Slashdot Mirror
Anonymous Claims To Have Hacked Sony PSN Again
hypnosec writes "Anonymous has claimed a new attack on Sony's PlayStation Network, and this time around it seems they have information from nearly 10 million user accounts. As a proof of the hack they dumped more than 3000 credentials online in the form of a pastebin post. The notorious hacktivist group is claiming that the entire set of hacked credentials contains over 10 million PSN accounts and that the file is of around 50GB."
Update: 08/16 13:12 GMT by S : Sony has denied this claim.
Nice job as usual, Sony.
http://www.vgcats.com/comics/images/110427.jpg
Those assholes really need to think about who they are hurting with this crap. It is the users, like me. I've got a substantial amount of PS3 games, both from PSN and retail. I just want to use them in peace without veing harassed by cyber-terrorists!
Even if this is true, and PSN was compromised, what's the point? This benefits no good cause, and Sony isn't even the one being exposed here -- its users are.
Anonymous is repeating the mistakes of Cablegate; releasing private information of parties who didn't ask to be involved. That's bullying, not hacktivism.
Its becoming like finding holes in a fishnet.
Sonic is really going to have to hurry to get all those rings back! I hate this level!
What would Richard Feynman do, if he were here right now? He'd do some math and he'd follow through!
Proven false.
* the document of leaked data linked to in the Twitter account appears to be identical to one posted on the Internet back in March.
* Anonymous has deleted the Tweet claiming that it hacked the PSN.
* Direct statement from Sony: "We’ve confirmed that the recent claim that PlayStation Network was illegally hacked and that customer passwords and email addresses were accessed is completely false."
Fool me once, shame on you and all that. The first time they could be excused a little by having put too much faith in their internal systems. If this is true, there can be no excuses left.
Seems like all the email adresses are for Swedes. Wonder what they've got against Swedes.
xkcd is not in the sudoers file. This incident will be reported.
Last night someone claiming to be a member of Anonymous posted what was alleged to be information obtained from 50GB of compromised PSN data, but it turned out the data was the same as that released last year when PSN was hacked. "We've confirmed that the recent claim that PlayStation Network was illegally hacked and that customer passwords and email addresses were accessed is completely false," assured Sony in a statement.
The last time that this happened Sony gave me two free games. Now that it appears to have happened again my initial thoughts are regarding more free games. Somehow I don't think that this response is intentional on Sony's part.
Exactly what evil has Sony done pretty please?
They invented My First Pony!
I don't think there's enough space to list everything here.
Off the top of my head we can start with rootkit CDs, locking users out of their PSN accounts and denying them products they've already paid for, removal of the Other OS and poor security.
I can't imagine this is true.. Sony has always been on the cutting-edge of security tech. I mean this is the company that designed the text-based CAPTCHA:
http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp
Right click is disabled so it's impossible to crack.
Even if this is true, and PSN was compromised, what's the point? This benefits no good cause, and Sony isn't even the one being exposed here -- its users are.
Anonymous is repeating the mistakes of Cablegate; releasing private information of parties who didn't ask to be involved. That's bullying, not hacktivism.
It depends. If this is the only way to show that Sony doesn't give shit about security, then this is the way. They released 3000 credentials. If they release the 10 million, that's another case. But anyhow, Anonymous is not about going the diplomatic way.
Is the intent of anonymous' actions really to inspire fear? Have we gotten to the point now where we accuse anything that inconveniences us as an act of terrorism?
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
..quoth he pressing F12 and looking at the Firebug output
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
I got no twitter,facebook, neither I go in IRC.. if someone takes credit for this pwnage, he's a faggot.
What's the target?...It's SONY, MOTHERFUCKER.
Contact me at anon@prvt.org for the full database, which is 50GB, fuck.
About 10 million fuckers at risk. Yes, if you play playstatio network, you're included
This is the language of someone who wants to be perceived as a threat to many people. It is not the language of democratic engagement.
erm.. how about installing rootkits on people's computers disabling their CD drives in the name of "stopping piracy" then having the arrogance to claim that "people shouldn't worry about it, most of them commoners don't even know what a rootkit is so why all the fuss?" How about bankroling some of the most Draconian censorship laws for the Internet? PIPA, SOPA, ACTA, DMCA, PROTECT-IP all bankrolled and lobbied for by Sony and friends. Not to mention their relentless attempts to proprietize media formats. But wait... there's more! They sell you a device then remove features that you paid for after the fact then changed their EULA so that if you cannot sue them when they screw up. And this is just the tip of the iceberg. Sony used to be a good company when they only made hardware. The day Sony got into the content business is the day Sony went sour.
Sorry to burst bubble, but this can be easily be forged with old data from previous hack. For me it's bigger posibility than Sony haven't taken previous attack seriously.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
"Nobody Seems To Notice and Nobody Seems To Care."
About crackpot conspiracy theories posted on Slashdot in a hideously verbose article (and I'm one of the worst culprits for verbosity)? Damn right.
Now, please go away. If the government want in to my computer, they will get it. Chances are that I detect the attempt but even if I didn't, so what? What precisely do you think will happen that wouldn't have happened without intrusion into my personal computer?
P.S. tampering with boot sectors is a DUMB way to try to take over a computer. First, it won't work if the options for Boot Sector Protection are on. Secondly, it interferes with lots of perfectly innocent programs that people might be using (let's start at things like partition managers and go up to more interesting things like Truecrypt). Third, it's likely to balls up a minority of machines totally (Hell, I just encountered a set of machines whose BIOS checks a very specific sector on any NTFS partition for a Windows-like signature and hangs if you try to boot off anything else - so full-disk encryption is TOTALLY incompatible with that machine until the BIOS is fixed) and thus draw attention to itself.
Fourthly, those who care about people getting into their machines WILL notice. Those who don't, won't. Guess who the governments of the world would be most interested in?
Don't want the government to "find" you? Never let your machine out of your sight, never connect to the Internet, wrap it in a tinfoil hat (which seems oddly appropriate here). If they have physical access to your machine or its components at any point, it's game over. Seriously. Nothing has ever proven defeat of that.
Want to *use* your computer? Do so.
Hell, if they are going to put malware in something, they'll just stick it in an Intel chip. Who's going to see it among billions of transistors, hypervisors, microcode, etc.? Nobody. And it has complete access to anything without any hassle at all.
Please re-align your conspiracy theory and point it at brick walls. How can you be sure your house has brick walls? How do you know they didn't plant a microphone in it? How do you know there's not a thermal camera on the other side? Same thing, just as serious, just as crackpot.
Depends on which people you are talking about.
The public at large doesn't give a shit about this kind of thing, which isn't really all that unreasonable. The slashdot crowd is very privacy/security conscious.. the general publis is not. Lest we forget when the network was hacked the first time around, the biggest, loudest complaint was not that CC info was leaked, along with personal details, but that the network was down and people couldn’t play the games they paid for.
Even the rootkit thing. Again, the biggest reaction from the general public, even with all the news coverage, was “well that was naughty of them..”.
Almost all companies are evil. Sony happens to be evil in a way that is perceived as particularly bad by the Slashdot community, but perceived as status quo by the general public.
And of course, even if everyone that even remembers the rootkit thing stopped using Sony for the rest of their life and recommended to all their friends that they do the same, wouldn't make a dent in the profit statements. Which means they don't care about us either!
Most of the time I think of Anon's actions as pointless vandals, best discouraged.
When the f**k with Sony though I can't help but cheer them on.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Oh shit, some clear and rational thinking? Wasn't expecting that.
Came into topic expecting usual Sony hatefest.
Leaving partially disappointed.
It's the language of a child who wants attention. He screams, he shouts, he throws his toys at things. He doesn't know any better, but his parents at least should keep him away from computers until he's old enough to learn not to be a dick.
It would seem that one of the official sports of the hacktivist community is to continually embarrass Sony. I think this is positively hilarious that Sony still cannot get it right.
"Someone claiming to be from Anonymous claims to have hacked PSN."
I use Sony because i love gaming and Sony makes great machines and great games are made for Sony. I don't store any banking info for anywhere i have bought stuff on the internet because no one can be trusted. So even if they do get into my account there's nothing there to steal. No internet business can be trusted none
Jack of all trades,master of none
Guys, he stole the "passwords" from this post that was made back in march.
http://pastebin.com/hhU8Q9di
If a attention-whoring kid can defeat the security measures that a global corporation installed, after they have been hacked before, well, that's one really smart kid. Or Sony still doesn't think your data should be secure.
I'm betting on that last one. Arrogant fuckers that they are.
Finding holes in a fishing net is a saying, meaning it isn't any kind of challenge. Like finding freckles on a redhead.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Why can't Anonymous do something good or interesting for the world, like expose drug cartels or find Mitt Romney's taxes. All they ever do is steal people's identity and post it on the internet. Disagreeing with the way Sony does business is one thing, but why punish the PSN users for it?
So to punish Sony for hurting their customers, Anonymous hurts Sony customers. But Anonymous is stealing credit card info for YOUR benefit!
Good going, guys. Way to take the moral high road and to convince the public to support you. What's next, scrambling blood types in breached medical records databases to teach insurance companies a lesson with dead patients, so you can portray yourselves as Robin Hoods with a pile of bodies?
Everybody gets what the majority deserves.
...But Anonymous is stealing credit card info for YOUR benefit!...
Where does TFA state that? Anonymous didn't mention anything about credit card info that I was able to see. Maybe its been modified in the time between when you read TFA and when I read TFA. Oh... wait...
https://twitter.com/PlayStation/status/235824711601360898
PHEM - party like it's 1997-2003!
The last hack... that resulted in us finding out they basically had no security at all.
The Rootkit DRM
Price fixing of CDs
Everything SOE (their subsidiary) has done since they bought Verrant has been pretty evil.
The public at large doesn't give a shit about this kind of thing, which isn't really all that unreasonable. ... Lest we forget when the network was hacked the first time around, the biggest, loudest complaint was not that CC info was leaked, along with personal details, but that the network was down and people couldn’t play the games they paid for.
Indeed. I made the mistake of answering "because Sony is evil and deserves it" to a comment "Why?" on the Kotaku forums.
That started off a rather nasty flamewar, but most of the counter-arguments boiled down to:
1) Accusing me of being an XBox fanboy (which apparently invalidates your opinions). They also often said that hackers must also be Microsoft fanboys, as Microsoft never gets hacked and they're "just as evil" as Sony.
2) Accusing me of being a troll ("obvious troll is obvious" was said at least once without a trace of irony)
3) Saying that the only people being hurt are Sony's customers, not Sony themselves (somehow not realizing the implications - if customers keep getting attacked, they aren't likely to continue being customers)
4) Saying that nobody ever used Linux on the PS3 and that Sony was 100% justified in removing it
And in one memorable case, bringing up Hitler, trying to minimize Sony's "evilness" by comparing it to that.
So no, none of "the general public" consider anything Sony does to be evil. They could probably kill a few people and people would care more about whether they can play their Final Fantasy XIII-2 DLC or not.
Because Anonynous are not the only ones able to access the data. If someone else used this security hole, they might not have said anything, or they could have released the whole database.
What?
I'm sorry, where was I defending Anonymous?
1) I was stating several events where Sony had done something "Evil". Don't confuse disdain for Sony as approving of Anonymous actions.
2) I have a PS3, although I haven't used it since the Other OS fiasco, I'm affected by this.
3) No where has anyone said Anonymous has credit card info, there's a difference between Credentials and Credit Card info
Is this evil? It looks like S&M between two consenting individuals, since people know about Sony's propensity for heavy handiness and yet they still pay them money for it and seem to find pleasure from it.
It's disturbing when you really think about it.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
I... don't think you understand how these Anonymous guys work.
They are doing it for no benefit except themselves. Because they want to see Sony burn, in this case. Just because they might be attacking someone you don't like doesn't make them your ally.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
The OS (and kernel) weren't to blame in most of those cases. Web servers on any OS can be insecure if they allow SQL injection or cross-site scripting attacks. Putting bad code on a web server doesn't mean the OS is inherently insecure.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
There was no hack. This is the same credentials list, posted in march: http://pastebin.com/hhU8Q9di
This list: http://pastebin.com/hhU8Q9di
...MGS4. nuff said. They can sell my data off to the highest bidder so long as I can play MGS4.
Way to take the moral high road and to convince the public to support you
Support who, exactly?? (Someone must have missed the point of point of why someone else would act... anonymously?!) :p
...and SOE killed Star Wars Galaxies....don't get me started...although, for Pre-CU fans, there's SWGEmu, and for final publish fans (NGE), there's ProjectSWG...
I guess it depends on your definition of evil. I wouldn't say the things they've done in the past were good. I've never bought music CDs so I wasn't graced with their rootkit treatment. I did buy a PS3 because 1) I owned the previous generations and had lots of games and 2) I'm a software developer and planned on using the advertised Other OS feature. Nearly five years after I bought the PS3 and had made good use of the Other OS feature they underhandedly removed it after saying they had no plans to do so.
I didn't enjoy that, so I would say it was an "evil" act, but I have learned my lesson and won't be buying anything made by Sony again.
OH!!! but as the fanbois say, they didn't force me to give up the Other OS feature. They gave me a choice, either I gave up my PSN account (and all the games I bought there), the ability to play blu-rays and new games or I could give up the Other OS, which I was using for semi-work/semi-personal usage. I chose to give up the PS3 altogether.
Last time I checked, the entire company was losing money, except the divisions where these privacy "black eyes" occured. The entertainment side of the business which was doing quite well, it was mainly the hardware side that is losing which isn't tied at all to the various evils we all talk about.
What, exactly, is Anonymous attempting to do by hacking Sony? What, exactly, started them hacking Sony and what was their end goal?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Why are all the accounts Swedish?
The proper response to a hack is a lock-out. Do you know anything about computer security? Sony did the right thing. linkedin did not, nor did Amazon, or dozens of other hacked companies in the last few years. Locking down everything, fixing the holes and then bringing it back online is the right response.
They also gave away lots of value in free games and services as an apology afterward.
- Michael T. Babcock (Yes, I blog)
You know that until recently, Sony Music (who makes those CDs) has almost nothing to do with SCE* which distributes the PS3, right?
Also, the Playstation allows ripping of music from CD and then transferring it to a USB device without hassle -- obviously not the same attitude as Sony Music, but keep the blinders on if you want.
- Michael T. Babcock (Yes, I blog)
Nonsense. They shouldn't release anyone's private credentials. Whether it's 3,000 or 10,000,000, the damage for any one individual is the same.
If they are able to crack PSN and there is work Sony should do to fix things, then they have other options.
- Tell Sony, see if they fix it
- Failing that, tell an independent person - a trusted reporter or other third party. Then that third party can confirm the leak and Sony will have to answer for their problems.
As someone with more than a few accounts online (including PSN - sue me, I want to buy DLC now and again), I really take exception to the idea of being a pawn in this game. My private data is my data - Sony has a duty to keep it private; and if a hacktivist steals it, they have a duty to keep it private, as well.
The English word fart is one of the oldest words in the English vocabulary.
You forgot The Lik Sang saga . Sony shut down the hardware importer Lik Sang because they were importing PSPs (when they were new) from Japan for sale in Europe. On what basis did Sony Sue them? They sued them by claiming that Lik Sang was selling devices that were "unsafe" in Europe. They also sued them from different countries in different languages. Lik Sang could no longer afford to defend itself and thus folded.
Georgia Tech, the leader in Chia(tm) technology.
Yeah? Will the Playstation allow you to rip DVDs and BlueRays? just wondering.
Why are people still using Sony? They have done so much evil and have clearly shown that they don't care about protecting their users/customers. Do people really like to be abused that much?
Perhaps because there's not a great alternative available? If you like console gaming, then there's Sony, Microsoft, and to a lesser extent, Nintendo. I certainly wouldn't consider Microsoft any less evil than Sony. Nintendo, maybe - but their consoles aren't really the same thing as the similar 360/ps3... I guess people could give up console gaming entirely, but to just gripe that Sony is evil is a bit narrow sighted. Personally, I prefer PC gaming.. however at the moment that still means either playing old games on a wine based setup or using MS.
I wasn't talking about being locked out of PSN because of the security issue. I was talking about "Either you update your firmware and get ride of the Other OS feature, or no (new games, BluRay, or PSN) access for you".
I made good use of the Other OS before my wife and cousin accidentally updated my system after they rented a BluRay that forced a system update so they could watch it.
But effectively I was told if I didn't get ride of the other os I could not access my PSN account and the games I had bought on it. Either way it was a lose-lose for me.
Anyone can relax the definition of any term until it's sufficiently loose to support their assertions.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
I think I should ask them for my password, I changed it after the last attack and now can't remember it.
. .
Welcome to the Internet.
1) Accusing me of being an XBox fanboy (which apparently invalidates your opinions). They also often said that hackers must also be Microsoft fanboys, as Microsoft never gets hacked and they're "just as evil" as Sony.
2) Accusing me of being a troll ("obvious troll is obvious" was said at least once without a trace of irony)
As much as I would like to think otherwise, in my experience 90% of people who comment on video game forums are fanboys that will vehemently defend their platform of choice or are fanboy trolls baiting said fanboys. Make a comment contrary to the opinion that Sony is a benevolent gaming god that only brings joy and smiles to the world and you will be labeled an Xbox fanboy and told to GTFO. Attack Nintendo and you're a Sony fanboy. Attack Microsoft and you are an Apple fanboy, etc.
Answering the question of "Why?" with "because Sony is evil and deserves it" it's not hard to understand why you were labeled a troll and a fanboy.
3) Saying that the only people being hurt are Sony's customers, not Sony themselves (somehow not realizing the implications - if customers keep getting attacked, they aren't likely to continue being customers)
Here is the thing, who do you think is being hurt more, some poor schmuck who wanted a few games and a blu-ray player having their information posted online or some large multinational multi-billion dollar conglomerate that could lose their entire video game division tomorrow and still be raking in billions from other avenues of sale.
4) Saying that nobody ever used Linux on the PS3 and that Sony was 100% justified in removing it
Yes it was a shitty thing to do, but if you really think that that was a major draw for the system then you are sadly mistaken. If you really bought a PS3 to run Linux on, there are many better and probably cheaper devices that can run Linux. Many of them come with Linux preinstalled and some of them can even connect to an HDTV as well. However, if it is that much of a concern there are other options available such as hacking the device or not upgrading the firmware. There are consequences to those routes, but it can be done.
And in one memorable case, bringing up Hitler, trying to minimize Sony's "evilness" by comparing it to that.
Again, Welcome to the Internet!
So no, none of "the general public" consider anything Sony does to be evil. They could probably kill a few people and people would care more about whether they can play their Final Fantasy XIII-2 DLC or not.
First, the Kotaku forums are not indicative of "the general public," they are indicative of the endless wars between fanboys and random gaming hobbyists who like wasting time on Kotaku. However, when one has invested hundreds if not thousands of dollars in games and hardware, especially nontransferable goods like DLC and downloaded games, not many people can justify throwing it all away because a company is evil. Maybe this will keep some people from buying the next console but if you think that people are just going to abandon their investments en mass on principle then you are not living in reality.
Slow Down Cowboy! It's been 1 hour, 47 minutes since you last successfully posted a comment
Yes. The easiest way to not be affected by Anonymous is to stop being a Sony customer.
I fail to see where Anonymous has hinted they would move from financial impact to murder.
That was actually about 30 different people, not just one.
My guess is to shed light on these systems where a 14 year old can just walk in and make off with all your data ... what started them on sony? Maybe cause sony has been a very big asshole for the last decade, and well, the squeaky wheel gets the grease.
Binding game to an account making it impossible to re-sell? Plenty of cases.
Using Starforce "rootkit" as DRM? Many companies.
Forcing player to stay online when playing in single mode? Yep, several companies tried that.
Dumping LAN play altogether? Yep, Blizzard did that.
PIPA, SOPA, ACTA, DMCA, PROTECT-IP all bankrolled and lobbied for by Sony and friends.
I'd say "and friends" is a key here. Somehow you want to make one company responsible for it.
Sony PS3 allows you to rip your CD and put it on MP3 drive, mind you.
Not to mention their relentless attempts to proprietize media formats.
Why not mention it? Last time I've checked people had to pay royalties for:
It is a profitable business that's why nearly ALL companies try to do have their share. What makes Sony outstanding in this regard?
I own a Sony Walkmen MP3 player. It doesn't force me to install anything. It doesn't try to do any DRM crap. It can be used as USB drive. Oh, it even can play all files in a folder. That's quite contrary to what some popular music player from another company does.
I own Sony Reader (actually a bunch of them). It supports EPUBs, an open standard. None of them locks me in into particular store. I can get e-books from public libraries with it. Unlike with very popular product by some other company. All of them are easily modded with custom firmware to add more features. It was easy for Sony stop CFW from running on it (as Amazon did with Kindle), but they aren't doing it.
PS
Oh, and while we're at it, this seems to be bogus news.
http://www.tomshardware.com/news/Anon-Hack-PSN-Sony-Deny,16916.html
The corporation and the hacktivist both have a moral responsibility. The rule is the golden rule. Civil laws can and should be adjusted accordingly to codify this.
If you are willing to live in a world where you have all the responsibility and others have none, then you are the fool. I prefer civilization, where there is shared responsibility. Reality and ideals never match up perfectly, but that's no reason to throw your hands up in defeat.
The English word fart is one of the oldest words in the English vocabulary.
From what I see, they are trying to force Sony to make changes by attacking Sony.
terrorism noun \ter-r-i-zm\ : the systematic use of terror especially as a means of coercion
terror noun \ter-r, te-rr\ : 1)a state of intense fear. 2) violent or destructive acts (as bombing) committed by groups in order to intimidate a population or government into granting their demands
Aren't theses acts and attacks committed against Sony, in an attempt coerce Sony into behaving in a specific manner, designed to be destructive to Sony, it's reputation, and it's business?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
I rather enjoyed all the wails and crying of the Sony Fanbois.
It's not Sony's fault they had extremely poor security and let all their customers' information be available in unencrypted formats! How dare Anonymous besmirch the Jehovah known as Sony!
That would violate the DMCA in the US at least as they contain copy protection systems, but you already know that.
- Michael T. Babcock (Yes, I blog)