"Sony PlayStation System Hacking Incident Highlights Web-Security Gaps" PBS Newshour Transcript 4/27/2011 (includes video)
Excerpt
RAY SUAREZ (Newshour): The latest episode involved millions of people around the world who use Sony's PlayStation video game system and who may have had their credit card information stolen in a hacking incident.
The intrusion caused the company to shut down PlayStation's Internet network a week ago. It provides access to online gaming, music, movies, sports and TV shows. Seventy-seven million user accounts were disconnected worldwide. But it wasn't until yesterday that Sony disclosed a hacker obtained information, including players' names, addresses, birth dates, email addresses, passwords and log-in names.
And on the company's blog, Sony spokesman Patrick Seybold said, "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."
Near Sony headquarters in Tokyo, some said the breach may stop them from using PlayStation.
KAZUNORI SANO, resident of Tokyo (through translator): I will be afraid of playing with the game machine after hearing of this. I don't want my credit card information to be leaked out somewhere else in the world.
RAY SUAREZ: And in Australia, police urged PlayStation users to be vigilant.
DETECTIVE SUPERINTENDENT COL DYSON, New South Wales State Police Force: It would appear that the risk in relation to credit cards may be low. But if people have concerns, they should be talking to their banks and watching for unauthorized usage of the cards.
RAY SUAREZ: Some industry experts say the scale of the breach could cost the company billions of dollars.
THOMAS PUHA, "Pelaaja": This is going to have a very negative impact on a business that they have built up, because I think a lot of -- obviously, a lot of consumers will really be very wary of putting their credit card information back online or even buying anything.
RAY SUAREZ: Sony said it expects the PlayStation Network to be restored in a week. In the meantime, an outside security firm has been hired to investigate what Sony deems the malicious intrusion.
For a closer look at all this, we turn to Kevin Poulsen, senior editor at Wired.com. A former hacker himself, he's also author of a new book, "Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground."
And, Kevin, for those people who aren't gamers, why would you have to load personal information into a game console in the first place?
KEVIN POULSEN, Wired.com: Well, a lot of gaming takes place now online. You have multiplayer games where you could play with or against opponents live in real time.
And, of course, a game console isn't just a game console anymore. You want to be able to download movies and other content. And all -- you pay for all of that, which means you have to give up this information.
RAY SUAREZ: Sony says it has no direct evidence that credit card numbers were taken, but it says -- quote -- "We cannot rule out the possibility."
When you have had a breach, when someone has been rifling around in your files electronically, can you tell what they have seen and what they haven't?
KEVIN POULSEN: There are usually -- there's usually some kind of trail left, yes. But if the hacker is good and took steps to cover his or her tracks, then it could -- it could take a while to extract that.
I imagine that's why Sony took so long to announce this. They were probably hoping to find better news. They were probably hoping to find evidence that the -- that information wasn't accessed. Now that they have brought in an outside company, I expect they will know a lot more than they do now, eventually. Of course, they -- they may know more than they're telling us now.
RAY SUAREZ: The PlayStation system has been down for over week, disappointing a lot of people who are frequent users.
Does that long-term shutdown tell you something about the seriousness of the breach, that they're not patching it, but rebuilding the whole network?
KEVIN POULSEN: Absolutely.
It's a really radical measure to take. And it's surely going to cost them a lot of money and a lot of fan loyalty. There are people that aren't even going care about the breach itself who are just going to be extremely angry that they were denied access to the PlayStation Network for so long. So, it's bad news all around.
If this had just been a casual intruder, a recreational intruder, some kid working from his bedroom, I doubt they would have taken this measure. So, they probably have some indication that this was a serious, focused attack.
RAY SUAREZ: Well, as we reported earlier, they got user names, passwords, various other kinds of personal information. What's the risk to account holders at this point?
KEVIN POULSEN: You know, the biggest risk is probably with the personal information, especially the passwords, because a lot of people use the same passwords everywhere.
So, that, coupled with your email address and your real name and your date of birth, the hackers will, if this was done for profit, then, all of that could wind up being sold on the black market, probably for a nice sum of money.
And then, whoever buys it, other computer intruders could use the information to try and hack into other accounts held by these PlayStation Network users. It could be anything from Facebook to online banking. You could use it to stage scams targeting the users in other ways.
So, it could be -- it could wind up that this becomes the first stage in a lingering problem that haunts users for a long time, if, in fact, that that was the nature of the breach.
Stress this quote, "You know, the biggest risk is probably with the personal information, especially the passwords, because a lot of people use the same passwords everywhere."
HINT, do not use the same password for all your online accounts.
No comments:
Post a Comment