On the 29th of April, a United States House Of Representatives Sub Committee, sent SCEA Chairman Kazuo Hirai a letter asking questions regarding the PSN outage, Kazuo responded to that letter, but it seems that those answers weren’t enough, Mary Bono Mack, Chairman of that Sub Committee has sent yet more questions to Kazuo, here is the letter:
May 17, 2011
Mr. Kazuo Hirai
Chairman
Sony Computer Entertainment America
919 East Hillsdale Blvd.
Foster City, CA 99404
Dear Mr. Hirai:We write today to follow up on requests we submitted in our letter to you on April 29, 2011. In that letter, we made several queries regarding the data breach experienced by Sony Corporation’s Playstation Network last month. We thank you for providing a written response and for making Sony representatives available to speak with us in person on May 3, 2011.
At the time you sent the above referenced response and at the time of the briefing, Sony was unable to answer several of the queries we posed in our April 29, 2011, letter. Now that more time has passed, enabling further investigation of the incident, and particularly in light of the news that Sony restarted its Playstation Network on May 14, 2011, we submit these questions to you again, as well as questions regarding the discovery of a breach impacting Sony Online Entertainment customers. We request answers no later than May 25, 2011.
1. Has your investigation revealed any additional information on what customer information was specifically obtained, and whether the information was obtained from all accounts or a portion of the accounts?
2. When Sony representatives briefed our staff on May 3, 2011, they indicated that personal information from all 77 million accounts had been breached in some form. In your May 3, 2011, response to our letter you indicated not every piece of information in each account had been stolen, but that some personal information on all 77 million had been stolen. Has your investigation revealed what information was taken from each individual account? Do you have any additional information that would call for revising the number of affected accounts?
3. Has your investigation revealed how the breach occurred?
4. Your initial reply to us on May 3 indicated the attack may have been coordinated and directed by the group of cyber criminals named “Anonymous”. Have you identified those who are responsible for the breach, including any individual(s)?
5. When our staffs met on May 3, 2011, your representatives indicated Sony could not confirm whether credit card information had been breached but, at the time, there was no evidence to indicate that such information had been breached. Has your investigation revealed any additional information regarding whether credit card information was indeed taken?
6. Sony discovered on May 1 that an additional breach of its network occurred. This breach reportedly involved approximately 25 million user accounts at Sony Online Entertainment.
a. Was this breach the same as, related to, or unrelated to the Sony Playstation Network breach? Have you identified the responsible party?
b. When did the breach occur? If there was a delay in the discovery of the Sony Online Entertainment breach, what was the reason for the delay?
c. How many user accounts were impacted?
d. What information was taken?
e. When did Sony notify its Sony Online Entertainment users that their accounts had been breached?
7. What steps has Sony taken or does Sony plan to take to mitigate the effects of these breaches on its customers?
8. Regarding both the Sony Playstation Network and the Sony Online Entertainment servers, you indicated in your May 3 response steps Sony is implementing to prevent future such breaches. Do you believe these additional security measures will prevent future breaches or illegal intrusions? Why did you not have these measures in place prior to the breach(es)?
9. Did Sony have a policy in place at the time of either breach addressing data security and data retention practices? If not, why not? If so, what are those practices and does Sony plan any changes in its policies as a result of this breach?
10. In today’s Wall Street Journal, Chief Executive Howard Stringer said Sony “can’t guarantee the security of its videogame network…in the ‘bad new world’ of cyber crime”. Please explain what he meant, as well as the potential impact on consumers.
Thank you for your attention to and assistance in this matter.
Sincerely,
Mary Bono Mack
ChairmanG. K. Butterfield
Ranking Member
05-18-2011
08:11 AM
awesome questions.
this is one time that I am glad women are never happy
05-18-2011
08:14 AM
05-18-2011
08:29 AM
All questions Sony will try to talk around like the first time tho. There's a very valid reason Sony doesn't want to take these questions head on with honesty, at this point they are scrambling to protect the company from having any cast of blame directed toward them. I not insinuating they are tampering with evidence in any way, but they definately do not want to appear anymore weaker than they are with consumers.
As it stands they have all their loyal clueless gamers keeping PSN alive, *which I would still like to see the active list of return members since it's been re-up.*.. And they likely have some distrusted members as well as a lot of people do want to keep gaming. However, Stringer is also realizing his time is almost done; he's done the best he could in his seat under the stress he is under, but he's going to keep evading the issue till the very end knowing if US Congress fines Sony liable in full or in part for this breach, his career is over.
05-18-2011
08:43 AM
05-18-2011
08:52 AM
Sony will most likely get a slap on the wrist for this, just like they did when their "DRM" rootkit exploit was put on blast in the media. When it comes down to being hacked at this level of sophistication, it really depends on a few factors whether sony will be liable or not.
If they were really running outdated server OSes and this exploit was patched in a newer version then they could be found liable for not patching exploits in the system. But if this is a brand new exploit then its really not sonys fault. Just like its not microsofts fault you get your credit card info stolen by a new keylogger virus on windows. Operating systems are literally tens of thousands of lines of code. Finding the bugs arent always easy if they havent been exploited yet.
When it comes down to a lack of encryption on your emails psn names and passwords. That is what everyone does. This information is stored in plain text on a server just like any other company with customer support and user name services. It takes alot of cpu power to constantly encrypt and decrypt this kind of information for 77 million people all day everyday. Especially when your psn accounts are linked to their website.
Now the second hack is probably going to hurt them for keeping that kind of information on file for so long in old servers. Thats just retarded. But knowing sony they will just offer congress 2 free psn games and a month of psplus to get themselves off the hook.
05-18-2011
04:57 PM
i Will marry that women any day
05-18-2011
10:28 PM
hmm, maybe she should have asked...Why did they lay off 205 employees March 31st(the day before 3.60 fw) and right before the "hacks"...while leaving thier utilities turned on for thier 2 week notice to finish out?
Could this have been an inside job? Ask that too...why not, cant hurt.
....or why for 5 years have they been transmitting cc info in plaintext where anyone with a packet sniffer on a network (say college or otherwise with a group of users) could "catch" info way before then.
05-21-2011
05:45 AM
Seriously USA is going bankrupt within a month and your congressmen and women have nothing else to do than ask question about PSN outtage? What is this upside down civilization. You have Obama spouting lies on a daily basis since the Osama bin Laden killing yet PSN outtage is important.
05-21-2011
05:53 AM