As Sony Says It's Turning A Corner, Talk of Another Attack Looms
Just as Sony seems about to turn a corner in restoring service to its Playstation Gaming Network that’s been off the air for nearly two weeks, there are reports that another attack against it is being readied.
Erica Ogg at CNET reports today that conversations observed on an Internet Relay Chat channel supposedly used by the original attackers suggest a third attack is planned for the weekend. This comes as Sony CEO Howard Stringer made his first public statements on the situation in an open letter to customers on the Playstation Blog, and as the company said separately that it was in the final stages of testing systems that will lead to bringing the network back up.
Also, Sony said it is offering customers an identity theft protection package from Debix, including a $1 million theft protection policy. As yet, Stringer said, there was “no confirmed evidence” that any credit card or personal information stolen in the attacks has been used.
For all its apologies and promises to make things right, there are claims that Sony may have been lax in its approach to security. This will certainly grab the attention of lawyers representing clients suing Sony and of regulators demanding answers. Members of Congress heard testimony yesterday from Gene Spafford, a security expert at Purdue University claiming that security experts have long known that Sony was using an outdated and unpatched version of the open source Apache Web server software, and was operating it without a firewall. Sony hasn’t responded to this claim. Spafford’s written testimony is here, and CSPAN has a two-hour video of the hearing here; Spafford starts speaking at about the 24-minute mark. If it turns out to be true, it will only add to the damage that Sony’s relationship with its customers suffers.
Sony’s shares are starting to suffer from the prolonged outage and the suspicion that this incident is going to hurt its bottom line. Its shares in Tokyo are trading at some of the lowest levels seen since mid-March. And its shares on the New York Stock Exchange have fallen by more than $2 a share since April 21. It first disclosed that the outage was the result of an “external intrusion” on April 23.