The 2011 PlayStation Network PSN Hack - What Really Happened? | MVG

[Music] on April 4 2011 activist group anonymous brought down Sony's PlayStation Network or PSN with targeted distributed denial-of-service attacks or DDoS Anonymous had warned Sony of retaliation after Sony's legal action against two people George Hotz known as Gio Hart and Alexander Igor renkov who goes by C name Graff ciccolo Anonymous's message to Sony was to the point congratulations Sony you have now received the undivided attention of Anonymous your recent legal action against fellow hackers geo heart and Graf ciccolo has not only alarmed us it has been deemed holy unforgivable you have now abused the judicial

system in an attempt to censor information on how your products work you have victimized your own customers merely for possessing and sharing information and continue to target every person who seeks this information in doing so you have violated the privacy of thousands this is the information they were willing to teach the world for free the very same information you wish to suppress for sake of corporate greed and complete control of its users knowledge is free we are anonymous we are legion we do not forgive we do not forget expect us in 2009 Gio Hart had

announced on his blog that he was interested in hacking in the Sony Playstation 3 his method to do this was to utilize other OS which would permit Linux to be installed and run on the hardware Sony was no stranger to allowing its users to run Linux on their hardware and it was also available on the PlayStation 2 but there it was an optional extra that required a hard drive mouse keyboard and a Linux disc other OS on the PlayStation 3 came out of the box as a feature geo HUD published his findings on his blog

and found a method to bypass the security hypervisor his findings caught the attention of Sony who in March of 2010 posted an updates the PlayStation 3 to completely disable other OS and suppress anyone who wanted to follow on from jihads previous work in July of 2010 G hot and he was retiring from the ps3 scene it was a cool ride and I learned a lot he stated but Sony would not breathe a sigh of relief for long in late 2010 fail over flow a hardware hacking group motivated by the removal of other OS had found

a way to obtain the private key for the PlayStation 3 without having to open up the system at that point the key itself wasn't enough to execute unsigned code but it could be used to sign software that could jihad who had previously stepped away from the ps3 combined his work with fail overflows discovery and created a package to run unsigned code on the hardware in early 2011 Gio Hutt posted this method and his files onto his website around the same time graph ciccolo released a custom firmware that would reinstate other OS onto the PlayStation 3

allowing previous owners to run Linux once again in January of 2011 Sony filed a court order against G R hot and fail overflow under violation of DMCA and Computer Fraud in February Graff Chicanos house was raided by police and he was arrested facing numerous charges activist group Anonymous and the message to Sony in April of 2011 was a direct response to the court order an arrest of jihad and graft ciccolo Anonymous attack Sony's service for three days the disruption was known as hashtag op Sony or operation Sony its mission was to do whatever it could

to undermine Sony's potential to operate on April 7th they halted their attacks Anonymous realize that it was hurting the consumers more than Sony so they decided to back down Anonymous is not attacking the Pierce and at this time we realized that targeting that PSN is not a good idea we have therefore temporarily suspended our action until a method is found that will not severely impact so many customers normal PSN service resumed after that but on the morning of April 19th PSN was hit again but this time it was an anonymous that caused the outage it

was Sony two days later on April 21st Sony took the PlayStation Network offline as you are no doubt aware the current emergency outages can this afternoon and all Sony online network services remain unavailable Sony had warned its customers that it could be a full day or more of downtime the very next day on April 22nd Sony announced in a press release that there was an external intrusion on their system that affected both PlayStation Network and curiosity services and admitted that they had disabled PSN as far back as April 20th PSN had remained offline for another

week which had caused outrage from customers who weren't sure what was going on but Sony emerged announcing what was to be a massive security breach that affected up to 77 million customers it's being called a security breach of staggering proportions sony has confirmed that hackers broke into its PlayStation Network exposing the personal information of up to 77 million users worldwide users of Sony's PlayStation Network have been greeted instead by error messages the electronics giant says it shut down the service which is used by 75 million people worldwide after suffering what the company called an external

intrusion last Wednesday although we are still investigating the details of this incident we believe that an unauthorized person has obtained the following information that's provided name address country email address birthdate playstation network password and login and PSN online ID it's also possible that your profile data including purchase history and billing address and your PlayStation Network Curiosity password security answers may have also been obtained the PlayStation Network had remained offline as Sony had brought in a security firm to investigate the breach as well as perform updates to the service on May 1st 2011 Sony completed its

upgrade of its security on PSN and held a press conference in Japan to outline what it was doing to protect its customers Sony executives apologized and offered its customers a welcome back package which would be two free games and 30 days of free PlayStation Plus and a year of free identity theft protection on may 2nd 2011 one day after the top brass Sony executives apologized for the outage Sony Online Entertainment was breached by hackers stealing more than 24 million users information we are today advising you that the personal information you provided us in connection with

your SOE account may have been stolen in a cyberattack Sony Online Entertainment was not directly linked with the PlayStation Network rather its division was responsible for multiplayer games such as the popular EverQuest franchise planetfall - DC Universe Online and other multiplayer games Sony Online Entertainment had disabled its services as a result of this breach in June of 2011 hackers also took down another Sony network this time Sony Pictures hacking group LulzSec claimed responsibility boasting every bit of data we took was not encrypted Sony stored over 1 million passwords of its customers in plaintext which means

it's just a matter of taking it Sony denied the claims but LulzSec uploaded a 5 megabyte file out loading how they pulled off the Sony Pictures hack via very simple sequel injection methods in September of 2011 the FBI announced that it had made arrests in the Sony Pictures breach to members of LulzSec were arrested and charged many news outlets claimed that it had made arrests in the Sony hack which many had wrongly assumed was for the PlayStation Network so what was the actual cause of the PSN hack one of the earliest popular theories was there

was some discussion about a custom firmware known as rebug that was responsible rebug is indeed a custom firmware for jailbroken ps3 systems which enables homebrew and piracy on those systems there's also the ability to rename all functionality that should only be available to debug versions of the PlayStation 3 including access to the internal developer Network which is used to row tests online functionality during a games production this is very similar to the Xbox 360s partner net system the developer network simulates a user purchasing a game via a placeholder credit this meant that hackers could then

steal and download pre-release beta and early releases of games before they were released to the public but this rebug exploit was patched as part of the Pearson hack downtime but it was not responsible for the hack itself at the time Sony had accused anonymous claiming they had found files on their servers labeled anonymous and we are legion but as of 2020 no arrests in the Pearson hacking of 2011 had ever been made now I went back and spoke to a few ps3 senior members who were around back in those days and they told me that

anonymous was not skilled enough to pull off the PSN hack the truth is Sony never learned who was responsible but here's what we do know when anonymous was laying the groundwork for its initial DDoS attacks on the PSN they performed scans on Sony's servers identifying the long outdated versions of software for example they found the outdated versions of the Apache web server and open SSH which would be vulnerable to security threats anonymous sent this information to the computer build magazine in Germany before the DDoS attacks had occurred labeling Sony's servers woefully obsolete computer build published

these findings later in their magazine but a Sony spokesperson responded to Bill's accusations saying we are not aware of any obsolete or unpatched server software but insider sources claimed that anonymous information was accurate Pearson vulnerabilities were well known and had been discussed in public forums like IRC for months when word got around IRC channels that Sony's network was so poorly secured many hackers started becoming interested in it to see what could be achieved one particular IRC log from 2011 suggests that the URLs were not encrypted and personal information was sent through HTTP query strings Sony's

message to the public was also quite confusing they first claimed that passwords were stored unencrypted which caused a public outcry later they clarified this by saying that all passwords were transformed using a hash function these hash functions were not salted however which means it was still possible to break people's passwords Pearson was hacked server-side most likely due to an out-of-date Apache web server with known vulnerabilities hackers simply identified the authorization server and from there were able to probe and retrieve server-side logs which would never have been made visible remotely in the first place and they

had found their entry point coupled with information passed around in plaintext hashed but not salted passwords exposed Sony's poor security on PSN but who was ultimately responsible that was never determined but it could have been anyone so we don't know for sure who pulled off the PSN hack of 2011 but if you were to ask me I would say it was organized crime with the goal of major credit card theft after the removal of other OS and court orders handed out to jeer Hut fail overflow and graft ciccolo to get back at Sony was simple

Sony's network security was so awfully poor and had become the obvious weak point failure to act on Sony's behalf meant that PSN security was breached and all information the user entrusted to Sony had been compromised these days it's hard to imagine that all this had occurred there for almost a whole month their services were offline and how it affected games all around the world now while we see the occasional DDoS outage today there was nothing on this scale since and hopefully there never will be so there you have it guys that's the PSN hack of

2011 it's a fascinating story to go back and revisit and I guys I hope you enjoyed this I did a lot of research talk to a lot of people and really just kind of dug up a lot of information got some IRC logs as well and it really is an interesting tale to tell especially in 2020 when something like this isn't really something you can really put your head around anymore but the fact that a major gaming service was down for over 20 days around the world is just absolutely astounding to me and you know

if you were there in the days of PSN going down in 2011 I want to hear your thoughts in the comments below what's your story everyone has a story to tell when when this all went down so I definitely want to hear your story in the comments below well guys that will do it for this video thank you so much for watching if you liked it you know what to do leave me a thumbs up and as always don't forget to Like and subscribe and I'll catch you guys in the next video bye for now

[Music]