SOE is down! (Not just EQ2)

[Wayena]

From SignOnSanDiego.com, the website of the San Diego Union-Tribune newspaper.

Customers of San Diego-based Sony Online Entertainment must watch out for "spear phishing" scams after a hacker may have gained access to personal information on 24.6 million accounts, including email addresses and passwords.

Privacy experts say cyber criminals could have enough information to send highly customized emails or postal letters — or make phone calls — that will appear to come from Sony in hopes of tricking customers into revealing more sensitive information — such as credit card or Social Security numbers.

Sony Online Entertainment urged its customers to be "especially aware" of these scams. "Sony will not contact you in any way, including email, asking for your credit card number, Social Security number or other personal information," the company said in a letter to customers posted on its Web site. "If you are asked for this information, you can be confident Sony is not the entity asking."

Sony Online Entertainment, which makes video games such as the EverQuest series that users play online, abruptly shut down its network on Monday after the breach was discovered. The breach did not expose customer credit card numbers in the U.S. But it did possibly reveal names, addresses, email, birth dates, gender, phone numbers, login names and passwords.

The PlayStation network breach came from an attack on a data center in San Diego. Taina Rodriguez, a Sony Online Entertainment spokeswoman, declined to say if PlayStation and Sony Online Entertainment shared the same data center.

"Our servers are different from the PSN servers," she said. "We are operated separately. But since we're both under the Sony umbrella, there is a degree of architecture that overlaps."

Rodriguez added that Sony Online Entertainment's network would be shut down until Friday and possibly longer. The company has contacted the FBI to investigate the attack.

[Wayena]

From MSNBC.com:

A U.S. House of Representatives subcommittee is demanding answers from Sony after private information from some 102 million personal accounts was taken by hackers.

In a letter written by the Congressional Subcommittee on Commerce, Manufacturing and Trade and addressed to Sony chairman Kazuo Hirai, representatives asked the company to answer a list of 13 questions related to the hacking of Sony's PlayStation Network.

The Congressional committee has demanded answers about the PlayStation Network breach only perhaps because news of the Sony Online Entertainment breach wasn't released until Monday afternoon.

[Wayena]

Yay for more info. Sorta.

May 4, 2011

We want to thank you again for your patience as we work to get the SOE services back up and running. We received several questions and comments relating to the criminal attack to our network and would like to address some of the most common questions today. We are also going to continue to post updates to this website with new information as they become available.

We appreciate your continued patience and feedback.

Thank you,
Sony Online Entertainment


When will SOE's services be back online?
We have been working around the clock to restore operations as quickly as possible, and we expect to have some of our games and services up and running soon. However, we want to be very clear that we will only restore operations when we believe that the network is secure.

How is the SOE intrusion related to the PSN/Qriocity intrusion? Was this a second attack on SOE?
While the two systems are distinct and operated separately, given that they are both under the Sony umbrella, there is some degree of overlap in design. The attacks were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation into the criminal attack in April.

How is SOE planning to notify customers whose data may have been stolen?
We are sending out customer service notification emails to the email addresses we have on file for the accounts that were affected. These emails will be sent by Innovyx, our third party email distributor, and contained either 'soe.innovyx.net' or 'soe.sony.com' in the sender field.

SOE initially thought no data was extracted, what changed?
Essentially the perpetrators used sophisticated means not only to access the data, but also to cover their tracks. We committed to continue the investigation and in doing so, uncovered further information that we did not have when we initially believed the data was not stolen.

[Wayena]

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on "The Threat of Data Theft to American Consumers."

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you.


In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
1.Act with care and caution.
2.Provide relevant information to the public when it has been verified.
3.Take responsibility for our obligations to our customers.
4.Work with law enforcement authorities.

We also informed the subcommittee of the following:
•Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
•We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named "Anonymous" with the words "We are Legion."
•By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
•As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
•Protecting individuals' personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
•We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the "Welcome Back" program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.

We are working around the clock to have some PlayStation Network services restored and we'll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.

By the by, I went back and made some of these quoted statements bigger. They were a little small on my screen and I had to lean in to read them. Figured others might have the same issue.

[Jasyn]

Fascinating stuff.  Thanks for the roundup, Way.

[Wayena]

Today's non-update from SOE's facebook page:

We regret that we were unable to bring services back online today, and continue to work hard on the issue!

[Wayena]

After initially going on the record stating that Anonymous, the evangelist hacker group, had no involvement in the actual hack of the PlayStation Network (and by extension the SOE network), Sony have now pointed the finger for a different reason.

In a letter to congress, Sony has posited that the very disruptive flooding/attacks on Sony servers in retaliation for the George Hotz lawsuit was a sufficient distraction to leave a much larger window for hackers to enter Sony systems and leave undetected. Sony has suggested that had the coordinated denial-of-service attacks not happened, a compromise of their servers would have been more easily detected and possibly thwarted.

From BBCNews:

Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.

In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous.

Denial-of-service attacks take servers down by overwhelming them with traffic.

The online vigilante group has denied being involved in the data theft.

Sony said that it had been the target of attacks from Anonymous because it had taken action against a hacker in a federal court in San Francisco.


In the letter to members of the House Commerce Committee, Kazuo Hirai, chairman of Sony Computer Entertainment America, defended the way that his company had dealt with the breach.

Sony discovered a breach in its Playstation video game network on 20 April but did not report it to US authorities for two days and only informed consumers on 26 April.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," the letter said.

http://eq2wire.com/2011/05/05/sony-anonymous-didnt-hack-us-but-made-it-easy/#more-9021

[Wayena]

From Consumerist.com:

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.

[Wayena]

From EQ2wire.com:

Although SOE games and services remain offline, readers have noticed some curious changes.

Most obvious is that http://www.EverQuest2.com/ and http://www.SOE.com/ are no longer resolving correctly and presenting an error message. The secure version of https://www.SOE.com/ (notice the additional 's') is however online and presenting the same updates we were provided with yesterday.

UPDATE: http://www.SOE.com is now resolving properly to https://www.SOE.com/.

As there has been no announcement from SOE about what the steps will be for users to change their passwords, login, secure their accounts, and start playing again (indeed SOE communication has been nothing short of atrocious — perhaps due to the stipulations of lawyers), it's unclear what conclusions we should draw from some servers being accessible while others are not. Is this a sign that things are about to open back up, or just a sign that SOE platform aren't properly securing websites in preparation for the service restoration?

Shabutie did some checks of the DNS information present on different SOE game websites (FreeRealms.com, EverQuest2.com, etc.) and has noticed that they no longer all point to SOE's main website. This may indicate that things are opening up soon, but without confirmation from anyone at SOE, all we can do is guess.

Although Facebook and Twitter remain mum (their last update was 12 hours ago), maybe today's the day? Although 4 days is not a terribly long outage considering the complexity of the security breach, the lack of communication has really exacerbated this and made the outage feel a lot longer than it has been. More as we have it...

[Wayena]

Another attack on Sony coming this weekend? I hope not. I'm jonesing for my fix as it is and Dungeon and Dragons Online (while a nice diversion) just isn't cutting it.

From EQ2wire.com:

When I first encountered this story, I had little interest in reporting it at all. A blogger, however well-intentioned, taking the ramblings of a few script kiddies in an IRC chatroom seriously and posting it as a "CNET Exclusive" seems hardly newsworthy. Journalistic integrity must have some minimum standard. We report things all the time which aren't from SOE or a press release, but they have SOME basis in fact.

However the story that an attack is planned for this weekend seems to have gotten some traction and is now making the rounds and being quoted by larger news organizations as "reported by CNET". So we feel we should address it.  Erica Ogg, CNET blogger, has posted an article positing that a third attack on Sony services is being planned for this weekend.

A group of hackers says it is planning another wave of cyberattacks against Sony in retaliation for its handling of the PlayStation Network breach.

Her source?

An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.

Blogging without sources or attribution is just speculation and should be taken as such. The article reads as if the information has been confirmed with secondary sources. It hasn't.

[Wayena]

From SOE's Facebook page as of 9:13 pm EDT:

We wanted to let you know that our games will not be up this weekend. We are working around the clock to get our services back up and running soon. Thank you for your continued patience and support.

[Wayena]

TOKYO, May 7 (Reuters) - Sony said on Saturday it had removed from the Internet the names and partial addresses of 2,500 sweepstakes contestants that had been stolen by hackers and posted on a website, and said it did not know when it could restart its PlayStation video games network.     The company, under fire since hackers accessed personal data from about 100 million user accounts of its PlayStation Network and PC-based online gaming services, said in a statement details posted on the inactive website also included three unconfirmed e-mail addresses.

The data came from customers who entered a 2001 product sweepstakes contest. The list did not include information on credit cards, social security numbers or passwords.

"The website was out of date and inactive when discovered as part of the continued attacks on Sony," Sony said, adding that the company took the website down shortly after finding out about the postings on Thursday.     Sony Chief Executive Officer Howard Stringer apologised on Friday to users of the firm's PlayStation Network and other online services, breaking his silence on the massive data breach.     The company said last Sunday that it would begin restoring services within the week but a spokeswoman said on Saturday this would not be possible, and that no date had been fixed for when services would resume.



The incident may prove to be a significant setback for a company looking to recover after being outmanoeuvred by Apple in portable music and Samsung Electronics in flat-screen TVs.

In video games, it faces a tough fight with Nintendo's Wii game console and Microsoft's Xbox.

"This wait is becoming so tedious. I know there needs to be a lot of testing, but it is really getting annoying. I am seriously considering changing to the Xbox," said message posted by a user called Cryonic UCX on the U.S. PlayStation blog.

"I LOVE my PlayStation, but Sony is not doing well in the online. Sony, you need to step your game up!"

On Friday, Sony shares ended 2.3 percent lower in a broader market down 1.5 percent, extending its total losses to about 6 percent since it revealed the breach. The Nikkei is up around 3 percent over the same period.

Sony issued its first warning on the PlayStation break-in a week after it detected a problem with the network on April 19, infuriating many users around the world. Sony said it needed time to work out the extent of the damage.

The hackers have not been identified, but Internet vigilante group Anonymous, which had claimed responsibility for previous attacks on Sony and other corporations, denied it was behind the data theft. [ID:nN05150202]

The group's statement came after Sony said Anonymous was indirectly responsible for the attack on the company.

Sony, which is set to report its annual earnings on May 26, has yet to specify the financial effect of the network breach. (Reporting by Isabel Reynolds, Chisa Fujioka; Editing by Nick Macfie)

[Wayena]

Sony misses promised PlayStation Network and Qriocity restoration date, begs for more patience
By Darren Murph posted May 7th 2011 3:18AM

Whoops. If you'll recall, Sony held what can only be described as an emergency press event in Japan a week ago in order to issue a number of assurances about the resumption of service as it relates to the PlayStation Network and Qriocity. Seven days later, things are still as dead as they were pre-Cinco de Mayo. This evening, the company's Senior Director of Corporate Communications Patrick Seybold punched out a quick update to let the world know that they could actually leave the house and find something else to entertain 'em -- like it or not, PSN isn't coming back online today. The reason? On May 1st, Sony was apparently "unaware of the extent of the attack on Sony Online Entertainment servers," and now, it's spinning its wheels in order to restore security on the network and "ensure" that user data is safe. Mr. Seybold seems to understand that you're overly anxious about getting back into the swing of things, and he's even going so far as to ask your trust that Sony's doing "everything [it] can" to get the lights blinking once more. Oh, and if you were planning on visiting that source link just to find the new ETA... don't. Sony's planning to update you "as soon as it can."

[Anaris]

Yeah the gossip that's been going around in the guide forums is that SOE probably won't be up and running till the end of May, so give it another two weeks or so...

In the meantime, a lot of the roleplayers are taking refuge in www.raven-mythic.com where there's been a few chat rooms set up for people to communicate as well as the forums.

[Wayena]

Although we are unsurprised — restoration of services even by the end of the week now seems unlikely — we bring you the latest news from SOE's Facebook page as of May 9, 1:55 p.m. PDT:

SOE services will remain offline today. We continue to work diligently to bring things back as quickly as possible and appreciate your continued patience.

[Wayena]

May 11th Facebook update:

All SOE games and sites are still offline as of May 11th and will not return today. Thank you again for your continued patience and support as we diligently work on these issues. All houses requiring rent will have one month added free to help offset any costs incurred during this outage. More information on SOE's "Make Good" plan to come!"

[Wayena]

May 12, 2011

We thank you for your patience as we continue to work around the clock to restore our game services. We know this has been a frustrating time for you and appreciate your understanding as we work to confirm the security of our network.

In light of the recent outage of Sony Online Entertainment's game services due to April's cyber-attack, we are committed to compensating our loyal player base for the inconvenience caused by the data breach and lost game time while we improve our security measures.

We are currently in the process of an extensive upgrade to our network to further protect your information from future attacks. It will likely be at least a few more days before we restore our services, and when we come back online, here is what you can expect for each of our game services.

First and foremost, all impacted players will receive 30 days of game time added to the end of the current billing cycle in addition to one day for each day the system is down. Additionally, many games are offering a variety of in-game items and special events to welcome players back once our services resume (per the outline below). This is true for both PC and PlayStation®3 computer entertainment system based products.

» DC Universe™ Online: Batman™ and Two-Face™ Inspired Masks and 30 Marks of Distinction
» Free Realms®: Free daily items (7 to collect)
» Clone Wars Adventures™: Count Dooku v2 Outfit
» EverQuest®: A series of events, including Double XP, Double Rare Mob Spawns and Double Faction Gains
» EverQuest II and EverQuest II Extended: A series of events, including Double XP, Double Guild XP, Loot Bonanza, and City Festivals
» Vanguard: Saga of Heroes®: A series of Double XP events
» Star Wars Galaxies™: Bounty Hunter Statue, a miniature model of Boba Fett's ship, the Slave I™
» Magic: The Gathering – Tactics™: Four of each of these spells: "Ivory Mask", "Duress" and "Angelheart Vial", plus 500 Station Cash
» PoxNora®: Limited edition Carrionling, Welcome Back 5K Gold Award Tournaments and two Draft Tournaments, plus 500 Station Cash


For our lifetime subscribers, we'll grant in-game currency; specifically 20,000 coins for Free Realms, 7,500 Galactic Credits for Clone Wars Adventures and 10 Marks of Distinction for DC Universe Online (in addition to the items listed above).

And finally, our Station Access subscribers will receive 500 Station Cash, in addition to the subscription time and items listed above.

Additionally, we announced today that SOE will provide its U.S.-based Station Account holders with complimentary enrollment in an identity theft protection program through Debix, one of the industry's most reputable identity protection firms. For Station Account holders who live outside the U.S., SOE will be offering similar programs, if and as available, and will provide details as they're confirmed for each country or territory.

We continue to work around the clock to restore SOE's services and thank you for your continued patience as we complete our investigation of this criminal attack.

Thank you,
Sony Online Entertainment

[Lyrima]

wow.  Can't say they aren't trying, huh?

[Titia]

Well it's either that or facing a PR nightmare (as if it wasn't already the case, come to thing about this) and closing shop. Sony has often been criticized for not compensating important downtimes in the past.

[PinkRose]

Do remember though, that other then the extended time added to the accounts, the rest is just pixels.
They could offer a Billion Sony Cash to everyone and it doesn't actually effect their bottom line.