Sony Brings In Forensic Experts On Data Breaches

  /     /     /  
Publicated : 22/11/2024   Category : security

Sony Brings In Forensic Experts On Data Breaches


Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sonys servers and how they cracked the companys defenses.


(click image for larger view)
Slideshow: 10 Massive Security Breaches
Sony said that its called in three computer security and forensics firms to help investigate the data breaches that compromised the user account information of more than 100 million of its customers. The firms named by Sony are Data Forte, Guidance Software, and Protiviti.
Sony brought in some of those digital forensic investigators--and also notified the FBI about the breach--on April 22, the day after its network engineers first suspected that its systems had been breached. As the
scale of the breach
became apparent, growing to include not only the PlayStation Network and Qriocity service, but also the
Sony Online Entertainment
games service, Sony began calling in the other forensics companies.
But government officials--and not a few customers--have been critical about what they see as Sonys slow response to resolving the breach and restoring services, and political pressure is mounting. According to
Bloomberg News
, Sony has been subpoenaed by New York attorney general Eric Schneiderman, who is seeking information on what Sony told customers about the security of their networks, as part of a consumer protection inquiry.
So, what exactly are Sony and its digital forensic investigators doing, and why havent services been restored yet? My guess right now is theyre still trying, to a certain extent, to determine what happened, said Alex Cox, principal research analyst at NetWitness, which sells network-monitoring appliances. When you talk intrusion analysis and breach analysis, its a pretty specialized skill set and typically one that companies dont have internally. Because hopefully, its infrequent enough that people dont need to have their own internal teams. But the fact that Sony is bringing in outside help tells me that they dont have the staffing.
As a result, the new teams will take time to come up to speed on the systems, to then deduce what happened. Forensics work, you can look at it as a crime scene investigation from a computer security standpoint, he said in an interview. Youre looking for clues that get you from point to point, so you hopefully have a solid understanding of the how/what/where/when/why of the intrusion.
The scale of the compromised data may also slow analysis and recovery efforts, and Sony has said that at least 10 servers were compromised. That certainly does complicate the forensic process, because you have to look at all these systems ... and you need to have a very solid understanding of how the technology works, said Cox. A lot of times when this happens, you find out that the company that implemented this solution didnt have a 100% understanding of all the complexities of the system.
Poor preparedness may also have played a part in the Sony--as well as
Epsilon
--breaches, according to Eugene Spafford, a professor at Purdue University whos also the executive director of its Center For Education and Research in Information Assurance and Security (CERIAS). Presumably, both companies are large enough that they could have afforded to spend an appropriate amount on security and privacy protections of their data; I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk, he said on Wednesday to a House Subcommittee on Commerce, Manufacturing, and Trade
hearing
into the Sony data breach.
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Sony declined to testify at that hearing. Instead, the head of Sony Computer Entertainment, Kaz Hirai, sent a letter with written responses to legislators questions, in which he suggested that coordinated attacks had been used to disguise the breach. According to Hirai, this cyber-attack came shortly after Sony Computer Entertainment America was the subject of denial of service attacks launched against several Sony companies and threats made against both Sony and its executives in retaliation for enforcing intellectual property rights in U.S. federal court.
Sony has also suggested that the collective known as
Anonymous
was behind the attacks, since forensic investigators discovered a file on Sonys servers, named anonymous, that included a fragment of the collectives slogan.
But the collective disavowed all knowledge of the breach, saying in a statement that stealing credit card data isnt its style. Whoever broke into Sonys servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history, said a statement from the collective. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response. Instead, the group suggested that online thieves had left the file as subterfuge.
One positive piece of information revealed by Sony is that, so far, none of the compromised credit card data has been used by attackers. Furthermore, the scale of credit card loss, while large, isnt as bad as first expected. According to Hirais letter, globally, approximately 12.3 million account holders had credit card information on file on the PlayStation Network system. In the United States, approximately 5.6 million account holders had credit card information on file on the system. These numbers include active and expired credit cards.
But Sony declined to fully reveal detail how the breach occurred. We are reluctant to make full details publicly available because the information is the subject of an ongoing criminal investigation and also the information could be used to exploit vulnerabilities in systems other than Sonys that have similar architecture to the PlayStation Network, said Hirai.
In response to legislators question about whether Sony would be offering credit monitoring services for customers whose information was stolen, Hirai said that instead, Sony will instead offer a welcome back package with 30 days of free service.
But will customers return?

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Sony Brings In Forensic Experts On Data Breaches