LulzSec Hacks Sony For Source Code in ‘Sownage 2’

LulzSec has hacked Sony for the second time, just one week after the first Sony hack which saw music coupons and user databases stolen. LulzSec has released information concerning Sony BMG’s internal network maps and the Sony Computer Entertainment Developer Network source code.

Sony BMG internal network maps show details of firewalls used and the server environment which details the servers, space and security features.

http://twitter.com/#!/LulzSec/status/77736347154128897

The Epoch Times has published an article alleging one of the LulzSec members, Robert Cavanaugh, was in FBI custody but LulzSec deny that any members were under the custody of the FBI. On Twitter, they said ‘that’s strange because all of us are still here. Uh-oh!’

One Million Sony Customer Details Stolen by LulzSec

Sony Pictures
Via Sony Pictures

LulzSec has gained access to personal details of more than one million Sony customers. LulzSec says this includes ‘passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.’  Sony Pictures, Sony BMG Netherlands and Sony BMG Netherlands has been targeted and  administration  details, 75,000 music codes and 3.5 million music coupons have also been stolen.

LulzSec has only released samples of the data on their new website, saying they are underfunded. Many samples are derived from the Sony Sweepstakes databases which had codes for music and log-in data. The database for Sony BMG Music Entertainment Netherlands showed very weak passwords, often with similar usernames and passwords. Records, bar code details, sales reports and employee details were stolen from Sony BMG Music Entertainment Belgium.

LulzSec said, in a press release, that they used ‘very simple SQL injection.’ All data was plain-text meaning all details were visible without any more decryption. The group believes that Sony should be embarrassed for having an obvious vulnerabilities, adding that they did not want to be seen as ‘master hackers’

Previously, LulzSec attack Sony Japan as well as PBS, Fox and ATM details. LulzSec’s new website has experienced a DDoS attack, though the website was immediately backed up by CloudFlare which is displaying a cached copy.

Sony Offers Compensation and Restores PSN

PSN LogoSony has begun a new plan to restore Sony PlayStation Network (PSN) across this week after more than 77 million user’s personal data was stolen. In an effort to win back the trust of users a ‘Welcome Back’ program to ‘thank its [ PlayStation Network and Qriocity] customers for their patience and loyalty’ has been established with certain Sony entertainment content offered for free, 30 days free PlayStation Plus membership and unlimited music from Qriocity depending on the availability in the country which you live in.

Sony has also outlined new security procedures including added firewalls and better encryption and detection in a Sony Blog post. Kazuo Hirai, Executive Deputy President of Sony said ‘this criminal act against our network had a significant impact not only on our consumers, but our entire industry.’

The company has offered an apology to customers. Last year the company earned $78 billion and share prices are expected to rise on the New York Stock Exchange after a 2.5% rise on the Tokyo Stock Exchange.

Private Data Stolen from Sony PSN, Class Action Imminent

PSN Logo

Kristopher Johns has filed a class action lawsuit against Sony after the theft of private data from the Sony PSN user database. The suit alleges the use of unsecured data procedures and unreasonable delays in bringing the PSN service back online. The lawsuit has been filed in US District Court for the Northern District of California and there has been no response from Sony at this point of time.

In a email sent to PSN users Sony said that “illegal and unauthorized intrusion into our network,” had been discovered “between April 17 and April 19, 2011.” It advises users to check “account statements and to monitor your credit reports.” It is believed that name, address, email address, birthdate, login details, PSN ID as well as purchase history could of been accessed. More information on the outage and details for protecting privacy for the affected customers are available on the frequently asked questions page on the Sony website.

In a blog post, Patrick Seybold; Sr. Director, Corporate Communications & Social Media; said “the personal data table, which is a separate data set, was not encrypted.” It appears that only credit cards details were encrypted in the database. Sony is currently moving data to a new data center to provide better security in the future. A new software update from Sony will force users to change their password.

Anonymous, separate groups of hacktivists who act anonymously under the group name, have said that they were not responsible. The group was believed as a suspect initially as they started Operation Sony after a lawsuit against George Hotz, a hacker of the iPhone and Sony PlayStation (see above video). The operation reportedly took down the PlayStation website and PlayStation Store and advises users to return Sony products. Anonymous have said they ‘are not aiming to attack customers of Sony.’

Sony Joins Tablet Wars with Android

Sony has announced plans to create two new tablets running the latest Android operating system. The tablets are designed to be entertainment devices using ‘premium network services’ from Sony.

The two tablets codenamed S1 will have a single 9.4-inch display while the S2 will have two 5.5-inch displays which can be used for different functions, eg. email in the top screen and a soft keyboard on the bottom. The tablets are expected to hit shelves during Fall 2011.

It is likely the new tablets will integrate with other Sony network services such as “Qriocity” a network platform, PlayStation Network (PSN) and controlling BRAVIA televisions using the tablet.