'Why I Bid $700 For a Stolen PSN Account'

Patrick Klepek tells the story of a PlayStation Network user who had their 13-year-old account stolen via what appears to be a social engineering scheme against Sony. Klepek managed to track it down and start negotiating for its release. An anonymous Slashdot reader shares an excerpt from the report: 1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700. "Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.) I didn't purchase the account, of course. But I could -- anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help. Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person -- the individual asking for $1,200 but who quickly and without hesitation dropped to $700 -- did.
[...]
More than likely, Sony itself is a victim of a clever social engineering scheme, in which a user, or series of users, repeatedly spammed their representatives, until it found someone willing to accept the limited information they did have, and calculated the system would eventually lock the account in their favor. Even a "failed" social engineering attempt can be a success, if the person calling comes away with new information about the account. Every company in the world can fall victim to social engineering, as there are no true fail safes. But Sony's setup seems especially ripe for it. Why didn't the system get flagged as "sensitive" sooner? Why can a user flip off two-factor authentication over the phone? How can an account get abandoned, when it's still active? There are ways Sony could have prevented this from happening. In the end, the original account owner was magically handed the account. "Sony promised that they were going to set it up so no reps could make any changes," the account owner said, "but they are still investigating how this happened."

Sony's security is not such good

[sentiblue]

Don't you have to make credit card payments to PSN? And by having credit card statement, can't they just use your credit card number to confirm who owns the account? The fact that the hacker guarantees the original owner cannot get it back leads me to believe that Sony hasn't done a good enough job.

Re:Sony's security is not such good

[epine]

Boycotting Sony isn't much of an option.

Sure, you can boycott Sony. But to make this effective in reducing your exposure, it probably involves boycotting most of the gaming industry, as a whole.

If you're a gamer, you've probably heard a term for this: collateral damage. Welcome to Collateral Damage. Please enjoy your stay. Amenities available: the great outdoors, and old school shit like that.

I was an avid game in the 1990s and I purchased a system to be able to run Microsoft software to be able to run a favourite game.

Worst decision I ever made. It should have been a Linux or BSD box. End of story. And all those hours should have been invested in mastering bash (or zsh) instead of mastering spin, strafe, jump, grapple in a single motion.

What A Beautiful Mind failed to explain about John Nash: it's never just a single containing matrix.

For every matrix you solve, another enclosing matrix springs into being. You solve one matrix about being shit on by a single software vendor, another matrix springs into being about being shit on by an entire software segment.

As WOPR once said, sometimes the only winning move is to not play.

Sure, you care about your virtual trophies, and the immense skill you cultivated in achieving those. But you didn't have to choose to go down that path in the first place. Many other paths would have offered comparable thrills, and some of those were probably far more on your own terms. But now you have sunk cost because you did go down that path, and your next move is dominated (in the game theoretic sense) because you are 100% committed to accepting a local frame stacked against your desires.

Jordan Peterson says start by cleaning up your own bedroom.

The sooner you jettison local frames stacked against your own interests, the sooner your life will track a better slope.

I got involved as a sports fan for a while. It was a great Petri dish to explore human cognition. But then my favourite resource disappeared behind a paywall. Sure, I could pay. But now the discussion is limited to include only those people who choose to pay. The group structure is now inherently different. It's no longer such a great Petri dish for me to explore human cognition (having become far more captive and insular). I have no hard feelings about this.

But I decided to blow my cherished franchise off, rather than follow it into the paywall penumbra. Is this a stable penumbra, or just an incubating umbra waiting to swallow me whole? Why should I risk an eventuality of that nature, entirely outside of my own control. Lesson learned, way back in the 1990s.

Soon enough, of course, I found other rewarding activities which now occupy those energies. And I'm certainly not the worse off for it. There was a three month period where I felt a bit mopey, because I missed the familiar context for injecting ludicrous things with a long inside-baseball group context. That can't be replaced overnight.

There are many box-control business models out there. I'm now loyal to none of these, and I never will be again.

If only I had a time machine, that's one message I would surely send to my younger self making foolish choices back in the 1990s.

Dear younger self:

I know you get a completely unreasonable joy from the simultaneous spin, strafe, jump, grapple frag, but trust me, it's a trap. I know you think shell script was designed by a colony of drunken monkeys, but trust me, it's NOT a trap. All you do in the shell is construct strings, fork/exec, and test exit codes to control program flow. Yes, some of the quoting rules in complex commands are Unix's version of Microsoft's DLL hell. Get over it. You'll thank me later.

With chagrin,
your pathetic older self

[*] P.S. every quotation mark should be two instances of a 32-character random nonce, never to be ever used again. That's how you make nested quoting work without exponential escape growth. You'l

Most people want poor security

[FeelGood314]

Usually any extra security you add is going to hurt legitimate people who forgot their password/login. These people out number the crooks and a large army of them will be very upset if they can't reset their account with minimal effort. It's a balancing act for customer support but better to lose one account and restore 100 users who have are having trouble. Those support calls cost a lot and there is limited profit potential from them. Don't expect this problem to be fixed or even improve anytime soon.

Re: No PSN accounts in FEDERAL PRISON

3# They've been contributing for over a decade anonymously. I've been here for 16 years and never created an account. I've had AC posts rated up to +5 for Insightful, Informative and Funny. It's not cowardice, I just want my posts to be interpreted free of assumptions about me caused by reading my posting history.

Reading between the lines and guessing from writing style, there's a lot of people doing similar.

Also, ACs don't get bot spam replying to every post they create, unlike people who piss off APK, the GNAA guy or the Russian troll that hates C Reimer.