PS3 News: Info Used In Network Attack Likely Didn't Come From Sony - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

Info Used In Network Attack Likely Didn't Come From Sony

Recently, we heard about another illegal attempt on Sony's Networks.

But it was relatively small and the company has some clarifying statements for those who are concerned.

Firstly, when it was initially announced, Sony chief information security officer Philip Reitinger said it was likely the data used in the attempts came from other sources outside of Sony's systems.

Now, Sony Online Entertainment president John Smedley helped to confirm that statement. In speaking with GameSpot, Smedley said it seems obvious that Sony's system wasn't the source for the log-in information used in the attack.

"It's just simple math. There was such a small percentage of successes. They were attacking with a large number. Because of that, the math tells us it wasn't [Sony's information]. We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said, 'Obviously that's not what happened.' I'm not going to say it's impossible [the info came from Sony]. We just think that's not the most likely case."

As for the targeted accounts, after Reitinger said the attack affected "1/10th of 1% of customers," Smedley added that most of those accounts were dormant; i.e., they hadn't been used since the outage earlier this year. Basically, it only got to those accounts where the passwords weren't changed, as the owners didn't ever try to log in. Smedley finished:

"We really strongly encourage users to change their passwords. We can't force them to log in and do that. A great number of these accounts they were going after were dormant accounts. Those people in many cases had not yet done their password change. It takes some work to get them to focus on that."

Tags: psn, playstation network, soe, sony online entertainment, sen

10/13/2011 10:32:38 AM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

New Comment System

Legacy Comment System (8 posts)

Thursday, October 13, 2011 @ 10:53:37 AM

So, in other words, this wasn't related to the PSN attack, and it's an attack on individual user accounts based on information gathered by various means such as scraping of web sites and forums, data from other hacks and phishing schemes, and social engineering. This is the kind of attack that happens every day on virtually every system, and rarely even get's reported except by the victims.

I'm quite reassured not just by the fact that Sony detected and blocked the attacks, but that they also now have people in place who can do the pragmatic analysis of such attacks and explain the matter.

This definitely goes back to password security. Too many people use a weak password on websites (I'm sure I do on some as well). That's generally not a problem if the website isn't linked to any kind of financial system. However, if a user has the same weak password on all their accounts, including systems that are financial in nature, the weak password that might be easily compromised on some web forum becomes a liability of the user uses that same password elsewhere. So, for heaven's sake, don't use the same password everywhere - even if it's a strong one. The worst case scenario would be that you have a good, strong password. Let's say you use it at your favorite discussion site as well as on your banking system and PSN. The bank and PSN will likely use well salted hashing to prevent easy reversing and matching of passwords. But what about your favorite discussion site? Could it be the weak link? If so, then your strong password is now only as good as the security at the weakest site you use the password at.

Personally I'd suggest never using the same password(s) you use on 'secure' sites (such as your bank, or with PSN) on insecure sites such as your favorite sports team discussion site, or gaming news site, etc... I also don't post my PSN ID publicly for similar reasons. I do share with some people through PM, but not everyone. It's all a matter of common sense.

With respect to these 'dormant' PSN accounts, I believe that Sony invalidated CC information on such accounts, so even if an attacker managed to compromise the password and gain access, the CC information is no longer valid.

Last edited by TheHighlander on 10/13/2011 11:03:32 AM

Agree with this comment 9 up, 0 down Disagree with this comment

Thursday, October 13, 2011 @ 2:23:27 PM

I'm still not convinced...

0.1% of all the accounts taken originally? That's a HUGE number of accounts affected.

Sony themselves say it was a massive attack.

Then say it's likey it wasn't them - but they havent said it definitely wasnt from the orig hack.

Maybe it's the cynic in me...

Agree with this comment 1 up, 3 down Disagree with this comment

Thursday, October 13, 2011 @ 3:59:30 PM

Convinced of what exactly?

It is what it is. This wasn't an attack on PSN, or a hacking of PSN security, it was a password compromise attack conducted against individual user accounts on PSN. The threat to PSN as a whole was next to zero.

As for the cynic in you, the quoted statement acknowledges that there is obviously a slim possibility that the list of PSN ids and email addresses stolen from PSN during the attack on PSN could have been a source. But what they are also saying in that quote is that based on a statistical analysis on the attempts to gain access to PSN accounts, it's unlikely.

How would you determine that? Simple math is the key in that quote. Mathematically if the original list of PSN IDs and email addresses were used as a source document to drive these attempts to compromise individual accounts, more or less 100% of the attempts would use a known PSNID or email address. On the there hand if there is a large % of email addresses or prospective PSNIDs that are in fact not known, and have never been used on PSN, then it's clear that the source for the attack list is not PSN data, but in fact data obtained through other means.

"It's just simple math. There was such a small percentage of successes. They were attacking with a large number. Because of that, the math tells us it wasn't [Sony's information]."

This is precisely what that quote above illustrates. The statement doesn't rule out the possibility that some Sony data was used, but base on the attack pattern, they are saying they do not think it was their data, and I'd tend to agree.

You can be cynical all you like, but sometimes that cynicism runs into simple logic, reason and fact. That's when cynicism must give way to pragmatism.

Oh, BTW 0.1% of the PSN accounts active at the time of the PSN attack in the spring equals 77,000. Considering the number of people affected in a recent banking system hack, that's not a terribly large number at all. Considering that the majority were dormant accounts with no CC data (because Sony removed CC information from such accounts as a precaution, you may remember you had to re-enter any CC data if you wanted to continue using a CC on your account), the number of active PSN accounts with CC data affected by these attempts to compromise their passwords is relatively small, and since Sony has identified who was targeted, they are all being notified.

But then again, who am I to puncture your cynicism balloon?

Agree with this comment 4 up, 0 down Disagree with this comment

Thursday, October 13, 2011 @ 4:05:48 PM

You can't be serious Digital. 77,000 isn't a huge number of accounts for one thing. That's less than some gaming sites have. And how could it be Sony's fault when everyone puts their PSN accounts, as well as people do with gamertags friend numbers and steam accounts, on there profiles on nearly every gaming site there is. It's really not that hard to get info from these sites to try to hack into accounts. especially since their emails are associated with profiles too.

Darn High :( not only did you beat me, you made my reply look miniscule. Guess that's what happens when you're typing with one hand since your cat is laying on your other in your lap, lol

Last edited by LegendaryWolfeh on 10/13/2011 4:07:21 PM

Agree with this comment 2 up, 2 down Disagree with this comment

Thursday, October 13, 2011 @ 4:12:08 PM

LOL! Wolfeh. My reply is the result of ADD meds still being active... I tend to type fast and furious then. They'll wear off in about 3 hours and I'll lose my ability to focus... type... think...

I definitely didn't mean to step on any toes.

Agree with this comment 2 up, 1 down Disagree with this comment

Thursday, October 13, 2011 @ 5:20:21 PM

Haha, course ;) I understand haha.

Agree with this comment 1 up, 0 down Disagree with this comment

Thursday, October 13, 2011 @ 8:16:52 PM

Maybe so, but Sony and companies of their ilk word their press releases very, very carefully.

Just seems weird it was so grey and vague in their description of what happened.

That's all.

Unfortunately, the only one who can burst the bubble is me. ;0)

Agree with this comment 1 up, 0 down Disagree with this comment

Thursday, October 13, 2011 @ 8:46:44 PM

Something to ponder.....
I'll bet that 99% of those dormant PSN accounts are just because they belonged to the few users/abusers that abandoned Sony during the 1st PSN outbreak by jumping ship over to the 360.

And if so then I'm glad they're gone, cause that also means that there's been approximately 77,000 immature, screaming, whiny, name-calling racist, self-absorbed entitlement abusers that we haven't had to content with since around that same May/June timeline

And to those abusers, I give my most hardy.....

Agree with this comment 0 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

How often do you visit the site?
Once a day
Several times a day
Every few days
Once a week
This is my first visit
I've never been here, even now I am not here

Previous Poll Results