How PSN Is Toughening Security

After last year's PlayStation Network security breach, Sony has had a hard time winning back the trust of PSN users. As they take steps to strengthen their security network, the man entrusted with ensuring the ongoing safety of the system has outlined his strategy for keeping user profiles safe.

Brett Wahlin joined Sony last October. Prior to this he was the chief security officer at McAfee, and before that he served as a counter-intelligence officer in the US military during the Cold War. He is now using user profiling as a way of detecting unusual activity.

"We are looking to see if there are there key elements within a person's interaction with their environment," he told SC Magazine.

"That could be interaction with badging systems, with telephones -- when and who do they call -- and with systems like browser habits and applications used. All these things allow us to set up a pattern for users, so when something different happens we can respond.

"If we detect unusual activity, it may be that someone's been owned by a Trojan that we don't know about, and we can stop data flying out the door."

According to Wahlin, his intelligence work during the Cold War will come in handy when it comes to dealing with cyber criminals.

"You start to see a lot of similarities to the social engineering tradecraft in the Cold War... they have a discrete set of characteristics and targets and if we can begin to adapt some of the pattern recognition to a digital-based [environment]... we may be able to detect fraud more effectively," he said.

Wahlin aims to couple fraud detection with social engineering methods so that legitimate PSN transactions aren't mistakenly blocked. His team is collecting data on gamer activity so that Sony will be able to detect fraud.

Wahlin is particularly interested in coupling available fraud detection systems with social engineering prevention methods to reduce false positives that result in legitimate transactions on the PlayStation Network being blocked. The security team is now building a profile on what makes a typical gamer to generate data that Wahlin hopes will position Sony to detect fraud and fight social engineering attacks by phone, email and physical intrusion.

[SC Magazine]


Comments

    One positive of all this was that it was a real wake-up call for me - I've gotten in the habit of using unique, complex passwords for every service and not storing my credit card as much as possible. Guess thats a consequence of having to cancel my debit card.

      I'm in the same boat as Thom here. I hope their security is better but I wont be relying on it to be.

    One thing I still find really disturbing is the web access to the Playstation Network, which is slackly not Sony's responsibility.

    When you go to the site, next time , (http://au.playstation.com), take note of this lovely disclaimer:

    **If you use PlayStation®Network log-in details to access this site, basic information about your PSN account will be shared with the website operator. PSN is not responsible for operation of this website. See Privacy Policy for more information.**

    Nice eh?

    "How PSN Is Toughening Security " by taking away your rights to sue and raising prices.

      Raising Prices?

    When he mentioned building a gamer profile to detect fraud got me thinking. Be interested to see what they actuall come up with

Join the discussion!

Trending Stories Right Now