Ex-hacker comments on how PSN attack may have gone down

Sony hasn't explained how attack took PSN offline

PC World Staff (PC World (US online))
18 May, 2011 08:30
Comments

The PlayStation Network is back up for most gamers around the world, but Sony has yet to give an explanation as to why and how the attack brought down the service for over a month.

Former hacker and lead architect at Mykonos Software, Kyle Adams, spoke with PCWorld about how the hack may have occurred. Adams suggests Sony may have left its doors wide open for attack by using outdated software.

Was the PlayStation Blog a gateway?

Hackers likely gained access using an SQL injection attack, according to Adams. In other words, hackers inserted malicious code into the database, and the server erroneously executed the code. This allowed the hackers to gain access to the server.

Adams suggests that the attackers may have entered the server through Sony's blog. Sony's blog was using an outdated version of Wordpress, which has known SQL injection vulnerabilities.

"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams told PCWorld.

The attack on Sony's PSN was an "advanced persistent threat," which, as the name suggests, is a series of ongoing, planned attacks. Each planned attack opens up more and more doors, allowing the hackers to advance further into the server.

Hackers on Sony's servers for months

"The depths they went indicates that this hack wasn't arbitrary," Adams said.

He explains that these types of attacks can go on for weeks or even months without being discovered, and that APTs typically involve attempts to obtain valuable data.

"They perceive value in the site they're going after," Adams said. "There's a whole lot of value in the data Sony had. There's always a buyer out there."

Adams did stress that he believes Anonymous had nothing to do with the attack, and notes that the group has never hacked and taken personal information in the past.

Adams seemed to concede, however, that Sony's claim that Anonymous may have made the hacker's jobs easier with their DDoS attacks has some validity.

"It's possible for another group to go through an open backdoor," he said.

For more tech news and commentary, follow Ed on Twitter at @edoswald and on Facebook.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: etwork, Facebook, Inc., Sony

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Should I REFINANCE a construction loan to a permanent loan OR convert ..."

World’s eyes on Aussie NBN: Conroy
"It's an remarkable paragraph in support of all the online visitors; they ..."

iPhone 5 rumour rollup for the week ending May 27
"I would not recommend Aranez iPad case or the manufacturer. I purchased ..."

PRODUCTS: Aranez announces K-Leather iPad 2 case
"Slt peut tu expliquer comment intaller ou mettre en place le mteur ..."

Italian mathematician prepares to challenge Google
""Amsellem said Facebook, flush with cash from its recent IPO, could purchase ..."

Facebook could buy Nokia to build 'FacePhone', expert claims

Tags: data breach, games, security, sony

ARN Directory | Distributors relevant to this article

ACA Pacific , Alloys , Anixter , Aquion , ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Leader Computers , Multimedia Technology , Xpress I.T. , Dynamic Supplies

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

CCSAP FICO ConsultantNT
CCSAP PM ConsultantNSW
FTChange Management ProfessionalsNSW
FTQM Trainer and ConsultantNSW
FTSAP Basis ConsultantACT
FTSAP Basis ConsultantNSW
CCOBIEE ConsultantWA
FTSales Account ManagerNSW
FTSales Account ManagerNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

/deals/avg/213_avg-internet-security-3-pc-2-year-10-pack-reta

AVG (AU/NZ) Pty Ltd

AVG Internet Security 2012 10 Pack Retail Specials

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Spectra Logic and Australian National University Success Story - March 2012

Australian National University (ANU) located in Canberra, and ranked as one of the top universities in Australia, recently deployed two Spectra Logic T950 enterprise tape libraries at the heart of its 9.5 petabyte tape-based active archive to support ANU’s high performance private data cloud storage solution. The cloud-based storage installation with Spectra’s tape-based active archive allows ANU to efficiently support its exponential data growth, accelerate access to its research data, and improve overall data reliability.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management