May 27, 2011 03:29pm ESTBy Mark Hachman
Sony will testify at a House privacy hearing on June 2, after earlier refusing to appear. In a letter to lawmakers, Sony also provided more details about the attacks.An aide for Rep. Mary Bono Mack (R-Calif.), chairwoman of the House Energy and Commerce Committee's subcommittee on Commerce, Manufacturing, and Trade, said Friday that Sony has agreed to testify next week, joined by representatives from Epsilon, itself the victim of a date breach in April.In a letter sent Thursday to Rep. Bono Mack and other lawmakers, Kazuo Hirai, the chairman of Sony Computer Entertainment, also said that Sony's investigation continues. Sony said previously that the company would not appear until its own internal investigation had been settled. "Sony was under attack" at the time, Hirai explained, and that it had been "critically important" that key personnel were available to address the critical issues of the breach."As yet, we do not know who was responsible for the intrusion; nor do we know precisely the amount of information that was taken; nor do we know with certainty the number of users whose data was actually affected," Hirai wrote. "These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks. Some aspects of the intrusion may never be known. To date, however, there is no evidence that credit card information was taken."Now, with the PlayStation Network coming back online in Asia and in the United States, the company has moved on. The company's PlayStation blog, for example, has returned to game-related posts; on Friday, the company announced its first official PlayStation 3 headphones.Now, Sony can begin addressing the governments which began raising questions about the breach at the end of April."While Chairman Bono Mack remains critical of Sony's initial handling of the data breaches, she also is appreciative that the company has now agreed to testify," Ken Johnson, an aide to Rep. Bono Mack, said. "The Chairman firmly believes that the lessons learned from both the Sony and Epsilon experiences can be instructive and guide us as we develop comprehensive data protection legislation. We expect to introduce that legislation, which will provide new safeguards for American consumers, in the next few weeks."Hirai explainsHirai began by indirectly tying the hacker group "Anonymous" to the attacks, although representatives for the group, a loose collective of individuals, have denied responsibility.Initially, Anonymous openly called for and carried out massive "denial of service" attacks against numerous Sony internet sites in retaliation for Sony Computer Entertainment America bringing an action in Federal Court to protect its intellectual property," Hirai wrote. "The bulk of those attacks were targeted at services offered by Sony Network Entertainment America (SNEA) and Sony Online Entertainment (SOE). Many of the attacks lasted for several days. We now know that at some time during or shortly after those attacks, one or more highly skilled hackers infiltrated the servers of SNEA and SOE."However, Hirai also added that the company has not ben able to identify the individual or individuals responsible for the breach.Four servers were initially isolated as possibly hacked, and then the entire system was shut down as other abnormalities were discovered. The delays, Hirai explained, were due to the problems in mirroring the affected data to preserve evidence. Sony also said that it would be reluctant to reveal technical details publicly, as they could be used to attack other systems or Sony's own.Sony said that it was unable to determine conclusively what information was taken, so it assumed each of the 77 million accounts on the network could have been compromised. As part of the process to resuming PlayStation Network services, users were required to change their password as part of a new firmware release .But Sony said that it didn't believe each account was accessed, rather a master database containing account information was skimmed. "Available evidence suggests that a database containing personal information for every account was accessed and that an attempt was made to take information from certain data fields in that database," Hirai wrote.Hirai said that Sony knew that street address, login/password information, and online ID information was accessed, but not that it was actually removed from the servers. On May 1, Sony noticed that SOE data had also been compromised, he said, putting 26.4 million more accounts at risk. Sony believes that the same group is responsible for both attacks, he said.Sony also said that it has put new security measures in place."In light of this, SNEA and SOE now have an ongoing program of updating technology, continual testing of their security systems, review of external threats, and cooperation with law enforcement to provide a safe enviro nment for customers," Hirai added. "SNEA was in the process of putting in place several key security measures (as set out in my May 3 response) before the attacks occurred; SOE had already taken a variety of steps in a multilayered approach to securing its network prior to the attack. In light of the sophistication of the attack, each company has made further refinements to its overall network security including new intrusion detection methods, policy changes, additional firewall protection, and more in-depth application testing prior to deployment.""Official wireless stereo headset"In a more lighthearted announcement, Sony also said that it has announced the official PS3 Wireless Stereo Headset, for $99, complete with a wireless USB adapter."Many more of your favorite franchises, such as Killzone and Gran Turismo, were also designed for surround sound audio," Sony wrote in a blog post. "Featuring 7.1 virtual surround sound, the Wireless Stereo Headset lets you hear all the minor in-game audio clues clearly, whether you are in a firefight in a first-person shooter game or racing for the checkered flag."
iAutoblog the premier autoblogger software
No comments:
Post a Comment