How to Make a Playstation 3 Network Account
How the PlayStation Network was Hacked
This site may earn affiliate commissions from the links on this page. Terms of use.
After 7 days of speculation-ridden downtime, Sony has finally announced that the PlayStation Network (PSN) outage was due to a massive hack that exposed the names, birthdays, email addresses, passwords, security questions, and maybe credit card details, of all PSN users.
At first, the most likely explanation for the PSN's downtime was a continuation of Anonymous's DDoS reprisal for Sony's persecution of PlayStation 3 jailbreaker, George Hotz (geohot). Then, as the outage extended past a few days, and Sony announced that it was "rebuilding" its network due to an "external intrusion," it became apparent that this was much more than a simple, brute force denial of service attack. Today's announcement by Sony confirms that the PlayStation Network's security mechanisms were fully circumvented, and that at least one of its most sensitive databases was breached and accessed sometime between April 17 and 19.
How was the PlayStation Network hacked, though? Ironically, for security reasons, and because Sony is historically very tight-lipped on such matters, we will probably never know the exact attack vector — but we can certainly make some well-educated guesses about how the PlayStation Network was hacked. First, given its proximity to Anonymous's recent attacks, it's likely that the database breach is somehow related. It's safe to assume that Anonymous could have learned about a weakness in the PSN's security mechanisms, and then passed that data on to another group of hackers — and from there, if the hole was big enough, the attackers might have been able to simply step right in with an SQL injection attack.
The other alternative is the recent release of a custom PlayStation 3 firmware build called Rebug, which effectively turns a PS3 into a developer unit and activates a slew of features that consumers can not normally access. Most significantly, though, the Rebug firmware gives your console trusted access to Sony's internal developer network. There are reports that once you're on the internal, trusted network, a whole range of new hacks became available, including the use of faked credit card details on the PlayStation Network.
With the custom firmware installed, it's possible that customer details database — the one that was breached — became easily accessible. It's possible that Sony's security mechanisms simply didn't account for an internal attack from a trusted network — and indeed, you can't create a functional network without having some trusted agents.
Beyond the hack itself, the other shocking piece of news is that PlayStation Network passwords were exposed. Judging by how long it took the PS3 to be jailbroken — it lasted much longer than its contemporaries, the Xbox and Wii — we have to assume that Sony knows a thing or two about security, but why then were PSN passwords apparently stored in plain, human-readable text? Heck, why were email addresses, personal details, and credit card details also stored in unencrypted form? While it might be impossible to fully prevent unauthorized access to a system, it's very simple to encrypt data in a way that both secures user privacy, and makes it almost valueless to any would-be hackers.
Moving forward, there's no indication of when the PlayStation Network will return. Sony has warned its users to look out for mail or telephone scams, and to lodge a "fraud alert" with credit bureaus like Experian and and Equifax, which should prevent your credit card from being used by the hackers. If you're a PlayStation Network user, check the PlayStation Blog for more information.
As we move towards a lifestyle that is dominated by cloud-based services like Gmail, Steam, Xbox Live, and Netflix, these attacks will become more and more commonplace. It's infinitely convenient to have your data all in one place and accessible from any net-connected computer — but likewise, these services represent the juiciest imaginable hacking target. A large database of email addresses is worth millions if sold to a spam baron!
If Sony can be hacked — if one of the largest technology companies in the world can be breached — we can only hope that other companies are watching and learning from its mistakes.
How to Make a Playstation 3 Network Account
Source: https://www.extremetech.com/gaming/84218-how-the-playstation-network-was-hacked
0 Response to "How to Make a Playstation 3 Network Account"
Post a Comment