Tuesday, May 10, 2011

Sony’s letter to Congress provides timeline for PlayStation Network breach

Late last week, a Congressional subcommittee sent a letter to Sony's second-in-command Kaz Hirai pressing him for more answers to the massive PlayStation Network security breach. Today, Hirai has responded with an eight-page letter that not only addresses each of the subcommittee's questions one-by-one but also provides some more details into the Sony Online Entertainment breach and volleys a not-so-subtle jab at Anonymous, a hacking group he calls "conspirators or... simply duped into providing cover for a very clever thief." Yeah, it's a great read. The biggest takeaways and a full timeline of events after the break.

A Timeline of Events

Tuesday, April 19 at 4:15PM PDT: Sony Network Entertainment America network team noticed several PSN servers in the San Diego, California data center re-booting when they weren't scheduled to do so, and that "unplanned and unusual activity was taking place on the network." Four servers were taken offline and an internal assessment began on the quartet. This continued through the evening.
Wednesday, April 20th: SNEA expanded the internal team to continue assessment of these four servers. By early afternoon, it discovered "the first credible indications that an intruder had been in the PlayStation network systems" and identified six more servers that might've been compromised. Additionally, there was "evidence that indicated an unauthorized intrusion had occurred and that  data of some kind had been transferred off the PlayStation Network servers without authorization," but it was unable to determine exactly what type of data has been transferred.
Later that afternoon, SNEA retains a "recognized security firm and forensic consulting firm to mirror the servers to enable forensic analysis to begin." The letter here notes that many hours were needed to simply mirror the servers — by the afternoon of Friday, April 22nd, nine of the 10 servers were completely mirrored.
Thursday, April 21st: A second "recognized computer security and forensic consulting firm" was brought in to assist.
Friday, April 22nd: SCEA's general counsel provided the FBI with information about the intrusion. "The forensic experts that Sony Network Entertainment America had retained had not determined the scope or effect of the intrusion at the time the FBI was contacted. A meeting was set up to provide details to law enforcement" for Wednesday, April 27 — five days later.
Saturday, April 23rd: Forensic teams confirm that intruders had managed to "obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers." deleted log files to hide the extent of their work. The PlayStation Blogblames the downtime on an "external intrusion."
Sunday, April 24th (Easter): Now that Sony "knew it was dealing with a sophisticated hacker," it retains yet another firm. "Specifically, this firm was retained provide even more manpower for forensic analysis... and, in particular, to use their special skills to determine scope of the data theft."
Monday, April 25th: Sony is able to confirm "the scope of the personal data that they believed had been taken but could not rule out whether credit card information had been accessed." Sony still could not determine if credit card information had been accessed — "while no evidence existed... we ultimately could not rule out that possibility entirely based on the reports of the forensics team."
Tuesday, April 26th: Sony makes its first public announcement, outlining what was taken and warning that credit card information might have been compromised. Seeing million or so fingers pointed in its direction, hacker collective Anonymous denies responsibility ("For Once We Didn't Do It"). SNEA notifies "applicable regulatory authorities" in New Jersey, Maryland, and New Hampshire of the criminal intrusion. Sony says some services are expected to be restored "within a week," which would've been May 3rd.
Wednesday, April 27th: SNEA notifies the regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia, and Puerto Rico. The PlayStation Blog publishes its first Q&A followup.
Thursday, April 28th: Q&A number two for the PlayStation Blog. It's revealed both theDepartment of Homeland Security and FBI are investigating.
Friday, April 29th: The US House of Representatives' Subcommittee on Commerce, Manufacturing, and Trade — send a letter to Hirai along with a list of questions and concerns.
Saturday, April 30th: Sony announces a press conference for the following day.
Sunday, May 1st: Kaz Hirai holds an afternoon press conference in Tokyo to outline what portions of the PlayStation Network will be restored this week and do introduce the forthcoming "Welcome Back" program. The investigation brings light that Sony Online Entertainment was also breached.
Monday, May 2nd: SOE servers are shut down. Later that afternoon, the company issues a press release announcing the extent of the breach.
Tuesday, May 3rd: Blueberry pie! No, not really.
Wednesday, May 4th: Hirai sends an eight-page response to Congress.

No comments:

Post a Comment