May 5, 2011

3 Strikes And Sony's Out

May 5, 2011. Tokyo. With their recently typical style of delay and deny, Sony Corp. may have, sort-of, confirmed the breach of its digital security for yet a third time in less than a year.

In the beginning of January, hackers had not only broken into the Sony PS3 system, but had gained full control of it and published its ‘root key’ on the internet. The ‘root key’ would allow developers to create and sign their own apps as authentic. After a period of silence on the part of Sony, the company finally released a statement. “We are aware of this, and are currently looking into it” Sony advised, “We will fix the issues through network updates. But because this is a security issue, we are not able to provide you with any more details”.

In response, the hacker group fail0verflow told the BBC, “The complete console is compromised – there is no way back. The only way to fix this is to issue new hardware. Sony will have to accept this”.

Within a few short months, Sony announced that it shut down its Sony Online Entertainment division in an emergency response to a data breach that occurred sometime between April 17 and April 19. In the theft, Sony lost the personal customer information for 24.6 million of its users, including the credit card and debit card information of 23,000 people.

According to the company, the financial information dated back to 2007 and was limited to its customers in Europe and Japan. In a trickle of responses from Sony Corp., the company also said it was moving their network infrastructure and data center to a new, more secure location. They also confirmed that they are in talks with law enforcement officials who are treating the breach as a theft.



Then on Monday May 1, Sony officials announced that its secure and protected PS3 system was being taken completely off-line due to a data breach that was discovered the previous evening. Company representatives announced that they had just been made aware of the theft of tens of thousands of credit card and debit card accounts.

Word spread fast throughout the world’s tech and financial communities and over then following two days, Sony stock dropped three percent, adding to a 25% loss in company value over the previous six weeks.

Finally, and in complete contrast to their announcements on Monday, Sony officials clarified that there was no third breach. Company executives were referring to the mid-April theft of their customers’ financial information, which according to them, they had only been made aware of the previous day.

Huh?

After requests for further clarification, Sony was reported to have released the following statement two days ago, "While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps. The intrusions were similar in nature. This is NOT a second attack. New information has been discovered as part of our ongoing investigation of the external intrusion in April".

Unfortunately, Sony has already forgotten, or buried, any knowledge of the fact that their entire PS3 system was compromised and in the hands of hackers as of six months ago. And while they continue to use terms such as “intrusions”, they also insist there was only one single breach. When Sony finally gets their story straight, we at Whiteout Press will revisit the story and give our readers an update. However with an estimated $24 billion liability on their hands and at the rate their stock price and company value is plunging, there may not be a Sony left to report on.



SUBSCRIBE