Sections

U.S. Senator pleased with Sony’s response to PSN attack

Wednesday, 11th May 2011 06:09 GMT By Jessica Citizen

An American senator has actually praised Sony’s reponse to the PlayStation Network security breach, two weeks after publicly calling for the company to explain its actions.

Richard Blumenthal

Richard Blumenthal, a Democrat senator, has gone so far as to suggest that Sony “could serve as a model for other companies facing similar criminal hacking”.

Blumenthal had earlier been in contact with Sony with a list of questions following the public release of details relating to PSNgate. He also insisted that the company offer identity theft insurance alongside free access to credit reporting services for the next two years.

It didn’t take long for Sony to agree these demands, providing U.S. gamers with a $1 million insurance policy and a year’s worth of free credit monitoring.

Via his official website, Blumenthal says he welcomes this “strong first step”.

“Sony’s response to preventing similar attacks in the future could serve as a model for other companies facing similar criminal hacking,” he continues.

“The crime perpetrated on Sony and PlayStation Network users is part of a larger troubling trend of cybercrime, and a reminder that our laws and data security resources must keep pace with advancing technology. I look forward to working with Sony and others in the future to determine the best way forward, and continue to urge the Justice Department to pursue the criminals who attacked Sony’s information system.”

GamesIndustry reminds us that Sony are still no closer to publicly announcing the identity of the hackers, although a number of fingers are being pointed at “rogue elements” within the Anonymous hacktivist group.

Breaking news

25 Comments

Sign in to post a comment.

  1. GwynbleiddiuM

    Finally some one that isn’t a hypocrite and coward made a comment on the issue. Cowards hide and look the other way, bravery comes at costs, costs brave men and women would only pay, games only they would play. Everybody else better shut up and if they don’t have the balls to take action just shut the hell up…

    #1 3 years ago
  2. TVs Everywhere

    This is exactly what I’ve been saying, and not because I’m a Sony fanboy of some sort (never owned a PlayStation console until 2 years ago).

    The simple fact of the matter is that Sony’s actually handling it pretty well as far as network attacks go. I mean, when you compare how other companies handle network breaches like this, including but not limited to BANKS, and when you see that 1) these companies take FAR longer than six days to tell their customers their data was compromised 2) they do nothing to offer protection, much less THIS much protection (a $1 million policy), 3) they don’t do anything close to what Sony did in terms of shutting down the whole network and rebuilding from scratch under a severely huge time cruch (most companies would make a half-assed band aid solution and call it at a day), the list goes on.

    But hey, when this is the first major network breach in video gaming, you’ll have all the crazy people running around like headless chickens yapping about how the sky is falling down. Then you have the smug circle that’s actually CHEERING for Sony’s failure out of a completely misguided sense of “justice” for whatever they feel they did wrong (or just because they flat out don’t like their products), and you have the people who overreact to comedic amounts at the words “network breach”. There’s still a HUGE amount of people who maintain that their credit card info and even their IDENTITY has been stolen in the PSN hacking, despite the fact that nothing of the sort has happened.

    Simply put, in the real world without any of these weird beer goggles all the crazies seem to be wearing, Sony’s handling of the situation isn’t bad by any means. And like Blumenthal said, they’re actually handling it pretty well in several ways.

    #2 3 years ago
  3. Robo_1

    Should be fun watching the various news outlets try to spin this into a negative story for Sony.

    The fact is that since the attack happened, there’s actually very little more the firm could have done by their customers. It’s one of the reasons why the news outlets which have put the boot in particularly hard, have tarnished their own reputation in many peoples eyes.

    #3 3 years ago
  4. Gekidami

    ^ Indeed, some people are gonna rage over this.

    #4 3 years ago
  5. Erthazus

    @robo_1
    “The fact is that since the attack happened, there’s actually very little more the firm could have done by their customers.”

    It should not happened. To begin with. PERIOD.

    If you created the audience make sure to protect it. You can’t? Don’t bother then.

    #5 3 years ago
  6. neon6

    @3 Gotta get view count up somehow!

    #6 3 years ago
  7. Kerplunk

    It only took 16 minutes for the prophecy in #4 to be realised in #5. :)

    As every single security expert and person with common sense in the world has already stated: there is no such thing as a 100% secure network. You can rage as much as you like whilst overlooking that simple fact of life, but you might as well rage about water being wet.

    #2 “Then you have the smug circle that’s actually CHEERING for Sony’s failure..”

    It’s been happening since before 2006 and those who still have that outlook are riding this as hard as they possibly can. All the usual suspects are at it and it’s not hard to identify who they are.

    #7 3 years ago
  8. Erthazus

    “As every single security expert and person with common sense in the world has already stated: there is no such thing as a 100% secure network.”

    As every single expert. Prove link please or GTFO

    “all i see is: blah blah blah, i love Sony, blah blah blah”

    Until i will see major XBOX LIVE outage i won’t shut up. But we all know thats not going to happen. Behind it is a software giant. Same goes to Apple.

    #8 3 years ago
  9. Kerplunk

    #8 You know what, I provided a link before you asked for it when you were spreading lies and FUD yesterday about server software updates. Once you were proven to be ill informed and spreading your own ignorance and bias to others what did you do? Oh, you ignored all that information and just pretended like you never said anything in the first place. So I’m afraid your impractical demand for a link will go unanswered based on your past behaviour.

    all i see is:..

    All you see is all you ever want to see. Your rage in light of posts #2 #4 and #7 and need to start talking about XBL in this discussion pretty much says the rest.

    But we all know thats not going to happen.” Prove link please or GTFO. ;)

    Feel free to dissect and spin more comments as you see fit. You don’t listen and you don’t accept when you’re proven wrong. So I don’t intend to be sucked into your vortex of inanity. Have a nice day. :)

    #9 3 years ago
  10. Robo_1

    @5

    It depends how much of the blame rests with lax security on Sony’s end, and how much of it was a perfect storm of events, which were (to my understanding):

    – The release of CFW which could log onto the PSN in dev mode.
    – Anonymous’s research and subsequent publication of Sony’s internal network structure.
    – The DDOS attacks against PSN and Sony websites.
    – The last malicious hack, which uncovered personal details.

    It was a fairly rapid series of security issues which likely overtook the firm. Were Sony inadequately prepared? Demonstrably, yes. Sony themselves have admitted that it was a known exploit which eventually toppled them, so clearly their security wasn’t up to an acceptable standard (something they have remedied by adding a security officer to their team). Should personal data have been fully encrypted, absolutely. I can’t think of any down side to not doing this, and IMO, this was the biggest failing on Sony’s part, as if all the personal data had been properly encrypted, the hack itself would have yielded very little.

    There is no such thing as 100% secure (Google just had Chrome’s sandbox mode busted wide open, and that has stood up to all sorts of previous attacks) but you are obliged to make life as difficult for hackers as possible, and clearly Sony didn’t do that.

    Could Live withstand the same series of attacks? Perhaps/hopefully we’ll never know. If man can make it, man can break it, so whilst Sony have had their deficiencies thrust into the spotlight, I highly doubt that they are alone in having security vulnerable to such a range of attacks, and if any good does come of this, it’s that the lessons learned by Sony throughout all this will have been learnt by every company with a network to run, and you can bet that network security is now sat atop of the agenda of many companies who, until now, had done the bare minimum to protect their customers.

    Sony have handled the fall out well though, and whilst they deserve a drubbing for where they failed, they also deserve recognition for how they’ve conducted themselves since.

    #10 3 years ago
  11. KL

    @7
    Well said

    @8
    Sony went far enough to fight hackers and piracy back hard, the hacker “grudge” is solely on Sony.Same thing could happen to every other company following the same extended approach.State of the obvious.
    Read the article again

    #11 3 years ago
  12. Erthazus

    ” I provided a link before you asked for it when you were spreading lies and FUD ”

    Google link? I said about FREAKIN link, not a google. thats why i ignored it, because that link was STUPID.

    You need to give me official link where Sony and FBI or else says about software updates or GTFO.

    No one cares about your google links. Period.

    “Prove link please or GTFO.”

    prove link of what? That Microsoft is a trusted brand in software development? You need prove of that?

    “You don’t listen and you don’t accept when you’re proven wrong”

    “Again, you are wrong! blah blah Blah” as always and nothing more.
    Next your text i will ignore if you won’t come with prove links or something more then “blah blah blah”

    @KL, “Sony went far enough to fight hackers ”

    by trying to sue 20 year old boy?
    Give me a break. I saw how they are fighting with piracy with stupid software updates.

    #12 3 years ago
  13. KL

    ^
    Anonymous motives for attacking in the first place was that 20 year old boy on trial

    #13 3 years ago
  14. danhese

    Heres an email i recieved today from lastpass

    Dear LastPass User,

    On May 3rd, we discovered suspicious network activity on the LastPass internal network. After investigating, we determined that it was possible that a limited amount of data was accessed. All LastPass accounts were quickly locked down, preventing access from unknown locations. We then announced our findings and course of action on our blog and spoke with the media.

    Took em well over a week to notify me that lastpass was hacked.

    #14 3 years ago
  15. rrw

    #12

    you mean this

    http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date

    #15 3 years ago
  16. ManuOtaku

    I disagree with this congressman mainly becuase, we the users find the information regarding the PSN outage from other sources and not directly from sony, the PSN message only indicated due maintenance works, and the official sony statement came a week past the event, i know sony didnt knew the extent of the intrusion, but what i cannot forgive, and this is my believe, its that sony didnt send a mail to all the users indicating that a breach had happened without further information, thats unaceptable on so many levels, i agree with the shutdown messures as soon as the saw the intrusion, it was really good on sonys part and i give them that in order to be fair.

    Other thing is i dont know too much on tech things, iam not that tech savy, and what it is apache or whatnot, but sony stated and till this moment is the official statement, that the personal data and passwords were not encrypted and were on other different system than the CC information with lower or a different security level, and that for me it saids it all , it should be encrypted as the CC information, IMHO.

    Like i said the sony post the attack actions were good, but prior the attack were not, for me as soon as GEO gave the key to the world, sony should restructured their network, putting all the information encrypted , and or rebuild the network as they are doing right now, not wait for the hack to happen, this hack could be much worse than it was.

    #16 3 years ago
  17. Kerplunk

    @16 “we the users find the information regarding the PSN outage from other sources and not directly from sony..

    Every secondary source would have to have been making assumptions if they were conveying information ahead of any official confirmation from the official source. Sooner is not necessarily better and it’s not always accurate either:

    .. and passwords were not encrypted ..

    Which has since been proven to be inaccurate.

    And no, after the shit VG247 community members have hurled at me for backing up my corrections of misinformation recently, I won’t be providing a link but I can assure you that it’s easy to find if you go to the source of information on this particular topic.

    None of this is to do with any perceived loyalty to a brand. It’s to do with the persistently godawful practice of working with bad or incorrect information when proper details are easily obtained.

    #17 3 years ago
  18. ManuOtaku

    #17 kerplunk i understand but what i did try say, is that sony should give us the information as soon as they knew the intrusion did occur, without any specific information only stating that a breach of the PSN did in fact occur, thats all that i ask and i think is not too much to ask really, because if it wasnt from other sources the users would believe that it was due maintenance labors as it was stated on the network, if that was the case we the users cannot do the actions needed the way we should in order to protect our accounts, like calling our CC companys and the likes.

    As for the data that was not encrypted this is the sony official statement and the link

    ‘All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,’ Sony said in a statement. ‘The entire credit card table was encrypted and we have no evidence that credit card data was taken.

    ‘The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security
    that was breached in a malicious attack.”

    http://www.bit-tech.net/news/gaming/2011/04/28/sony-admits-personal-data-was-not-encrypted/1system

    #18 3 years ago
  19. Kerplunk

    Try searching the Sony blog for the words “password” and “hash”.

    #19 3 years ago
  20. ManuOtaku

    #20 kerplunk I understand your point, but please understand mine too, sony did stated this that it was not encrypted on and official statement, if some people are missinform, is not their fault, becuase there is to much information that contraditcs with each other, and this is an offical sony statement, i know it was hashed but according to sonys own words not encrypted, thats why iam trying to say.

    #20 3 years ago
  21. Dr.Ghettoblaster

    ****Walks into the first postive post for Sony in weeks…….see’s Erthazus…..runs towards the exit door at LUDICROUS SPEED!!!!!****

    #21 3 years ago
  22. Cygnar

    #5
    I am not convinced that you are willing to change your mind, but the same argument fails in nearly every other context we can imagine.

    Auto manufacturers make cars despite the fact that they are capable of injuring or killing their passengers. Hospitals attempt to treat cancer patients despite the fact that treatments may be deadly. Banks offer investment plans despite the fact that stocks may lose value. Realtors sell houses despite the fact that earthquakes can destroy the property. Air travel still exists despite the fact that airplanes may crash or be used for terror. These companies and professionals should all protect their customers, but they cannot eliminate every risk. Is that any reason to say that they should not have bothered doing business to begin with?

    Risk is inescapable. Our society cannot function if any amount of risk of serious harm to consumers is unacceptable. Commerce would come to a screeching halt if we required as a prerequisite for a company’s operation that there was literally no way that their consumers could be harmed.

    If the risk of others learning your name and address is utterly unacceptable to you, I would suggest disconnecting all your phone lines, removing the number from your house, terminating your internet service, and never leaving your home again. You may also wish to start using a wheelchair to avoid the risk of tripping and falling, and a sippy cup to avoid spills.

    #22 3 years ago
  23. TheWulf

    “I can haz Sony loyalist votes now? Plzkthx.”

    How utterly transparent, but then, all politicians are.

    Also, I can tell how many people in this thread have never touched a computer in their life, let alone have any idea of how network security works. That’s always worth a good chuckle.

    #23 3 years ago
  24. Cygnar

    #23
    Politicizing console preferences? I can’t tell if you’re joking.

    #24 3 years ago
  25. TVs Everywhere

    @23:

    Yeah, typical. If a senator says something you don’t agree with, he’s obviously a shill. I wonder what your reaction was when he was demanding answers from Sony a couple of weeks ago. I bet you were singing a whole different tune then.

    Your little charade makes no sense. You’re saying he said this to please the constituents who like Sony? Why in the hell would he do that? There are far more ignorants like you who hate on Sony, wouldn’t it make more sense to do the popular thing and shit on Sony just like everyone else is doing?

    Then again, I’m sure you didn’t think this through at all.

    #25 3 years ago