Sections

Talk points to piracy as PSN downtime reason

Tuesday, 26th April 2011 07:02 GMT By Patrick Garratt

It emerged last night that a custom firmware hack may have been the reason Sony took PSN completely offline last week, a move which has kept the service offline ever since.

While links to the firmware running have been posted on YouTube and links have been circulating for days, a “moderator” from PSX-Scene last night posted on Reddit to claim that the software had allowed hackers unlimited access to retail PSN content via fake credit card numbers.

The firmware essentially turns a retail PS3 into a dev kit, and makes PSN believe the machine is part of Sony’s developer network. As it’s a trusted party, the network then fails to check details such as credit card numbers, meaning those using the hack were able, apparently, to download as much content from PSN’s retail servers as they liked.

According to that post, developers have now been told that “only 3.60+ debug firmwares will be allowed on the dev network anymore. All earlier versions will be cut. If you want to retain your access you need to contact Sony and upgrade to 3.60 debug firmware.”

While we’re told it’s true that hackers gained access to PSN retail content through this hack, it is not at all confirmed that this was the reason Sony took PSN offline last Wednesday.

Sony’s developer and retail networks are independent – theoretically meaning the developer network could be closed down, leaving the retail network in action – and patching out the firmware in question is supposedly trivial.

Sony said last week that PSN has been taken offline thanks to an “external intrusion”.

We’ll ask Sony for comment.

Latest

29 Comments

  1. frostquake

    I used to look forward to each week’s update on PSN, but this is getting to be a Headache! Signing in with Error messages constantly, is not worth it. I have pulled my PS3 and put it in another bedroom, until this resolves.

    I guess this is what the Hackers wanted?

    I will tell those Hackers, that when it is fixed, I will pull the PS3 out and continue to buy items from PSN and play games online with friends!

    #1 3 years ago
  2. FeaturePreacher

    This is what happens when there’s no monetary cost to online play. No money available to upgrade security and no monetary punishment when a user name is lost. You get what you pay for.

    #2 3 years ago
  3. Schindet Nemo

    @2
    Just because a service is more expensive doesn’t mean it’s better.
    I agree that Xbox Live currently has an edge over PSN but no system is foolproof. Remember Christmas 2007? Xbox live was offline for 2 weeks straight during the holiday season.

    #3 3 years ago
  4. Blerk

    A surprisingly long outage. I surmise people are “somewhat cross”?

    #4 3 years ago
  5. Freek

    Xbox Live went offline back then due to unprecedented demand, not becasue MS took it down themselfs due to severe security issues.
    And also, that was 2007, back when this sort of online service was just starting out.
    You can’t have a poorly set up poorly secured network nowadays. It’s core to the functionality of the consoles and PC. Being connected is the expected standard.

    #5 3 years ago
  6. Mr Tom

    As Freek says, the 2007 XBL outage was due to higher than expected demand due to Halo 3 and the holiday season being more successful than they imagined. The service was taken down by pure brute force of everyone trying to connect. It’s been pretty damned stable ever since.

    I’m still waiting to be able to register my PS3 with Steam so I can download Portal 2 on PC :-(

    #6 3 years ago
  7. Benjo1981

    It kinda makes you wonder what kinda thinking goes on at Sony HQ: do they think that because they don’t charge for it, PSN can be substandard? To allow their network to be brought to its knees by an external attack is, in this day and age, ridiculous.

    Seriously, Microsoft must be gleeful: this just strengthens the perception that XBL is, and will remain, the standard for console online services.

    #7 3 years ago
  8. Syrok

    Can’t be prepared for everything.

    #8 3 years ago
  9. Benjo1981

    @8

    But they can do better. They knew that they were at significant risk of an external attack some time ago when the whole Hotz situation blew up. They should have strengthened the network then, not now. You don’t wait for a car to hit you before you stop, look and listen.

    #9 3 years ago
  10. viralshag

    Personally I do think XBL is the standard for console related online services. I mean, yeah we do have to pay like £30 a year but I do think the service is much better.

    Sony, if you’re listening, please update the dashboard while you update your security. Thanks :)

    #10 3 years ago
  11. Kerplunk

    #5 & #6 – Letting XBL outages off the hook pretty lightly there. XBL was launched in 2001 so had been online 6 years before the outage in question. Given that Microsoft themselves launched Halo 3 (which is pretty much their ticket to XBL signups) and that Xmas had been occurring at the same time of year for the 2006 years previously. It’s very hard to present a convincing argument that there wasn’t enough time or precedent to anticipate and manage the behaviour that caused the outage. Or even to say that XBL was, 6 years after launch, in its infancy.

    Furthermore, tagetted attacks have resulted in account details getting stolen from the service.

    In that regards, yes, Sony should (and maybe did, but not enough) take steps to strengthen their security. However, you will never find a 100% secure or unhackable network in the same way that a piece of software will never been 100% bug free.

    For any concerned about their details being compromised I would suggest you be pro-active. Just like is being recommended of Sony – don’t wait for the car to crash, take action and speak to you bank. Check your card transactions and take necessary steps. You can do this immediately without waiting on information from Sony. It would be a great shame to see anyone accusing a company of not doing enough to demonstrate they themselves did not do anything either. You are not powerless victims.

    #11 3 years ago
  12. xino

    now…doing something like this is now stealing!
    complete stealing!

    watching pirated movies are bad but not serious.
    but going into PSN server using hack and downloading £10000 contents is rightfully stealing!

    i think Sony switched off the server and are looking at the sources that are doing this.
    I hope they catch them and send them to fucking jail!

    People download music, games,movies, applications….all these are bad.
    But not damaging and serious like going into PSN to download £100000 goods!

    go to jail! do not collect money, do not buy houses, do not inherit money, do not collect compensation, gtfo and go directly to jail!
    #next gen monopoly:)

    #12 3 years ago
  13. ManuOtaku

    #11 you also go so lightly on the account issue Sony shouldn’t be storing credit card data for completed transactions neither, as it is illegal to keep those on your records. And for stored “wallet” info, they shouldn’t be keeping the credit card info so readable, they should be keeping it encrypted very stronlgy, therefore it t should require several years of computer power and in order to decode. And that’s one of the most basic security measures a company can take that will means that the PSN is a very insecure network.

    also keep in mind that the key that was given by geo is very different from the keys that were used for decyphered by the hackers for this kind of actions, and also this key and information shouldn’t be stored in the same network (payment systems should be stored in different networks, according to the payment card industry standards).

    So if the hackers could access the payment network, then it was either very poorly built or it had very poor security on sonys court, which is a little but hard to swallow, and furthermore sony didnt know if those were affected by the hack.

    Which lead me to the other point, and the following is my opinion, therefore everyone is entitled to one, if rumours are true and sony dish out free PSN because of this situation it makes me wonder if all this it wasnt plan from the beginning it could easily be Sony’s way of just taking down the PSN completely, first thet put other s on the console making it a computer therefore easy to run piracy, but that was not the case, then the toss it away with no compensation whatsoever, in order to not lose money, then Geo went and release the key in order to install other s, this could be seen beforehand, then they go to court and strangly they settle out of court,knowing that now they have a good user base and they pick up steam, Then they blame it on “hackers”, so Sony can rebuild the PSN, except this time they say they have to charge you for the ability to access it, to provide security against the “hackers”. this scenario has happened yet: No, thank god, It will happen for sure in the near future: i dont know, but if rumours are true it is a possibility, and seeing the ways they are treating their consumers, i highly think so

    #13 3 years ago
  14. Benjo1981

    @12

    Downloading music, games, movies & applications is bad, but not damaging and serious?!

    #14 3 years ago
  15. OrbitMonkey

    Kerplunk +1, Just out of interest what did MS offer by way of compensation?

    #15 3 years ago
  16. Hunam

    They made Undertow free for everyone.

    #16 3 years ago
  17. Kerplunk

    @13

    you also go so lightly on the account issue Sony shouldn’t be storing credit card data for completed transactions neither, as it is illegal to keep those on your records.

    Where did I even cover that? How can you say I go lightly on something when you are the only person to mention it? As usual your understanding as to what has been said and what your position is amongst it is utterly without merit.

    Also, who has said this information is stored with Sony other than you? And what authority are you speaking in to state what methods data is stored in and what level of encryption has been used? I take it you’re entirely up to speed with the Data Protection Act and intimately know every bit and byte of the PSN system then?

    Or, is it more likely, that just like every single other argument you’ve ever presented, you’re determined to damn Sony for whatever you can think of and concoct endless straw men and details that you have no ability to substantiate whilst overlooking every detail that doesn’t fit your predetermined view?

    I’m going with option B.

    #17 3 years ago
  18. ManuOtaku

    #17 “Furthermore, tagetted attacks have resulted in account details getting stolen from the service.

    In that regards, yes, Sony should (and maybe did, but not enough) take steps to strengthen their security. However, you will never find a 100% secure or unhackable network in the same way that a piece of software will never been 100% bug free

    based on that you seem to took it lightly, because of the reasoning before mentioned

    As for the rest, is my opinion that sony should compesate users for the PSN +, and for the Other S issue, if thats predetermined view to you, well sorry, but is my opinion, and for the scenario i did put i did mentioned that was a possibility which may or may not occur, if thats also bad, well we can have white , black opinions, and grey for that matter, but no only one like you seem to want. sorry for that too.

    #18 3 years ago
  19. Kerplunk

    Erm, my comment and link to support it was in response of the suggestion that XBL’s outage was something to be celebrated or entirely excused. You seem to think I was talking about PSN instead. I’m genuinely quite staggered at how consistently you manage to overlook or misinterpret whatever detail doesn’t suit your agenda.

    I wasn’t taking anything lightly – such as celebrating a 2-week outage of a paid service as something that was a response to “OMG FABULOUS DEMAND!!!” or excusing it as a network system still in its infancy (when it clearly wasn’t). Those reasons by 5 & 6 were prime examples of ‘taking things lightly’ which you obviously don’t care about because they’re not about your perpetual argument about Sony coming into your home, kicking your cat and drinking all your beer.

    So then, all your waffle about “illegal holding of information” is actually based on whatever was in your head and not something you can substantiate. Well, we can all make fantastic air-tight arguments when we make up the details and the rules ourselves. Applying them to the real world is where things start to go a bit wobbly. I’d suggest you stop presenting your guess-work opinion as fact, especially when you’re going to combine that with words like “illegal”.

    You won’t, of course, but you really should.

    #19 3 years ago
  20. ManuOtaku

    #19 i see you didnt read my comment or i didnt explain myself good i mean if sony is not aware if the accounts have been reach by the hackers, means that they have this information on the same system payment and the other running system for PSN (payment systems should be stored in different networks, according to the payment card industry standards), therefore accoridng with the card indusrty standards thats illegal which i guess based on the facts that are on the table right now, when sony state otherwise then i can change my point of view, but thats the whole thing it doesnt stated quite much, only that they dont know, is their system who should now then?

    #20 3 years ago
  21. Benjo1981

    @20

    Why do you assume that payment information and PSN are on the same system? Couldn’t the hackers have hacked…both…systems?

    I don’t think Sony has done anything illegal here.

    #21 3 years ago
  22. Kerplunk

    @20 I’m not sure you’re in a position to say what facts are on the table or not. Your previous referencing of ‘facts’ doesn’t work in your favour.

    Logically, Sony are then only official source of information on this issue. Information provided by any other source cannot be regarded as official or, subsequently, accurate. That’s just logic and common sense. There’s a lot of talk, a lot of speculation and a lot of ideas and suggestions. But on the whole, you cannot regard that information as factual because most of the people talking about it simply don’t know (in spite of how authoritative they try to sound).

    Sony have yet to make a clear statement regarding the status of personal details on PSN.

    So these ‘facts on the table’ you are basing your typically flimsy argument on have not come from an official source, have they? And given you rather poor track record of understanding much simpler issues (such as the concept of ‘choice’) you’ll understand if I don’t take your argument and ‘facts on the table’ to heart. Get better facts.

    #22 3 years ago
  23. ManuOtaku

    #21 becuase the information that we have like this “While we’re told it’s true that hackers gained access to PSN retail content through this hack, it is not at all confirmed that this was the reason Sony took PSN offline last Wednesday.

    Sony’s developer and retail networks are independent – theoretically meaning the developer network could be closed down, leaving the retail network in action – and patching out the firmware in question is supposedly trivial”.
    Which didnt happened sony shutdown all the PSN which maybe means that are on the same system, well thats why i do guess from that.

    #23 3 years ago
  24. ManuOtaku

    #22 see my 23 comment

    #24 3 years ago
  25. Frank17

    @5.. it wasnt 2 weeks u jackass first of all.

    psn has always been a poor service cuz its free. with xbox u pay but u get alot more content and better quality. microsoft alwaywas will have a better internet and better excperince

    #25 3 years ago
  26. Benjo1981

    @23

    You’re reasoning is totally beyond anything which could be refered to as ‘logical’. You’re basing your conclusions upon speculation and filling in the gaps with superstition.

    #26 3 years ago
  27. OlderGamer

    I remember the 2007 outage. I also remember playing here and there throught the duration. Why because it wasn’t down. It was overloaded. There is a difference. Its like waiting in qs to play WoW, sure you can’t play, but some people are.

    The service wasn’t blacked out. MS didn’t take it down. people just had trouble connecting due to trafic. People didn’t throw away their xboxs, people won’t throw away their ps3s now. But if Sony doesn’t 180 and start stepping up to the plate to take a swing people might.

    #27 3 years ago
  28. OrbitMonkey

    @25 You are aware that ps3 users have free access to the internet right. Now I know Live is good, but it don’t beat the internet in terms of content… Unless Gold members get free porn now?

    OG +1

    #28 3 years ago
  29. ManuOtaku

    #26 May i ask why is that?

    #29 3 years ago

Comments are now closed on this article.