Who Hacked PlayStation Network: PlayStation Network Hacking Suspects
Anonymous
While noncriminal pranks are their stock in trade, the griefers of Anonymous have been on a hacktivism spree of late, staging distributed denial-of-service attacks against the corporate enemies of WikiLeaks, then famously cracking the computer security firm HBGary Federal and exposing the shady plotting of its CEO. Coincidentally, Anonymous declared Sony as its latest protest target right around the time of the intrusion. They were unhappy with Sonys lawsuit against PlayStation 3 rooter George Hotz, and unsatisfied by the settlement deal reached between Hotz and the company this month.
But spokespeople for Anonymous have denied any role in the PlayStation Network hack, and the whole flavor of the hack just isnt Anonymous style: theyve pulled intrusions in the past, but computer crime isnt their mainstay, and a stealth run through the network of a corporate giant is decidedly short on lulz.
Verdict: Probably innocent
China
Chinese hackers have been responsible for some of the most sophisticated known intrusions in recent years low-and-slow attacks against defense contractors, human rights groups and Silicon Valley bigwigs like Google. The attackers typically get in by hitting a single employee with an exploit, and then carefully expand through the network until theyve found what theyre looking for generally trade secrets, source code, or intelligence.
A list of 77 million names, dates of birth and passwords could be useful as the raw material for future attacks, but aside from that, Sonys gaming infrastructure is not a logical target for this bunch. You also wouldnt expect a professional Chinese intrusion to be detected so quickly.
Verdict: Innocent
Random Recreational Hacker
This breed still exists, though now in much smaller numbers than the professionals. The PlayStation Network would be an alluring target for a bored teenager or twenty-something who spends a lot of time grinding through multiplayer shooters to paraphrase Silence of the Lambs, you covet what you see every day. A recreational hacker might go after the user database as a trophy.
Verdict: Maybe guilty
For-Profit Cyberthief
These guys, largely concentrated in Ukraine and Russia, know databases like the backs of their hands they dream in SQL and similar, if smaller, stolen databases are bought and sold routinely over carder forums and in private transactions.
In this scenario, the credit card numbers potentially stolen in the hack arent as important as they seem. According to Sony, the CVV2 the security code on the back of card wasnt stored in the compromised database, which greatly reduces the cards usability to fraudsters. Credit cards without the magstripe data or CVV2 are among the least valuable commodities.
But combined with the other data, the database is valuable indeed. The passwords (which Sony evidently didnt bother to hash) could be a gold mine, because people have a tendency to use the same password everywhere; you can bet a big chunk of those 77 million PlayStation Network passwords will unlock everything from Facebook accounts to online banking. The e-mail addresses could be used in phishing attacks, with the fraudster using stolen details like the targets date-of-birth to increase the chances of a response. Hell, even if it were just sold as a spam list, the Sony database could draw a pretty penny.
Verdict: Probably guilty
0 Visitor Reactions & Comments:
Post a Comment