Intrusion Forces PlayStation Network Offline

PlayStation Network Hacked – Updated 04/24 8:55AM

After being offline for a majority of the last three days, Sony has come forward with an update regarding the status of its PlayStation Network, the platform that connects millions of PlayStation users for online play and content.

After a period of silence, and keeping millions of gamers itching to get answers on when they’d be back in action with online play, a Sony representative posted a note on Friday night, saying that its systems had suffered from an external intrusion that has affected the PlayStation Network and Qriocity services. (Qriocity is Sony’s streaming music and video service.)

The intrusion doesn’t appear to be what knocked out the service however, as Sony said it purposely “turned off the PlayStation Network & Qriocity services” on Wednesday night so it could conduct an investigation.

On Thursday, April 21, Patrick Seybold, Sr. Director, Corporate Communications & Social Media at Sony Network Entertainment, posted a generic message online, saying no more than, “We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.” Seybold later posted a update, letting gamers know they shouldn’t get their hopes up for a quick return to service. In that note, Seybold said, “While we are investigating the cause of the Network outage, we wanted to alert you that it may be a full day or two before we’re able to get the service completely back up and running.”

On Saturday night, Seybold posted another update, saying that Sony was working around the clock to bring the systems back online. “Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security,” Seybold wrote in a blog post.

While it’s not known who is responsible for the intrusion, many were initially pointing fingers at Anonymous, the “Hacktivist” group that gained much visibility over Wikileaks and music industry related attacks. The group had recently targeted Sony Web properties with DDoS attacks in response to a lawsuit that Sony had filed against Georg Hotz, an American hacker who discovered how to unlock (jailbreak) the PlayStation 3 console’s operating system.

Sony argued in the suit that Hotz breached the Digital Millennium Copyright Act and other laws after he published an encryption key and software tools online to enable other PlayStation “unlock” their consoles, something that also may enable users to play pirated copies of games. Sony and Hotz agreed to a settlement on March 31, 2011. Hotz’s motion to dismiss for lack of personal jurisdiction was still pending before the federal court in San Francisco but a preliminary injunction was issued requiring Hotz to take down the postings challenged by SCEA.

But the Anonymous group says it’s not behind this week’s outage, saying, “For Once We Didn’t Do It.” In a post to the site the group uses to update the world on its latest initiatives, the group wrote, “While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it. A more likely explanation is that Sony is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact the outage is actually an internal problem with the companies servers.”

The details of the intrusion are unclear at this point, and Sony has not provided any additional information, including if any user data was compromised in the event. We have reached out to Sony for comment and have not heard back. SecurityWeek will continue to provide additional details as we gather more information.