Sony PlayStation Network users can finally get back to their gaming, following the resumption of PSN services by Sony since yesterday. While partial operations of Sony’s PlayStation Network and Qriocity entertainment services have been resumed in the U.S. and Europe after over three weeks, with restored services including online gaming, music downloads and chat services, services across Asia still remain down.
According to the official PlayStation Blog, bringing the services back online after such a long time has attracted massive traffic and the network servers are overloaded, with more users trying to reset their passwords simultaneously than the network’s servers are capable of handling.
And for all those who’re still wondering about what and who brought down the online entertainment services used by over a 100 million people worldwide, reports published by Bloomberg News cite revelations from an undisclosed source that Amazon's cloud services were used by hackers for the virtual attack.
The attack on Sony’s online Network
Following a privacy invasion of its gaming and entertainment network, which is used by over 100 million users, Sony had suspended services of its PlayStation, Qriocity and Sony Entertainment Online services since the 20th of April.
Involving data breach and identity theft of users of these services, the attack on Sony’s online network is being touted as the second-largest theft of online personal data, the largest since the 2009 theft of credit and debit card numbers from Heartland Payment Systems.
And while Sony had initially announced a resumption of services within a week, it has taken the company more than three weeks to identify exactly why and where the breaches happened, to put in place more security measures so as to prevent such an attack from re-occurring in the future, and to come up with some form of compensation for users.
Reportedly, the Japanese electronics giant has made provisions for heightened security for its PlayStation Network and Qriocity users by adding software for better screening of intrusions and system vulnerabilities, as well as increasing the number of firewalls between servers.
Compensation v/s Cost
Sony apologized to all its online PlayStation and Qriocity users for the frustration brought on by the cyber-attack, and declared plans of helping protect its online gaming customers from identity theft with a $1 million identity theft insurance policy per user.
Additionally, according to an open letter posted on the PlayStation Blog, Howard Stringer, President and CEO of Sony Corp., also announced that this package would include a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.
As opposed to this, if Sony chose to compensate all its users for the identity data theft that took place, this would vary anywhere between $20 million in lost revenues over a couple of weeks to $32 billion in terms of total costs involved in dealing with the consequences of losing control of customer data.
Amazon Cloud Service used for attack on Sony PSN?
According to Bloomberg News, the attack on Sony’s online gaming and entertainment system, which compromised personal data belonging to over 100 million users, was carried out through the use of Amazon’s Elastic Computer Cloud - EC2.
The report says that the hackers signed up for the cloud-computing service, just like a legitimate company would, but using fake information, and that this account has been now shut down.
Computing space rented out by Amazon Web Services to companies allows users an alternative to buying their own servers for data storage. Amazon’s cloud-computing, available for rent at as little as three pennies an hour, makes it possible for hackers to use this cheap and convenient service as easily as Amazon’s online retail customers.
While Amazon maintains a “no-comments” stance, E.J. Hilbert, former FBI cyber-crime investigator and president of Online Intelligence, an company specializing in online security, said in a statement that the leading online retailer is likely to be subpoenaed or to be issued a search warrant for accessing the history of transactions, to trace who had access to the specific internet address at the time and get details on payment data.
The scale of this cyber attack and the related use of cloud computing for hacking into Sony’s network and stealing personal data, has made more obvious than ever, the ease with which hackers can use cloud servicers for cracking passwords, hacking into accounts and stealing information, and the related need for businesses to be increasingly careful about what information is put on the cloud as well as the necessity for stringent security systems.