How the hackers breached Sony’s defences

4 May 2011

A diagram is doing the rounds purporting to be Sony’s own analysis of how a hacker or group of hackers breached its firewall and stole information on millions of PlayStation and PC gamers.

The diagram suggests that the intruders obtained access to the database server through the internet after discovering a vulnerability in the application server.

It suggests the intruders were able to inject a communication tool into the application server via a vulnerability they had discovered and establish an intrusion route.

This intrusion route enabled the intruders to bypass the firewall and access the database servers where millions of users’ details were discovered, the diagram suggests.

Attack on PlayStation, Qriocity and SOE networks

Sony admitted on Monday that 25m personal details had been taken from Sony Online Entertainment, the network for PC gamers who play games like EverQuest, on top of the 77m stolen previously from PlayStation and Qriocity servers at a data centre in San Diego, California.

In the attack on Sony Online Entertainment, which was only detected as investigators looked into the PlayStation network attack, some 23,400 customers’ credit card or direct debit details were taken.

Both breaches occurred between 16-20 April. The company apologised and says the PlayStation Network will be back online sometime this week.

Sony is understood to have hired investigative teams from Data Forte, Guidance Software and Protiviti to work alongside the FBI in investigating the attacks and who may be behind them.

The technology giant has also hired law firm Baker & McKenzie to help with the investigation.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com