Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Ex-hacker comments on how PSN attack may have gone down

Sony hasn't explained how attack took PSN offline

The PlayStation Network is back up for most gamers around the world, but Sony has yet to give an explanation as to why and how the attack brought down the service for over a month.

Former hacker and lead architect at Mykonos Software, Kyle Adams, spoke with PCWorld about how the hack may have occurred. Adams suggests Sony may have left its doors wide open for attack by using outdated software.

Was the PlayStation Blog a gateway?

Hackers likely gained access using an SQL injection attack, according to Adams. In other words, hackers inserted malicious code into the database, and the server erroneously executed the code. This allowed the hackers to gain access to the server.

Adams suggests that the attackers may have entered the server through Sony's blog. Sony's blog was using an outdated version of Wordpress, which has known SQL injection vulnerabilities.

"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams told PCWorld.

The attack on Sony's PSN was an "advanced persistent threat," which, as the name suggests, is a series of ongoing, planned attacks. Each planned attack opens up more and more doors, allowing the hackers to advance further into the server.

Hackers on Sony's servers for months

"The depths they went indicates that this hack wasn't arbitrary," Adams said.

He explains that these types of attacks can go on for weeks or even months without being discovered, and that APTs typically involve attempts to obtain valuable data.

"They perceive value in the site they're going after," Adams said. "There's a whole lot of value in the data Sony had. There's always a buyer out there."

Adams did stress that he believes Anonymous had nothing to do with the attack, and notes that the group has never hacked and taken personal information in the past.

Adams seemed to concede, however, that Sony's claim that Anonymous may have made the hacker's jobs easier with their DDoS attacks has some validity.

"It's possible for another group to go through an open backdoor," he said.

For more tech news and commentary, follow Ed on Twitter at @edoswald and on Facebook.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Facebook, Inc., Sony
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach, games, security, sony
Latest Blog Posts
Whitepapers
  • Eight things senior managers need to know about data encryption
    Securing sensitive data is a must for every organization. Today’s encryption solutions don’t slow down your users, so you’re not compromising productivity for security. Here are eight things senior managers need to know about encryption to keep their data secure.
    Learn more »
  • Control your Print Environment
    In your ongoing quest to maximize productivity and drive down costs, you might be surprised by the savings and greater competitive advantage you can achieve with a fully optimised and well-managed printing and imaging environment. In fact, studies have shown that managing your fleet holistically can save you upwards of 30% on your printing costs. And the savings increase exponentially when the scope of work includes automating your paper intensive workflows. Read more.
    Learn more »
  • Workshifting: a global market research report
    New business requirements are transforming the demands placed on IT. To operate effectively in today’s fast-paced global environment, organisations need to be able to get work done anywhere, anytime, by any type of worker to achieve the best results. This is the context for the rise of workshifting—the practice of moving work to the most optimal location, time and resources. As one of the most comprehensive reports ever conducted into the role of desktop virtualisation in enabling workplace flexibility and mobility, it reflects the growing consensus of those using technology to improve the performance of their organisation.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments