Homeland Security looking into PSN Server Hacking

The Homeland Security Department, charged with protecting the nation's critical infrastructure, is helping to mitigate the damage from a breach of customer account data on Sony's online video game and entertainment networks that could have affected 77 million users.

Over a three-day period last week, intruders hacked into user profiles on the PlayStation Network gaming console and the company's music and video service Qriocity, Sony officials disclosed on Tuesday.

"The Department of Homeland Security is aware of the recent cyber intrusion to Sony's PlayStation Network and Qriocity music service," DHS spokesman Chris Ortman said. "DHS' U. S. Computer Emergency Readiness Team is working with law enforcement, international partners and Sony to assess the situation."

While gaming and music networks may not be considered "critical infrastructure," the data that perpetrators accessed could be used to infiltrate other systems that are critical to people's financial security, according to some computer experts. Stolen passwords or profile information, especially codes that customers have used to register on other websites, can provide hackers with the tools needed to crack into corporate servers or open bank accounts.

The PlayStation site states that the perpetrator obtained the names, addresses and birth dates of registered users, as well as their email addresses, network usernames and login passwords. User profile information, such as answers to password security questions and purchase histories, also may have been taken. The company has no evidence that credit card data was stolen but officials said they cannot rule out the possibility.

US-CERT offers victimized companies guidance on service restoration and risk management, as well as recommendations for improving overall network and control systems security. The team also shares information gleaned from investigations with private sector and government cybersecurity specialists to prevent similar strikes elsewhere.

Patrick Burke, senior vice president in the national security sector at SRA International, said Homeland Security's role in a situation such as Sony's is to help companies exchange information about the nature of their losses with customers, the commercial sector and the government as soon as a breach is discovered. "There can't be a fear of retribution," he said.

The public was outraged this week after learning Sony waited until April 26 to tell customers it had detected an intrusion on April 19. The consumer electronics company took down the compromised services around the 20th, reporting on its blog, "We're aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information."

"We're all in this together," Burke said. "We all need to understand that. There's an adversary that we're trying to defeat. If we're not going to share information when we're attacked . . . that's gotta get fixed."

As far as the scale of Sony's customer account break-in, the PlayStation hack is outranked by two recent invasions. An intrusion at TJX Companies Inc. that was reported in 2007 exposed data from more than 94 million credit and debit cards belonging to consumers who had shopped at TJ Maxx, HomeGoods, A.J. Wright and Marshalls stores. In 2009, an incursion at Heartland Payment Systems Inc., which processes debit and credit card transactions, compromised about 130 million cards.

Head on over to www.nextgov.com to read the entire article.

News-Source: http://nextgov.com
Related Articles: here | here