Hack Attack: Sony Confirms PlayStation Network Outage Caused By 'External Intrusion'

Unfortunately for PlayStation Network and Qriocity services users, it looks like the widespread network outages will continue.

Since Sony’s PlayStation and music networks went down two days ago, there has been a fair amount of public speculation over the cause of the outage. (Largely due to Sony’s tight-lipped handling of public relations.) Many blamed vengeful gremlins loose in Sony’s server clusters and datacenters, while others immediately pointed the finger at Anonymous, the merry band of hackers that metastasized out of 4chan.

Thankfully, after 24+ hours of communication silence, Sony has updated its blog and ended the speculation. According to the electronics colossus, “an external intrusion” is responsible for the ongoing outages of the PlayStation Network and Qriocity. (It probably sounded like this at Sony headquarters. Or this.)

As to who these nefarious “intruders” are: It seems that Sony does not yet know who is responsible for the breach, or if it does, it is instead smartly spending its time sealing areas of vulnerability and trying to get the network back up and running. And though reports of PlayStation’s outage began heating up early Thursday morning, Sony reports that it in fact self-defensively shut down the Network sometime Wednesday evening.

According to the network’s blog, “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.”

So, when I said Sony has ended all speculation, I was really only half-correct. Sony is still not naming the party responsible for the breach, so the speculation will likely continue. (Can you hear the blogosphere cheering?) Anonymous has prior beef with Sony and has attacked the company before, so it’s not surprising many blamed them for the service disruption. (You can read more about Anon’s prior grievances with Sony in yesterday’s post.)

However, AnonOps (Anonymous Operations), the group’s mouthpiece and network through which members frequently communicate, has adamantly stated via its news wing that it was not responsible for the outage. Though, it seems that this particular announcement was made prior to Sony delivering the news that the problem was in fact due to hacking. So, Anonymous pointing to Sony’s incompetence as the cause of the outages is off base. Sort of.

More likely, as Anonymous makes mention of in the announcement, the hack was perpetrated by some offshoot of the group, which is either more angry at Sony than the majority, or is more eager to get its precious “lulz”. (While I have to admit that I sometimes find myself sympathetic to some of Anonymous’ philosophical stances, it’s hard not to use words like “fundamentalist” when referring to “factions” within the group, and draw structural comparisons between black hatters and terrorists. There are obviously important distinctions here, and line-blurring, but there it is.) Or, on the other hand, we might soon be learning of an as-yet-unknown hacker entity that is making a run at Anonymous for public notoriety. Gulp.

The PlayStation Network currently has over 70 million users and is Sony’s online medium for its PlayStation 3 and PlayStation Portable consoles. Both the Network, and Sony’s Qriocity music service were targeted. As stated previously, in its most recent blog post, Network spokespeople make no mention of how long the outage will continue, but it’s likely that it may take several more days to sort out. And this is after Sony posted yesterday saying that the outage may last for a “full day or two” — and after Amazon’s web and cloud services suffered from their own major outage.

At this point, the outage has lasted for over 48 hours and has become quite a disaster for Sony. (Or a “kerfuffle”, if you prefer a softer word.) Now, if this were in fact the result of denial-of-service attacks, it’s hard to place the blame entirely on Sony. Few networks can defend against large-scale DDoS attacks, which is, sadly, the point. That being said, the company has known since Wednesday night that there was an intrusion, so I find it odd that it would wait for two days to inform its users — and remove a post from its EU blog early Thursday saying that the outage is a result of “targeted behaviour by an outside party”.

All in all, the company’s public relations strategy is, at the least, very confusing. While it’s true that millions of gamers are being inconvenienced and are being forced offline, sure, it’s certainly not the end of the world. But, both for the sake of the company — and its users — a higher frequency of communication and level of transparency has to be achieved. In today’s world, a company can’t allow its official Twitter streams (@Playstation has nearly 800K followers) to go without an update for 24 hours. Especially when 70 million people are affected.

So, for everyone’s sake, I hope the Network can get up and running before this turns into the longest widespread network outage (due to hacking) in recent memory. If it isn’t already.

We will update this post over the weekend as we learn more. Stay tuned.

UPDATE: Sony said in a message posted at around 8pm Saturday that the network remains down due to the fact that company is “re-building our system to further strengthen our network infrastructure”. I imagine rebuilding its entire network is going to take some time, but in the long run, it’s probably best to do this all at once, even if it takes several more days.

UPDATE 2: As of 1pm Monday, the outage continues. Today’s update from the PlayStation blog offers a whole lotta nothin’. There is still no word about when the Network will be back up and running. Could be tomorrow, could be next week. From Sr. Director, Corporate Communications Patrick Seybold, “I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time”.