Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
4Activity
0 of .
Results for:
No results containing your search query
P. 1
050411Hirai

050411Hirai

Ratings: (0)|Views: 223|Likes:
Published by Chris Good

More info:

Published by: Chris Good on May 05, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/13/2013

pdf

text

original

 
SONY
SonyComputerEntertainmentAmerica919EastHillsdaleBlvd.FosterCity,California94404-217565065580006506558001Fax
COMPUTER
ENTERTAINMENT®
May3,2011TheHonorableMaryBonoMackChairmanSubcommitteeonCommerce,Manufacturing,andTradeUnitedStatesCongress2125RayburnHouseOfficeBuildingWashington,D.C.20515TheHonorableG.K.ButterfieldRankingMemberSubcommitteeonCommerce,Manufacturing,andTradeUnitedStatesCongress2125RayburnHouseOfficeBuildingWashington,D.C.20515DearChairmanBonoMackandRankingMemberButterfield:ThankyouforgivingmethisopportunitytorespondtoquestionsfromtheHouseEnergyandCommerceCommittee,SubcommitteeonCommerce,ManufacturingandTrade.Sonynowfacesalarge-scalecyber-attackinvolvingthetheftofpersonalinformation.Thiscyber-attackcameshortlyafterSonyComputerEntertainmentAmericawasthesubjectofdenialofserviceattackslaunchedagainstseveralSonycompaniesandthreatsmadeagainstbothSonyanditsexecutivesinretaliationforenforcingintellectualpropertyrightsinU.S.FederalCourt.Wearecurrentlydealingwithallaspectsofthiscyber-attackandhaveourpersonneldeployedandworkingaroundtheclocktogetthesystemsbackupandtomakesureallourcustomersareinformedofthedatabreachandourresponsestoit.Weexpecttorestoremostservicestoourcustomersshortly.Wehavereceivedsofarnoconfirmedreportsofillegalusageofthestoleninformation.Indealingwiththiscyber-attack,thecompanyhasoperatedonthebasisofseveralkeyprinciples:
1.
Actwithcareandcaution.ThisiswhySonyNetworkEntertainmentAmericaInc.
("Sony
NetworkEntertainmentAmerica"),whichoperatesthePlayStationNetworkandQriocityservices(collectively,"PlayStationNetwork"),hastakenthealmostunprecedentedstepofshuttingdowntheaffectedsystemsassoonasthreatsweredetectedandiskeepingthemdown,evenatsubstantialcosttothecompany,untilallchangestostrengthensecurityarecompleted.Wehavetriedtoerronthesideofsafetyandsecurityinmakingthesedecisionsandjudgments.2.Providerelevantinformationtothepublicwhenithasbeenverified.SonyNetworkEntertainmentAmericaimmediatelyhiredahighlyregardedinformationtechnologysecurityfirmandsupplementedthatfirmwithadditionalexpertiseandresourcesoverseveraldays.SonyNetworkEntertainmentAmericathenreleasedinformationtoitsconsumerswhenweandthoseexpertsbelievedthatinformationwassufficientlyconfirmed.Thetruthisthatretracingthestepsofexperiencedcyber-
 
LettertoHonorableMaryBonoMack
&
HonorableG.K.ButterfieldMay3,2011Page2of8attackersisahighlycomplexprocessthattakestimetocarryouteffectively.Atthesametimethattheexperiencedattackerswerecarryingouttheirattack,theyalsoattemptedtodestroytheevidencethatwouldrevealtheirsteps.3.Takeresponsibilityforourobligationstoourcustomers.Wehaveapologizedfortheinconveniencecausedbytheillegalintrusionintooursystemsandofferedafreemonthofserviceinadditiontothenumberofdaysthesystemsaredownaspartofa"WelcomeBack"programforourcustomers.WearealsoofferingourcustomersintheU.S.complimentaryidentitytheftprotectionservices.4.Workwithlawenforcementauthoritiestoassistintheapprehensionofthoseresponsibleandcooperatewithallauthoritiesonmeetingourregulatoryrequirements.OneofourfirstcallswastotheFBI,andthisisanactive,on-goinginvestigation.IamofcourseawareofthecriticismSonyhasreceivedforthetimetakentodiscloseinformationtoourcustomers.Ihopeyoucanappreciatetheextraordinarynatureoftheeventsthecompanywasfacing-broughtonbyacriminalhackerwhoseactivitywasneitherimmediatelynoreasilyascertainable.Ibelievethatafteryoureviewallthefactsyouwillagreethatthecompanyhasbeenactingingoodfaithtoreleasereliableinformationinaccordancewithitslegalandethicalresponsibilitiestoitsvaluedcustomers.Wehavebeeninvestigatingthisintrusionaroundtheclocksincewediscoveredit,andthatinvestigationcontinuestoday.JustthispastSunday,May1st,welearnedthatalikelytheftfromanotherSonycompany'sonlineservicehadpreviouslygoneundetected,evenafterhighlytrainedtechnicalteamshadexaminedthenetworkinfrastructurethathadbeenattackedaroundthesametimeasthePlayStationNetwork.WhatisbecomingmoreandmoreevidentisthatSonyhasbeenthevictimofaverycarefullyplanned,veryprofessional,highlysophisticatedcriminalcyberattackdesignedtostealpersonalandcreditcardinformationforillegalpurposes.Sunday'sdiscoverythatdatahadbeenstolenfromSonyOnlineEntertainmentonlyhighlightsthispoint.WhenSonyOnlineEntertainmentdiscoveredthispastSundayafternoonthatdatafromitsservershadbeenstolen,italsodiscoveredthattheintrudershadplantedafileononeofthoseserversnamed"Anonymous"withthewords"WeareLegion."Justweeksbefore,severalSonycompanieshadbeenthetargetofalarge-scale,coordinateddenialofserviceattackbythegroupcalledAnonymous.TheattackswerecoordinatedagainstSonyasaprotestagainstSonyforexercisingitsrightsinacivilactionintheUnitedStatesDistrictCourtinSanFranciscoagainstahacker.Whileprotectingindividuals'personaldataisthehighestpriority,ensuringthattheInternetcanbemadesecureforcommerceisalsoessential.Worldwide,countriesandbusinesseswillhavetocometogethertoensurethesafetyofcommerceovertheInternetandalsofindwaystocombatcybercrimeandcyberterrorism.Almosttwoweeksago,oneormorecybercriminalsgainedaccesstoPlayStationNetworkserversatoraroundthesametimethattheseserverswereexperiencingdenialofserviceattacks.TheSonyNetworkEntertainmentAmericateamdidnotimmediatelydetectthecriminalintrusionforseveralpossiblereasons.First,detectionwasdifficultbecauseofthesheersophisticationoftheintrusion.Second,detectionwasdifficultbecausethecriminalhackersexploitedasystemsoftwarevulnerability.Finally,oursecurityteamswereworkingveryhardtodefendagainstdenialofserviceattacks,andthatmayhavemadeitmoredifficulttodetectthisintrusionquickly-allperhapsbydesign.
SONYCOMPUTERENTERTAINMENTAMERICA
 
LettertoHonorableMaryBonoMack&HonorableG.K.ButterfieldMay3,2011Page3of8Whetherthosewhoparticipatedinthedenialofservicesattackswereconspiratorsorwhethertheyweresimplydupedintoprovidingcoverforaverycleverthief,wemayneverknow.Inanycase,thosewhoparticipatedinthedenialofserviceattacksshouldunderstandthat-whethertheyknewitornot-theywereaidinginawellplanned,wellexecuted,large-scaletheftthatleftnotonlySonyavictim,butalsoSony'smanycustomersaroundtheworld.MakingtheInternetsafeforentertainment,commerceandeducationisaparamountgovernmentinterest.Thecriminalcyber-attacksonSonyhavebeenandwillcontinuetobeperpetratedonothercompaniesaswell.Ifnotaddressed,thesetypesofattackscouldbecomecommonplace.Creatingmorestringentguidelinesformaintainingandpolicingstorageofpersonalinformationmaybenecessaryinourcurrentclimate,but,makenomistake,withoutaddressingtheneedforstrongcriminallawsandsanctionsand,mostimportantly,enforcementoftheselaws,therewillnotbeanymeaningfulsecurityontheInternet.SonyisgratefulfortheassistanceithasreceivedfromlawenforcementandappreciatesthisopportunitytoraisetheseissueswiththisCommitteeasitconsidershowtobuildanenvironmentwheresocialnetworksandcommerceontheInternetcandevelopuninhibitedbysecurityrisks.TurningtoSony'sresponsestotheCommittee'squestions:1.Whendidyoubecomeawareoftheillegalandunauthorizedintrusion?OnApril19,2011at4:15p.m.PDT,membersoftheSonyNetworkEntertainmentAmericanetworkteamdetectedunauthorizedactivityinthenetworksystem,specifically,thatcertainsystemswerere-bootingwhentheywerenotscheduledtodoso.Thenetworkserviceteamimmediatelybegantoevaluatethisactivitybyreviewingrunninglogsandanalyzinginformationinordertodetermineiftherewasaproblemwiththesystem.OnApril20,2011,intheearlyafternoon,theSonyNetworkEntertainmentAmericateamdiscoveredevidencethatindicatedanunauthorizedintrusionhadoccurredandthatdataofsomekindhadbeentransferredoffthePlayStationNetworkserverswithoutauthorization.Atthetime,thenetworkserviceteamwasunabletodeterminewhattypeofdatahadbeentransferred,andtheythereforeshutthePlayStationNetworksystemdown.2.Howdidyoubecomeawareofthebreach?SonyNetworkEntertainmentAmericabecameawareofthePlayStationNetworkintrusionasdescribedabove.TheSonyNetworkEntertainmentAmericateambecameawareofatransferofdataoutofthesystemalsoasdescribedabove.SonyNetworkEntertainmentAmericathenbegantheexhaustiveandhighlysophisticatedprocessofidentifyingthemeansofaccessandthenatureandscopeofthetheft.Thatinvestigationison-goingtothisday.3.Whendidyounotifytheappropriateauthoritiesofthebreach?OnApril22,2011,SonyComputerEntertainmentAmerica'sgeneralcounselprovidedtheFBIwithinformationabouttheintrusion.(SonyComputerEntertainmentAmericaoverseesthePlayStationbrandinNorthAmericaandhasbeeninvolvedwiththePlayStationNetwork'soperationsinceitsinception).TheforensicexpertsthatSonyNetworkEntertainmentAmericahadretainedhadnotdeterminedthescopeoreffectoftheintrusionatthetimetheFBIwascontacted.AmeetingwassetuptoprovidedetailstolawenforcementforWednesdayApril27,2011.
SONYCOMPUTERENTERTAINMENTAMERICA

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->