Last week Sony shut down its PlayStation Network (PSN) and in the information vacuum that followed, fingers were mainly pointed at Anonymous – had they pulled off another of their paralyzing DDoS attacks? Quickly, however, Anonymous denied the accusations, even going as far as issuing a press release claiming innocence.
Then another day passed. And another. And another. This was clearly more than a DDoS but Sony were keeping very quiet – almost too quiet. Eventually Sony admitted they had been subjected to some sort of attack.
Yesterday they made another announcement, informing their user base that the whole system will be offline indefinitely. No further information from Sony but there is a man who thinks he knows what causing the extended downtime.
‘Chesh’ is a staff member from psx-scene.com, a site dedicated to hacking and modding Playstations. Together with various developers in the scene he’s been putting all the pieces together and if his theory holds, Sony has been battling their biggest crisis yet.
Chesh believes that the problem stems from the availability of a new CFW (custom firmware) for the Playstation 3. CFW’s give hardware modified functionality and REBUG, as it’s known, turns a standard PS3 into a machine which provides access to some of the PSN’s features usually reserved for developers.
REBUG, which was released on the last day of March, apparently has a trick up its sleeve in that it is able to get previously hacked Playstation 3 consoles back online after they’d been excluded by Sony. It’s not a feature built in by design, but one that users have learned how to exploit. Chesh reports that some REBUG users were initially using it to play Call of Duty on the dev networks around April 3rd. Neat enough in itself but there was a monster in the shadows.
Since REBUG allowed users to connect to a previously secure and private developer network, certain information provided by users wasn’t security checked by Sony. According to Chesh, one of the items whose authenticity was never checked was – unbelievably – credit card numbers. People could apparently make them up and get access to whatever content they wanted.
“What happened next was extreme piracy of PSN content,” Chesh explained. He said that over on PSX-Scene he learned of people downloading free Sony content from the dev networks on April 7th.
As we know, Sony shut down the entire PSN on April 20th and it remains down today. Since Sony have told their customers next to nothing about the problems it has faced – including whether or not credit card information is safe – it’s a safe bet that none of the above will be confirmed or denied.
Chesh himself admits that while the above information is true, he can’t verify 100% if it’s the absolute reason why Sony pulled the PSN offline. That said, it’s a big enough problem for them to do so and if Sony has pulled the plug for another unknown reason, their problems only go deeper. And it’s hard to imagine a situation worse than this.
Update: Sony posted an update on the shut down.