Wednesday, May 4, 2011

How The Playstation Network Got Pwned

January 11, 2011. Sony sues George “GeoHot” Hotz and others for jailbreaking, or circumventing the security sytsetm of the PlayStation 3.

January 27, 2011. Sony asks for a temporary restraining order stopping Hotz from further distributing the jailbreak tools to users, who can download them and break the security on their machines so they can run unauthorized software.

February 12, 2011. Hotz posts on rap video on his YouTube page explaining his side of the case. (It now has 1.8 million views).

February 19, 2011. Hotz starts a blog about the lawsuit.

March 6, 2011. Court approves Sony request to access all the internet protocol addresses of the people who visited GeoHot’s blog to download the jailbreaking tools.

March 23, 2011. Sony claims that Hotz has fled to South America and destroyed evidence. That turns out not to be true, according to Hotz’s attorney.

April 3, 2011. Hacktivist group Anonymous launches a cyber attack against various Sony web sites in an operation called #OpSony in retaliation for Sony’s pursuit of George “GEoHot” Hotz and Graf_Chokolo.

April 11, 2011. Sony settles the PS 3 jailbreaking case with Hotz. Anonymous says it will continue with boycott of Sony on April 16.

April 19, 2011, 4:15 pm Pacific time. Members of the Sony Computer Entertainment network team detected unauthorized activity in the PlayStation Network system in San Diego, Calif. Certain systems were rebooting when they were not scheduled to do so. The network service team started reviewing the logs from the system to see what was wrong. It took four servers offline.

April 20, 2011, early afternoon. Sony’s team discovered evidence that an unauthorized intrusion had occurred and that data of some kind had been transferred off the PSN servers without authorization. Six more servers are found to have been possibly compromised. Sony hires a forensic investigation team that afternoon. That team begins to “mirror” Sony’s systems, a meticulous process.

The team couldn’t determine what had been taken and so they shut the network system down. At that point, the 77 million registered users of the network couldn’t play online games, access their accounts, or purchase movies and other entertainment on the network. Sony’s experts have to delve through 130 servers and 50 programs.

April 21, 2011. Sony hired a second computer security and forensic consulting firm to provide more manpower.

April 22, 2011. The forensics team completes the mirroring of nine of ten servers that were believed to be compromised. Sony Computer Entertainment’s general counsel provided the FBI with information about the intrustion. Sony’s forensics team had not reached any conclusions at that point.

April 23, 2011. Sony’s forensics teams confirm that very sophisticated and aggressive techniques were used to obtain access, hide their presence from system administrators, and steadily escalate their privileges inside the servers. The intruders deleted log files to hide thier work. Sony now realized it needed yet another forensic team to help.

April 25, 2011. The forensics teams determined the scope of the personal data that had been stolen from all PSN and Qriocity service accounts, but the team did not know if credit card numbers had been accessed.

April 26, 2011. Sony provides public notice about the intrusion. It also notifies regulatory authorities in a variety of states about the criminal intrusion.

April 28, 2011. Hotz denies any involvement in PSN attack.

April 30, 2011. Sony’s No. 2 executive, Kazuo Hirai, apologizes to Sony’s customers and holds the first public press conference about the attack. He says the PSN should be up within a week and that Sony has beefed up its security.

April 29, 2011. House of Representatives subcommittee asks for more information on the attack as it considers legislation to require companies to notify consumers in case of data theft.

May 1, 2011. Sony finds new evidence that hackers broke into the servers of Sony Online Entertainment, the PC online gaming division of the company which runs online games such as Free Realms and EverQuest. Sony discovers a file that says “Anonymous,” “We are legion.” That’s the slogan for the hacktivist group.

May 2, 2011. Sony says it will explain what happened to Congress but won’t testify yet.

May 4, 2011. Sony sends letter to Congress answering questions.

As an Xbox fan i rejoice.


  1. Read the whole thing, amazes me that Sony is so stupid. Jailbreaking is legal isn't it?

  2. I think its kinda bullshit that they can sue like this.

  3. Thanks for the detailed breakdown of it. I have NO respect for Sony now.

  4. Very interesting stuff. Good details too.

    Thanks for the post! Definitely following :)

  5. Good points are certainly present for both sides. The issue comes when whatever information that was "allegedly" stolen, is used for wrongdoing. If it is all just a way to snub Sony, that is different. It all goes back to who the individual(s) are behind the computer. Many times it's just people scared that so few can do so much by working together.

    Main point to remember:

    Hackers=Good, Crackers=Bad,

    Grey-Hat-Hackers= In-Between :)

  6. This is why I pay for Xbox Live.

  7. I didn't know GeoHot was involved! Nice post I appreciated all this information in time-line fashion!

  8. sony needs to remember that they do not forgive nor forget

  9. Nice post! Really interesting! That green font is quite hard to read though. I think you should consider changing it. Or at least make it bold!