Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hacker sheds light on Sony PSN attack

White hat Kyle Adams says Sony may have left the door open

Article comments

The PlayStation Network is back up for most gamers around the world, but Sony has yet to give an explanation as to why and how the attack brought down the service for over a month.

Former hacker and lead architect at Mykonos Software, Kyle Adams, spoke about how the hack may have occurred. Adams suggests Sony may have left its doors wide open for attack by using outdated software.

Was the PlayStation blog a gateway?

Hackers likely gained access using an SQL injection attack, according to Adams. In other words, hackers inserted malicious code into the database, and the server erroneously executed the code. This allowed the hackers to gain access to the server.

Adams suggests that the attackers may have entered the server through Sony's blog. Sony's blog was using an outdated version of Wordpress, which has known SQL injection vulnerabilities.

"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams said.

The attack on Sony's PSN was an "advanced persistent threat," which, as the name suggests, is a series of ongoing, planned attacks. Each planned attack opens up more and more doors, allowing the hackers to advance further into the server.

Hackers on Sony's servers for months

"The depths they went indicates that this hack wasn't arbitrary," Adams said. He explains that these types of attacks can go on for weeks or even months without being discovered, and that APTs typically involve attempts to obtain valuable data.

"They perceive value in the site they're going after," Adams said. "There's a whole lot of value in the data Sony had. There's always a buyer out there."

Adams did stress that he believes Anonymous had nothing to do with the attack, and notes that the group has never hacked and taken personal information in the past. Adams seemed to concede, however, that Sony's claim that Anonymous may have made the hacker's jobs easier with their DDoS attacks has some validity.

"It's possible for another group to go through an open backdoor," he said.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *