When hackers cracked the Playstation network and stole sensitive information from more than 100 milli users, Sony on was running the network on older versions of the Apache Web server software, a security expert said in a testimony to Congress Wednesday.
Purdue University security expert Dr. Gene Spafford told Congress that security experts knew Sony was running outdated versions of the Apache Web server software that did not have a firewall installed. Sony said hackers were able to breach the PSN and steal sensitive data while the company was fending off denial of service attacks from Anonymous, an online hacker group that typically takes up politically charged causes.
“My personal conclusion from reviews of reports in the press and discussions at professional meetings is that operators of these systems… continue to run outmoded, ﬂawed software, fail to follow some basic good practices of security and privacy, and often have insuﬃcient training or support,” Spafford said in his testimony to Congress.
Anonymous attacked Sony’s network after it tried to prosecute George Hotz, a hacker who reverse-engineered his Playstation 3 to run unauthorized programs. It said in a press release early this morning that it was not responsible for stealing any sensitive information or credit card data from Sony’s PSN — stating that it really didn’t fit the modus operandi of the hacktivist group that’s typically more concerned with disrupting company operations.
Unknown hackers attacked the PSN on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The nightmare then continued after hackers broke into the company’s Station.com site, which serves as a host for its PC games like Everquest. Hackers were able to steal information from as many as 24.6 million accounts on that site, according to Sony. In all, more than 100 million accounts might have been compromised.
The PlayStation Network is a critical service that competes with Microsoft’s Xbox Live online gaming service — as well as other online gaming services. There are also 948 games now available in the PlayStation Network store, as well as 4,000 pieces of add-on content for games. You can find a timeline for the Playstation Network outage and credit card information theft scandal here, courtesy of VentureBeat’s gaming guru Dean Takahashi.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.