Expert: Sony attack may have been multipronged

From CNET News.com: When it comes to the attack on Sony's PlayStation Network, the only thing we're sure of is what we don't know: how it was done and who did it.

In the past four weeks since Sony shut down the gaming network, security researchers have been cobbling together theories of how someone broke into the PlayStation Network (PSN) and Sony Online Entertainment site, exposing personal data from more than 100 million accounts.

Security experts believe whoever was responsible exploited one or more security holes--but how they were exploited and who did it remains a bit of a mystery, despite a disputed to link to the loosely knitted hacking organization Anonymous.

Sony has said only that between April 17 and 19 an unauthorized person gained access to Sony's PSN servers in San Diego by hacking into an application server behind a Web server and two firewalls. The attack was disguised as a purchase, so it did not immediately raise any red flags, and the vulnerability exploited was known, according to Sony. A week and a half later, the company said that during its investigation into the PSN breach, it discovered that attackers may have also obtained data from the Sony Online Entertainment system. The network and online site were restored last weekend.

Chris Lytle, security researcher at Veracode, said he thinks there were actually multiple concurrent breaches, not necessarily by the same person or group. "Sony just happened to be a low-hanging fruit because of what was publicly known at the time, and they got attacked from every direction at once," he said in an interview this week.

View: Article @ Source Site