Sony: response to PSN outage was dependent on 'forensic analysis'

by Ben Gilbert on Apr 27th 2011 10:30AM

What happened after Sony pulled the plug on PlayStation Network, and before it finally alerted customers that their information had been compromised during an unlawful intrusion? According to SCEE head of communications Nick Caplin, writing in a post on the European PlayStation blog this morning, Sony's lackluster communication efforts were impeded because the company didn't immediately assume the worst. "There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," Caplin says.

He goes on to explain that Sony learned of the "illegal intrusion" on April 19 and "subsequently shut the services down," though the official FAQ he links to in his post claims that Sony found the breach "between April 17 and 19." Furthermore, Caplin says that after shutting down PSN and Qriocity, "It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach." There's your disparity.

The FAQ further notes that services will remain down until Sony can "verify smooth operation" of its network, though the company is "working hard to resume the services as soon as we can be reasonably assured security concerns are addressed." It also notes that folks looking for refunds may be out of luck for the moment, as Sony "will assess the correct course of action" regarding such requests when "full services are restored."

Beyond one US Senator politicizing Sony's info breach, the UK's Information Commissioner's Office also announced today that it would be questioning the company on the issue. "We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office," the ICO said of its plans in a statement to Eurogamer.

Source: Sony, Sony PSN FAQ, Eurogamer

Tags: nick-caplin, outage, playstation, playstation-network, ps3, psn, psn-outage-2011, psp, qriocity, scee, sony, sony-computer-entertainment-europe

Reader Comments (161)

http://en.wikipedia.org/wiki/Network_outage

@(Unverified) Look over at Famous outages

@(Unverified) http://en.wikipedia.org/wiki/Network_outage#Famous_outages

@(Unverified)
Technically, this is not an outage. Sony brought the service down voluntarily. The is a data breach.
http://en.wikipedia.org/wiki/Data_breach#Major_incidents

As you can see, major issues like this are pretty common. It's not a question of "If", or "by who?", it's mostly a question of "when?" and "what best-practices should I follow to minimize the impact on me?"

@My Prerogative

Oh it mentions the fire at the Hinsdale switch building, 2 blocks from where I grew up. Its been a while since i've heard about that....nostalgia trip to make up for lost psn time

im really sorry to all psn users including me, but we must be strong and be patient and let sony fix this, maywe be proud to be in sony's service ,may god help them and us!!!!

@thekinslayer

...wow...that's fanboy on a whole new level there...

@thekinslayer If Sony did not pay you for that somebody should beat you with your Move controller.

@thekinslayer

Don't drink the Kool-Aid...

@thekinslayer I support your username btw, just in so far as it's relevant to a Song of Ice & Fire.

@The Albatross
Hey Albatross, by "we must be strong and be patient" you meant "we must be steadfast and not waver", amirite? Also, did you not mean to start the entire entreaty with "Dear friends and fellow gamers on the internet,"
??

@thekinslayer You should be a great priest!

@TylerDurden102680

I think I peed myself a little while laughing when I read your comment

@TylerDurden102680

Reading that made me think of the lols invoked if that had of been the kinect.

@thekinslayer
Oh Jeez...
http://www.youtube.com/watch?v=e-VMTIPwk74

Sony: "We knew that someone had broken in and had access to your personal information 9 days ago but we only learned yesterday that they had stolen it too."

@cheezitman2001

"Someone's been in the system! Hold up, it could be Lex trying to get out of Jurassic Park".

@cheezitman2001
Not quite, knowing someone got in is one thing, knowing what all they did is another thing entirely. For that, you'll looking at combing though a ton of logs to see what actions they took and how.

Think of it this way, you know someone broke into a parking garage, but you don't immediately know what cars were affected, and how, including which are missing, and which he tried to break into. that takes a lot of time to sort though.

@mrantimatter

thats not a very good analogy, because there is still a possibility that someone broke into the cars, so people need to be informed, just like with this situation, if somone breaks into a network where personal information is stored there is a possibility of it being stolen, Sony dropped the ball by not finding this plausible from the beginning

@xenophy - Exactly. For that analogy to work, you'd have to add credit cards sitting on the seats in a portion of those cars, along with documents listing the owners birthday, address, phone number, and other important information (lets just go ahead and say that a percentage of people left their wallets in their cars). In this analogy, Sony knew that someone had been in the garage where all that personal info was, but they neglected to tell anyone with a car in it for almost a week.

Whatever. I've got new cards coming, I didn't use that password anywhere else, and hopefully no one will use the stack of information they now have for nefarious purposes.

http://twitter.com/#!/JustinMcElroy/status/62971992931966976

http://blog.games.yahoo.com/blog/631-sony-issues-warning-after-playstation-network-attack

fear of something like this has been the main reason i never put a credit card on my account and always buy the cards.

it took your "experts" a few days yet you have unauthorized people doing this to a multi-million dollar company, Sony. why not hire people like this instead of your so-called "experts". sucks for people who got their information stolen.

@EDZiLLUH

Shoulda, woulda, coulda. It's easy to say that in hindsight.

@EDZiLLUH Maybe because the people who do this kind of thing are undependable asshats?

@EDZiLLUH I love your logic. On that note the president should call back all the troops and auto enlist all the muderers in jail to do the dirty work because they do a better job of killing and are familiar with it. When I grew up I remember that you were not rewarded for doing bad things. If I remember correctly my info was hijacked two times in my life and I got a new card each time. Once was over seas on vacation by credit card skimming and the second was from good old Citibank getting the old hack job. It happens and will continue to happen in this digital age.

The fear mongering is strong here yet many people have their whole lives posted on social networks from where they studied, what they are eating at the moment to where they will be next week. Google sells your search habits and the iPhones are tracking your movements. Don't believe it look it up on endgadget.

@Metalfacedoom I'll get the Apple fanboy label here, but your phone operator tracks your movement, whichever phone you are using, the iPhone stores it "only for GPS calibration purposes".

@Design by Adrian
I don't think you're an apple fanboy, all phones do this. I just found out my WP7 does this too.

But the debate here is whether or not the companies are using it for nefarious purposes or if it's just making the system more convenient for you. It hasn't been determined that anyone can even access that information unless they get ahold of your phone. So I recommend setting a password on your phone itself, which is never a bad idea anyway.

But it's really quite simple, and the OP's point still stands. It's the digital age and many products have been created to make our lives easier, but it also means there's a vulnerability. If people are vigilant and are careful with their info they'll be safe. It's simple as that. There's a few posters here on Joystiq that have said they don't even post their credit card info on the PSN network and just buy the PSN cards. That sort of thing is the key to protecting your info in this digital age and kudos to them. I'm not as smart as they are.

@Bewoulf
By OP I meant metalfacedoom.

@Metalfacedoom
criminals actually did get sent to war at one time lol

Just another example that messing with hackers is not a good idea, that is if the story is true, i just hope hackers is not the new excuse to : " we made something wrong but we can´t blame ourselves we need an scapegoat" just like many companies use the word pirates to justify the lack of sales of a bad game.

@Hunter141072

Don't mess with hackers? so just let them hack away?

that idea of thinking seems to be working wonders for Windows IE...

@Hunter141072

It's more of a case of being another example why hackers need to get laid.

@Hunter141072

So, should companies cower before thier hacker overlords and beg them not to mess with them beyond compromising the integrity of thier platform? Hackers are basically digital terrorists. You don't condone or negotiate with them.

@Hunter141072

Judging from your avatar, you're rather young.. I'm sorry to say, but this is the first time I've wanted to hit a baby.

@Shockwave

you can say anything you want but at the end who is begging for mercy right now??? i think sony is..... so yeah, way to go to "defeat" hackers........

@Johnnynumber5 is powered by cell

I´m not saying let them do what they want, but you and i and everybody here knows that there are wars that you can´t simply win: piracy, hackers, terrorism, drugs, are just a few that fit in that description. Sony started all this mess with their legal actions against a guy who was stupid enough to show his face and said:look i did it!!!. But the point is after that it has been nothing but attacks against sony, and guess what?? they can´t do anything about it, and this is the proof, now even personal information is compromised, so at the end sony really showed those hackers who was the boss right??? what do you do?? well, for starters all the mess that sony did with the jailbreak was what started all this, and at the end the jailbreak is here to stay, you can buy it and there are lots of copies right now everywhere ready to download, you can say that sony couldn´t stay there and do nothing, well guess what? that´s basically what microsoft and nintendo did with their cracked platforms, and that´s basically what microsoft is doing with the pirate copy of windows that you are using right now to read joystick. And it´s bussiness as usual, what sony did was nothing but to get mad a bunch of "kids" as you call them, but those kids have your credit card , guess they don´t sound so harmless right now.

@Hunter141072

First of all, I never called them kids I called them digital terrorists. The thing you don't understand about these companies is they are beholden to shareholders. They can't sit by idle and let thier platforms become pirate ships. MS & Nintendo both have done a lot of thing to combat the issue on thier platforms. Nintendo has worked in tandem with special task forces in various jurisdictions to have people distributing pirated material arrested. Microsoft has banned people from a service they subscribed to and just last month got hosed for over a million bucks because some geeks cracked thier points card algorythm.

Saying they have done nothing at all and just let thier consoles be hacked is untrue. Sony declared open season on GeoHot but you are assuming thats what spearheaded this movement. Thats an assumption. You think this wouldn't have happened if Sony didn't go after GeoHot and remove other OS? I think thats .... unfounded at best. You make it sound like it was for revenge. I think it's just good old fashioned American greed thats driving this intrusion. If it were about revenge they'd of played a prank by crippling the network but they wouldn't have went after personal information. In fact, I'd bet the people who did this attack want everyone to think it had anything to do with GeoHot & other OS. It makes a good smoke screen and throws people off the trail.

@Hunter141072

Why did you quote the word "defeat".... and respond to something I never said? I merely stated, in a sarcastic manor most probably above your level of intelligence, that you are immature, uneducated, and flat out annoying. I don't know what you're responding to, but thanks for proving my point.

@Shockwave

You didn´t agree with my point of view which is right, but as always here in joystick when somebody doesn´t agree then it´s inmature or a baby or whatever you want to call it, the funny thing is that those references are more inmature at the end, and don´t act like you didn´t know what i was talking about, if you wanted to hit me in my baby face it was because you didn´t like my point of view, even if you "hide it" under sarcasm, so at the end you too proved a point, not enough pants to talk in a civilized way.......

@Johnnynumber5 is powered by cell

100% of what you said is true, but at the end even tough it´s true that my assumption that everything that happened has something to do with Geohot could be unfounded don´t you think is very, very funny that everything is happening almost at the same time? is true that microsoft and nintendo try to stop piracy in their own way, but as i said it´s a lost battle because piracy always finds a way, the proof is right there, how many wiis are cracked? how many 360´s?? we have had this piracy talk since the times of the SNES, at the end tt there are some things that can´t change. if you remember even microsoft releases critical fixes for windows even if your copy is illegal, that shows how much piracy is on the world and they know it. But in this particular case you can´t shake the beehive and don´t expect a swarm attack, i mean it´s funny how no other console as faced something as big as this attack, and it was against sony, some days after the first attack that started for the whole "Geohotgate" funny right?........

Well the timeline makes more sense after getting this information. Seybold said the same thing on the NA Playstation Blog last night. According to Sony, they were not sure there was a security breach of personal information until the forensic analysis was completed yesterday. Perhaps thier covering thier arse but it's also possible they are being up front and honest. I don't know a lot about Network security on this scale but it is hasty to assume Sonys protocols were lax and that this was some sort of standard attack. For all we know this could have been a very exotic and sophisticated hacking of the servers. Hopefully we consumers are privy to the full results of the forensic analysis so we can determine what went wrong for ourselves. But, if this most recent information is accurate it's a lot harder to blame Sony for not telling consumers thier info couldve been compromised earlier ... They simply didn't know the extent of the intrusion.

@Johnnynumber5 is powered by cell

The infuriating thing is that not only did they not tell us right when it happened (thus giving us a chance to "prepare for the worst" rather than leaving that decision in their hands), but even moreso that when people finally started seeing the effects of it and they had to feed us a reason, they flat out lied and gave us the "scheduled maintenance" routine on the 21st.

They still should have notified everyone that their information was POSSIBLY compromised.

@Batman Exactly. Sony didn't need to wait to confirm that personal information was compromised before issuing a statement.

@grossgreg

I'm sure the credit card companies had some say in this too. What do you think they said about alerting 70 million people on a "maybe"?

@Batman
Why? So that people would run around like headless chickens over something that's not even 100% certain?

And what if there hadn't been a breach? We'd have people whining and bitching just as much as they are now that they're "so incompetent that they can't even determine if my data was compromised. They made me stress out/get a new card for no reason the SoB's".

Damned if you do, damned if you don't. Sony was gonna get grilled either way.

@eat it

Whenever there is any chance that your customers' information was accessed maliciously, I don't care how unsure you are about the details, you raise a damn flag and state "Information may have been compromised, we are investigating the situation further". Then customers can keep an eye on their bank accounts, emails, etc. How Sony handled the situation truly is unacceptable.

@Batman

That's hard for me to disagree with. The first thing they should've said whether they knew or not was that there was a possible breach of information. But, that's a long way from them intentionally not telling consumer when they knew for a week.

| 1 | 2 | 3 | 4 | Most Recent | Next 50 Comments

Sony: response to PSN outage was dependent on 'forensic analysis'

Reader Comments (161)

Posted: Apr 27th 2011 10:34AM (Unverified) said

Posted: Apr 27th 2011 10:36AM (Unverified) said

Posted: Apr 27th 2011 10:45AM My Prerogative said

Posted: Apr 27th 2011 11:19AM sigma8 said

Posted: Apr 27th 2011 12:00PM dustandechoes91 said

Posted: Apr 27th 2011 10:34AM thekinslayer said

Posted: Apr 27th 2011 10:51AM ShadowXIII said

Posted: Apr 27th 2011 10:56AM TylerDurden102680 said

Posted: Apr 27th 2011 10:58AM Uncle Jesse said

Posted: Apr 27th 2011 11:06AM The Albatross said

Posted: Apr 27th 2011 11:24AM sigma8 said

Posted: Apr 27th 2011 11:26AM (Unverified) said

Posted: Apr 27th 2011 11:56AM SmoothC911 said

Posted: Apr 27th 2011 12:19PM This Little Man Says His Name Is said

Posted: Apr 27th 2011 2:07PM Bewoulf said

Posted: Apr 27th 2011 10:35AM cheezitman2001 said

Posted: Apr 27th 2011 10:54AM RickGhastly said

Posted: Apr 27th 2011 12:12PM mrantimatter said

Posted: Apr 27th 2011 1:19PM xenophy said

Posted: Apr 27th 2011 3:16PM BananaBoat said

Posted: Apr 27th 2011 10:38AM copa said

Posted: Apr 27th 2011 10:41AM echerringtonYAHOOCOM said

Posted: Apr 27th 2011 10:41AM KIRBY SMASH said

Posted: Apr 27th 2011 10:44AM EDZiLLUH said

Posted: Apr 27th 2011 10:47AM Johnnynumber5 is powered by cell said

Posted: Apr 27th 2011 11:11AM baddates77 said

Posted: Apr 27th 2011 11:18AM Metalfacedoom said

Posted: Apr 27th 2011 12:38PM Design by Adrian said

Posted: Apr 27th 2011 2:13PM Bewoulf said

Posted: Apr 27th 2011 2:16PM Bewoulf said

Posted: Apr 27th 2011 4:22PM darkfocus said

Posted: Apr 27th 2011 10:45AM Hunter141072 said

Posted: Apr 27th 2011 10:55AM eat it said

Posted: Apr 27th 2011 11:00AM My Prerogative said

Posted: Apr 27th 2011 11:04AM Johnnynumber5 is powered by cell said

Posted: Apr 27th 2011 11:20AM Shockwave said

Posted: Apr 27th 2011 12:05PM Hunter141072 said

Posted: Apr 27th 2011 12:25PM Hunter141072 said

Posted: Apr 27th 2011 12:44PM Johnnynumber5 is powered by cell said

Posted: Apr 27th 2011 1:27PM Shockwave said

Posted: Apr 27th 2011 1:43PM Hunter141072 said

Posted: Apr 27th 2011 1:54PM Hunter141072 said

Posted: Apr 27th 2011 10:45AM Johnnynumber5 is powered by cell said

Posted: Apr 27th 2011 12:53PM Vcize said

Posted: Apr 27th 2011 10:47AM Batman said

Posted: Apr 27th 2011 10:53AM grossgreg said

Posted: Apr 27th 2011 10:57AM eat it said

Posted: Apr 27th 2011 11:00AM PointlessPuppies said

Posted: Apr 27th 2011 11:06AM Batman said

Posted: Apr 27th 2011 11:07AM Johnnynumber5 is powered by cell said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW