Sony PlayStation Network Outage

Sony maintains a distributed application for its PlayStation users called the PlayStation Network (PSN) to provide add-ons, and to permit multi-user gaming.  This application is fee based and users may submit credit card information to pay for its use.

On April 19, 2011 the operators of PSN noticed unusual traffic and server reboots at the San Diego data center that hosts PSN and by the next day it was determined that unauthorized users had transferred considerable data out of the system consisting of user information and credit card information.

Sony hired multiple computer forensic analysts, and together determined that

1.  A denial of service attack elsewhere in Sony’s system was used as a cover for this break in.

2.  The root cause of the security breach was three-fold:  Lack of an adequate firewall, and using an Apache web server that was not patched to correct known security flaws allowed the intruders unauthorized access.  Since multiple servers were compromised, it seems likely that there were other, as yet unpublished, security problems.

3.  The security breach and theft extended outside of PSN and data on approximately 12.4 million credit cards were stolen.  Apparently these data were hashed and no charge transactions using these data are known to date.

Many have claimed this situation to be a black eye for Cloud Computing.  It is to some degree, but Sony’s PSN was not a vehicle for Cloud Computing.  It is a testimony, however, that sloppy system management (see #2 above) can compromise a system’s security.



Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: