surprise if this is the real deal.
And in that case I say: Fuck you assholes!
First it came for our google. Now it has gone after Sony PS. Do you need more proof? Are we going to wait for it to attack something important like Facebook or Twitter?
I'm glad I have a dog as part of our family...
putting the 'B' in LGBTQ+
This could mean too many PlayStation users were trying to connect to PSN all at once. Until Sony more clearly defines what the external intrusion is, we really can't assume too much other than Sony wasn't prepared to handle whatever it was that happened.
Nonetheless, regardless of how PSN went offline, in the end it is Sony, and Sony alone, that is accountable to its customers who are left hanging.
I'm on a 100Mbit connection, and so are many people. Latency is not the issue here.
Sure it can be a slight problem, but the original Starcraft did not have these region locks. Let the customer decide between dealing with potential latency issues or the region lock. I hate the concept of region locking, it makes no sense and defeats the purpose of internet gaming.
Guys... I cant watch netflix on my PS3... :(
screw the games, i want my netflix.
I haven't tried it, but have seen it mentioned that if you fail a few time logging in netflix will just work without being logged in to PSN.
This would be more of an issue if it was free.
I remember when Xbox Live was down for something like 11 days, and I do not remember being compensated (maybe I was though, I really don't remember).
Sony also knows that turning gamers against Anonymous is a strong tactical advantage in the war against Anonymous. It's probably the only card they have to play.
We cannot put it past Sony to deliberately shut down the network and pin the blame on Anonymous.
There's the problem? Is Sony "at war" with 4chan? What would Sony value more? Money (that they would make by having gamers play their games online) or killing Anonymous? Having their network operational is worth more to them than killing 4chan.
NP. It's a gimmicky online fee for "exclusive beta access", some free premium themes, and discounts on PSN games... It's good for those who need it, but not necessary for PSN enjoyment (PS+ doesn't make regular access seem like Live Silver, I mean.)
It's the Stay-Puft Marshmallow Man.
for massive spree of thefts across the city!
Its YOUR job to keep thieves off the street and its YOUR job to keep PSN online.
At first I thought that it was Sony's revenge on me for this: http://slashdot.org/submission/1535196/Why-doesnt-SONY-like-Canadians
Then, when I realized that no one else could log in either I relaxed a bit.
I am still concerned about whether my Credit Card is safe.
Netflix is working even though PSN is down. When you start the Netflix app it prompts for a login about three times, but after that it works normally. I've used it a couple of times since the PSN troubles started. Just keep attempting to sign in and it'll eventually let you through.
Wish the Hulu+ client did that. It seems like they are about to start hemorrhaging customers instead.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
How does one organization speak for anonymous? The hacker is clearly a part of anonymous, which has no central organization. He might have been working alone, but was still anonymous.
Anonymous is fast becoming the preferred scapegoat when a large corporation have an outage.
--
Maybe I should have posted this as "Anonymous Coward"?
Because Sony insists on PSN verification on all app launches, PS3 owners couldn't even use non-game apps like Netflix or Vudu (though Netflix seems to work for some people and Vudu is back everywhere now, ahead of PSN)
The cost of PSN is also paid by the games people purchase, and right now I can imagine a bit of noise in a lot of households, where newly purchased games can't play online.
The noise is likely to be proportional to the number of kids in the households over the Easter holidays, where parents may have counted on games to keep the kids busy.
My wife & I are in the same boat.
I sit and marvel at Sony's approach to public relations. Exactly how much would leaving OtherOS in place have cost them? How much would restoring it cost them? Compare that to how much the lawsuits and these attacks cost them.
Plus the lost business from people like us who can no longer purchase DLC or even new games that require firmware updates.
I'm not in a position to say anything on this subject with any authority, but it seems plausible that this "intrusion" could be related to the recent launch of Steam connectivity for the PS3. If it is, I doubt it's actually due to Steam or the PSN software directly - it's more likely to be poorly-designed interface code to get the two connected. Just my 0.13 yuan worth.
Compare and contrast with Sony's phone division: They're actively aiding people in unlocking the bootloaders of their Android handsets; thus allowing people to install customised versions of Android, or if anyone bothers porting them, entirely different OSs.
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
Comment removed based on user account deletion
then I'm guessing the feds will be breaking down a lot of Xbox owners doors pretty soon.... Green Day - American Idiot (listen to the words)
Level 3 are their game servers.
They are still up.
mtr 213.163.80.166
Looks good.
Liberty freedom are no1, not dicks in suits.
Yeah, there's no way they'll be compensating users in any way. (Knowing Sony, the paying PS+ members probably won't even get anything). The only reimbursement we'll get is the happiness of knowing that they lost all holiday weekend revenue on the PSN Store and Qriocity.
What about services like NetFlix and Hulu Plus which require a PSN login? There were many people unable to access these services over the past few days (from their consoles). What do they do? Go after the service provider for a refund? Go after Sony for a refund?
When services are daisy-chained like this, I feel the bottom services carries a lot more liability than they may think.
The Playstation Network hopefully.
It probably wont but it would be funny if it did.
PSN is free last time I checked
Not entirely true, they offer "Playstation+" for a monthly fee, not to mention other pay services which require the PSN being available (i.e., Netflix).
It's almost certainly #1. Criminals always go after the money. The entire thing was down for a while and everything is back up. Except for PSN. It's dead and don't expect it back up for weeks or months if this is true, as it would require a ground-up rewrite of major parts of its code. If they (as I suspect their mind-boggling hubris and ego led them to believe) didn't bother with planning to ever do a major upgrade to the PSN and were working on the future PS4 instead, they're boned. You can't write this sort of thing from scratch in a couple of days. They might not have it working for weeks, and that's going to crush their market share.
But it brings us to a bigger problem. Namely, that so many games go through Sony's server, which acts like a gatekeeper and keeps the games from running.
But why is it doing this?
A: It's the TROPHIES that every game now has (is plagued with) that is causing the issue. It can't update the trophies so the entire rest of the game crashes. If I was Steam, (as an example), I'd patch Portal immediately and have it turn off this function on launch and connect to the PSN server *after* it is up and running. That way you could play even if Sony's servers are fubar. You'd not get any trophies (such a shame) but it would still run properly.
Sony should immediately disable this in a patch until it gets up and running. Every day that people can't use their games, it's another few thousand people who decide to jump ship for the XBox. (Microsoft, while having its own problems, is properly paranoid about security on its servers) Trophies are a minor and essentially worthless part of the PS3 by comparison.
This is a disaster and ALL Sony's fault. I don't care if it was Anon or not, even if it was...I BLAME SONY FOR COMPLETE AND UTTER INCOMPETENCE. In fact I would PRAISE the group of VOLUNTEERS for spending they're invaluable free time to expose the egregious incompetence of the trillion dollar BUSINESS that makes money off of all everyday. Sony is a BUSINESS people!!! They lul us into spending our free time AND OUR MONEY on the very network that THEY claim just got hacked...AND they seem to be trying to use this as an opportunity to gain a one up in the public relations war with ANONYMOUS a GROUP OF VOLUNTEERS!!?!??!!? Shame in you Sony and all your trazillions of billions of dollars, this is a complete and utter disgrace.
I dare say that Sony owe Anonymous an apology as well as ridiculous sums of money for schooling this amateur hour group of monkeys about basic enterprise security.
Thank you anonymous
It seems to me that most pressure to get the network back up is going to be brought to bear by the companies that own the games. The only way we can apply pressure is possibly through subscriptions that we are not currently able to use. If Netflix, for example, gets enough cancellation threats because people can't stream through their PS3, I'm sure Netflix will be on the phone to Sony.
Oh...and when Netflix replies to us with the response that you can still stream through your computer...be sure to ask if there is a workaround for Silverlight in Linux yet.
Earlier this week I purchased MLB.TV for $120 so I could watch baseball on my TV. Since MLB.TV requires a login to the PSN (a new "feature" this year), I haven't been able to watch the service I'm paying for. I could spend the time to write threatening emails, but in the end nothing will fix this.
Sony - you really, really need to get your act together. I know you think this is only affecting "game-playing" but damn - this is really inexcusable.
Yep--- there was compensation... something along the line of a free game download (some kind of underwater game, I think-- you didn't have a choice).
I would have preferred some microsoft points instead tho.
It could be something to do with hackers/freeloaders getting free downloads/games by hacking urls.
http://psgroove.com/showthread.php?2920-How-to-buy-games-using-Rebug-cfw-and-web-links
Or maybe they did code mods, stuffed up, lost the revision control servers and cant get back to original state.
Wheres wikileaks when you need em
Liberty freedom are no1, not dicks in suits.
Netflix is working even though PSN is down. When you start the Netflix app it prompts for a login about three times, but after that it works normally. I've used it a couple of times since the PSN troubles started. Just keep attempting to sign in and it'll eventually let you through.
I don't have a PS3 (or Netflix actually), but I saw someone in a different thread on this article say that while that was working for them earlier, it's stopped working and they haven't been able to access Netflix on their PS3 at all this evening. So this may be a YMMV thing. Hopefully not.
For the rest of us, saying an external factor triggered this doesn't automatically land at 4chan's feet. There are plenty of assholes in this world, 4chan didn't corner the market.
Sock-puppets? Are you kidding me? The customers who are angry are angry because they can't play games. Using sock-puppets to try to lay the blame isn't useful, it doesn't let customers play games.
http://lkml.org/lkml/2005/8/20/95
replica watches
a.lange & sohne
a.lange & sohne
a lange & sohne watches
replica a lange & sohne
replica watches
a.lange & sohne
a lange & sohne watches
replica a lange & sohne
Just sue network intrusions, duh!
Shit excuse's one after the next from an unreliable company such as SCEA! Heck maybe Sony should ring in the towel and say were sick of this We quit! Sony has done nothing for the PSN since 2006! A 5 year old console with nothing really cool to back it up! Sorry but I've been a gamer since 1978! And now with Sony a company in new terms a 15 year old company for video game's. It hasn't showed the real potential to say we rule when there still stuck in the past Move? Come on! A copycat to the Wii Still waiting for Cross Game chat, More support for Custom Sound tracks and A better way to Communicate when I'm off my PS3! XBL has it all people! But anyway back to the subject! I would ask the question to Sony where is the higher security for this console? Also Sony is to chicken to tell us the truth as to what happened on the 21st of this month! Sony Hacker's invaded the PlayStation Network not an intrusion as to what your referring about this innocent!
And to you Anonymous! Du bist ein Fick dich! Translate that you pompos asshole! If its one thing that needs to be stopped its the damn hackers! Once we'd find these assholes arrest them and send them to the big house! Now see how you like that you little shit's!
Obviously President Nixon is head of Sony.......... as the saying goes DICK NIXON BEFORE HE DICKS YOU!
As far as I know, there is gazillion different ways of saying same things in all languages. And although there are (mostly very) small regional variations in pronunciation -- in my opinion Finnish language is much more homogeneous than for example English and many other languages are.
And I don't see any major reason why Finnish would be extremely hard for a person who is familiar with western alphabet. Finnish vocabulary (for most parts) and and syntax are quite different compared to Indo-European languages, but I don't think that this makes language extremely difficult, just different.
And there are some features that make Finnish much easier than for example English, like: pronunciation/spelling is easy and very regular with almost 1-to-1 mapping between letters and sounds, word order is almost free, many words are (relatively) logical derivates of other words (eg. kirja=book, kirjain=character, kirje=letter, kirjailija=author, kirjoittaa=to write, kirjailla=embroider, kirjuri=scribe, kirjoitin=printer, kirjasto=library, kirjaamo=registry, kirjasin=letterface, kirjallisuus=literature... ad nauseaum) which ease your burden of learning huge vocabulary etc.
If you just have some free time and enough motivation, I don't think learning the basics of Finnish language is that hard. But outside Finland there is little use for Finnish skills, which can make it difficult to have enough motivation to learn Finnish.
For the record, my native language is Finnish and besides English I also have limited skills of German and Swedish and I have also (very) limited amount of knowledge of some other languages, like Latin, Italian and Arabic. And although I speak much better English than German, I find English language much more difficult compared to Finnish or German.