/ 3 June 2011

‘We accessed EVERYTHING’: Hackers attack Sony network

Hackers broke into Sony’s computer networks and accessed the information of more than one million customers to show the vulnerability of the electronic giant’s systems in the latest of several security breaches undermining confidence in the company.

LulzSec, a group that claims attacks on US PBS television and Fox.com, said it broke into servers that run Sony Pictures Entertainment websites. It published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

The security breach is the latest attack against high-profile firms, including defence contractor Lockheed Martin and Google.

LulzSec’s claims came as Sony executives were trying to reassure US lawmakers at a hearing on data security in Washington about their efforts to safeguard the company’s computer networks, which suffered the biggest security breach in history in April.

Sony has been under fire since hackers accessed personal information on 77-million PlayStation Network and Qriocity accounts, 90% of which are users in North America or Europe.

Sony said at the time that credit card information may have been stolen, sparking lawsuits and casting a shadow over its plans to combine content and hardware products via online services. Nobody has claimed responsibility for the April attack.

Sony said it was investigating the breach claimed by LulzSec and declined to elaborate. Sony shares in Tokyo fell 0,3% on Friday, in line with the broader market.

Reuters confirmed the authenticity of the data on several contestants that LulzSec said it had published.

Cyber security
Cyber security is quickly rising up the agenda for global policymakers.

The Australian government said on Friday it will develop a cyber defence strategy and the United States said in a report in May that hostile acts in cyberspace would be treated just like any other threat to the country.

The hacking attack on Lockheed may have compromised the safety of SecureID tokens made by EMC, while that on Google targeted, among others, senior US government officials’ data.

“These allegations are very serious,” US Secretary of States Hillary Clinton said of the Google attack, which the internet giant said appeared to originate in China.

In the latest attack on Sony, the US Federal Trade Commission could choose to review the circumstances leading up to the breach if Sony Pictures Entertainment failed to use proper procedures for protecting the data of its customers.

John Bumgarner, chief technology officer for the US Cyber Consequences Unit, a nonprofit group that monitors web threats, said he was not surprised that Sony’s systems had again been breached.

“The system was unsecure,” said Bumgarner, who last month warned of a string of security vulnerabilities across Sony’s networks that he had identified.

He said he found vulnerabilities in the Sony Pictures Entertainment network as recently as last weekend.

The first hacking attacks in April prompted Sony to shut down its PlayStation Network and other services for close to a month.

Representatives criticized Sony in the Congressional hearing for waiting several days to notify customers of the breach.

LulzSec has claimed responsibility for several hacks over the past month. It said it defaced the US PBS television network’s websites, and posted data stolen from its servers on Monday to protest a Front Line documentary about WikiLeaks.

It has also broken into a Fox.com website and published data about contestants for the upcoming Fox TV talent show, X Factor.

LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium. It previously disclosed an attack on Sony Music Japan. – Reuters