Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Sony's Playstation Network Is Back. Sony's Reputation Will Take a Little Longer.

Sony just announced that over the next several hours it will be flipping the lights back on in its Playstation Network that has been down since hackers attacked it nearly a month ago.

The company announced a phased restart to its network starting with the Americas followed by Europe, Australia, New Zealand and the Middle East.

This incident has turned into a severe black eye for Sony. The outage itself was bad enough, but then came the admission that customer account data for some 77 million people, including nearly 10 million credit card numbers, were compromised, too. Sony now faces numerous lawsuits, along with official inquiries at various stages from regulators and lawmakers around the world. The attacks also affected its Sony Online Entertainment service, home to PC-based online games like Everquest and Star Wars: Galaxies.

The company is promising a batch of new security measures that it says should prevent an attack like this from occurring again. “Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information,” the company said in a statement.

While Sony hasn’t been specific about the new security measures put in place, it described them as “considerable enhancements” and included the addition of “advanced security technologies,” additional monitoring of software, and increased level of encryption of additional firewalls. Sony says it has also installed what it calls an “early warning system” that will detect unusual patterns of activity that might indicate a new attack is underway.

Sony also said it has appointed Fumiaki Sakai, president of Sony Global Solutions, as its acting Chief Information Security Officer. Sakai’s role, Sony said, will be to further reinforce network security across the company, and will include recruiting a permanent CISO.

Sony still faces lots of questions. How was the attack carried out? The security firm Veracode published some theories on that yesterday. In time, Sony will have to disclose details surrounding the attack, either in court or on its own as part of the continued damage control effort. Then there’s the issue of finding and prosecuting the person or people responsible for carrying it out. As I reported last week, Sony is considering offering a reward for information leading to the arrest of the attacker, and now that the network is back up its attention may turn in that direction. The reward option is still on the table, I’m told, and chances are pretty good that someone who was involved in the attack bragged about it to someone who will be tempted by the lure of easy cash.

There’s also the possibility of another attack. Having carried out an attack that caused so much damage, the people who did it may try again, or someone else may be inspired to take a crack at Sony. The fact is, having been laid low once, it will remain a tempting target for the kind of person who likes to earn digital street cred by knocking big companies off the grid.

Then there’s the simple question about damage to Sony’s business. There’s anecdotal evidence that the outage has triggered a surge in trade-ins of PS3 consoles in favor of Microsoft XBox 360s. Time will tell if that trend continues, but then there’s also the damage to Sony’s Playstation brand itself.

Remember that this whole mess started when Sony decided to sue George Hotz who reverse engineered his own PS3 so it could run homebrew applications, and then published his method online. They eventually settled out of court, but Sony’s attack on Hotz, better known by his nom-de-keyboard GeoHot, attracted the attention of Anonymous, the loose affiliation of hackers who typically launch denial-of-service attacks. Sony might have averted a lot of this had it proceeded differently with regard to Hotz. I’m willing to bet there are certain executives within Sony who are restraining the urge to say “I told you so.”

Sony also published a video of Sony President Kazuo Hirai apologizing once again for the outage, and explaining some of the things that customers have to do to get their service working again, like changing passwords. The video is below.

Latest Video

View all videos »

Search »

I’m a giant vat of creative juices.

— David Pogue on why he’s joining Yahoo