Sony hires Cyber-Security Detectives… A Little Too Late!
Sony hires cyber-security detectives to find who hacked accounts of
more than 100MILLION gamers
By DAILY MAIL REPORTER
Team led by ex special agent with U.S. Naval Criminal Investigative Service
Sony has hired outside investigators to help catch the hackers behind
the two security breaches that compromised the personal data of more
than 100million gamers.
The beleaguered Japanese electronics giant has retained cyber-security
detectives from Guidance Software and Data Forte which is led by a
former special agent with the U.S. Naval Criminal Investigative
They will work alongside the FBI which is also investigating the
breach of data which might include credit card numbers.
Sony yesterday announced that its PC games network, Sony Online
Entertainment, had been exposed to hackers, exposing the personal
details of 25million customers.
It said names, addresses, emails, birth dates, phone numbers and other
information from accounts may have been stolen.
The news came less than a week after the firm admitted its PlayStation
Network had been hacked and the data from 77million user accounts
The PlayStation Network lets video game console owners download games
and play against friends; the Sony Online Entertainment network hosts
games such as EverQuest and Free Realms, which are played over the
About 23,400 financial records from the 2007 database involving people
outside the U.S. are thought to have been stolen, including the bank
details of 10,700 customers in Austria, Germany, the Netherlands and
Spain, Sony said.
Sony’s CEO Howard Stringer is facing criticism of his leadership and
shares in the company are down 4 per cent since the breach was
Connecticut Senator Richard Blumenthal, in a letter to Sony on
Tuesday, asked the company to clarify the number of compromised credit
card accounts and requested a detailed time-line outlining what the
company knew about what was stolen and when it was known.
Senator Blumenthal said he would ask U.S. Attorney General Eric Holder
to investigate the matter and check whether Sony’s subsequent handling
of the breach would make it civilly or criminally liable.
‘I would appreciate a direct and public answer detailing what the
company will do in the future to protect its consumers against
breaches of their personal and financial information,’ Senator
‘It’s a significant operation,’ said David Baker, vice president of
services with electronic security firm IOActive, which is not involved
in the investigation.
He said that card issuers Mastercard and Visa had likely appointed a
firm to investigate.
Sony also said that it hired the law firm Baker & McKenzie to help it
with the investigation.
A Toronto law firm yesterday launched a C$1 billion (£635,000)
proposed class-action suit against Sony for breach of privacy, naming
a 21-year-old PlayStation user from Mississauga, Ontario, as lead
The damages would cover the cost of credit monitoring services and
fraud insurance for two years, the firm, McPhadden Samac Tuovi, said
in a statement.
Sony blames Anonymous for theft of personal data from 100million gamers
Sony has blamed internet vigilante group Anonymous for indirectly allowing a hacker to gain access to personal data of more than 100million gamers.
The accusation came in a letter to U.S. Congress and amid renewed complaints that the Japanese electronics giant’s disclosure had been inadequate and tardy.
The company said it waited two days after first discovering data was stolen from its PlayStation video game network before contacting police, and did not meet with FBI officials until five days later.
Anonymous today denied the accusations made by Sony.
Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack,’ Kazuo Hirai, chairman of the board of Sony Computer Entertainment America, said in a letter to Congress.
The theft prompted the U.S. Justice Department and FBI to open an investigation, officials said yesterday.
‘It is something we are taking extremely seriously,’ said U.S. Attorney General Eric Holder.
New York Attorney General Eric Schneiderman subpoenaed Sony for conversations and documents that related to its security systems, said a source.
A Schneiderman spokesman declined comment.
Wedbush Securities analyst Michael Pachter said Sony’s public disclosures have not been sufficient to quell customer concerns about the theft.
Sony needs to make a statement to consumers: “You will not be harmed, and we will indemnify you against any harm”, and they just have not done that in any of their apologies’, he said.
Sony said that its video game network was breached at the same time it was defending itself against a major denial-of-service attack by a group calling itself Anonymous.
A denial-of-service attacks makes a server or system unavailable by overwhelming its network with internet traffic.
Anonymous is the name of a grass-roots cyber group that launched attacks that temporarily shut down the sites of MasterCard and Visa in December using simple software tools available for free over the Internet.
Sony said yesterday that Anonymous targeted it several weeks ago using a denial-of-service attack in protest of Sony defending itself against a hacker in federal court in San Francisco.
The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial-of-service campaign, Sony said.
On Wednesday it announced that its PC games network, Sony Online Entertainment, had been exposed to hackers, exposing the personal details of 25million customers.
It said names, addresses, emails, birth dates, phone numbers and other information from accounts may have been stolen.
The news came less than a week after the firm admitted its PlayStation Network had been hacked and the data from 77million user accounts taken.
The company said it was not sure whether the organizers of the two attacks were working together.
Sony did say that its PC gaming unit, Sony Online Entertainment, discovered last Sunday a file planted on a server that was named ‘Anonymous’ and had the words ‘We are legion,’ in it.
But the self-styled vigilante group has denied involvement in the data theft.
They released a statement via YouTube last month saying that while the group’s organizers had not stolen the data, it was possible some members of the group were involved in the matter.
And yesterday in their statement, the group said they had ‘never been known to have engaged in credit card theft’ and that they are ‘trying to fight criminal activities by corporations and governments, not steal credit cards’.
Sony noticed unauthorised activity on its network on April 19, and discovered that data had been transferred off the network the next day.
It waited until April 22 to notify the FBI.
Sony chose to disclose the latest details of the attacks in a letter rather than testify in a hearing on cyber attacks that was held yesterday.
Officials expressed disappointment that Sony and Epsilon declined to appear at the hearing and pledged a bill that would require companies to do a better job of safeguarding their customers’ data and to quickly disclose to customers when their data was lost.
GLAD I GOT AN XBOX 360!
Mega Giant Sony should have a complete team of Cyber Security Professionals from INFOSEC Specialists to Cyber Forensic professionals already on staff. Security is Paramount! Especially for an Intellectual Property Mega Giant like Sony. The Japanese bow at 90 Degrees signifying they are sorry (Dishonor) and so they should! This is a a serious matter, the fact that someone hacked in and stole accounts is bad, and sometimes it is hard to avoid due to rapid advances in technology on the part of hackers, but the fact that they didn’t have the staff already on hand to try and track the bad guys and collect the forensic evidence is inexcusable! I am shocked!
Copyright © 2011 louisjbianco All Rights Reserved.