Slashdot Mirror
Sony Blames 'External Intrusion' For Lengthy PSN Outage
Several readers have noted that outages on Sony's PlayStation Network have prevented online play for the past few days. The company has now blamed an 'external intrusion' for the trouble, saying they took down the network to "conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward." Some suspect an attack by Anonymous, who declared war on Sony earlier this month, but Anonymous has disavowed knowledge of such an attack. Meanwhile, others are asking whether Sony should compensate users for the inability to play PS3 multiplayer modes, and even single-player modes on a few downloadable games.
"Meanwhile, others are asking whether Sony should compensate users..."
Right, and while we're there I'd like some world peace too.
I love the implication that Anonymous has a representative that can "disavow knowledge of such an attack."
Anonymous is not an organization! It's a bunch of jerks on the internet.
PSN has been down since Tuesday night, blowing the launches of Portal 2 (plus steam) and Mortal Kombat 30. The system is not still down for forensic or investigational issues, its down because they haven't figured out how to bring it back up. They are losing too much money and credibility having it down so long. My guess is they are poring though back up tapes right now. Some one owned them good.
Also, this didn't feel like a DDOS, with intermittent problem. PSN seems to have gone down hard. When Sony says "infiltrated," I think totally raped their systems.
I guess it's great for the content providers and their DRM, but when I can't play a single player game because either their servers are down, or I don't happen to have a connection at the time is annoying and stupid. (I don't have a Playstation, but several single player games on Steam behave in the same, or similar, way; e.g. f1-2010 I can't save progress without the internet because apart from steam, which launches the game just fine, there is the crazy Live-Games for Windows (or whatever it's called). Why I can't save progress is beyond me as the save games appear to be local files, but that's just how it is.
This has been the best time that my 15 year old son and I have had since the PlayStation arrived in December. With the network dead, we went bicycling and bowling (his top score was 134); he showed me how to solve the last layer (well the OLL) of the Rubik's Cube.
I deeply thank whoever did this, and I wish you only the best!
-CS in Berkeley
At least an external intrusion is better than an internal extrusion.
This space available.
It doesn't work like that. Assuming both sides are highly competent, securing something is a fundamentally harder problem than breaking in. To break in, you only need to figure out one vulnerability. To secure something, you need to make sure every component - as big as a data center and as small as every single instruction sent to the CPUs - in your system, is invulnerable. Hiring hackers would only help if the engineering team is highly incompetent to start with (like, they aren't even aware of basic things like why strcpy() to a fixed buffer can be a very bad idea).
It doesn't work like that. Assuming both sides are highly competent, securing something is a fundamentally harder problem than breaking in. To break in, you only need to figure out one vulnerability. To secure something, you need to make sure every component - as big as a data center and as small as every single instruction sent to the CPUs - in your system, is invulnerable. Hiring hackers would only help if the engineering team is highly incompetent to start with (like, they aren't even aware of basic things like why strcpy() to a fixed buffer can be a very bad idea).
You are underestimating the power of social engineers. If you have someones dox, if you have their social security number for example, and this someone happens to be either an employee for a rival corporation, within your own corporation, or anywhere else, it's very easy to build an intelligence file to find all their human vulnerabilities. Now if you want to see how vulnerable an entire corporation is, who is in charge of protecting the secret information or passwords or whatever? How psychologically stable as those people? If you have an intelligence file on every important employee within an organization, and you know which ones happen to be psychologically unstable, vulnerable to certain kinds of social engineering, etc, then you can probe the network for human weaknesses.
Which ones are most likely to write their passwords down and throw them in the trash? Which ones are most likely to go to an online dating service and meet a girl or guy? Knowing who is single, knowing who has what psychological disorder, knowing who cheats on their wife or husband, knowing anything which can be leveraged to compromise them. It's no different than in politics where politicians get targeted and corrupted over time, when enough eyes are on an employee then its only a matter of time before the employee does something which can put them in a compromised blackmailable position.
Once in that position then they have to choose between losing their wife/husband or losing their job. Once again blackmail, extortion, or outright social engineering where they think the boss told them to give the password, is usually all that is required to hack human networks. If you are trying to always hack it by technical means then yeah you'll have to hope there is some bug in the system but if you want to guarantee success you have to hack through all means, technical and social.
PSN is required to play Netflix streaming service on a PS3. While the network is down, I'm limited to the disks I have on hand. Some folks pay for streaming only and are left with nothing.
the price of PSN is folded into the cost of the console. there is no monthly fee, but it isn't free.
It isn't. Start netflix up, it will bring up a sign-on dialog. Pick sign-on, Netflix should start up, it will ask to sign-in again, attempt to sign-on again and you should be all set.
They hacked HBGaryFederal and they leaked gigs of emails. If they can do this then they are no longer an organization that can't do anything. They've done something.
What blows my mind is that people are asking whether or not they should be compensated, when will the service will be back up, and who's responsible, but not so much "is my credit card that the PSN stores secure?" How is this not the first thing Sony gives an update on when they officially say this is due to an attack?
I've been looking at the comments on every post I see about this. At first I was hoping for an answer, and now I'm mostly just curious. This seems to be the very least of everyone's concerns.
Sony has released absolutely no information blaming 4channers for this downtime or even for the downtime the 4channers took credit for.
You'd have to have a ridiculously high opinion of the 4chan vigilantes to think that Sony would take down their own network on a big release weekend just to smear them, especially when Sony isn't even bothering to make press releases smearing them.
How about this? We cannot put it past the 4channers to DDoS Sony again and just deny they are doing it because they don't like Sony but don't like taking heat for the customer inconvenience either.
I would suggest it is as mentioned elsewhere, that Sony has been throughly hacked by someone (perhaps the 4channers) and that their systems are so compromised they don't feel safe bringing them back online and risk further compromises or some compromised code in their system being activated remotely and triggering some kind of outgoing attack or action.
http://lkml.org/lkml/2005/8/20/95
I'm on a 100Mbit connection, and so are many people. Latency is not the issue here.
Sure it can be a slight problem, but the original Starcraft did not have these region locks. Let the customer decide between dealing with potential latency issues or the region lock. I hate the concept of region locking, it makes no sense and defeats the purpose of internet gaming.
Anonymous is not an Organization, anymore than the Internet is.
They are Collectives. Controls are only followed when consensually agreed to with no real external enforcement. Damage is routed around, and there is no real Central Authority so much as a collective of groups/individuals who sometimes happen to be moving in the same direction when the mood takes them.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Then you haven't been on the internet very long.
This is my footer. There are many like it, but this one is mine.
A new kind of organization. I would say Anonymous is a cyber intelligence organization, not just a collection of jerks.
There are a few people associating themselves with Anonymous who have the expertise to become a "cyber intelligence organization", and a few thousand who are jerks. The question is whether those few people have the resources to make it happen, and nobody can really be certain until they manage to pull off a coup of some sort (HBGary is chump change compared to what I'm talking about) without being busted by the FBI, Interpol, etc.
But in the long term Anonymous is growing stronger at an exponential rate. Their only flaw at this moment in time is their relative inexperience and their silly tactics at times. They go from brilliant tactics at some points in time (such as hacking the email server at HBGaryFederal), to really dumb tactics like DDOSing Sony and taking down webpages.
This actually proves my point. The masses didn't do the HBGary hack. That was one or a few people who actually know what they're doing. The only reason Anonymous gets the credit is because the people responsible allowed the credit to go that way. The Sony, Amazon, and MasterCard DDoS attacks were performed by the masses, and they've all created varying levels of embarrassment for Anonymous due to their lack of success or the pointlessness of their targets.
Get real. Anonymous is just a bunch of wannabes who download some "app" so their computer can be pwned by Anonymous and used in DDOS attacks and who knows what else. Lame doesn't begin to cover it. As far as your fantasy of Anonymous having "the power to take down Visa, Paypal, and others", well, as a frequent shopper I did not experience even one minute of delay when those attacks happened.
At the end of the day the great achievement of Anonymous will be to turn the tide of public opinion even more directly against internet freedom than it already is. This is quite predictable to anyone who isn't an uneducated fool.
Caveat Utilitor
Anonymous is fast becoming the preferred scapegoat when a large corporation have an outage.
--
Maybe I should have posted this as "Anonymous Coward"?