Absolute Sownage

A concise history of recent Sony hacks

Sat Jun 4 04:17:33 CDT 2011

Security Curmudgeon

Over the last two months, the multi-national Sony Corporation has come under a wide range of attacks from an even wider range of attackers. The backstory about what event prompted who to attack and why will make a mediocre made-for-TV movie someday. This article is not going to cover the brief history of hacks; readers can find details elsewhere. Instead, the following only serves to create an accurate and comprehensive timeline regarding the recent breaches, a cliff notes summary for easy reference.

Other than Steve Ragan and The Tech Herald, most recent articles about Sony make vague references to ongoing problems, but do not enumerate the full history. This is likely because the past events, while only 45 days old at most, are convoluted and confusing. The table below should serve to fix that, hopefully giving journalists and security professionals a concrete and clear history.

One thing should be noted; the attacks against Sony are not coordinated, nor are they advanced. Sony has demonstrated they have not implemented what any rational administrator or security professional would consider "the absolute basics". Storing millions of customer's personal details and passwords without using any form of encryption is reckless and ridiculous. Even security books from the '80s were adamant about encrypting passwords at the very least. Several of Sony's sites have been compromised as a result of basic SQL injection attacks, nothing elaborate or complex.

If anyone... ANYONE at all uses the term "advanced persistent threat" in describing the attacks on Sony, please hit them very hard before disregarding them as ignorant charlatans hell-bent on serving their own interests. Given the wide variety of attackers (see below), the attacks on Sony can only be described as an uncoordinated effort at best.

That said, welcome to the recently coined term, "Sownage". The state of being thoroughly "owned like Sony is".

Note:

This table does not count any Denial of Service (DoS) attacks against Sony as an incident.

Several sources including news outlets and blogs consider the first DoS attack by Anonymous against Sony as the first attack.

Stock has been on a steady decline for a long time before these events.

2013

Incident Date Site Stock Who (allegedly) Observation 22 2013-??-?? Sony Corp network infiltrated Unknown Unknown attackers compromised the Sony Corporate network, exfiltrated "gigabytes of data" several tiems a week.

2014 Update!

Incident Date Site Stock Who (allegedly) Observation 23 2014-08-24 DDoS against Sony PlayStation Network Lizard Squad According to Hackmageddon, Sony acknowledged a large-scale distributed denial of service (DDoS) attack against the PlayStation Network, Xbox Live, Blizzard's Battle.net, and Grinding Gear Games. The attack against Sony apparently lasted a few hours before service was restored. In addition to the DDoS attack, Lizard Squad allegedly made a bomb threat against American Airlines to divert the flight of a Sony Online Entertainment executive. 24 2014-11-25 Large-scale Intrusion and leaked documents 21.60 Guardians of Peace (GOP) Another incredibly far-reaching in-depth compromise of Sony Pictures has happened, this time by a group known as the Guardians of Peace (GOP). The new compromise has all of the excitement of the old events and more, as blaming North Korea for the attack in retaliation to a movie being released by Sony Pictures is all the rage. Risk Based Security has been keeping an updated timeline of the breach, analyzing the leaked documents, and providing links to additional information. We will rely on their resource instead of updating ourselves.

Legacy Sony Events

Given the recent testimony from Tim Schaaff, President of Sony Network Entertainment International, one may be led to believe that Sony has been proactive in their digital security. Schaaff told the Subcommittee on Commerce, Manufacturing and Trade, part of the House of Representatives Energy & Commerce Committee, that "Sony Network Entertainment and Sony Online Entertainment have always made concerted and substantial efforts to maintain and improve their data security systems." Looking at a brief, and very likely incomplete, history of Sony's hacking problems, this statement seems absurd.

Schaaff goes on to say "The attack on us was, we believe, unprecedented in its size and scope." With the string of recent high-profile attacks against Lockheed Martin, RSA Security, and HBGary Federal (by the same group allegedly involved in the Sony PSN hack), this comment seems disingenuous. Further, between 2001-02-05 and 2001-05-05, Sony was attacked and compromised 11 times. While this is a slightly bigger time frame than the recent activity (2011-04-17 to 2011-06-02), given the first run was in 2001 and attacks were arguably less frequent (while defacements were considered high profile and got a lot of attention), can Sony really back up this comment?

Note: This list is likely incomplete, and just represents a quick search of past Sony activity related to the insecurity of their networks. Events involving vulnerable Sony software or the many rootkit fiascos are not included.

Timeline of updates to this article:

Jun 4 Update: Elinor Mills pointed out the 06/03 Europe database event

Jun 4 Update: Kane Lightowler sent 20 legacy events

Jun 4 Update: Gene Spafford sent a link to his blog about his testimony

Jun 4 Update: Several pointed out Sony rootkit drama. Updated note disclaiming scope of legacy table

Jun 4 Update: @pctservices01 provided link about PS3 Hackers Unbanning

Jun 4 Update: Tuna informs me that Prolexic provided DDoS mitigation services only

Jun 5 Update: Peter Downey provided link about PS3 Hackers / Modern Warfare 2

Jun 5 Update: Added SNE closing stock price for the day of each incident. Idea courtesy Ryan Russell

Jun 5 Update: @LulzSec points out two missing compromises on Jun 6

Jun 5 Update: Sony Music Brazil defacement confirmed as happening ~ 2010-11-12, and remains unfixed since (thanks Kane Lightowler)

Jun 6 Update: Added Network World's timeline for the PSN breach

Jun 6 Update: Added confirmation to Sony Russia, that @LulzSec was not responsible

Jun 6 Update: Added clarification about LulzSec targeting elderly to 6/2 Sony Pictures incident

Jun 6 Update: Added entry to cover the supposed news of a LulzSec member being arrested

Jun 9 Update: Added link to DatalossDB for #14

Jun 9 Update: Thanks to @MasafumiNegishi and @superspryte for translation help

Jun 12 Update: Added original DDoS and REBUG links. Thanks Laurens Vets for REBUG info.

Jun 18 Update: Alldas.de sent us a copy of their defacement mirror from ~ 2001. Updated the legacy list to include a lot of defacements

Dec 8 2014 Update: Added new huge Sony Pictures breach as separate table, since three years later