chicot60
04-27-2011, 10:52 AM
By Christopher Williams, Technology Correspondent
The breach of the PlayStation Network by hackers already stands as one of the most significant security failings in internet history and raises serious questions for Sony.
Although the firm is careful to say there is no evidence credit card data was stolen, it equally admits that it “cannot rule out the possibility”.
Even the possibility that more the 70 million PlayStation owners’ financial details are now in the hands of cyber criminals elevates the incident to the most serious level. The huge volume of other personal data that Sony says was taken is bad enough.
"This is certainly among the biggest data breaches of its type, both in terms of the number of people affected globally and the negative publicity it is likely to attract," said George Campbell, a technology lawyer at McGrigors.
When Sony first admitted there had been an “external intrusion” of the PlayStation Network on April 23, speculation centred on claims that the culprits may have been Anonymous, the online activist collective best known for its denial-of-service attacks in support of WikiLeaks.
Anonymous had criticised Sony for its legal attack on George Hotz, a 21-year-old American who broke digital locks on the PlayStation to allow it to run unauthorised software. The activists, so the speculation went, must have attacked the PlayStation Network to teach Sony a lesson.
Related Articles
Millions of web users hit by Sony PlayStation data theft
Such conspiratorial claims now seem outlandish. Security experts agree it is much more likely that Sony was targeted by professional cyber criminals, for whom stolen personal data – especially credit card data – is stock in trade.
Online service providers are under constant treat from these criminal hackers. Their attacks on big firms like Sony virtually always fail, but the potential rewards are high enough to keep looking for a way in.
Though estimates of the size of this global black industry vary wildly, all agree it is measured in the tens of billions of dollars and headquartered in eastern Europe.
Sony has not released any technical details of how the PlayStation Network was breached and, if previous breaches at other firms are anything to go by, will only do so if required by a court. Fear of revealing information that could be useful to future attackers is understandably endemic in computer security departments.
But the fact will remain that any system connected to the internet is a potential target for cyber criminals, and a system to which more than 70 million people have submitted credit card data is one of the juiciest.
Sony faces serious questions though about its security practices. Even if it transpires no credit card data was stolen, password files were, and for years experts have called for them be strongly encrypted so that even if they are taken they will be useless.
If nothing else, this incident will go down in internet history as the first major hacking of a consumer “cloud” service. Such services, which store and serve up data and software centrally rather than on home computers and are predicted to become the norm, but Sony’s experience shows they bring major risks for users and providers alike.
http://www.telegraph.co.uk/technology/sony/8476241/PlayStation-hack-serious-questions-for-Sony.html
The breach of the PlayStation Network by hackers already stands as one of the most significant security failings in internet history and raises serious questions for Sony.
Although the firm is careful to say there is no evidence credit card data was stolen, it equally admits that it “cannot rule out the possibility”.
Even the possibility that more the 70 million PlayStation owners’ financial details are now in the hands of cyber criminals elevates the incident to the most serious level. The huge volume of other personal data that Sony says was taken is bad enough.
"This is certainly among the biggest data breaches of its type, both in terms of the number of people affected globally and the negative publicity it is likely to attract," said George Campbell, a technology lawyer at McGrigors.
When Sony first admitted there had been an “external intrusion” of the PlayStation Network on April 23, speculation centred on claims that the culprits may have been Anonymous, the online activist collective best known for its denial-of-service attacks in support of WikiLeaks.
Anonymous had criticised Sony for its legal attack on George Hotz, a 21-year-old American who broke digital locks on the PlayStation to allow it to run unauthorised software. The activists, so the speculation went, must have attacked the PlayStation Network to teach Sony a lesson.
Related Articles
Millions of web users hit by Sony PlayStation data theft
Such conspiratorial claims now seem outlandish. Security experts agree it is much more likely that Sony was targeted by professional cyber criminals, for whom stolen personal data – especially credit card data – is stock in trade.
Online service providers are under constant treat from these criminal hackers. Their attacks on big firms like Sony virtually always fail, but the potential rewards are high enough to keep looking for a way in.
Though estimates of the size of this global black industry vary wildly, all agree it is measured in the tens of billions of dollars and headquartered in eastern Europe.
Sony has not released any technical details of how the PlayStation Network was breached and, if previous breaches at other firms are anything to go by, will only do so if required by a court. Fear of revealing information that could be useful to future attackers is understandably endemic in computer security departments.
But the fact will remain that any system connected to the internet is a potential target for cyber criminals, and a system to which more than 70 million people have submitted credit card data is one of the juiciest.
Sony faces serious questions though about its security practices. Even if it transpires no credit card data was stolen, password files were, and for years experts have called for them be strongly encrypted so that even if they are taken they will be useless.
If nothing else, this incident will go down in internet history as the first major hacking of a consumer “cloud” service. Such services, which store and serve up data and software centrally rather than on home computers and are predicted to become the norm, but Sony’s experience shows they bring major risks for users and providers alike.
http://www.telegraph.co.uk/technology/sony/8476241/PlayStation-hack-serious-questions-for-Sony.html