Sony reported to be considering bounty for PSN attack
A reward for information is one of the options the company is considering, WSJ's All Things Digital says
Computerworld - Sony is reported to be considering offering a reward for information leading to the arrest and prosecution of those behind the recent breach of its PlayStation Network (PSN).
The Wall Street Journal's All Things Digital reported today that a bounty is one of several options Sony is considering to try and get information on the hackers responsible for the intrusion.
No final decision has been made yet, and the company could still drop the plan entirely, the report, which quoted unnamed sources, said.
Discussions on the pros and cons of offering a bounty are ongoing and will require approval from Sony's executive team in Japan, the report said.
If the plan does move ahead, Sony will work with the FBI and other international law enforcement authorities to offer the reward, it noted.
The reward apparently is just one of the options Sony is considering as it works with law enforcement to track down the perpetrators.
Sony did not respond to a request for comment on the bounty that it is allegedly considering.
Sony's PlayStation Network has been offline since April 20th following a malicious intrusion. The breach compromised the names, addresses, birth dates, purchase histories, online IDs and in some cases credit card data, of 77 million subscribers to PSN and its Qriocity service, the company said.
Sony disclosed the breach more than six days after it had abruptly shut down PSN. The breach has become a high-profile example of the
In a letter to Senator Richard Blumenthal (D-CT) last week, Kazuo Hirai, president and group CEO of Sony Computer Entertainment, offered one of the most detailed timelines of the breach yet.
The letter was sent in response to a demand from Blumenthal seeking more information from Sony on what exactly had happened, and why the company had delayed notifying consumers about the breach.
Hirai said Sony first encountered problems with PSN on April 19, when several of the 130 servers running the network, began unexpectedly rebooting themselves. The unusual activity prompted network engineers from Sony Network Entertainment America to immediately take four servers offline and begin an inspection of the systems.
On April 20, the team recruited more people into its internal investigation team and quickly discovered that an intruder had broken into the network. That same day, investigators discovered that six other servers had also possibly been compromised.
The company hired an external security team to mirror the servers and conduct a forensic analysis of the systems. As the size and scope of the attack began emerging, Sony hired a second forensics team and then a third company to help assist the company with its investigations.
Hirai said investigations showed that the intruders had used "very sophisticated and aggressive techniques" to access the systems and then hide their tracks. "Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network."
It took investigators until April 25 to figure out what personal data exactly might have been taken, but even at that point the company did not know for sure if credit card data had been compromised, Hirai said.
Despite this fact, Sony decided to inform consumers about the potential compromise of their credit card data on April 26, because it wanted to make sure it was complying with all relevant state breach notification requirements, he said.
On May 1, more than 10 days after it first discovered the intrusion into PSN, investigators discovered that data had also been stolen from the Sony Online Entertainment. That discovery prompted a shut down of the service on May 2.
In all, a total of 12.3 million active and expired credit cards, including about 5.6 million in the U.S., were potentially exposed, Hirai said.
The breach at Sony Online Entertainment resulted in the potential theft of account information belonging to 24.6 million account holders. That breach potentially exposed data on 12.700 credit cards and another 10,700 debit cards, all belonging to non-U.S. customers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
Read more about Data Security in Computerworld's Data Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts