Wonder how much it's going to cost them to enroll millions of people in ID theft protections. I personally don't need it as I am already protected, but I would suggest everybody who can take it (US folks) and those that aren't already protected, to take the offer.
As you will have read in the letter from Sir Howard Stringer, that we posted a few hours ago, in the US we are offering all PSN users one year’s free access to an identity protection scheme. I can assure you that here in the SCEE region, we are working incredibly hard to offer you something very similar. As is often the case here, with so many countries in our region, this is a very complicated thing to achieve, but we are close.
Please keep an eye on the blog as we hope to be able to announce something about this very soon.
Sony Blog has been updated with following details today:
Both Kazuo Hirai and Sir Howard Stringer have stated that we will be offering identity theft protection for those affected by the malicious attack on PlayStation Network and many of you may have seen the details of the service available in North America.
As I have explained previously, creating a similar offering for the many countries within the SCEE region is a very complicated process. Each country has a different way of handling identity theft; some offer relatively sophisticated services whilst others are much more modest.
We are currently in the process of identifying how we manage this situation and once the programme is ready to launch, we will provide details of exactly which services are available in each country and explain how to sign up. We hope to do this early next week.
Also, look out for more information on the rest of our Welcome Back programme, including which free content you will be eligible for. We will be offering PSN users the opportunity to select two PS3 games from a list of five, as well as offering PSP users the opportunity to choose two games from a list of four. We will let you know exactly what games are available very soon.
Please be assured that we are continuing to work around the clock to have some PlayStation Network and Qriocity services restored and will provide you with specific details shortly.
As you may know, we’ve begun the process of restoring the service through internal testing of the new system. We’re still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration. Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online.
As you’ve heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won’t restore the services until we can test the system’s strength in these respects.
When we held the press conference in Japan last week, based on what we knew, we expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system. We know many of you are wanting to play games online, chat with your friends and enjoy all of the services PlayStation Network and Qriocity services have to offer, and trust me when I say we’re doing everything we can to make it happen. We will update you with more information as soon as we have it. We apologize for the delay and inconvenience of this network outage.
So - as expected - PSN is still nowhere even close to be back online and Sony continues pulling our leg and the dates of restoring the service out of the hat.
Comon Sony! Be at least brave enough to say "we have NO clue" how long it will take or announce a realistic estimate instead. With so many "specialist" you are claiming to have involved all the time and working around the clock you should do better that that.
Sony considers offering reward to help catch hackers
To qoute from latest CNET article with detailed overview of the whole PSN saga:
Still coping with the aftereffects of a pair of attacks that has compromised as many as 100 million accounts and which caused two online gaming services to be taken offline, Japanese electronics giant Sony is considering offering a reward for information leading to the arrest and prosecution of the attackers, people familiar with the matter say.
The company hasn't reached a final decision concerning whether it will offer a reward, and may decide not to do it at all, but the option is on the table, sources told me today. The fact that Sony is considering a reward at all speaks to how seriously it wants the person or people who carried out the attacks that have forced its gaming services offline for nearly two weeks to face prosecution.
If Sony does decide to offer a reward, it will do so in cooperation with law enforcement agencies, including the FBI and the relevant law enforcement agencies in other countries. The discussions around the pros and cons of offering a reward are not complete and would require the sign-off of senior Sony executives in Tokyo, who have not given their go-ahead, these people say. The reward is being considered as one of many options Sony is mulling in consultation with law enforcement to try to jar loose any information on the identity of the attackers.
Word of a possible reward offering comes as the Financial Times reported that two members of the hacking group Anonymous have informed the FBI that members of the loosely associated group of activist hackers carried out the attacks that compromised the system and prompted Sony to shut down two of its online gaming services. A person or people involved with the initial denial-of-service attacks carried out against Sony in support of a hacker named George Hotz may have gone beyond the bounds of the action that was intended simply to hit Sony'sPlayStation Gaming Network with more requests for service than it could handle and temporarily knock it off the Web.
Another interesting passage from the same article:
Meanwhile, Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place." Here's the statement in full:
"The previous network for Sony Network Entertainment International and Sony Online Entertainment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls."
Separately, Sony President Kaz Hirai sent a letter to Connecticut senator Richard Blumenthal containing a detailed timeline of the attack and Sony's response to it. The letter contains previously undisclosed details about the attack and the hardware Sony uses to run its gaming services.
The letter, which is embedded below, says that the systems involved use 130 servers and 50 distinct software programs. Sony first noticed the attack on April 19, when its network team discovered that several PlayStation Network servers had rebooted themselves unexpectedly. Four servers were immediately taken offline in order to figure out what was going on. By the next day, it was clear that another six had been attacked, and they were taken offline as well. By April 23, computer forensic teams confirmed that intruders had used what Sony describes as "very sophisticated and aggressive techniques to obtain unauthorized access to the servers and hide their presence from the system administrators" and had deleted log files showing the footprints of where in the system they had been. By April 24, Sony had hired three different computer security firms to investigate the attack.
Thanks for the info Homer, was a nice read. I still find it insane that they weren't running any firewalls, and I am surprised it took so long for this to happen. I also find it coincidental that there was major PSN outages around the 13-14th of April, I remember checking the PS forums and tons of people were unable to log into the PSN for several days, now it is clear it was due to the attack in some shape or form. Seems to me Sony should have been aware of this MUCH earlier than the 19th.