The PSN Fiasco

It’s now the US government’s turn to question Sony about its online security, which follows the UK government’s scrutiny into the company’s affairs.

In a letter addressed to PlayStation executive deputy Kaz Hirai, the Subcommittee on Commerce, Manufacturing, and Trade has prepared a list of questions related to the intrusion; the list can be downloaded from the New York Times here. The letter asks several questions that Sony has not disclosed to the public, such as:

  • How many PSN users had a credit card on file
  • Why Sony cannot determine if credit card was stolen.
  • What are Sony’s plans towards increasing its security in the future.

The Subcommittee’s press release states:

“Given the amount and nature of personal information known to have been taken, the potential harm that could be caused if credit card information was also taken would be quite significant. The Subcommittee on Manufacturing, and Trade has a longstanding interest in consumer privacy, identity theft, and industry efforts to address threats posed by unauthorized access to consumers’ personal information resulting from a data breach.”

The Subcommittee is requiring a reply by no later than May 6, as part of a privacy driven effort “to protect consumer information.”

Meanwhile, Kaz Hirai will be holding a press conference tomorrow from Sony Japan, to address the PlayStation Network hacking crisis.

The conference will be held at 2PM Japan time, which means a lovely 12 midnight time for those in New York and 5AM the next day for those in London.

It is expected that Hirai will announce a new PlayStation Network security system, and when PSN will be live for users to enjoy. He also may announce what sort of compensation Sony will offer.

As for PSN itself, the service is still down, but Sony has already stated that the service would return sometime around May 3. For the last two weeks, PlayStation Network has been down, and worse, personal data was exposed, including millions of debit card data. In fact, some underground sites have begun sellingwhat they claim are 2.2M credit card info, though the claims could be fraudulent or worse, propagating computer worms or viruses.

Regardless, Sony has let users know in a recent FAQ that they’ll compensate their users somehow for the trouble.

The PlayStation EU Blog promises:

“We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.”

It’ll be interesting to see what kind Sony comes up with. As a baseline, Microsoft and Electronic Arts have offered free games for outages.

iPhone and PlayStation 3 jailbreaker George “Geohot” Hotz has weighed in on the current PlayStation Network outage stemming from PSN identity theft from unknown hackers in his blog.

He immediately denied having anything to do with the scam, with the reasoning that he’s not stupid, though he doesn’t refrain from taking a potshot at Sony executives:

“To anyone who thinks I was involved in any way with this, I’m not crazy, and would prefer to not have the FBI knocking on my door. “Running homebrew and exploring security on your devices is cool, hacking into someone elses server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony.”

He continued:

“Also, let’s not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit. The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.”

Hotz concluded with some words to those behind the scam, again slamming Sony in the process:

“To the perpetrator, two things. You are clearly talented and will have plenty of money(or a jail sentence and bankruptcy) coming to you in the future. Don’t be a dick and sell people’s information. And I’d love to see a write up on how it all went down…lord knows we’ll never get that from Sony, noobs probably had the password set to ’4? or something. I mean, at least it was randomly generated.”

His full blog entry can be found here.

0 thoughts on “The PSN Fiasco”

  1. Happened for quite a while, Oliver. The main thing people were upset about was the fact that Sony delayed to announce it’s customers about the issue. Basically, Sony knew for (almost a week? please correct me if I’m wrong) that the network got compromised, but didn’t announce it’s customers.
    Not cool.

    I like Geohot’s take on the issue.

    My take to the three questions:
    – more than 70% of the customers
    – they don’t know how much of their network was compromised, more likely because the hackers cleaned up a good deal of their tracks
    – hard to say. For each lock you put in place, you also need a safe place to put the key in.

  2. Happened for quite a while, Oliver. The main thing people were upset about was the fact that Sony delayed to announce it’s customers about the issue. Basically, Sony knew for (almost a week? please correct me if I’m wrong) that the network got compromised, but didn’t announce it’s customers.
    Not cool.

    I like Geohot’s take on the issue.

    My take to the three questions:
    – more than 70% of the customers
    – they don’t know how much of their network was compromised, more likely because the hackers cleaned up a good deal of their tracks
    – hard to say. For each lock you put in place, you also need a safe place to put the key in.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Episode 271: Paul-less PodcastEpisode 271: Paul-less Podcast

This week’s Gaming Podcast lacks Paul S. Nowak, who had to bow out due to illness, but there’s still Jonah Falcon, Jordan Lund and Daniel Quick to keep the podcast lively. This week features yet another weird NES title, Wall Street Kid, and some friendly Paul-less banter between the trio.

This week’s news includes:

  • Capcom: Street Fighter X Tekken DLC will never come to Xbox 360
  • Vivendi finding few buyers for Activision-Blizzard
  • Gearbox: “Wouldn’t be surprised” if more aggressive PC games start to appear
  • Grand Theft Auto V will support planes and jets, won’t have beta test

Jonah also startles Dan and Jordan with a “secret topic” with the $99 console, the Ouya, which leads to the Question of the Week, “Would you buy a $99 Android-based console?”

Episode 352: Get Ready for E3 AgainEpisode 352: Get Ready for E3 Again

It’s the last podcast before E3 2014 starts on Monday. Jonah is still ravaged by the flu, while Paul’s ghost haunts the podcast.

The news this week includes:

  • Watch Dogs sells 4 million in first week
  • Xbox One getting 34 new apps
  • Sony discontinues the PSP in Japan
  • Take-Two CEO skeptical of Oculus’ broad appeal

All this and Listener Feedback as well as a new Question of the Week: “How much info do you try to glean from E3 reports?”

For whatever reason, the file is not working. To listen to the podcast, use this player:

Episode 264: This Podcast is DRM-FreeEpisode 264: This Podcast is DRM-Free

This week is full of gaming goodness as E3 slowly creeps up like kudzu, but there’s still plenty to talk about this week. For one, the Gaming Flashback is the classic Infocom game Planetfall.

The news for the week:

  • DICE has Frostbite-powered titles for 2013 that “will require a 64-bit OS”
  • Actors confirm return to recording booth for Mass Effect 3
  • CD Projekt RED: The truth is DRM does not work
  • Potential $1 billion suit against EA by former student-athletes moves forward

All that and Reader Feedback. This week’s Question of the Week, “Have you ever wanted a game but didn’t buy it due to DRM?”