Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”
Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
We also informed the subcommittee of the following:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.
last week u said on tuesday it would be up within a week its bben a week an 1 day now quit feeding us crap an come up with a specific date cuse were frecken sick of waiting
T-T
So when can we go on? What about the promise you guys made? Better top compensate me with a broken promise now as well >.<
I was expecting today….
Anonymous stuff sounds like a frame job. Nothing is as it seems online.
The 30 days is added to original PS+ subscribers ? This post says now otherwise.
Anyway, I still support Sony, and I just hope that this serves as a wakeup call for all corporations to take cyber-security seriously a and to take better care of our data.
Some people say that everything happens for a reason. Perhaps this current attack on PSN is a blessing in disguise. Sony is about to release a new generation of Sony-Networked products that will rely on PlayStation Network infrastructure, including a lot of PlayStation Certified and Qriocity compatible products like the new Sony tablets, and Android phones. If there were any time that Sony had to get their network in order, it is “now”, before those products hit the market.
Most gamers are at least a little tech-savvy, and understand that hacks like this can happen. The general tablet or phone consumer might not be so forgiving. If Sony can fix everything now, many consumers won’t even realise that any of this hacking happened… but if it happened after the S1 and S2 tablets are in consumer hands, it will be a different story.
So, good luck to Sony. Make the Sony’s Online Services as secure as possible so that Sony’s new gaming and non-gaming devices all have a bright future.
(Just don’t keep the network turned off for too long)
Can you list the congressmen involved in this? If any are from my state i want to make sure i vote against them for wasting tax payer dollars.
Less words and more action Sony!
Thanks for the update, but I hope this isn’t the only one for today much less next 3 days. It looks like you keep missing your stated time-frames but neglect to inform us about it. This is interesting stuff, but frankly I’m tired of frequenting the blog to not see anything new. Today makes 2 weeks since the network went down. Give us a date and time that it will be back up, and make it actually happen.
Its hard to be on sony’s shoes right about now… But to all of the guys asking to rush n put the psn up, think about the identity theft and all the stuff that can/will/could ve happned to you or ur friends!.. its not just about Credit cards u know..
Thanks for the update. I personally hope that the author(s) of this attack can be identified and punished. Obviously the guys here that are posting stuff like “When we will be able to play online again”, “Give us a date”, etc, do not understand the extension of such crime and the complexity involved. Take your time, Sony.
So it was the pieces of $hit at Anon. Denial is usually a precursor to guilt in cases like this. I’d lie my ass off if the FBI were after me as well.
Even if it was a sophisticated crew working within Anon, THAT’S the issue with being a rogue, faceless, vigilante group: you never know who else is in the group with you or what their motivations are.
Serves them right. Bring on the justice.
This is great! I was wondering when congress was going to get involved. This is going to get interesting in the next couple of months, when they begin to bring in the hackers for prosecution.
I just hope they get what they deserve, they (the hackers) took away our ability to enjoy online video games, and in the process affected all of us who have CC, and or our Credit. The truth is cyber attacks normally don’t occur on such a large scale, most of the claims you hear about are single people whose identity was stolen.
Hopefully we will see the end of the PSN being under maintenance soon, and we can return to fragging each other online.
On a side note, this offline period has given me plenty of time to catch up on some of my games, and I’ve had the time to create some levels in LBP2, just waiting for the PSN to return so I can publish those.
Then Psn legion speaks:
Live ALERT;
We are gld sony haslistened to the gamers onthis matter and and really coming around to know that all along anon has been doing these attacks. The rumor mill is true they sent a hit man hacker to do the attack and they lanned this attack on sony by using mal ware and sophicated root. We at the legion also truly think some from inside of sony hardware division is helping them do these attacks. SOny I hope look into past and current employees who knew the system and montiot them closey.
We are also aware at the psn legionairre commitee that more attack will come the 1-2 second week of up graded psn.Sony please dont allow the update to able to download via computer anymore . Please use a system thats will not function without proper authorization.Becuase we have confirmed that these hackers copy your framewares via computer via usb.
ty. mcbuttz78
vp-psn legionairee commitee
i want cross game chat as compensation
man i hope PSN comes back on soon that everyones accounts are ok that we can still get on our own accounts and i prey my friends on there are ok
Anon is screwed like Bin Laden on a Sunday night.
Hmmm seems ppl wanna jump to conclusions again.
Just cuz a file was named “Anonymous” doesnt mean that they had anything to do with it. The real ppl behind the attack may have just used that name to throw off the police.
How would you feel if your name had been used, and all of a sudden the whole world considered you the suspect?
I dont think Anonymous would be that stupid to do a high scale attack like this on a company, steal consumer info, and then leave a file behind with their name on it. On the other hand if it turns out they did do it, then they are really really stupid in certain ways, mostly the leaving your calling card to name you as the criminal.
May the 4th be with ya’ll.
And for all those idiots that thought Anonymous didn’t do it……….yeah
not thinking it was anonymous group , thinking it was corporate warfare to make Sony look bad . used anonymous as a cover because of recent attention they have received . am thinking it’s those guys with the crappy console “x-pox”
I freaking hate Anonymous.
Now that Bin Laden is gone…hey, how about team 6 goes and shoots every memeber of anonymous.
you never really know who actually did it though until the day they get some one with proof who actually hacked it then ill believe what they say .
I dont think we will see PSN this month
This update means *** to me
Hey Patrick…..that’s great and all….but your online community wants answers to different questions too. Why are we being ignored on these??
1- Why aren’t there at least other blog posts relating to games???? There have been plenty of games released during this downtime, as well as at least another dozen disc based games hitting the stores by the end of May. Is Grace on vacation? Does your keyboard represent the only working one in the whole Social Media department? Why don’t we see blog posts from outside Sony, like publisher posts anymore?
2- You know people want a timeline. Your 0-3, bating .000. If the people rebuilding the system haven’t a clue after 2 weeks of a general and REALISTIC timeline of when basic online functions will be restored…..then, we’re doomed. And it’s hogwash to hide a date. If you’re ducking a possible attack, I highly doubt an unannounced date will deter it. Let’s just all hope that doesn’t happen.
One question, when will PSN be back up again???
Just because a file is there that points to Anonymous doesn’t mean Anonymous put it there. Of course, it could totally be Anonymous’ fault, too. I’m just saying, it might be a diversion.
I hope this whole thing just dies down soon. It’s getting sort of old hearing Sony needing to defend themselves at every turn. A mistake happened, oh dear, that’s because we are all human, get over it and stop attacking Sony as I am sure they have enough to deal with at the moment! Anyway I just picked up Mortal Kombat since I was seriously out of SP stuff to play before and I LOVE it! Can’t wait to try it online!
@71 EXACTLY!
As much as I hate Anonymous, this whole thing screams “red herring”!
No one performs such a supposedly sophisticated attack, leaves no traces only to give a clue that screams a supposed perpetrator name. “Anonymous – We are legion” – it’s too obvious even though Anonymous denied it.
As much of a scum as I think Anonymous to be, they are still protected under the law, and they are innocent until proven guilty.
Sony,
Honestly This is really a catch 22 situation, 1) we really want to play online and own ppl in game such as black ops… but 2) You have to place a super duper secure network environment for us to play in because If it ever does happen again, there is going to be a bunch of greedy as people trying to Sue sony and milk them for all they’ve got. I really feel sorry for Sony because this is a free Service they give us and look at how much it’s costed them. I read their reports posted to House of reps, and they Hired a lot of ppl just for this one event, not to mention their stocks have been plummeting this month! they have literally lost over 12% of their stock value this month alone!!! and now they gotta give us all free gifts.
Its just not a good time for sony right now.. I am impatient and I really want to place ASAP but I know they gotta do what they gotta do…
Just please handle them soon!
Oh and sony said it would be up by this week, during the weekend japan conference, so they have until SUNDAY to do it.. hopefully it gets done!!!
ALSO ONE LAST QUESTION, WHEN WE LINKED OUR FACEBOOK WITH PSN DID THE HACKERS TAKE THAT INFORMATION AS WELL?
Thanks for the update! I am looking forward to getting back on PSN but if that takes more time than so be it. I would not want PSN to be brought back up before all of the security is put in place. I would hate to see this happen again.
I don’t care what everyone else is saying about others complaining. WE HAVE A RIGHT TO COMPLAIN! Sony is a COMPANY. If you understand what they are then you should know they shouldn’t have let this happen. Soecially for this long. Of course I don’t know how difficult the matter is because well I’m not working with Sony. BUT since they are a huge company. They should have been resolved this. It taking them this long REALLY SHOWS that they’re online service isn’t really good.
WE NEED CROSS GAME CHAT! Until we get that I’m going to keep believing that Sony didn’t know online was going to be as important as it is now just like Nintendo didn’t. Of course Nintendo’s online is almost not an online service from how poor it is.
The PS3 won’t live it’s 10 years if things in Playstation Share doesn’t get accomplished.
Oh yeah and Anonymous is so funny when they try to act tough. “We are Legion” Where are you guys from the time of King Aurthur?
“We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly.” <—— DEFINE SHORTLY.
I’ve just had a read through the whole letter from Kaz to the subcommittee, and it’s hard to see how Sony could have done anything differently.
I think a lot of people imagine Sony having a big red “hacker warning” light on their screens, knowing immediately what had happened, and then sitting around for a week trying to decide whether to tell us or not. In real life, it’s often much harder to find out exactly what has happened, and I think Sony were right to shut down PSN when they did.
Of course it’s easy to point the finger and say what Sony did wrong, and hindsight is always 20:20, but from what they said, I don’t really know how I personally would have handled things better.
Anyway, I’m hoping all of this gets resolved soon.
I wouldn’t be so sure that Anonymous was behind this, after all anyone can pose as Anonymous, that is what makes Anonymous well… Anonymous.
If Sony speaks the truth about the files being named Anonymous, and I do believe they do so, then, whether or not the organisation itself constructed the attack, our Credit Card-data is, more or less, not compromised. Anonymous fights for rights and ideas, not for monetary gain. But it could just be a ruse to hide the true intent of the attackers.
But seriousness aside.. Uhm… When can I play LittleBigPlanet again? =(
Anon wouldn’t have done it if they knew the repercussions it would cause, given by nature they don’t think nor care about the consequences to their actions, it is the exact type of thing that low life degenerates would do.
Who the hell cares? Just get PSN online!
If u have no date for when the PSN will be coming back on THAN TELL US THAT U HAVE NO OFFICAL DATE. dont keep making up dates and breaking them.
I’m with u Sony Computer Entertainment.
Have anyone notice that Patrick Seybold never replay to any of these post? (he only did 1)
I don’t think we care about this. Politics and crap. We just want to know when we can finally get back online. Give us updates on that, not this crap.
All i ask is that you PLEASE let us know who is arrested and when so we can follow the prosecution and see what they get for this.
“Anonymous fights for rights and ideas, not for monetary gain”
Besides their self-serving “ding-dong-and run” cyber pranks, what makes you believe the above statement has any basis in fact? Simply because that’s the moral high ground that Anon *claims* to take doesn’t make it true. I don’t trust those socially [DELETED] delinquents as far as I can throw them.
That said, leaving a file called “Anonymous” behind is obviously just a red-herring (and side swipe at the script kiddies that make up Anonymous) left by the real attacker(s)
Theft protection to US account holders? I’m Canadian, what about me?
I hope psn back soon !!
I have 7 or 8 freinds i know have psn accounts and they all say there ok with this down time. Keep the updates coming.
I see some dumb broad in Canada is suing Sony for $1 billion because she needs the money to make sure she is protected from identity theft. It sure must be expensive in Canada to sign up for a credit service. I say the FBI should investigate her. Her boyfriend is probably the hacker who attacked Sony. Now they’re going to sue and try to become billionaires.
Although my current issue is with the Social Media department, or apparent lack thereof (see #69), I do have to commend Sony for all the actions its taken with regards to the hack. 1. Taking off the servers the moment they were aware that there was a serious breach. 2. Employing multiple forensic agencies, esp. those with highly specialized skills, to add manpower and speed to the process. 3. Completely (it appears) rebuild the security of the system to a seemingly a much higher level of overall safety. 4. They want to learn the full extent of the hack.
I also feel they need to have a high amount of on-sale GAMES and DLC once we get online as part of their customer appreciation “Welcome Back” program. I can just see these “free downloads” being a ton of themes/avatars/trials and, if they happen to include games, the said (or at least the majority of them) games will have DLC that’s not part of any deal.