Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”
Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
We also informed the subcommittee of the following:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.
13 posts on this page alone. I’m worried for him i dont think his heart can take much more of this Sony plz hurry datastorm98632 heart is gonna explode get him his precious psn back up.
*yawn*
Lookie lookie what we have here people. Oh wait. We have NOTHING still.
No REAL information (oh, and it’s NOT for Sony to decide whether its customers will be confused or not; its their responsibility is to INFORM)
No GAME information WHATSOEVER on this blog FOR OVER 2 WEEKS…….
WHY…SOCIAL MEDIA DEPARTMENT??? Someone do their job and give us some game-related blog posts. 2 weeks is a long enough vacation from giving us anything about games.
COME ON PATRICK….Get your department to do some work.
guess we’ll wait some more..
Another hour passes and we still can’t get a response nor a game related blog post nor a reasoning why we aren’t seeing anything game related anymore.
Great job Sony. Keep up the superior customer relations. I’m sure you’ll be with us “shortly”….
@eagandale4114 Thank you.
@Maayhemm Wishing harm up on personal property or otherwise isn’t really a “positive feedback” in essence it is trolling. And it is no hatred. However, your statesmen can be taken as a “hate message ” and also can be taken as Cyber bullying.
How cyberbullying works
There are two kinds of cyberbullying, direct attacks (messages sent to your kids directly) and cyberbullying by proxy (using others to help cyberbully the victim, either with or without the accomplice’s knowledge). Because cyberbullying by proxy often gets adults involved in the harassment, it is much more dangerous.
8. Sending Malicious Code
Many kids will send viruses, spyware and hacking programs to their victims. They do this to either destroy their computers or spy on their victim. Trojan Horse programs allow the cyberbully to control their victim’s computer remote control, and can be used to erase the hard drive of the victim.
So Maayhemm, I would refrain From Such comments with regards to threats against personal property and or persons, because Sony takes this kind of Stuff Very seriously.
Hmm, I remember reading Some where that the PSN will not be fully Functional until end of may.
From what ?I am gathering they also want to make sure that hackers does not syill control or have access to the PSN.
From what the media has been saying is that things will slowly come back on line.
So if this is true, then we may see services slowly coming on line.. Like it or not Sony has to have a line bye line check. You think a PC can take a while, try scanning an entire set of servers for the intrusion. were not talking about some device with a one Terra-bite HDD. were talking about in the range of 150x that ….They do have automated soft ware that also can auto read lines and fine discrepancies, but then it sometimes takes a human to re-check.
What do you guys think servers are?
Part one of two
So to better help those of you that may not understand what a server is and how it functions here is a description in brief. Some may understand some may not.
In data communication, a physical network node may either be a data circuit-terminating equipment (DCE) such as a modem, hub, bridge or switch; or a data terminal equipment (DTE) such as a digital telephone handset, a printer or a host computer, for example a router, a workstation or a server.
If the network in question is a LAN or WAN, every LAN or WAN node (that are at least data link layer devices) must have a MAC address, typically one for each network interface controller it possesses. Examples are computers, packet switches, xDSL modems (with Ethernet interface) and wireless LAN access points. Note that a hub constitutes a physical network node, but does not consitute a LAN network node, since a hubbed network logically is a bus network. Analogously, a repeater or PSTN modem (with serial interface) is a physical network node but not a LAN node in this sense.
Part 2 of 2
End node in cloud computing
Within a vast computer network, the individual computers on the periphery of the network, those that do not also connect other networks, and those that often connect transiently to one or more clouds are called end nodes. Typically, within the cloud computing construct, the individual user / customer computer that connects into one well-managed cloud is called an end node. Since these computers are a part of yet unmanaged by the cloud’s host, they present significant risks to the entire cloud. This is called the End Node Problem.[4] There are several means to remedy this problem but all require instilling trust in the end node computer.[5]
[edit]
omg data, can it. No one here needs to sit in a school desk and ‘learn’ anything from you, nor is it your place to teach them. So off your high horse already and either talk about games or go play with a stick in the yard.
It is Part 2 in which we are dealing with.
Cloud Computing and interfacing is relatively new new.
As cloud computing becomes more and more prevalent there will be more data breaches that will occur.
I can see Positive uses in an Intranet (closed networking not accessible by the out side) based community. But in an Internet (communications network that is open to the world wide web) cloud based operations.. I find that just a tad bit scary. Yes, it is good to have faster ways to access data, but at which point do we sacrifice speed for security? At what point do we sacrifice privacy for security?
As one person once stated, don’t put something online that you will regret later. Here is how I see it.
the Internet is very public. data can not be deleted from it. You Post something that is a hateful nature to a person you never know where it will come up next. You Post your financial data, you never know where it will end up either.
And it just doesn’t happen online either. We had a story here in the area that I live at where thousands of military records were found unsecured and in a trash bend. How does that make you feel? Thousands of documents in regards where soldiers been what sates cities,States , Addresses and credit cards right along with current social security numbers.Who was responsible for securing those documents? ok now lets say we have a dumpster diver who is equivalent to a hacker.
haha…. go play with a stick in the yard.
i think he should play with something else.. it rhymes with stick.
Ok he by passes the the fence by cutting a hole in it (AKA Fire wall) Sneaks past an out dated Camera and gathers up the information (data) and leaves. He was careful in that he left little or no clues about who he was.
Who is at fault was it to ensure that the documents were secure? Yes the Collector of the data tress passed, Yes the data collector forcefully gained access to the data and files, But who job is it to protect the soldiers and there families?
This is why the government has Shred and even burn scenarios to protect there data. there is software out there can can electronically shred the data. and it is free. I also have software that can zero out my HDD in case of intrusion of a virus or mall-ware that can not be so easily removed. and then if need be I can “Nuke” my HDD Or Physically destroy it Which I do when I replace my HDD. I do not send it in to be recycled.
Hey data, Do you spend every waking moment at this ? jeez dude get a life!
As for what major cooperations do, they must by law at least keep records for a certain time period before destruction of the data. and Sony was negligent by leaving a server opened. in other words one unit that contained data though outdated had been breeched because it was not properly locked. AKA Who left the safe open? AKA who tossed the files and left it for the “Dumpster-Divers”
and this is the reason why Sony them selves is being investigated as well.
Now I am not sure how much clearer I can make things.
Simply put, There are truly two guilty parties. The hackers and Sony.
And only time will tell what will come. If I were you instead of complaining about why Sony is taking so Long, I’d be thankful that they are taking there time.
Now, I do not know everything. But if what I say makes sense, Good, I am glad to have been of some help.
if you disagree then that is fine.. just simply disagree with out attacking :)
*Waves!
I see the usual crowd is here. I dont care for datas wall of txt so early in the morning though. Hoping to hear about something new from the blog that isnt copied and pasted.
s1mpl3______j4ck on May 5th, 2011 at 7:16 am said:
haha…. go play with a stick in the yard.
i think he should play with something else.. it rhymes with stick.
Typical teen…
JESUS, data WTF!! Just go write a book and have it published.
ON TOPIC- Anybody think that we’ll get an update today? All I want is an ETA. (a solid one) oh, and I still want more info on NGP. I’ve really enjoyed the PSP so I’m sure I’ll like the next one, it also looks good.
*waves back*
I don’t know why data even bothers. I highly doubt anyone is reading more than 1 posting of his dribble, if they are even getting through that much.
Another hour passes and we still don’t see any gaming news on this blog. How long are we going to have to wait FOR GAME RELATED INFORMATION?!?!? HELLO WE CAN STILL PLAY THE PS3>>> Where are our games?!?!?!
Sony I have been supporting you from the beginning but can’t you atleast tell us when psn will be back up
What irks me is that they are saying one thing to news media sites VS here. If the system isn’t going to be fully operational by the end of may, then they just need to say it here instead of telling the media that story.
Isn’t that what people are asking?
“when will the PSN Be up?” Was not the answer simple enough? The Systems will gradually come online And then Further comment that states it will not be Fully Functional until the end of May” is that comment not straight forward?
Yet you Still are asking the same question. The answers have been given, if you can not accept those answers, then tough.Your worrying your self into a frenzy over what lol?
Besides its 7:aqm where I am lol..and raining … and Check the time stamps…you find I do have a life lol.
What games shall we discuss ? FFXI ? Thinking about resurrecting my character if this outage keeps up lol. Dang PS2 phatty has a long life lol.I also enjoy some of the other classics. Like Orphan, Roller coaster tycoon FF X ( I love the theater mode and 5,00 words song.
Didn’t Like the StarTrek game. Hmm Now it would have been nice if if they added first person view as it would look in real life. And as for the PS3 games.
Not Much into killing games aka Shooters, Not much into racing games either.But there is a small number of games I do Like. I like Iron man, that is about the Only shooter I like. They gave that character a real sense of humor.
I liked a few of the adventures as well.. And Home is ok.. But as of now I am not updating from 3.55.
I enjoy the ability to edit video and then store it and then upload it at a later time using a PC.Going through Sony and then uploading it seems to trash the videos even more so with data loss.
I never go into Home. Too busy playing games. :)
I have not one of those games you mentioned. lol So what do you have for the PS3?
Looks like we are going for Week 3
People need to remember that Sony is rebuilding the entire system.
This is like finding a door in a building has a busted lock, then tearing down the entire building and rebuilding it with better locks on the doors.
Takes time. Takes money. Takes patience.
okay now i see what you meant by data lmao. people need to have patience and we will get a better playstaition network so it will be worth it
patience is overrated. gimme back online multiplayer!
More than 2 weeks of PSN outage, correct? And so far the only to show for it is Sony’s incompetence and lack of security awareness which is now being brought to Congress’ attention. The other fact is lack of communication to its customers. No update and no hard evidence that our names, addresses, CC info has been jeopardized. At this point I’m not only disappointed with Sony, but I’m starting to think they’re going to lose me as a customer as well millions of others! Its going to take more than good gesture of ‘welcome back’ gifts to win me over especially when our identity info is at stake.
This blog sorely needs an ignore feature
An update would be fab…
ZzZzZzZzZzZzZzZzZzZzZzZzZzZzZzZz
I am glad you guys are working hard to get PSN back up, good job. I still can’t wait though, playing campaigns is starting to get a little boring for me.
People/Sony needs to realize the longer this takes the worse things will get. People will give up and Move on.
I think we may get it back soon, anyone note that us.playstation.com is back online now, and from it looks you can login over there too.
Like I said I have been with Sony products for a long time and will continue this doesn’t damage anything for me, I mean really they are taking the measures needed and I respect that and hope that the XBLA does the same for there members as well from this. I mean really we are all in the end of the day in the same group here, we are gamers and we love what we do, doesn’t matter what side of the fence your on at the end of the day we are gamers.
I miss Black Ops and I know when the network is back it will be stronger then ever and probably have more security updates then ever too but I can live with that.
I’ve been asking, especially recently, just because PSN is down….why does that mean the game related posts to the blog are dead too?!? I see no reason why someone in the whole Social Media dept (doubt they are fixing the network) can’t post something about a game being released or something!
No response still….
People named Trieloth need to understand, the more the rush it, the worse things are for Sony. The absolute worse possible thing Sony could do is not launch it with being completly ready. If they got breached again, the company would lose more then it could ever hope to regain.
Yes impatience twits will leave, but you know the great thing about them? they have a.d.d. and 6 months later end up buying new sony products. So who honestly cares about them?
and since Autoxfool seems to be stuck on that track. Apply common sense. Why would you taunt people with things they can’t do? Game news stopped because it’s unimportant compared to a much more pressing issue. Why advertise a DLC you can’t purcahse? A PSN game you can’t purchase? A PS3 game with functionality you can’t use? It’s poor advertising, but I guess the obvious slipped past you.
I c@N hAZ P|@staTI0nN3tw0rKzzzz ????
I hope we get a blog post today telling us when PSN is back up, I wanna try Mortal Kombat online! As interested as I am in the aftermath of this stuff I just wanna play some online. Please confirm when PSN will be up today.
I hope everyone is following the playstation show and kaz hirai on twitter, they’re constatly posting updates.
@ toast… Then why continue to ship the product(s) after PSN went down….if you can’t use the full functionality of it all?? I still see PS3 ads on TV…..ads for games…So why are there ads still going under your line of reasoning? And what are others besides Patrick doing in the social media and communications department during this downtime? I don’t see press release after press release (as Patrick keeps posting them here anyhow), so what are they doing? A company losing money hand over fist and not willing to promote games for May (specifically disc based games as we’ve seen before on the blog) on the blog…..seems like missing an opportunity for additional free self promotion. It’s not like the world stopped buying disc games and it’s not like it’s unlike a company to hype a product before someone can even get their hands on it…..soooooooo
I see no excuse why one person in that whole department can’t post one single blog post pertaining to games. And we still don’t have an answer to why we haven’t seen anything. Lack of information once again extending customers’ growing dissatisfaction with Sony.
oh, and toast, under your ‘poor advertising’ reasoning, Sony would need to pull every PS3 from every store worldwide. They are currently selling a product, knowingly, who’s functionality is not as advertised and they have no clue to when it will be restored.
“but I guess the obvious slipped past you.” – toast
Right back at ya buddy.
Nobody wants to wait until the end of the month, so GIVE ME MY PSN PLUS BACK!!!!! LMBO
nope it didn’t “slip past me” but please continue to be devoid of all common sense. If you aren’t going to spend a quarter of a second to think, that’s your own problem.
Advertising has gone down considerbly, for Sony, and will likely restart with a new marketing campaign focused on regaining trust in their customers. Sony has no control what 3rd parties do, why would it make al ick of since for Valve not to advertise Portal 2?
But please, keep the tears flowing, Sony has clearly made a conscious choice to not talk about anything outside of this incident. If your itty bitty brain can’t figure it out, i would suggest picking up a book and work on expanding that itty bitty brain a bit. Or at least figure out that the world doesn’t revolve around you and just because you think Sony should be pretending that everything is a-okay that is what Sony should be doing.
Hi, PSN, Spidey here.
Any news today at any point?
<3!
Finally got around to renting Heavy Rain and I might just get to finish it before PSN comes back online. I’m pretty much done with Disgaea 3 (because you can never REALLY be done with that game). I’ll probably try to knock out the single player part for Portal 2 after Heavy Rain… if I’m in the mood.
To those who played Heavy Rain (avoiding spoilers), how did you unwind after a game session? Its so intense I feel like I need a palate cleanser afterwards. Lately i’ve been mindlessly smashing things in Gameloft’s latest generic (but polished) effort Dungeon Hunter: Alliance to recover after Heavy Rain. Sometimes its really heavy and I need about 20 minutes of Medieval Maddness pinball to bring the smiles back.
@Robotonfiend – I know what you mean. I actually spent a few days working on the trophy for all endings and most of them are pretty heavy, especially if you work on like three back to back.
I actually played Madden 11 in between to soft of even things out somewhat.
lol, you debate like a pre-teen with personal attacks. Devoid of common sense? Can’t take that I totally broke down your line of reasoning? Didn’t realize you were dealing with a college educated, ex-debate team captain nerd? Oopsy for you. Anyways, so all ads should stop because PSN goes down and it’s more important that we’re getting ‘ALL’ these pressing new blogs posts containing such sheer amounts of useful information?? All Sony PS3 related business should grind to a halt because you can’t access online? You must be one of those all or nothing thinkers.
You’ve got, just for hypothetical, 5 people in your social media department. PSN goes down; Patrick still posting (when allowed?), and what are you doing with the other people in the department, whose labor cost you are still covering? I’m sure Patrick isn’t Sr. Director of an empty department. Sent them home on a unpaid vacation for who knows how long? Unlikely.
Companies LIVE to make money. They use (mostly) ads to promote their products in hopes people will purchase. The blog is such a place. If stopped here, why not everywhere? Your line of reasoning is flawed, you know it, so you go with personal attacks. End of story. #facepalm
we need better info sony…