Sony executives say that the people responsible for the attack that forced the company to shut down its PlayStation Network and other services and compromised data belonging to 77 million customers were “very professional, highly sophisticated” criminals who were able to infiltrate several of the company’s servers and remove an unknown amount of data.
In a letter to the House Commerce Committee, Kazuo Hirai, chairman of the board of Sony Computer Entertainment America, said that the company first discovered the attack on April 19 when some of its network engineers saw that some of the PSN servers were spontaneously rebooting. The company’s security team began investigating the intrusion, and soon discovered that some data had been stolen, but couldn’t determine how much or what kind of information was taken.
What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” he said in the letter.
The attackers, whom Sony has not identified yet, were able to steal information from every one of the 77 million PSN accounts, Hirai said. “Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen,” the letter says.
Hirai, who was responding to questions about the PlayStation Network attack from the committee’s chairman, also said that the attack and another potentially related intrusion that the company discovered on May 1 may be the work of the collective known as Anonymous.
When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of the servers named ‘Anonymous’ with the words ‘We are Legion.’ Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous; Hirai wrote in the letter.
Sony didn’t notify the FBI, which is investigating the attack, about the incident until three days after ot was first discovered, on April 22. The company publicly disclosed the attack and the data theft on April 26, a week after it was discovered internally.
Hirai says in the letter that at the same time that the attackers were prowling around the company’s PSN servers and exfiltrating data, Sony also was being targeted by a series of DDoS attacks. Those attacks not only were causing problems on Sony’s network, they also were distracting the company’s security team and may have prevented the company from discovering the PSN intrusion sooner.
Details on exactly how the unnamed attackers were able to get into Sony’s network are still scarce, but Hirai said in the letter that the attackers exploited a system software vulnerability and took care to cover their tracks by erasing log files and taking other common precautions.
Following the attack on the PSN network, Sony took the entire network offline and has not yet brought it back up.