{"id":2005,"date":"2011-06-11T08:46:57","date_gmt":"2011-06-11T01:46:57","guid":{"rendered":"http:\/\/deepquest.code511.com\/blog\/?p=2005"},"modified":"2011-06-11T09:10:18","modified_gmt":"2011-06-11T02:10:18","slug":"sony-aka-sownage","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2011\/06\/sony-aka-sownage\/","title":{"rendered":"Sony aka Sownage"},"content":{"rendered":"

Absolute Sownage<\/h3>\n

A concise history of recent Sony hacks<\/h3>\n

Over the last two months, the multi-national Sony Corporation<\/a> has come under a wide range of attacks from an even wider range of attackers. The backstory about what event prompted who to attack and why will make a mediocre made-for-TV movie someday. This article is not going to cover the brief history of hacks; readers can find details elsewhere<\/a>.
\nInstead, the following only serves to create an accurate and comprehensive timeline regarding the recent breaches, a cliff notes summary for easy reference.<\/p>\n

Other than Steve Ragan and The Tech Herald<\/a>, most recent articles about Sony make vague references to ongoing problems, but do not enumerate the full history. This is likely because the past events, while only 45 days old at most, are convoluted and confusing. The table below should serve to fix that, hopefully giving journalists and security professionals a concrete and clear history.<\/p>\n

One thing should be noted; the attacks against Sony are not coordinated<\/strong>, nor are they
\nadvanced<\/em>. Sony has demonstrated they have not implemented what any rational administrator or security professional would consider “the absolute basics”. Storing millions of customer’s personal details and passwords without using any form of encryption is reckless and ridiculous. Even security books from the ’80s were adamant about encrypting passwords at the very least. Several of Sony’s sites have been compromised as a result of basic SQL injection attacks<\/a>, nothing
\nelaborate or complex.<\/p>\n

If anyone… ANYONE<\/strong> at all uses the term “advanced persistent threat” in describing the
\nattacks on Sony, please hit them very hard before disregarding them as ignorant charlatans hell-bent on serving their own interests. Given the wide variety of attackers (see below), the attacks on Sony can only be described as an uncoordinated effort at best.<\/p>\n

That said, welcome to the recently coined term, “Sownage”. The state of being thoroughly “owned like Sony is”.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Incident<\/strong><\/span><\/td>\nDate<\/strong><\/span><\/td>\nSite<\/strong><\/span><\/td>\nStock<\/strong><\/span><\/td>\nWho (allegedly)<\/strong><\/span><\/td>\nObservation<\/strong><\/span><\/td>\n<\/tr>\n
<\/td>\n2011-04-20<\/td>\nSony PSN Offline<\/a><\/td>\n30.14<\/td>\n<\/td>\nPSN taken offline by Sony due to hack. <\/p>\n

Network World has a timeline of events related to PSN<\/a>.<\/td>\n<\/tr>\n

1<\/span><\/td>\n2011-04-26<\/td>\nPlayStation Network (PSN) Hacked<\/a><\/td>\n29.79<\/td>\nAnonymous<\/a> (?)<\/td>\nSony admits attack took place between April 17 and 19, but did not disclose
\nuntil around the 26th.<\/a> <\/p>\n

Records breached<\/strong>: 77 million names, addresses, email addresses, birthdates, PlayStation Network\/Qriocity passwords and logins, handle\/PSN online ID, profile data, purchase history and possibly credit cards obtained
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

<\/td>\n2011-04-27<\/td>\nArs readers report credit card fraud, blame Sony<\/a><\/td>\n29.03<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n2011-04-28<\/td>\nSony PSN hack triggers lawsuit<\/a> <\/p>\n

Sony says SOE Customer Data Safe<\/a><\/td>\n

28.39<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
2<\/span><\/td>\n2011-05-02<\/td>\nSony Online Entertainment (SOE) hacked<\/a> <\/p>\n

SOE Network Taken Offline<\/a><\/td>\n

28.80<\/td>\n(unknown)<\/td>\nSony Press Release<\/a>. <\/p>\n

Records breached<\/strong>: 24.6 million customer dates of birth, email addresses and phone numbers, including 12,700 non-U.S. credit or debit card numbers and expiration dates and about 10,700 direct debit records including bank account numbers
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

<\/td>\n2011-05-03<\/td>\nSony Online Entertainment (SOE) issues breach notification letter<\/a><\/td>\n28.44<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n2011-05-05<\/td>\nSony Brings In Forensic Experts On Data Breaches<\/a><\/td>\n27.98<\/td>\n<\/td>\n“Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony’s servers and how they cracked the company’s defenses.”<\/td>\n<\/tr>\n
<\/td>\n2011-05-06<\/td>\nSony Networks Lacked Firewall, Ran Obsolete Software: Testimony<\/a><\/td>\n28.06<\/td>\n<\/td>\nGene Spafford wrote an article describing his testimony<\/a>, and how many media outlets misquoted him.<\/td>\n<\/tr>\n
3<\/span><\/td>\n2011-05-07<\/td>\nSony succumbs to another hack leaking 2,500 “old records”<\/a><\/td>\nn\/a<\/td>\nSony<\/td>\nNote: This information was available via a Sony website and indexed by Google<\/a>. This was not a “hack” by any means.
\nFile originally found at products.sel.sony.com\/shared\/santa\/dbs\/sweepstake.xls (now offline<\/a>) <\/p>\n

Records Breached:<\/strong> 2,500 names and partial addresses of 2001 Sony sweepstakes<\/td>\n<\/tr>\n

<\/td>\n2011-05-12<\/td>\nLawyers take aim at Sony hack, may miss on payout<\/a><\/td>\n28.23<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n2011-05-14<\/td>\nSony resuming PlayStation Network, Qriocity services<\/a><\/td>\nn\/a<\/td>\n<\/td>\nAll SOE games\/services were down for a total of 24 days.<\/td>\n<\/tr>\n
4<\/span><\/td>\n2011-05-17<\/td>\nPSN Accounts still subject to a vulnerability<\/a><\/td>\n28.07<\/td>\nunknown<\/td>\nWith this vulnerability, an attacker has the ability to change a user’s password using only their account’s email and date of birth. Rumors suggest it was being exploited by bad guys. <\/p>\n

TNW article<\/a> titled “Not so fast: Sony’s PlayStation Network hacked again” is misleading.<\/p>\n

Sony blog on incident<\/a> (vulnerability fixed)<\/td>\n<\/tr>\n

<\/td>\n2011-05-18<\/td>\nProlexic rumored to consult with Sony on security<\/a><\/td>\n27.80<\/td>\n<\/td>\n“got a call from a recruiter who swore some company called prolexic was hired to protect Sony from Anonymous” <\/p>\n

Update: Prolexic did provide services to Sony, but only for DDoS mitigation.<\/td>\n<\/tr>\n

5<\/span><\/td>\n2011-05-20<\/td>\nPhishing site found on a Sony server<\/a><\/td>\n27.05<\/td>\nunknown<\/td>\n(additional article<\/a>)<\/td>\n<\/tr>\n
6<\/span><\/td>\n2011-05-21<\/td>\nHack on Sony-owned ISP steals $1,220 in virtual cash<\/a> (So-net Entertainment Corp)<\/td>\nn\/a<\/td>\nunknown<\/td>\n(additional article<\/a>) <\/p>\n

Records Breached:<\/strong> e-mail and virtual currency of 128 accounts<\/td>\n<\/tr>\n

7<\/span><\/td>\n2011-05-21<\/td>\nSony Music Indonesia Defaced By k4L0ng666<\/a><\/td>\nn\/a<\/td>\nk4L0ng666<\/td>\nNo evidence of personal information being compromised.<\/td>\n<\/tr>\n
8<\/span><\/td>\n2011-05-22<\/td>\nSony BMG Greece the latest hacked Sony site<\/a><\/td>\nn\/a<\/td>\nb4d_vipera<\/td>\nApparently done via SQL Injection<\/a>. Pastebin dump<\/a> <\/p>\n

Records Breached:<\/strong> 8,500 usernames, email addresses, phone numbers and password hashes
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

9<\/span><\/td>\n2011-05-23<\/td>\nLulzSec leak Sony’s Japanese Websites<\/a><\/td>\n26.59<\/td>\nLulzSec<\/td>\nSQL Injection in www.sonymusic.co.jp (article<\/a>) <\/p>\n

Sophos says databases do “not contain names, passwords or other personally identifiable information”<\/a><\/td>\n<\/tr>\n

<\/td>\n2011-05-23<\/td>\nSony forecasts a $3.1B loss for FY 2011 due to quake, PSN failure<\/a> <\/p>\n

PSN breach and restoration to cost $171M, Sony estimates<\/a><\/td>\n

26.59<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
10<\/span><\/td>\n2011-05-24<\/td>\nSony says hacker stole 2,000 records from Canadian site<\/a> (Sony Erricson)<\/td>\n27.90<\/td>\nIdahc<\/td>\nSony Ericsson Got Hacked by Idahc – Lebanese hacker<\/a> via SQL Injection <\/p>\n

Idahc dumped 1,000 of the cords to http:\/\/pastebin.com\/4YGAWxQZ (since removed)<\/p>\n

Records Breached:<\/strong> Email addresses, passwords and names of 2,000 users
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

<\/td>\n2011-05-25<\/td>\nSony Begins Providing ID Theft Protection for PlayStation Hack<\/a><\/td>\n27.65<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
11<\/span><\/td>\n2011-06-02<\/td>\nLulzSec versus Sony Pictures<\/a><\/td>\n26.54<\/td>\nLulzSec<\/td>\nSophos says 4.5 million records exposed<\/a>. LulzSec
\ninitially thought to target the elderly<\/a>, but
\nclarify they dumped the database by DoB and stopped at 1943<\/a>. <\/p>\n

Lulz? Sony hackers deny responsibility for misuse of leaked data<\/a><\/p>\n

Records breached:<\/strong> Over 1,000,000 users’ passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords. Information taken from
\nAutoTrader users database, Summer of Restless Beauty users database, Sony Wonder coupons database, Sony Wonder music codes database, Seinfeld Del Boca Vista database
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

12<\/span><\/td>\n2011-06-02<\/td>\nSony BMG Belgium (sonybmg.be) database exposed<\/a><\/td>\n26.54<\/td>\nLulzSec<\/td>\nRecords Breached:<\/strong> Email addresses, usernames, cleartext passwords, internal release dates of records, sales reports
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n
13<\/span><\/td>\n2011-06-02<\/td>\nSony BMG Netherlands (sonybmg.nl) database exposed<\/a><\/td>\n26.54<\/td>\nLulzSec<\/td>\nRecords Breached:<\/strong> Usernames, cleartext passwords<\/td>\n<\/tr>\n
<\/td>\n2011-06-02<\/td>\nSony, Epsilon Testify Before Congress<\/a><\/td>\n26.54<\/td>\n<\/td>\nTim Schaaff, President of Sony Network Entertainment International Witness Testimony<\/a> (PDF) <\/p>\n

“Sony Network Entertainment and Sony Online Entertainment have always made
\nconcerted and substantial efforts to maintain and improve their data security systems.”<\/td>\n<\/tr>\n

14<\/span><\/td>\n2011-06-03<\/td>\nSony Europe database leaked<\/a><\/td>\n26.38<\/td>\nIdahc<\/td>\nDump of the apps.pro.sony.eu database<\/a> via SQL Injection <\/p>\n

Records Breached:<\/strong> 120 names, phone numbers and e-mail addresses
\n(DatalossDB Entry<\/a>)<\/td>\n<\/tr>\n

<\/td>\n2011-06-05<\/td>\nLatest Hack Shows Sony Didn’t Plug Holes<\/a><\/td>\n<\/td>\n<\/td>\n“Group members said their motivation was to show Sony execs weren’t telling the truth when they tried to reassure customers they had revamped security to prevent the simple, almost identical exploits
\nthat allowed a range of hackers to take over one of its networks after another beginning in mid-April.”<\/td>\n<\/tr>\n
15<\/span><\/td>\n2011-06-05<\/td>\nSony Pictures Russia (www.sonypictures.ru) databases leaked<\/a><\/td>\n<\/td>\nunknown<\/td>\nAnother SQL injection attack. @LulzSec confirms they did not find it<\/a>. <\/p>\n

Records Breached:<\/strong> all (?) databases of Sony Pictures Russia<\/td>\n<\/tr>\n

<\/p>\n

<\/td>\n2011-06-06<\/td>\nLulzSec member arrested<\/a><\/td>\n<\/td>\n<\/td>\nBased on a post to Full-Disclosure<\/a>, rumors that a member of LulzSec was arrested
\ncirculated widely<\/a>.
\nThis news was included in several articles<\/a> that did not validate the information.
\nLulzSec issued a statement<\/a>
\nsaying the news was wrong, and that “ev0” was not a member of the group. Arik Hesseldahl actually contacted a source at the FBI to confirm this
\nand covered the details in an article<\/a>.<\/td>\n<\/tr>\n
16<\/span><\/td>\n2011-06-06<\/td>\nLulzSec Hackers Post Sony Computer Entertainment Developer Network (SCE Devnet)<\/a><\/td>\n25.76<\/td>\nLulzSec<\/td>\n(additional article #1<\/a>),
\n(additional article #2<\/a>), <\/p>\n

LulzSec “press release” on incident<\/a><\/p>\n

Data Leaked:<\/strong> 54meg torrent of Sony Computer Entertainment Developer Network (SCE Devnet<\/a>) source code<\/td>\n<\/tr>\n

17<\/span><\/td>\n2011-06-06<\/td>\nLulzSec hits Sony BMG, leaks internal network maps<\/a>><\/td>\n25.76<\/td>\nLulzSec<\/td>\nWhile @LulzSec released the data in one torrent<\/a>, the group
\nconfirmed the BMG maps did not come from SCE Devnet<\/a> (tweet since deleted), making this a
\ndistinct and separate compromise. <\/p>\n

Data Leaked:<\/strong> Sony BMG internal network maps<\/td>\n<\/tr>\n

<\/p>\n

18<\/span><\/td>\n2011-06-08<\/td>\nSony Portugal latest to fall to hackers<\/a><\/td>\n25.25<\/td>\nIdahc<\/td>\nDump of the sonymusic.pt database. Idahc says<\/a> he found SQL injection, cross-site scripting (XSS) and Iframe injection vulnerabilities in the site. <\/p>\n

Records Breached:<\/strong> Customer e-mail addresses<\/td>\n<\/tr>\n

19<\/span><\/td>\n2011-06-08<\/td>\nSpoofing lead to fraud via shopping coupons at Sonisutoa \/ My Sony Club<\/a> (Google Translation<\/a>)<\/td>\n25.25<\/td>\nunknown<\/td>\nThrough “spoofing”, an attacker used 95 accounts to exchange online shopping coupons worth 278,000 points at Sonisutoa (My Sony Club), defrauding Sony of ~ 280,000 yen (~ US$3,500). Sony cannot
\nconfirm if e-mail addresses or passwords were leaked.<\/td>\n<\/tr>\n
<\/td>\n2011-06-11<\/td>\nSpain Arrests 3 Suspects in Sony Hacking Case<\/a><\/td>\n<\/td>\n<\/td>\nFrom the article: “According to a police statement<\/a>, the suspects are part of Anonymous..”<\/td>\n<\/tr>\n

<\/tbody>\n<\/table>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Note:<\/p>\n