June 5 - The group, which has claimed credit for a prior
attack on Sony's systems, posted what appeared to be Sony BMG network
maps from a New York city office and what they said was 54 megabytes of
Sony developer source code.
June 6 - Sony Corp has once again fallen victim to a hacking attack. The latest site under Sony's ownership to get hit was Sony Music Brazil.
I expect more to come.
Dear Buzz Gang and Crew,
With so many Sony hack attacks occurring, it is actually hard to remember when all of this started. I decided to place the most current and update-to-date timeline showing all of the activity surrounding the Sony hacks and attacks that have occurred. Links & sources are below.
Any updates that you may have or wish to contribute are welcomed.
Late 2009: George Hotz, a hacker also known as "geohot" online,
announces his intention to "jailbreak" the PlayStation 3. He aims to
circumvent copyright controls to allow the console to run unauthorized
March 2010: Sony angers some PlayStation 3 owners by removing an option
on the PlayStation 3 to install another operating system. The move give the
quest to jailbreak the console greater impetus.
2 January 2011: George Hotz publishes codes online that allow any
PlayStation 3 owner to jailbreak their machine.
11 January: Sony sues George Hotz and asks for a restraining order to
stop him distributing his jailbreaking software to more PlayStation owners.
It claims he has "enable[d] use or playing of illegal copies of PlayStation
3 video games on the PS3 system".
14 January: George Hotz denies his work supports piracy, saying: "I
made a specific effort while I was working on this to try and enable
home-brewing without enabling things I don't support, like piracy."
2 April: Anonymous, the online activist collective, begins Operation:
Sony, a series of denial of service attacks on Sony websites that it says
are in defense of free speech.
April 4 (Monday) - Hacker group Anonymous targets Sony for denial of service attacks, in retaliation for Sony legal action against George Hotz (aka "GeoHot") and Graf_Chokolo
April 7 (Thursday) - Anonymous halts attacks, apologizes for inconveniencing users, and acknowledges diverse points of view within hacker group
11 April: Sony announces the case has been settled out of court and
that George Hotz has agreed to take down his website.
13 April: Anonymous says it will intensify its attacks and calls for a
day of protest on 16 April. "In the eyes of the law, the case is closed, for
Anonymous it is just beginning? prepare for the biggest attack you have ever
witnessed, Anonymous style," it says in a video message.
16 April: Hackers break in to Sony Online Entertainment, the firms PC
gaming service and steal 25 million users' personal details. Around 23,400
European users' credit card or direct debit details may also have been taken.
17 April: Hackers break in to the PlayStation Network and steal 77
million users' personal details.
April 19 (Tuesday, 4:15 pm PDT) - Sony
Network Entertainment America network team notices unauthorized
activity due to unscheduled server reboots; team begins running logs to
20 April: Sony shuts down the PlayStation Network, publicly citing
April 21 (Thursday) - Sony retains a second security and forensic consulting firm; Sony issues a statement suggesting the network could be down for "a day or two"
April 22 (Friday) - Sony
Computer Entertainment America general counsel provides FBI with
information about the intrusion; network team finishes mirroring 9 of
the 10 suspected servers; Sony issues a statement admitting an "external intrusion"
April 23 (Saturday) - Network teams determine that sophisticated hackers deleted log files to hide activity within the network; Sony issues a statement regarding re-building the network infrastructure for better security
April 24 (Sunday) - Sony decides to retain a third forensic team to help determine the scope of the breach
April 25 (Monday) - Forensic teams are able to determine that
user data had been stolen, but could not rule out whether credit card
information had been accessed
Apr. 26 (9:30 a.m. PT) - PlayStation Network outage for 6 days and still no answers available for its customers
Apr. 26 (1:00 p.m. PT) - Later that same day, Sony says billing
addresses, user names, passwords and possibly credit card info
belonging to its PlayStation Network Customers have been stolen. Sony also notifies regulatory authorities in New Jersey, Maryland, and New Hampshire
April 27 (Wednesday) - Sony meets with FBI regarding data intrusion; Sony
notifies the regulatory authorities in Hawaii, Louisiana, Maine,
Massachusetts, Missouri, New York, North Carolina, South Carolina, and
Puerto Rico; Sony tells SOE users that their databases and servers are kept separate, and therefore safe
April 28 (Thursday) - Hacker groups claim
to be selling credit card data; security analysts confirm the
discussions are taking place, but cannot confirm the legitimacy of the
list; one hacker claims to have tried selling to Sony, but Sony denies any knowledge of such a sale. A database of 2.2 million Sony customer credit cards is offered for sale on an underground Internet forum
April 30 (Saturday) - Sony holds a press conference in Tokyo, apologizing for the data theft and detailing the PSN Welcome Back program; Sony says that some services will resume in the coming week
May 1 (Sunday, afternoon) - Sony detects intrusion into Sony Online Entertainment, including a file titled "Anonymous" that reads "We are Legion"
May 2 (Monday, morning) Sony Online Entertainment servers taken offline,
with a brief statement, "we have discovered an issue that warrants
enough concern for us to take the service down effective immediately."
May 2 (Monday) - Sony receives Congressional inquiry; Sony issues a statement that 12,700 credit cards and 24.6 million accounts were compromised in SOE data theft
May 4 (Wednesday) - Sony's Kaz Hirai responds to Congressional inquiry, implicating Anonymous Group
May 5 - NY attorney general subpoenas Sony and the same day the CEO
offers the first apology and explanation for what may have happened
May 6 - According to reports, a security expert testifies to a House
subcommittee that Sony knew it was in possession of outdated security
May 7 - Sony says the PlayStation network might not be up and running as quickly as they thought due to more testing needed
May 12 - Sony announces "perks" post-breach
May 14 - Sony begins relaunch of PlayStation Network in stages
May 16 - Japan's government announces they are waiting for better security measures from Sony
May 25 - Sony discloses compromise of 8,500 Greek user accounts and its sites hit in Thailand and Indonesia.
May 27 - Sony discloses shut down and data loss from Sony
Ericsson's Canada website; data for 2,000 people, including names,
email addresses and encrypted password, appear on The Hacker News web
June 1 - Sony Pictures hacked, over 1 million passwords stolen
June 2 - (Thursday) - The hacker group LulzSec on Thursday posted information it took from
Sony Entertainment and Sony BMG on its site, called the LulzBoat.
June 3 (Friday) - LulzSec taunts the FBI, gathers donations after hack
Any Updates Are Welcomed.
Links & Sources: