Hackers turn PlayStation into pay station

May 10, 2011
Hackers turn PlayStation into pay station
Professor Engin Kirda assesses the impact of an attack he said represents the “largest loss of private information to date.” Credit: Mike Mazzanti

In late April, a hacker crippled Sony’s PlayStation Network by stealing the names, home addresses and perhaps even the credit card numbers of some 70 million subscribers, who play and download games through the online service.

Engin Kirda, an associate professor with joint appointments in Northeastern’s College of Computer and Information Science and Department of Electrical and Computer Engineering, assesses the impact of the attack he said represents the “largest loss of private information to date.”

How easy is it to hack into a network, like Sony’s, and steal personal information? How difficult is it to combat?

Although we have recently seen very sophisticated attacks against security companies such as RSA, Comodo, and HBGary, most of the successful attacks are still quite simple in nature. In many cases, a simple programming mistake on a company’s website can lead to complete compromise over time.

Attackers typically proceed step by step. For example, they might first compromise the web server and then move on to attack other critical components, such as databases and mail servers. Many attacks today also use so-called "social engineering" techniques. Like phishing attacks, a user might be tricked into downloading and installing malicious software, which can then help the attackers gain access to sensitive data.

To my knowledge, it is not very clear what vulnerability or technique the attackers used to break into Sony's systems. In any case, we have witnessed the largest loss of private information to date.
 At Northeastern, my security group is working on techniques to automatically detect vulnerabilities in software systems in order to prevent attacks. We are also looking at how social engineering attacks work effectively in practice, and why users often fall for such attacks.

The PlayStation Network has been down for almost three weeks after Sony promised that it would be back online within a day or two. Why is it taking so much longer than expected?

It is not easy to say why things are taking time to fix without having knowledge of the internal discussions at Sony. My guess would be that Sony is trying to make sure that its systems are secure so that something like this does not happen again. Suffering a similar attack after the network goes back online would be very embarrassing for them.

It could also be that their systems are so complex that a quick fix is impossible. Often, bad design decisions are the hardest to fix. Some of my colleagues at Northeastern are working on the problem of designing systems in a secure way from the start.

Should users who play or download games on the PlayStation Network be hesitant to log back on? What type of impact can hackers have on the bottom line of a company like Sony?

Once the systems go back online, I would not be hesitant to log back on. Having said that, I would advise all users to change their passwords and also make sure that they have not used the same password that they used on Sony on other sites, such as Gmail or Yahoo. It has been reported that many passwords have been stolen and attackers often use stolen passwords to log on to other websites to send spam.

I would also advise Sony users to be wary of phishing attacks. The attackers are probably going to use the information they have stolen to craft authentic looking phishing e-mails. I would not be surprised if such phishing e-mail will be designed to look as if Sony has sent it. There are also reports that credit card information has been stolen. If you had your credit card information stored on the site, then it would be wise to regularly check your credit card statements.

Explore further: Sony to restore PlayStation Network by end of May

Related Stories

Sony sued over PlayStation Network hack

April 29, 2011

Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defenses and pilfered data that could potentially be used for fraud or identity theft.

Sony says 25 million more accounts hacked

May 3, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer ...

Recommended for you

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.