Cyber Attacks: “Lurid Downloader”
The report investigates Lurid Downloader a campaign of targeted malware attacks that has successfully compromised 1465 computers in 61 different countries. Based on the project path embedded in the malware, we have named this specific campaign “Lurid Downloader” although the malware is typically known as “Enfal”. The majority of the victims are located in Russia and other members of the Commonwealth of Independent States (CIS). We were able to identify 47 victims that include numerous government ministries and diplomatic missions along with space-related government agencies, companies and research institutions in Russia and other members of the CIS along with a smaller amount of similar entities in Europe. The threat actors behind “Lurid Downloader” launched 301 malware campaigns targeting entities in specific countries or geographic regions and tracked the success of each campaign by embedding a unique identifier in each instance of malware and associating it with specific victims. While some campaigns resulted in numerous victims, others were very specific and targeted resulting in only one or two victims. While previous Enfal activity has been typically associated with threat actors in China, it remains unclear who is behind the Lurid Downloader attacks.
Defenses agains’t LURID APT—
Defensive strategies can be dramatically improved by understanding how targeted malware attacks work as well as trends in the tools, tactics and procedures of the threat actors behind such attacks. By effectively using threat intelligence derived from external and internal sources combined with security tools that empower human analysts, organizations are better positioned to detect and mitigate such targeted attacks.Therefore, defenses against targeted malware attacks need to focus on detection and mitigation and not simply on prevention.as the challenges that targeted malware attacks pose for traditional defenses.
APT Security Defense
By effectively using threat intelligence derived from external and internal sources combined with security tools that empower human analysts, organizations are better positioned to detect and mitigate targeted malware attacks.
Cyber Attacks: NATO 7-21-2011
Anonymous hackers struck again, this time with an injection attack against the North Atlantic Treaty Organization (NATO) and garnering a GB of data .
Anonymous announced in a tweet that it possessed a GB of NATO data, adding that it would be “irresponsible” to publish much of it. To prove its claims, the hacker group posted links to two documents on a PDF-sharing site, the first from 2007, titled “NATO Restricted,” outlining communications systems at the Joint Communications Control Centre for ISAF forces in Afghanistan. The second document, also labeled “NATO Restricted” detailed proposals for outsourcing communications systems for NATO forces in Kosovo. A NATO spokesperson confirmed to The Telegraph that the organization had been hacked and was investigating the incident and the Anonymous claims.
NATO said “We strongly condemn any leak of classified documents, which can potentially endanger the security of NATO Allies, armed forces and citizens.”
Cyber Attacks: The Sun 7-18-2011
This month, Anonymous targeted Rupert Murdoch with a series of derogatory hacks against the Web site of The Sun while pledging that e-mail leaks and data disclosure are forthcoming in the near future.
In its latest act, Anonymous took responsibility for defacing The Sun’s Web site by redirecting visitors to a phony homepage that claimed that News Corp. Chairman and CEO Rupert Murdoch had died of a drug overdose in his garden.
In a Twitter post, a hacker known as Sabu claimed that Anonymous had also successfully broke into the e-mails of The Sun as well as its now defunct sister paper, News Of The World, touting plans to release them soon. The News Corp. hacking frenzy follows after the resignation and arrest of Rebekah Brooks, CEO of News Corps’s subsidiary News International and The Sun editor, following a phone hacking scandal that was first disclosed in 2010 and erupted earlier in July.
Cyber Attacks: Italian Cybercrime Division 7-25-2011
Anonymous hackers started to release 8 GBs of classified documents lifted from a previous hack against the CNAIPIC, a division of the Italian government dedicated to fighting cybercrime.
The slew of stolen documents contained information regarding numerous government offices, including Australia’s Ministry of Defense, the U.S. Department of Agriculture, and Egypt’s Ministry of Transport and Communication; there was also data on commercial organizations such as Gazprom and Exxon Mobil and a myriad of U.S. Department of Justice contractors.
The stolen files also include classified data from the CNAIPIC related to investigations as well as documents and photographs of the agency’s administration. Anonymous hackers announced the CNAIPIC attack via Twitter, alleging they were provided by an unnamed “source.” Anonymous members posted links to the stolen files and clamed they pilfered the CNAIPIC files stored on the agency’s servers .
Cyber Attacks: The Washington Post 7-7-2011
The seemingly endless series of cyber attacks have finally caught up with the media industry, thus proving that no one is immune when the Washington Post said that a data breach compromised an estimated 1.27 million accounts on its job seeker site.
Specifically, the Washington Post said in July that its “Jobs” section experienced a cyber attack by an “unauthorized third party” in what it described as “two brief episodes” June 27 and June 28. The hackers made off with user IDs and e-mail addresses but failed to obtain passwords or other personally identifying data.
The Post warned that the stolen e-mail addresses could be used by the hackers to launch spam attacks or wage targeted campaigns against users. “We are taking this incident very seriously,” the Post said in its alert. “We quickly identified the vulnerability and shut it down, and are pursuing the matter with law enforcement. We sincerely apologize for this inconvenience.”
Cyber Attacks: South Korea 5-4-2011
Chinese hackers managed to decimate the country of South Korea in one fell swoop by targeting a popular social networking site in a massive cyber attack.
The attacks, which compromised a total of 35 million users, were directed at Cyworld Web site, as well as the Nate Web portal run by SK Communications. Altogether, hackers appear to have stolen phone numbers, e-mail addresses, names and encrypted information of tens of millions of site users. The source of the breach, first revealed by the Korean Communications Commission, was traced back to computer IP addresses based in China
Meanwhile, the massive hack follows after a series of attacks directed at South Korea’s government and financial organizations, including a a government-backed bank, 1.8 million customers data at Hyundai Capital, as well as the Korean Government ministries, the National Assembly, the country’s military headquarters and networks of US Forces based in the country.
Cyber Attacks: DOE Pacific Northwest National Laboratory 7-8-2011
It’s never a good thing when the systems of a facility that analyzes information on security, science, nuclear non-proliferation and counterterrorism get hacked and breached. However, the Department of Energy’s Pacific Northwest National Laboratory joined the growing list of government research facilities targeted in what it described was a “sophisticated cyber attack” on its systems.
PNNL officials first detected the attack on July 1, according to reports. System administrators disconnected all Internet and e-mail access and the facility’s wireless network in order to assess the damage and protect systems.
The PNNL attack appeared to be part of a larger cyber effort that also targeted Thomas Jefferson National Laboratory in Newport News, Va., and Battelle Corp., a government contractor that oversees PNNL, according to Reuters.
Cyber Attacks: Toshiba 7-20-2011
Hackers got to another Japanese electronics firm when Toshiba when said that one of its Web servers run by its US sales subsidiary had been hacked, compromising email addresses, telephone numbers and passwords of thousands of customers.
The company said that the server, run by Toshiba America Information Systems Inc., held personal data relating to 7,520 customers. However, the company added that the personal information exposed did not include any credit card data.
Toshiba said that it notified all customers potentially affected by the hack. A company spokesperson told The Wall Street Journal that the subsidiary’s IT staff first noticed a Web server intrusion on July 11th, and confirmed the hack on July 13th. “We will continue the investigation and intend to thoroughly protect customers’ information and manage (related computer) systems to prevent a recurrence,” Toshiba said.
Cyber Attacks: Booz Allen Hamilton 7-13-2011
Another day, another government contractor hacked. In an all-too-familiar style attack, Anonymous hackers announced that they hit Booz Allen Hamilton via Twitter, saying the attack was part of concerted effort to shed light on the governments’ and corporations lack of cyber security, according to Reuters.
The hackers said in a letter that they managed to scrub 4 gigabytes of source code and swipe 90,000 military email addresses, although they were only able to access the encrypted versions of the e-mail passwords.
The hackers also said they infiltrated a server in Booz Allen’s network in order to point out its lack of security mechanisms. “We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!),” the group wrote.
Cyber Attacks: Pfizer 7-22-2011
Pharmaceutical giant Pfizer emerged a little red-faced after its Facebook page was publicly defaced by miscreants .
Altogether, the hackers, known as The Script Kiddies, appeared to be taking up an Anonymous-style mission, claiming of Pfizer that “they’re corrupt and the damage they create is senseless” as the reason for the Web site defacement. Paul Ducklin at Sophos said the Web site likely was hijacked after someone guessed the Facebook password of a person who had access to the page.
Even still, while no data was taken, the highly public incident was a bit of an embarrassment to the pharmaceutical giant, while demonstrating the lack of password security and security policies in the enterprise, even in mega-corporations such as Pfizer.
Cyber Attacks: Anonymous 7-20-2011
Anonymous hackers got a little taste of their own medicine when hackers hacked and defaced AnonPlus, a scoail network started by the global hacker collective after being unceremoniously booted from Google’s new Google+ network.
The hackers who broke into AnonPlus, a group calling themselves, TURKIYE, left a message that read: “We Are TURKIYE. We Are AKINCILAR.
This logo suits you more..How dare you rise against to the World.Do you really think that you are Ottoman Empire?” the hacker wrote. “Now all of you go to your doghouse.”
Serving to throw kerosene on an already scorching flame, the message elicited a fiery retort from Anonymous, who promised to continue to fight corruption and greed with data breaches and Web site hacks.
Cyber Attacks: Sony PlayStation Network 4-27-2011
You could have called it the mother of all breaches when Sony PlayStation Network and Qriosity services got hit with a massive external hack that compromised a total of 100 million customer accounts, forcing Sony to shut down its services for more than six weeks.
Sony issued an alert in April of the attack, which compromised around 77 million customer login credentials and personal information used to access user accounts. The company later confessed that hackers also managed to access information from an additional 24.6 million customer accounts from its Sony Online Entertainment [SOE].
Altogether, the stolen information included user names, passwords, online IDs, customer addresses, e-mail addresses, and birth dates, as well as customer profile data, including purchase history, billing addresses and answers to security questions.
Cyber Attacks: RSA – 3-17-2011
RSA was brought to its knees when it fell victim to a sophisticated and targeted attack that compromised its SecureID two factor authentication tokens. Art Coviello, executive chairman of Bedford, Mass.-based RSA, the security arm of EMC, told customers that the company had identified an attack that included the use of an Advanced Persistent Threat (APT) that compromised seed code from the SecureID authentication products to weaken its security defenses.
After weeks of silence, executives disclosed that the the cyber attack began with spearphishing e-mail incorporating a malicious Excel file that exploited an Adobe Flash Player vulnerability. The emails — sent to two small groups of employees during a two-day period — tricked victims into opening the file, which contained a zero-day exploit that installed a backdoor via the Flash vulnerability. However, RSA remained mum on what the hackers took and how customers would be affected.
Cyber Attacks: ManTech 8-1-2011
Anonymous hackers kicked off the month of August with a cyber attack against FBI contractor ManTech International, which they claimed compromised almost 400 megabytes of data from the managed cyber-security provider and was part of its AntiSec campaign — a collaborative effort between Anonymous and spin-off hacker group LulzSec.
Included in the stolen data were numerous documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security, the U.S. State Department and the U.S. Department of Justice, as well as other personnel information, the group said.
As customary with its hacks, Anonymous posted a 390 BitTorrent file to the Pirate Bay file-sharing web site. The file was coupled with a note that said the hack was intended to push back against the FBI following the arrest of 14 Anonymous hackers suspected of participating in a massive December cyber attack against PayPal.
Cyber Attacks: WikiLeaks 8-31-2011
The ultimate whistleblower site, WikiLeaks, was hit with a high profile denial of service attack following the release of 134,000 U.S. diplomatic cables during the last week in August.
During prior releases, WikiLeaks had practiced diligence in maintaining the privacy of individuals mentioned by name in the U.S. cables. However, the WikiLeaks site apparently suffered a data breach when Assange shared a passphrase with an external source required to decrypt a batch of cables taken by former colleague Daniel Domscheit-Berg.
Domscheit-Berg returned the cables last November, after which WikiLeaks supporters subsequently made the contents available in a public archive when they failed to notice that the archive contained a hidden directory with the encrypted file holding the cables, and unintentionally exposed the file. Then, as if to add insult to injury, WikiLeaks was knocked down when hackers unleashed what was presumed to be a retaliatory DOS attack days
Cyber Attacks: Vanguard Defense Industries 8-20-2011
It didn’t come as a big surprise when yet another defense contractor was targeted by data-stealing hackers in August. The U.S. defense contractor Vanguard Defense Industries was hit with an attack that lifted and published thousands of e-mail and sensitive documents.
Among other things, Vanguard is known for developing remote controlled ShadowHawk helicopters used by the U.S. military. Altogether, the hackers, who published an open letter directed at VDI senior vice president Richard Garcia, said that the leak contained internal meeting notes, contracts, schematics, non-disclosure agreements, personal information about VDI employees and several dozen classified “counter-terrorism” documents. “We are doing this not only to cause embarrassment and disruption to Vanguard Defense Industries, but to send a strong message to the hacker community. White hat sellouts, law enforcement collaborators, and military contractors beware: we’re coming for your mail spools, bash history files, and confidential documents,” the hackers said.
Cyber Attacks: San Francisco’s BART 8-15-2011
Proving that no issue is too small to protest in San Francisco, Anonymous hackers gained local notoriety in the Bay Area after they launched a cyber attack that defaced San Francisco’s Bay Area Rapid Transit (BART) marketing web site, compromising the personal information of more than 2,400 users. The attack forced officials to take the MyBART.org site offline for several hours in order to address the vulnerabilities. As part of the cyber attack, Anonymous hackers published thousands of BART customer names, addresses, e-mail addresses and phone numbers from the transportation system’s marketing web site, designed to promote BART ridership and offer information about news and events in the San Francisco Bay Area.
Meanwhile, Anonymous members spearheaded a series of public demonstrations at various BART stations throughout the city, in protest of the transportation agency’s decision to cut cell phone service to thwart yet another scheduled protest.
Cyber Attacks: Nokia 8-26-2011
The Nokia developer forum became one of this month’s cyber attack victims when miscreants launched a cyber attack that exposed personal information of developers and defaced the developer.nokia.com discussion forum. This time, attackers managed to infiltrate a Nokia community forum database and expose a slew of personal information, including names, birthdates, e-mail and IM addresses and usernames for AIM, ICQ, MSN, Skype and Yahoo accounts.
The hackers then left a calling card by defacing the Nokia developer Web site with a redirect that led visitors to a picture of Homer Simpson hitting his head and uttering his classic “Doh!,” coupled with a snarky written message.
Nokia downplayed the issue in an advisory alerting users to a vulnerability in its developer forum database storing e-mail addresses and other personal information, which enabled hackers to execute a simple SQL injection attack and obtain the personal data of its developers.
Cyber Attacks: Epson Korea/Gabia 8-20-2011
Following July’s massive Korean cyber attack, the country was the source of another breach when the personal information of 350,000 registered users was stolen from Epson Korea. During the attack, hackers infiltrated the computer networks of Epson Korea, the Korean division of Japan’s Seiko Epson Corp., and pilfered a bundle of sensitive personal information that included passwords, phone numbers, names and e-mail addresses of registered customers.
Epson posted an advisory on its site alerting users to the breach, warning users to change their passwords as soon as possible.
Also in August, the country suffered yet another attack when hackers accessed the computer systems of South Korean domain registrar Gabia, impacting the online connection of 100,000 registered domains. The Epson and Gabia breaches follow weeks after the country was hit with a massive cyber attack that compromised the accounts of 35 million users from a social networking site.
Cyber Attacks: Hong Kong Stock Exchange 8-11-2011
Don’t like the way the stocks are headed? Well, you could hack into the Web site of the stock exchange. That could have been the motivation when hackers took down the Hong Kong Stock Exchange web site this month, forcing it to suspend trading shares of the London-based HSBC and six other companies for two days in a row.
Altogether, the hackers crashed a web site that companies relied on to announce price sensitive information. The Hong Kong Stock Exchange responded by halting trade on seven companies slated to post announcements on the site, including HSBC, China Power International, Cathay Pacific and the Hong Kong Stock Exchange site.
Officials determined said that the DDoS attacks were sourced to a wide variety locations, while the attacking computers located outside of Hong Kong, indicating that the hackers were likely employing a botnet.
Cyber Attacks: Syrian Ministry of Defense 8-10-2011
In order to predict the next attack with relative certainty, all one might have to do is read the news blogs. Anonymous hackers started beating the drums of politics with a hack that defaced the web site of Syria’s Ministry of Defense.
Specifically, visitors to the web site were treated to an Anonymous logo, coupled with images and links of videos depicting the death of thousands of Syrian protestors. The hack followed after reports of thousands of Syrian deaths when military cracked down on protests with tanks and deadly force.
Members of Anonymous also embedded a message in both English and Arabic that read:
“To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country – rise up against the regime! – Anonymous”
Cyber Attacks: Libya’s Top Domain 6-15-2011
If you’re a beleaguered tyrannical autocrat on the run from angry guerrilla insurgents, chances are you’re also going to be the target of a cyber attack perpetrated by political hacktivists. So be prepared.
Hacktivists, calling themselves Elctr0n, remotely joined forces against the former Libyan leader Colonel Gaddafi by defacing the country’s top level domain, which ends with nic.ly. Staying true to form, hackers replaced the web site’s content with a message that read :
:[+] HACKED By Electr0n[+] & |~| ali monder |~| bye bye Qadaffi Feb 17 Libya Greetz to Dr.exe | Qnix | Rock-Master | LoverBoy | r1z And All Muslim Hackers 🙂
The date February 17th corresponds to the date that Libyan protesters initiated their demonstrations against the notorious Libyan dictator. Ironically, in an audacious move that even China might not completely comprehend, Libya cut itself off from any online connection March shortly after the beginning of the rebel uprising.
Cyber Attacks: RIM BlackBerry 8-12-2011
The official blog of Research In Motion was hacked apparently in retaliation for its pledge to assist Britain’s Metropolitan police quell student riots by issuing a BlackBerry Messenger (BBM) “curfew” to thwart communication between protesters. During the attack, a hacker group, calling themselves, “TriCk – TeaMp0isoN,” defaced the BlackBerry site and replaced the content with a message that read:
Dear Rim; You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all,” the hackers wrote on the RIM blog. “if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it”
The hackers said they got a list of customer addresses, names, and phone numbers, stolen from a compromised RIM database, which they promised to make public if RIM continued with its plans to intercept BBM communication.
Cyber Attacks: Lockheed Martin 5-31-2011
Lockheed Martin publicly acknowledged in May that it had been the victim of a “significant and tenacious” cyber attack on its computer systems, most likely related to the security flaw in RSA SecureID tokens, used for two-factor authentication purposes by some of its employees.
Lockheed Martin said in a statement that the company’s information security team had “detected the attack almost immediately, and took aggressive actions to protect all systems and data.”
News of the Lockheed breach publicly emerged after the global weapons manufacturer experienced a system disruption related to an external network intrusion. The Bethesda, Md.,-based company then required a password reset for its more than 120,000 employees on the network, and embarked on the process of re-issuing tokens for employees using RSA’s Secure ID two-factor authentication tokens.
Cyber Attacks: Epsilon 4-04-2011
E-mail marketing firm Epsilon Data Management LLC, a division of Alliance Data Systems Corp., said in March that hackers had accessed a slew of customer names and email addresses in its systems, affecting at least 50 of the company’s 2,500 customers.
Epsilon disclosed March 30 that attackers had infiltrated corporate databases and stolen e-mail addresses for two percent of its customers, which included high profile customers such as Best Buy, Citibank, J.P Morgan Chase, TiVo and the Walt Disney Company, among others. Like many others, the breach was thought to have occurred via a spear phishing campaign.
While no personal customer data was stolen, the company warned users to expect spam and spearphishing attacks targeting users with the newly acquired e-mail addresses. Cyber risk and analytics firm CyberFactors said that the breach could cost Epsilon as much as $4 billion in damages, including $225 million in liabilities and $45 million in lost opportunities.
Cyber Attacks: Google Gmail 6-02-2011
Google pointed to China as the source of a sophisticated phishing attack targeting many high profile Gmail account holders, including senior U.S. government officials, Chinese political activists, officials in South Korea and other Asian countries, as well as military personnel and journalists. The accusation elicited strong backlash from Chinese officials, who denied any involvement in the attack.
Google said that the phishing campaign was executed by hackers who stole users’ passwords in an effort to infiltrate their Gmail accounts and monitor their activity.
During the attack, victims were compelled to open an e-mail appearing to come from someone they knew. The e-mail message used social engineering techniques with highly personalized content to entice them to click on links that took them to malicious sites impersonating the Gmail login screen.
Cyber Attacks: Citigroup 6-9-2011
While once thought to be impenetrable, the banking industry joined the long list of cyber attack targets. In the spate of corporate hacks in 2011, miscreants launched a targeted cyber attack at Citigroup by compromising the accounts of more than 200,000 bank card holders. The attack, which Citigroup initially detected in early May but revealed in June, affected about 1 percent of its 21 million card holders.
Citigroup said it was working with law enforcement officials to determine details of the incident and planned to issue replacement credit cards to customers possibly affected by the breach.
Altogether, the compromised information included customer names, account numbers, and other contact information such as e-mail addresses. However, other personally identifying information, such as customer dates of birth, social security numbers, card expiration dates and CVV codes, were not compromised in the hack, Citi said.
Cyber Attacks: International Monetary Fund 6-13-2011
Hackers demonstrated that no one is immune to cyber crime after successfully executing a spear phishing attack aimed at the International Monetary Fund.
The cyber attack resulted in the theft of what the IMF called “a large quantity” of data, which allegedly included documents and e-mails. The attack prompted the IMF to temporarily disable its network connections with the World Bank and embark on an investigation.
Meanwhile, a BBC report suggested that hackers gained entry via a spear phishing attack, indicated by the presence of “suspicious file transfers.” The BBC reported that the IMF attack appeared to originate from a specific PC that was infected with data stealing malware.
Cyber Attacks: Sega Pass 6-20-2011
Video game maker Sega also reeled this month from a hack that exposed names, birth dates, e-mail addresses and encrypted passwords of 1.3 million Sega Pass online network customers.
Following the breach, Sega embarked on the process of notifying affected customers and resetting all passwords. The company also took Sega Pass offline.
As a cautionary measure, Sega advised users not to attempt to log into Sega Pass until the game was restored back online, and told users who relied on the same Sega Pass login credentials for other accounts to immediately change their passwords. The video game maker added that none of the stolen passwords were stored in plain text and that credit card numbers and other personal payment card data were not affected by the breach.
Details of the breach remain unclear. However, the hacker group LulzSec, thought to have been behind the attack, later denied it was involved.
Cyber Attacks: Dropbox 6-21-2011
An authentication bug in cloud storage provider Dropbox opened a gaping security hole that enabled any password to be used to gain entry into the accounts of its 25 million users.
The company said that the security bug occurred with a faulty code update affecting the authentication mechanism. Dropbox CTO Arash Ferdosi said in a blog post that the glitch went undetected for four hours before administrators issued a fix. Ferdosi said that that “a very small number of users (much less than one percent)” logged into their account during that window, adding “some of whom could have logged into an account without the correct password.”
Ferdosi said that the company was in the process of conducting an investigation and “scrutinizing controls” to determine if any accounts were accessed without authorization, and said it would “immediately notify” account owners if any improper activity was detected.
Cyber Attacks: Sony Pictures 6-3-2011
As if Sony Corp. didn’t have a bad enough year, hackers continued to pour salt on the wound when they broke into the computer networks of Sony Pictures and exposed the personal information of more than one million customers.
Hacker group LulzSec, which claimed responsibility for the attack, said that they exploited security vulnerabilities on the Sony Pictures Web site with an easily executed SQL injection attack.
Altogether, the hackers said that they accessed personally identifying information, including passwords, e-mail addresses, home addresses, dates of birth and all Sony opt-in data associated with the accounts of more than one million users.
The LulzSec hackers also said that they compromised all admin details of Sony Pictures, as well as 75,000 “music codes” and 3.5 million music coupons, while breaking into other tables from Sony BMG in the Netherlands and Belgium.
Sony – Cyber Attacks Timeline
January 23, 2010
It is announced George “GeoHot” Hotz, the hacker who developed the first iPhone jailbreak application in 2007, successfully cracked the Sony Playstation 3. By jailbreaking the PS3, it was claimed users could play pirated games, build their own software, and enable users to play old Playstation 2 games. “It’s supposed to be unhackable – but nothing is unhackable. I can now do whatever I want with the system. It’s like I’ve got an awesome new power – I’m just not sure how to wield it,” Hotz tells BBC in an interview. Sony tells the BBC it has begun “investigating the report and will clarify the situation once we have more information.”
January 13, 2011
Sony announces legal action against fail0verflow, a hacker group with GeoHotz at the helm and with more than 100 members, amid claims they uncovered PS3 security codes enabling users to run any software on a PS3. Fail0verflow claims innocence, stating they do not condone video game piracy and the hack only lets users install different operating systems and simple software.
U.S. Magistrate Joseph Spero grants Sony access to IP information of anyone who visited the website of GeoHot since January 2009 describing how to crack the PS3. Sony provides subpoenas of Google, Twitter, and YouTube, in search of everyone who watched a video or read information on how to jailbreak the PS3. The digital freedom community goes into an uproar, claiming the order violates privacy rights.
April 3, 2011
Anonymous Operations launches OpsSony, with cyberattacks against Sony in response to its actions against users jailbreaking their PS3s. The PlayStation Network is taken down in a DDoS cyberattack. An off-shoot of Anonymous, SonyRecon, sets out to gain personal information on Sony senior managers. Their first target is Sony executive Robert Wiesenthal, and they leak information on his marital status, children, address, and education background. Sony states the stream of attacks are in response to their legal action against GeoHot. Anonymous releases a statement saying “… Sony attacks people’s rights over their property because it doesn’t want them to jailbreak, so in response it will attack their domains because it doesn’t like their actions …”
April 11, 2011
Sony announces it reached a court settlement with GeoHot in a San Francisco court. In the agreement reached on March 31, Hotz agreed to a permanent injunction. Riley Russell, General Counsel for SCEA states on the Playstation Blog, “Our motivation for bringing this litigation was to protect our intellectual property and our consumers. We believe this settlement and the permanent injunction achieve this goal.” GeoHot states, “It was never my intention to cause any users trouble or to make piracy easier … I’m happy to have the litigation behind me.”
April 21, 2011
The Sony Playstation Network (PSN) goes offline. Sony remains silent on details.
April 25, 2011
Details on the PSN outage remain vague, Sony director of corporate communications Patrick Seybold states on the PlayStation Blog “I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time. As we previously noted, this is a time intensive process and we’re working to get them back online quickly. We’ll keep you updated with information as it becomes available. We once again thank you for your patience.”
April 26, 2011
Sony announces the PSN and Qriocity outages are due to a “compromise of personal information as a result of an illegal intrusion on our systems,” in a post on the PlayStation Blog. They announce that between April 17 and April 19, user account information for both services was compromised. Sony states leaked data includes credit card data and personal information of users. Sony tells users “We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.” Sony states it hired a security firm to help investigate the breach. The breach exposed the personal information of close to 77 million Sony customers.
April 27, 2011
Sony claims the entire credit card table was encrypted and we have no evidence that credit card data was taken,” but added the personal data table was not encrypted.
April 29, 2011
Users post comments in hacker forums claiming ownership of user data from Sony networks. They claim they hope to sell 2.2 million credit card numbers obtained from the networks for more than $100,000.
May 1, 2011
Sony announces PSN and Qriocity services will begin going back online, starting with sweeping, regional restoration of online gaming. They state they will take “a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.” Sony announces new security measures on their networks.
May 2, 2011
Sony announces they were hacked again, with an estimated 24.6 million Sony Online Entertainment user accounts compromised. Information on the database includes an estimated 12,700 non-U.S. credit or debit card numbers and expiration dates, and an estimated 10,700 debit records of customers in Austria, Germany, Netherlands and Spain.
May 3, 2011
Sony writes a letter to a House panel, Kazuo Hirai, chairman of Sony Computer Entertainment America claims Anonymous Operations was behind the network breach. He cites a file found on the networks entitled “Anonymous” containing one of the group’s slogans, “We are Legin.”
May 4, 2011
Anonymous denies blame for PSN and Qriocity breaches in a statement, saying “Whoever broke into Sony’s servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response.”
May 5, 2011
An observer on a hacker Internet Relay Chat (IRC) channel tells CNET a third, major cyberattack against Sony is planned for the coming weekend. No known attack happens.
May 6, 2011
Oddly, Sony posts a guide on how to hack their Xperia Android phones. The post on the Sony Ericsson blog contains a detailed guide on how to build a Linux kernel and flash it to the phone, and includes download links for the necessary tools. It is suspected the post was meant as an olive branch to hackers—an attempt to mend tensions over Sony’s legal actions against jailbreakers.
May 9, 2011
Rep. Mary Bono Mack, chair of the Commerce, Manufacturing, and Trade Subcommittee, states that Sony’s manner of and delay of notifying users about the breach of their personal data was unacceptable. The statements were made during a House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade hearing.
May 14, 2011
Sony announces beginning of phased game service restoration, along with enhancements to data security including higher levels of encryption. “Our main priority is the safety and security of our customers’ personal information,” said Kazuo Hirai, Executive Deputy President, Sony Corporation in a press release.
May 18, 2011
The discovery of a security flaw prompts Sony to suspend the PSN and Qriocity password reset pages. Seybold states on the PlayStation blog, “Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
May 20, 2011
Sony is hacked again. Digital security company F-Secure reveals the discovery of a live phishing site on one of Sony’s servers.
May 22, 2011
The Greek website of Sony Music Entertainment, SonyMusic.gr, is hacked, exposing data of 8,500 users. Samples of names, e-mails, and passwords of users taken from a database are posted on pastebin.com. Digital security company Sophos makes an accurate prediction that, “As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.”
May 23, 2011
Sony estimates financial losses from cyberattacks at around $171 million. This is in addition to a $3.18 billion loss for fiscal year 2011.
May 24, 2011
Sony Ericsson’s Canada eShop is breached by hackers, exposing an estimated 2,000 user records including their names, emails, and passwords. Sony Ericsson pulls the website offline. The Hacker News sends a tip to Sophos stating vulnerabilites were found earlier on Sony Music Japan that could let hackers access content with SQL injection.
May 25, 2011
An identify theft protection service is offered to users by Sony.
May 27, 2011
The Hacker News cites a forum post with a new vulnerability found on the Sony Playstation Store website. The XSS vulnerability could be used for phishing or other forms of cyberattacks. They claim “almost 70% Sony’s websites are Vulnerable with various Flaws … Sony Should Fix it as soon as possible, Before any next hack attack.”
May 30, 2011
Sony announces it will fully restore PSN services in the Americas, Europe/PAL territories and Asia, excluding Japan, Hong Kong, and South Korea by the end of this week. “We have been conducting additional testing and further security verification of our commerce functions in order to bring the PlayStation Network completely back online so that our fans can again enjoy the first class entertainment experience they have come to love,” said Kazuo Hirai, Executive Deputy President, Sony Corporation, in a press release.
June 2, 2011
Sony is hacked again, after announcing the start of full restorations to PSN services, and while the company was testifying before Congress on its network breaches. Hacker group LulzSec breaches Sony Pictures and dumps a trove of 150,000 records, with claims the full database contained more than 4.5 million records. LulzSec states “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
June 3, 2011
Sony begins releasing its “Welcome Back” package of freebies to users. LulzSec posts on its Twitter account that users should blame Sony for their being able to breach its networks. “I hear there’s been some funny scamming with jacked Sony accounts. That’s what you get for using the same password everywhere,” they stated. “Hey innocent people whose data we leaked: blame @Sony.” Sony Pictures releases a statement saying “We deeply regret and apologize for any inconvenience caused to consumers by this cybercrime.”
June 4, 2011
A Lebanese hacker breaches the user database of Sony Europe, compromises 120 user accounts. According to Sophos, this marked the 13th breach of Sony networks.
June 5, 2011
A hacker defaces the Sony Music Brazil website. The message states, in part, “Hacked The UnderTaker, Return The Legend Ottoman-Empire.”
June 6, 2011
After hacking Sony again, LulzSec releases the source code of the Sony Developer Network.
My 2© cents – gatoMalo_at_uscyberlabs_dot_com http://USCyberLabs.com/blog/ http://ChinaCyberWarfare.wordpress.com http://HacktivistBlog.wordpress.com/