Tuesday, June 7, 2011

Sony Hacked Once More, Deja Vu All Over Again

Sony today suffered another security breach, adding to its problems as the company struggles to restore consumer confidence after a string of hacker attacks.

The hacking group LulzSec posted 54-megabytes of what it says is developer source code to its website, along with exposing Sony BMG internal network maps.

Also, Sony Pictures Russia today suffered an apparently unrelated SQL injection attack, and a hacking group known as "The UnderTakers" claims it defaced Sony Music Brazil. Both sites are now offline.

"Our latest goal is 'Hack Sony 5 Times', so please find enclosed our 5th Sony hack," wrote the hacking group on the Pirate Bay website.

"Enjoy this 54MB collection of SVN Sony Developer source code. That's hackers 16, Sony 0. Your move!"

After posting the BMG network maps LulzSec amended its goal, stating it now aims to attack Sony six times.

The group is well on its way to achieving its ambitions. LulzSec claims responsibility for the recent SQL injection hack against Sony Pictures that compromised over 1 million user accounts and exposed 7,000 music codes and 3.5 million coupons. LulzSec says the data it exposed was unencrypted and easy to uncover.

Sony has now suffered over a dozen attacks since the initial and most massive breach, when unknown hackers compromised over 100 million user accounts from April 16 to 19. Since then, a series of smaller attacks have crippled the company's attempt to restore both its systems and consumer confidence.

On May 5, anonymous hackers published old sweepstakes information, then stole $1,225 in online Sony game points eleven days later. On May 18, just as Sony was getting ready to restore its online systems after a month of outages, hackers targeted its password reset tool. Then from May 25 to 26, hackers compromised Sony sites in Greece, Canada, Indonesia and Thailand.

While no one has claimed responsibility for the initial and most massive attack, several hacking groups including Anonymous, Idahc, The UnderTakers and LulzSec have openly declared their parts in the smaller hacks.

It's still unclear exactly why hackers are ripping Sony apart. Anonymous says it initially perpetrated denial of service attacks against the company for suing one of its members, who had posted online instructions on how to root one's PS3.

Whatever the reason for its misfortune, Sony is paying for the legal and financial consequences. The company is neck-deep in lawsuits and investigations, plus having to testify before Congress and submitting to a subpoena. Sony is also offering free games and services to its angry customers, plus providing free credit card monitoring and insurance policies up to $1 million in case of identity theft.