After almost a month of downtime, Sony is beginning a phased restoration of its Playstation Network and Qriocity services after a series of serious hacker attacks on the company that compromised over 100 million accounts.
The phased restoration, which will include sign-in, password resets, online gameplay for PS3 and PSP systems, video rentals, music, third-party services, social networking and chatting functionality, will begin in Australia, the Americas, Europe, New Zealand and the Middle East.
Sony’s executive deputy president Kazuo Hirai apologised for the delay and thanked users for their patience: ” We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment.”
After taking the first network offline in April to investigate the hacking incident, in which an estimated 24.6 million accounts were compromised with the details of upwards of 23, 000 users’ credit cards made vulnerable, Sony discovered a second attack which put a further 77 million accounts at risk.
In both cases, the stolen data included customer names, email addresses and hashed versions of their account passwords, data that could be used to spam customers or trick them with phishing emails.
The latest information on how the hackers broke into the network, garnered from a joint investigation by Sony and the FBI, suggests they used a modified PlayStation 3 to access Amazon.com’s cloud computing network and gain access to the Playstation Network.
According to Bloomberg, the hackers used an alias to rent a server through Amazon’s EC3 service and launch the attack.
While the hackers’ motives remain unclear, some speculation has suggested the invasion was intended to deploy a rogue firmware update that would allow the criminals to use millions of zombie PS3s to launch a giant botnet. The combined computing power of the 100 million-strong would be far superior to most nation states.
Senior vice president of the enterprise security group at Symantec, Francis deSouza, who’s working with Sony to relocate its data centre, said that during the 18 months, he’s seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses.
“Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies,” says deSouza. “Today’s cyber crime attacks are proving to be more covert, more targeted and better organized than those we’ve seen in years past.”
Sony claims it has made ‘considerable enhancements to data security,’ including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls. The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
Despite reassurances of increased security, some experts believe the security breach will significantly damage users’ trust in Sony in the long term.
“Gamers are just there to play the game and to have fun. If this results in their own personal accounts being stolen, I think this will result in serious effects on their trust in the PlayStation Network,” says lecturer at the school of software for the Centre for Human Centred Technology Design at the University of Technology Sydney, Dr Chek Tien Tan. “I do think that they’ll lose quite a number of people, unless they able to resolve this in one way or another. I don’t know how, but it would take a long time for them to be able to get back this trust.”
Chek believes the attack on Sony’s network could undermine trust in the online gaming industry as a whole.
“Because even a main player is being hacked on such a large scale, I believe it would definitely… hurt trust in online gaming in general,” he says.
Besides undermining the trust of gamers, Sony was also widely criticised for its handling of the security breach, opting to wait until April 26 before it notified customers of the attack when it began its own internal investigation a full week beforehand. Sony’s shareprice has since plummeted, diving nine percent 2241 yen, or around $26.
While Sony struggles to reactivate its network and track down those responsible for the massive outage while regaining the trust of its users, Chek believes gamers need to be educated about the risks they face when providing sensitive details online.
“One of the most common things is stolen passwords, so having habits like frequently changing passwords and not telling their friends about it,” he suggests. “I think gamers should know and apply any time they use any kind of online account, including gaming.”