Wednesday, May 4, 2011
Investigators Arrive as PlayStation Fiasco Expands
Computer experts have begun investigating the Sony PlayStation Network outage as the scope widened from 77 million user records compromised to 100 million. Government officials are also focusing on the PSN outage as Sony traced some attacks to Malaysia. When the PSN fiasco ends, Sony will face a "long road" to restore users' trust.
In the movie version of PlayStation Down, we're at the point where Harrison Ford and an army of detectives come into the story of Sony's long-running PlayStation Network outage. As the fiasco enters its third week, the company has now hired outside investigators to find the hackers.
A team from computer forensics experts Data Forte is led by an ex-special agent from the U.S. Naval Investigative Service. The FBI is also reportedly investigating. In addition, there are investigators from cybersecurity firm Guidance Software and risk-assessment company Protiviti, and lawyers from Baker & McKenzie.
But those are only the investigators inside Sony. Sen. Richard Blumenthal (D-Conn.) has followed up on a letter he sent the company earlier this week, asking for details about what was stolen and why users weren't informed earlier. On Tuesday, he asked U.S. Attorney General Eric Holder Jr. to look into the security Relevant Products/Services breach and see if any laws were broken.
In addition, the House Committee on Energy and Commerce has announced a hearing Wednesday on the episode. A German government privacy official is also looking into the matter.
In addition, several class-action lawsuits have been filed. Most recently, a Toronto-based law firm filed suit Tuesday on behalf of an Ontario-based PSN user who was named as lead plaintiff. The suit seeks $1.05 billion for breach of privacy and to cover credit monitoring and fraud insurance on behalf of users.
Although Sony has been releasing information in dribs and drabs, it now appears that confidential data Relevant Products/Services for as many as 100 million users or so may have been exposed, and possibly taken.
On Monday, the company said nearly 25 million confidential records -- including e-mail addresses, birth dates, and phone numbers -- could have been stolen, as well as an outdated, four-year-old database. Previously, the company had said 77 million user accounts on PSN had been hacked.
'A Long Road'
In addition to PSN, which was shut down on April 20, Sony's Qriocity music service has been down, and, on Sunday, Sony took down the massively multiplayer online games on its Sony Online Entertainment (SOE) network Relevant Products/Services, because, the company said, it also had been compromised. PSN provides games for downloading, while SOE hosts games like EverQuest.
The company most recently has said it expects to restore some PSN services this week, and the entire network within the month.
According to news reports, Sony has determined that at least some of the attacks could be traced to a server Relevant Products/Services in Malaysia, although it's not yet clear if the attackers were based there.
When the networks are eventually back up, how will Sony pick up the pieces? Andrew Frank, research director at Gartner Relevant Products/Services, said "it's going to be a long road."
His advice: first, Sony should "find third parties to vouch for the security of its networks, since, obviously, there are going to be credibility issues." Frank also suggested that the electronics giant convey that it's rebuilding all or part of the network, so "there's a sense Relevant Products/Services that it's a new model."
And, he said, Sony should set aside some time "to talk to their friends at Toyota" about how to restore a damaged brand.