FBI Cybercrimes Joins 22 US States In Sweeping PSN Investigation

FBI Cybercrimes Joins 22 US States In Sweeping PSN Investigation

The Federal Bureau of Investigations today confirmed to Kotaku that it is looking into the security breach that brought the Playstation Network down and exposed millions of users’ personal data to cybercriminals.

The FBI is joined by nearly two dozen state attorneys general and possibly the Federal Trade Commission who are looking into this month’s Playstation Network hack attack which forced Sony to take their PS3 online service offline for more than a week.

Sony told Kotaku that they reported the security breach to the FBI’s cybercrimes unit in San Diego. Contacted Thursday, an FBI spokesman confirmed that they were looking into the reports.

“The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter,” said FBI special agent Darrell Foxworth. “We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity.”

Meanwhile attorneys general from 22 US states are demanding answers from Sony over the breach, asking why it took the company so long to alert customers to the attack.

That group of state attorneys general are sharing information with one another about their individual inquiries, Susan Kinsman, communications director for the Connecticut Office of the Attorney General told Kotaku.

The collection of attorneys general have also contacted the Federal Trade Commission to see if they have launched their own federal investigation, she said.

The Federal Trade Commission could have jurisdiction in a case involving loss of customer data through a security breach, FTC spokeswoman Claudia Bourne Farrell told Kotaku. But the FTC does not discuss or confirm ongoing investigations.

Kinsman also declined to say whether the FTC has launched their own investigation.

“A call has been made to the FTC and there will be discussions, but I can’t comment on whether the FTC is investigating,” she said.

While Kinsman was able to confirm that attorneys general from at least 22 states were looking into the Sony breach and how it might affect consumers in their states, she declined to say which states that included.

Connecticut’s own attorney general sent a letter to Sony Computer Entertainment of America President and CEO Jack Tretton on Wednesday. The letter demanded answers to a number of questions including what data was stolen, who was responsible, how long the company knew and what was being done to make sure it doesn’t happen again.

“The fact that sensitive information was apparently accessed without authorization makes me especially concerned about the possibility of financial fraud and targeted phishing scams,” Connecticut Attorney General George Jepsen wrote. “What is more troubling is Sony’s apparent failure to promptly and adequately notify affected individuals of this large-scale breach.”

The letter goes on to outline a baker’s dozen questions.

Kinsman said the letter was sent out Wednesday and that the office has not yet heard anything back from SCEA.

Sony officials told Kotaku that it wasn’t until Monday, after an outside security group conducted an extensive investigation, that they realised customer data had been stolen. That data included names, passwords and other identifying information. Sony doesn’t believe credit card numbers were stolen. If it was, that data is also encrypted when it is stored, they said.

Anyone with information concerning the breach is asked to contact the FBI at 858-565-1255 or 1-877-EZ-2-TELL. Cyber tips may be e-mailed to the Internet Crime Complaint Center.


  • FBI special agent Darrell Foxworth. “We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity.”

    “alleged criminal activity”….
    VERY Special Agent then…

    • They always have to say “alleged” until someone is tried and convicted for the crime, otherwise the defense might claim prejudicial evidence and the accused could walk.

      • Mmm…I think the stealing data is criminal, where as the person(s) responsible should be tried in court fairly. Not sure if the deed can be allegedly criminal…then again, that is my take on a language that is not my mother tongue. I get all my experience through watching Law and Order :)…queue music…DONG DONGGGGGGG

  • I’d be quite surprised if this attack wasn’t in part retaliation for Sony pursuing geohot. Haven’t seen any news media mention this angle yet though

    • Most of the Kotaku articles have mentioned this actually. Also with the link to Anonymous. Wouldn’t suprise me if that was the case

    • In the story ABC news did about the breach, they did talk about Geohot and Anonymous’ threats. They didn’t say they were responsible or anything, they just ‘subtly’ suggested the possibility that there may be some sort of connection (By choosing to include them into the story obviously).

  • I still don’t think it was Anonymous. They’re a pack of scriptkiddies who will only do something if they can stick a video up on Youtube claiming responsibility and some demented sense of vigilante justice. They just want to be famous. They’re seemingly only capable of DDoS attacks anyway, which from my understanding, doesn’t require a great deal of talent.

    I think this is more concerning because it was obviously done by someone who knows what they’re doing, and they’re staying awfully quiet about it. I’d be less concerned if Anonymous claimed responsibility.

    • You, like me, are clearly not a hacker to know anything about hacking. You can say that about them, but it doesn’t degrade there motive and beliefs for the things they do.

      Heck a DDoS is enough to scare a company or cause backlash, so whether they are a bunch of sctiptkiddies or not, they are doing a darn good job for the awareness they do bring.

  • The best hackers do not brag. They remain quiet and are content with their own achievements and do not need the affirmation that Anon needs. Anon, at one point, actually had decent hackers but as another commenter noted they are just scriptkiddies now.

    I would think that this is not the effort of an individual but rather an organised group of highly skilled persons.

    Has this been officially reported as the largest data breach in history yet?

  • Hackers hack around the worldwide web evryday looking for big bucks hacking big entreprises steeling personal data and asking for money in exange of the informarion theyve stolen i wouldnt be suprised that sony didnt want to pay the hackrs so they actually shut down the whole thing and now working on finding who did this… Mmm good luck FBI, good luck Sony!

  • I bet the hacker or group of hackers that did this are scared shitless and are regreting that they did it lol i wonder what will happen if they catch the people responsilble for the hack and release the names and info of them to the public! They`ll probably get shot by some die-hard ps3 fans lol

  • My message to Sony and the FBI. Find these bastards and lock them up, for a long long time. I seriously hate people like this, identity theft is horrible, but at this level? This is off the charts. IF it’s in fact true that these people have that many credit card numbers in their possession. They MUST be found A.S.A.P. This country is already experiencing hard economic times, hell, it’s not even just this country. The world economy isn’t so hot either. What they are doing is WRONG!! If it’s true that all this data is stolen and being offered for money, they are on the verge of ruining the lives of people who are already struggling and even the lives of those who are not. And they would trade money for the ruined lives of so many people. This whole situation makes me really mad.

    • Im with you. Credit card theft/ fraud is a federal crime, multiply that by let’s say 50 million users cause not everyone has a credit card or used there credit card on Psn. So we had 50 million acts of credit theft, identity theft, credit fraud, tax evation. On top of other crimes. Yeah there going for life unless they make a deal.

  • Hackers… god they give EVERYONE the shits. Why dont they just go away? I know not all hackers are stereotypes but im willing to bet its probably some 40yo malnourished nerd sitting in his mum’s basement eating pop tarts and dreaming of one day becoming a REAL BOY.

Show more comments

Log in to comment on this story!