After Sony’s online gaming service, the PlayStation Network, was pushed online after 25 days of silence, gamers rejoiced, syncing their trophies and checking in on their friends. The service was taken down because of an illegal breach that compromised the personal data of almost eighty million gamers.
What happened while the PlayStation Network was down? Fortunately, Sony provided us with a boatload of information through the PlayStation Blog and their response to the House of Representatives that can help us piece together the story of the outage. It’s time to decode the debacle.
April 19, 2011 – Sony’s team of security experts noticed that several PSN servers in their San Diego, California data center rebooting when they were not scheduled to do so. In the formal letter that Sony sent to Congress, they described that “unplanned and unusual activity was taking place on the network.” Four servers were then taken offline and an internal investigation began.
April 20, 2011 – The internal assessment required the allocation of more internal resources, so Sony expanded the team to continue looking into the incident. By early afternoon, it discovered “the first credible indications that an intruder had been in the PlayStation network systems” and found that six more servers were likely compromised. There was “evidence that indicated an unauthorized intrusion had occurred and that data of some kind had been transferred off of the PlayStation Network servers without authorization,” but it was unable to determine what type of information was stolen. Sony then called in a “recognized security firm and forensic conflicting firm to mirror the servers to enable forensic analysis to begin.”
April 21, 2011 – Another “recognized computer security and forensic consulting firm” was brought in to assist the first team of external investigators. At this point, approximately seven out of the ten servers in question were mirrored, making the data analysis process far more efficient. The PlayStation Network was officially pulled offline. Sony said that services would be restored in “a day or two”.
April 22, 2011 – Sony provided the Federal Bureau of Investigation with information about the intrusion. “The forensic experts that Sony Network Entertainment America had retained had not determined the scope or effect of the intrusion at the time the FBI was contacted. A meeting was set up to provide details to law enforcement” for Wednesday, April 27.
April 23, 2011 – Forensic teams confirmed that intruder had managed to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers. They apparently deleted log files to hide the extent of their work. The PlayStation Blog blamed the downtime on an “external intrusion.”
April 24, 2011 – Sony knew that it was dealing with a sophisticated hacker and made the decision to bring in yet another firm. “Specifically, this firm was retained provide even more manpower for forensic analysis…and, in particular, to use their special skills to determine scope of the data theft.”
April, 25, 2011 – Sony confirms “the scope of the personal data they believed had been taken but not determine if credit card information had been accessed. While no evidence existed…we ultimately could not rule out the possibility entirely based on the reports of the forensic team.”
April 26, 2011 – Sony made its first public announcement, outlining what was taken and warning that credit card information may or may not have been compromised. Anonymous, a group of hackers, denied responsibility for the attack. SNEA notified “applicable regulatory authorities” in New Jersey, Maryland, and New Hampshire of the intrusion. Sony announces that services would be restored by May 3rd.
April 27, 2011 – Regulatory authorities in Hawaii, Louisiana, Massachusetts, Maine, Missouri, New York, South Carolina, North Carolina, Virginia, and Puerto Rico. The PlayStation Blog published its first Q&A roundup.
April 28, 2011 – The PlayStation Blog released its second Q&A article, revealing that both the Department of Homeland Security and the Federal Bureau of Investigation were investigating the intrusion.
April 29, 2011 – The US House of Representatives’ Subcommittee on Commerce, Manufacturing, and Trade sent a letter to Kaz Hirai along with a list of questions and concerns.
April 30, 2011 – Sony announces that the company would hold a press conference in Tokyo on the next day to respond to the numerous questions about the large-scale data breach.
May 1, 2011 – Kaz Hirai held an afternoon press conference that outlined the restoration of the PlayStation network and the reward program that would thank every user for their patience during the prolonged PSN outage. The “Welcome Back” program would give each user a month of free PlayStation Plus, Sony’s premium service that gives users discounts and free titles. The investigation reveals that Sony Online Entertainment was also breached.
May 2, 2011 – Sony Online Entertainment’s servers were shut down and the company responded with a press release announcing the extent of the breach.
May 4, 2011 – The PlayStation Network was not pushed back online despite the fact that many were expecting that Sony would finally give users access to the Internet again. Hirai responded to the House of Representatives’ inquiry with an eight-page report detailing the breach.
May 5, 2011 – Sony announced that it would provide complimentary enrollment in an identity protection program through Debix, Inc. Arrangements were made to provide AllClear ID Plus to PSN users for 12 months from the time the account holder registers with the well-known fraud prevention firm.
May 6, 2011 – Sony begins internal testing of the PlayStation Network with the new security apparatus that the company created. They were “verifying the system security, a step that is vital for the process of restoration.”
May 10, 2011 – The PlayStation Blog would not give solid details about service restoration, but believed that users would be online in a few more days. The company apologized for the inconvenience and appreciated the patience of all of its users throughout the process.
May 14, 2011 – The restoration of all PlayStation services began. Users were forced to update their PlayStation 3 firmware and reset their passwords. Online multilayer functionality was the first service to return after the long hiatus.
May 15, 2011 – The PlayStation Blog’s status map indicates that the PlayStation Network is live across the United States after a regional rollout that began the night before.