Sony will testify at a House privacy hearing on June 2, after earlier refusing to appear. In a letter to lawmakers, Sony also provided further details about the attacks.
An aide for Rep. Mary Bono Mack (R-Calif.), Chairwoman of the House Energy and Commerce Committee’s subcommittee on Commerce, Manufacturing, and Trade, said Friday that Sony has agreed to testify next week, joined by representatives from Epsilon, itself the victim of a date breach in April.
The Whole Kazuo Hirai Enchilada
In a letter sent Thursday to Rep. Bono Mack and other lawmakers, Kazuo Hirai, the president of Sony Computer Entertainment, likewise said that Sony’s investigation continues. Sony said previously that the company wouldn’t appear until its own internal investigation had been settled. ‘ Sony was under attack’ at the time, Hirai explained, and that it had been ‘critically important’ that key personnel were available to address the key issues of the breach.
Sony waited until Monday to tell its customers that its Sony online Entertainment PC gaming service had been hacked. They did not give details. However, many people believe Anonymous is involved with hacking into the Sony system.
This Could Lead To Other Ideas
Millions of online gamers have been affected by the hacking of Sony. It is odd how long the company took to tell its customers that their personal information was compromised. Most gamers just want to look at the Playstation-network online games back on. Sony promises they’ll have part of the gaming back on sometime this week. They are busy protecting themselves. However, they haven’t spent the same time and effort protecting their customers.
Now, with the PlayStation Network coming back online in Asia and in the United States, the company has moved on. The company’s PlayStation blog, for example, has returned to game-related posts; on Friday, the company announced its first official PlayStation 3 headphones.
Now, Sony can begin addressing the governments which began raising questions concerning the breach at the conclusion of April.
Hirai began by indirectly tying the hacker group’ Anonymous’ to the attacks, although representatives for the group, a loose collective of individuals, have denied responsibility.
Initially, Anonymous openly called for and carried out massive ‘denial of service’ attacks against numerous Sony internet sites in retaliation for Sony Computer Entertainment America bringing an action in Federal Court to protect its intellectual property,’ Hirai wrote. ‘ The bulk of those attacks were targeted at services offered by Sony Network Entertainment America (SNEA) and Sony Online Entertainment (SOE). Many of the attacks lasted for several days. We now know that at some time during or immediately after those attacks, one or more highly skilled hackers infiltrated the servers of SNEA and SOE. ‘
We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named’ Anonymous’ with the words’ We are Legion. ‘
However, Hirai also added that the company hasn’t ben able to determine the individual or persons responsible for the breach.
Four servers were initially isolated as possibly hacked. Then the whole system was shut down as other abnormalities were discovered. The delays, Hirai explained, were attributable to the problems in mirroring the affected data to preserve evidence. Sony also indicated that it would be reluctant to reveal technical details publicly, as they could serve to attack other systems or Sony’s own.
Sony said that it was not able to determine conclusively what information was taken, so it assumed each of the 77 million accounts on the network could have been compromised. Users were required to change their password in the framework of a new firmware release, as the framework of the process to resuming PlayStation Network services.
But Sony said that it did not believe each account was accessed, rather a master database containing account information was skimmed. ‘ Available evidence indicates that a database containing personal information for every account was accessed and that we tried to take information from certain data fields in that database,’ Hirai wrote.
Hirai said that Sony knew that login/password information, street address, and online ID information was accessed, but not saying it was actually removed from the servers. On May 1, Sony noticed that SOE data had also been compromised, he said, putting 26.4 million more accounts at risk. Sony believes that the same group is liable for both attacks, he said.
In a more lighthearted announcement, Sony also indicated that it has announced the official PS3 Wireless Stereo Headset, for $99, complete with a wireless USB adapter.