CNET Blogger: Third Sony Attack Being Planned? The Importance of Attribution
When I first encountered this story, I had little interest in reporting it at all. A blogger, however well-intentioned, taking the ramblings of a few script kiddies in an IRC chatroom seriously and posting it as a “CNET Exclusive” seems hardly newsworthy. Journalistic integrity must have some minimum standard. We report things all the time which aren’t from SOE or a press release, but they have SOME basis in fact.
However the story that an attack is planned for this weekend seems to have gotten some traction and is now making the rounds and being quoted by larger news organizations as “reported by CNET”. So we feel we should address it. Erica Ogg, CNET blogger, has posted an article positing that a third attack on Sony services is being planned for this weekend.
A group of hackers says it is planning another wave of cyberattacks against Sony in retaliation for its handling of the PlayStation Network breach.
Her source?
An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony’s Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony’s servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony’s servers.
Blogging without sources or attribution is just speculation and should be taken as such. The article reads as if the information has been confirmed with secondary sources. It hasn’t.
Tags: account security, comrpomised accounts
Trackback from your site.
Comments (15)
Aaron
| #
I read this and thought the very same thing.
Reply
isest
| #
Well if they do an attack, then the FBI should be talking to cnet, as those folks are registered with them.
Really a few folks venting in an irc chat, probably just folks full of hot air but you never know. I would think if hackers really wanted to plan something they would not do it in a public irc chat on a well known site you would think they would plan that thing to where folks are not seeing it.
So who knows.
Reply
Shaun
| #
These guys are just vandals, grow up you punks!
Reply
Luminaire
| #
These are the kind of people that need to be flogged in the town square. I have no sympathy for these people at all. It’s one thing to attack Sony for whatever but when you start stating your going to publish peoples information it becomes much more.
Reply
Someone
| #
they deserve the death penalty
Reply
Kruzzen
| #
Why can’t they just work to help make things better instead of being jerks and wrecking things for us. I hope they get caught and sent to jail for a very very long time.
Reply
Cyliena
| #
My friend’s cousin’s roommate told him and he told her and she told me that this CNET story is full of crap.
Reply
Scott Adams
| #
Ok I am confused. All their servers are down for maintenance and software rebuilding. What exactly do they plan to attack then?
Reply
Caernarvon
| #
Great article Feldon, as always you’ve done a great job reporting all this stuff over the last week.
One really interesting point I noted from the report was the intention of the supposed people behind a third attack to publish any information they can hack from Sony’s servers. This to me probably indicates its not a genuine threat, unless they are seriously stupid folk, as I would imagine, and hope at least, that they could be sourced and tracked down fairly quickly were they to do as much.
Big shout out to Scott Adams ^ above, I spent countless hours in the 80’s trying to complete ‘Voodoo Castle’ on the Atari 8-bit, never ever did get to finish it hehe.
Reply
Pluwkee
| #
They have access to down servers? Genius, just sheer genius. Let’s just pretend for a second that they are not full of crap and they did have access. SOE is updating their security so even if they did have access they no longer do. Then let’s pretend that got the information prior, well the fact is that they would be just plain stupid to post it on a public forum because the FBI will track them down and arrest them.
Reply
ancienthighway
| #
One thing I haven’t seen from Sony in any of this is a statement reassuring it’s gaming community that all credit card information has been removed from their networks and servers. A change in policy concerning subscriptions would make sense, too. I wouldn’t mind having to periodically enter my credit card information to have continued access to my gaming. In fact I would prefer that over having my information stored on a server running open source software with no firewall.
Reply
Atti
| #
Sony’s web server, Apache, is indeed open source, but it’s used by 62% of all domains on the internet (so says Netcraft). Apache is perfectly fine software…so long as you keep it updated, which Sony obviously didn’t.
Reply
Pluwkee
| #
Could not agree with you more Ancient.
Reply
Grugg
| #
Ironically, you posted the Consumerist article about Spafford’s expert testimony without really blinking. Unlike this article, you didn’t editorialize and point out that the quoted passage purportedly from Spafford’s oral testimony significantly differed from his written testimony.
Spafford wrote, “Presumably, both companies are large enough that they
could have a”orded to spend an appropriate amount on security and privacy protections of their data; I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk.”
http://usacm.acm.org/PDF/DataTheftTestimony050411.pdf
Spafford effectively received his information about Sony’s systems in the same way as the aforementioned CNET blogger.
Reply
Arcturys
| #
Pluwkee, using that as your basis for saying the article is without merit is foolhardy. Sony is not cut off from the world. Any path in or out is a potential point for attack. A lot of the systems are shut down, but not all of them. Just look at a few other articles and posts, reporting things like “this is up” and “we are getting pings off this server now.” Just because SOE is revamping their security does not mean hackers suddenly have zero access. There is no such thing as a completely secure system (other than one that has no outside connections at all). If they can communicate with us, hackers can “communicate” with them.
Reply