Sony Ponders Reward Offer As It Insists PSN’s Security Was Up-to-Date

Sony Ponders Reward Offer As It Insists PSN’s Security Was Up-to-Date

Sony is weighing whether to offer a reward for information on the hackers behind the massive PlayStation Network outage, now in its 18th day, CNET reports. Its potential amount was not mentioned.

Quoting unidentified sources, CNET said Sony is discussing the pros and cons of such a decision but has yet to get any go-ahead from the company’s senior executives in Tokyo. Any reward offered would be done in cooperation with law enforcement in multiple countries, including the FBI, currently investigating the attack on PSN’s data centre in San Diego.

Separately, Sony denied allegations, made in Congressional testimony on Thursday, that its servers were not running under the most current security update and that they had lacked basic measures of protection such as firewalls.

“The previous network for Sony Network Entertainment International and Sony Online Entertaiment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls,” said Patrick Seybold, the top spokesman for PlayStation, according to CNET.

CNET also has a copy of Sony’s May 5 reply to Sen. Richard Blumenthal (D-Conn.), who on April 26 had demanded answers from the company as to the scope of the data breach, and assurances that consumers’ personal information is adequately protected.

The reply, by Kazuo Hirai, president of Sony Computer Entertainment, goes into greater detail on the April 19 attack that brought down PlayStation Network, saying hackers “had used very sophisticated and aggressive techniques to obtain unauthorized access to the servers and hide their presence from the system administrators.”

The full reply, which contains details previously discussed in Sony’s response to a U.S. House of Representatives committee on May 4, can be read here.

Sony Considers Offering Reward to Help Catch Hackers


  • Seriously – if they launched it and it was rehackable, you would be the FIRST PEOPLE to start bitching about “OMG WHY RELEASE FLAWED NETWORK?????”

    They take the time to ensure nothing bad ever happens again, and you’re all “OMG I WANT CALL OF DOODY BAC UP WAAAAAAAAAAAAAAAAAAAA”

    Seriously – they;re taking the timet o do it right and problably make the security a million times better than it was – suck it up and appreciate that.

  • What about a reward for putting up with having our personal information and credit details stolen and enduring significant downtime.

  • From everything been said there are two conclusions you can draw.

    A) Sony are lying about their servers being up to date. I’m sure everyone has seen the PasteBin of the IRC logs showing that PSN was hosted on OLD RedHat servers running an OLD version of Apache. If this was true then its likely this was the vector of intrusion as there are numerous known flaws in the particular versions Sony was using.

    B) Sony doesn’t understand security. Much more likely is that Sony made some flawed assumptions regarding security, such as trusting that a PlayStation could never be hacked and used to break into the PSN, etc. This meant they did nothing to secure the traffic and the hackers used legitimate traffic to perform the hack.

    C) The GeoHot connection. Remember, Sony’s PS3 Private key had been decoded, if Sony were to use this key for other portions of the PSN then this basically means that people have the ‘Password’ to the PSN. Once this key is out there is no real way for Sony to secure ANY PS3 – to update they need to push out a new key, which can be decrypted in the same manner. Additionally, Sony’s NEW update to stop people exploiting this was to have MORE authentication via the PSN (centralised authorization). In doing this they would have given crackers a reason to begin decoding PSN traffic and consequently finding a way to break-in.

    Again, take from this what you will and yes, some of it is REAL tinfoil-hat stuff.

    But the reasons are there and the obvious answer here is that Sony poked the bear (the Other-OS technically astute community) and did so without considering the true consequences (what would have happened if they acquiesced and bought Other-OS back?). In trying to get Other-OS back its likely that some serious flaws were uncovered and then exploited – maybe not even by the same group.

    • Nope.

      It was through OtherOS that people managed to overload the hypervisor security measures and get access to parts of the PS3 system they weren’t supposed to.

      Access to those parts meant they would then be able to decode/attempt to gain the main signing keys.

      So once it was shown that people could overload the HV with OtherOS use, Sony removed OtherOS as a security measure.

      This didn’t happen BECAUSE Sony removed OtherOS. People compromised it, so THEN Sony removed it. People then refused to upgrade, and carried forward and manged to break the system open, which vindicates Sony trying to remove it in the first place.

      Revisionist history seems strong in the “hacker” community just about now. As well as not understanding their rights – while you own the physical hardware of the console, Sony still owns their software. You’re not allowed to mess with the software without getting into legal trouble – you’re not entitled to decode and recode their proprietry work.

      • it wasn’t through otherOS, f0f used the ‘Jailbreak’ to upload thier own code which gave them access to the memory which in turn let them calculate the ‘keys’ they needed to run Linux or whatever (they could sign any code as genuine).
        the ‘real key’ was the Jailbreak, which was a stolen/copied service key.

      • So in essence what your saying is.

        ‘I agree with everything you said. There is a correlation between the removal of OtherOS and the hacking. But i (SuperFed) don’t feel Sony should be to blame for this as it was unintended consequence.’

        I was not arguing the legal or moral implications of the situation, but pointing out that it was the “hacker” community – as you put it – that Sony went ahead and alienated (see my comment about poking the bear).

        That the group of people who have the know how (especially with regard to Sony systems) to do this, are the ones who are most upset over the loss of OtherOS and are the group of people who Sony has become litigious with.

        • No, not at all.

          What you’re saying is: Sony removed OtherOS, hackers then hacked the system as payback.

          What I’m saying is: Hackers hacked OtherOS, then Sony removed it.

          Two completely different statements that paint two completely different pictures. In scenario 1, Sony is the instigator as they provoked hackers. In scenario 2, the hacks are to blame, as their actions directly resulted in the removal of OtherOS.

          To spell it out a bit more – Hacks did stuff they obviously weren’t allowed to do. Sony responded in the only way it could now resecure it’s system. Hacks said “SCREW YOU SONY!” and continued their work – but then tried to justify it by saying “They removed OtherOS [which was a direct result of our actions, and we would have done the same thing even if they had left it there]”

          • Your ignoring the fact that the initial Other OS hacks were instigated because Sony had blocked access to the graphics processor. Given it’s unique structure a lot of people wanted to play with it.

            Really, I think this is just the ongoing hacker/security arms race. It’s pointless arguing who the bad guy is. We need to focus on who’s losing.

  • soooo… Something to ponder…. What if they put it up again and get hacked again.

    What action would you take?

    I think i would actually give up at the point and switch back to 360…

  • You know what I think the hackers should piss right off, do they think they are the robin hood of the gaming industry, they certainly are not. The only benefits the customers are getting is beefed up psn security. I for certain look forward to the day I can enjoy playing my mates on psn, but hey I’m sure like most people, haven’t lost sleep over it either. As for the hackers I hope the law finds you and you end up in jail after all you are criminals and perhaps have watched far too much diehard 4

  • We are already lucky for having free internet use in the first place, quit wining about when itll be up, sony has not put an accual date down and probably wont that way if they miss the deadline it wont be them getting into trouble. We don’t need a reward and they are nice enough to give us that so people just calm yourself down!

Show more comments

Log in to comment on this story!