Sony claims Anonymous attack in letter to U.S. Representatives

The attack on PlayStation Network was a “very carefully planned, very
professional, highly sophisticated criminal cyber-attack designed to
steal personal and credit card information for illegal purposes
,” Sony Computer Entertainment asserted in a letter to members of Congress.

From the Associated Press:


Sony first disclosed the
attack last week and said it may have compromised credit card data,
email addresses and other personal information from 77 million user
accounts. On Monday, Sony said data from an additional 24.6 million
online gaming accounts also may have been stolen.

The company
has shut down the affected systems while it investigates the attacks
and beefs up security. (Sony Computer Entertainment Chairman Kazuo) Hirai said Sony is working “around the clock to
get the systems back up and to make sure all our customers are informed
of the data breach and our responses to it.”

Hirai also asserted in the letter that his company’s investigation found “the intruders had planted a file on one of those servers named ‘Anonymous’ with the words  ‘We Are Legion.’”

Anonymous known for its hacking or “hacktivist” attacks on whomever its members (?) don’t like, threatened Sony in an April 3 posting on the AnonOps Communications blog after Sony pursued legal action against George Hotz, AKA Geohot, the hacker who figured out and told the world how to jailbreak the PlayStation 3.

Sony and Geohot settled out of court, but not until after Sony won a federal magistrate’s approval to subpoena Geohot’s Internet provider to learn who visited his site.

Nonetheless, an April 24 posting headlined “For Once We Didn’t Do It” on AnonOps denies any official Anonymous attack on PlayStation Network. Whoever wrote the post, however, acknowledged that wildcat “Anons” may have acted on their own volition.

I honestly have no idea how Anonymous functions and if it can even be described accurately as an “organization.” What I do know, however, is that Sony has already confirmed that whoever is responsible for the data breach would have been able to access users’ identifying information, which is never a pleasant thought for anyone whose data could be compromised.

The oft-irreverent Gawker reports Anonymous fears a “nerd backlash” following allegations that their members (again, ?) are responsible for keeping gamers away from online play.

Anonymous has come to realize that attacking Sony’s PlayStation
Network alienates a powerful group of potential supporters: nerds. The
point was proved after Anonymous launched an unrelated attack on Sony in early April that briefly took down the PlayStation Network, in retaliation for Sony suing
a kid who bypassed the Playstation 3′s security systems. The attack
sparked a nerd backlash which crippled Anonymous chat servers with
retaliatory strikes and was generally a PR disaster.

“All the Sony kids were flooding the [Anonymous chat servers] and
whining and complaining,” said Gregg Housh an activist associated with
Anonymous. An attack on Sony’s PlayStation Network “pisses off a lot of
people they want as fans not enemies.” A similar concern was voiced last
December when Anonymous contemplated attacking Amazon in revenge for it
banning Wikileaks: One reason for not attacking was concern that the attack might anger people who were trying to do holiday shopping.

(Hotlinks in original.)

Sony has not reported the confirmed compromising of credit card data and asserts major credit card companies have not notified Sony of any fraudulent activity likely to be rooted in the April data breach.

Mercury News: Apple to update location tracking file

I like to post links to coverage from the San Jose Mercury News, The Sun and Daily Bulletin’s sister paper in the heart of the Silicon Valley.

Merc staffer Troy Wolverton reports today that Apple’s new iOS update will make changes to the location tracking software that allowed iPhones and iPads to track users’ whereabouts.

An excerpt:

The iOS update seeks to address many of the issues with the location file identified by the  researchers. According to Apple, the update will limit the amount of data kept in the location file, will prevent iTunes from backing up the file to users’ computers and  will delete all information in the file when users  turn off location services.


However, the update doesn’t necessarily address  all issues with the file. Apple has said previously  that it will continue to store 7 days worth of  location data in the file even after the update.  Forensics researchers, who have said that they have been using the location data stored file in  criminal and other legal investigations, said that  even that amount of data would still be useful in  their work.

Today’s Big Story: Sony confirms user data breach

Sony Computer Entertainment confirmed today that the hacker (or hackers) who broke into PlayStation’s Network and Qriosity systems accessed users’ personal information.

PlayStation 3 owners have not been able to access PSN or Qriosity services for about one week. A GamePro
editorial accuses Sony of an “astounding breach of trust” for the delay
in acknowledging the compromise of sensitive information.

The following is from Sony’s  letter to customers  to acknowledging the data breach:

“Although we are still investigating the details of this incident, we
believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip),
country, email address, birthdate, PlayStation Network/Qriocity password
and login, and handle/PSN online ID. It is also possible that your
profile data, including purchase history and billing address (city,
state, zip), and your PlayStation Network/Qriocity password security
answers may have been obtained. If you have authorized a sub-account for
your dependent, the same data with respect to your dependent may have
been obtained.”

“While there is no evidence at this time that credit card
data was taken, we cannot rule out the possibility. If you have provided
your credit card data through PlayStation Network or Qriocity, out of
an abundance of caution we are advising you that your credit card number
(excluding security code) and expiration date may have been obtained,” the letter continued.

Sony shut down PSN and its Qriocity video and music streaming service on April 20. The data breach happened sometime between April 17 and April 19, Sony reported.

Additional coverage:

WSJ: Google’s Android phones track users, just like Apple products

Following news that Apple’s popular iPhone and iPad products keep files tracking users’ movements, the Wall Street Journal reports smartphones using Google’s Android operating system transmit users’ locations to Google.

Apple phones also transmit similar data, the Journal reports.

Google and Apple are gathering location information as part of their
race to build massive databases capable of pinpointing people’s
locations via their cellphones. These databases could help them tap the
$2.9 billion market for location-based services–expected to rise to $8.3
billion in 2014, according to research firm Gartner Inc.

In the case of Google, according to new
research by security analyst Samy Kamkar, an HTC Android phone collected
its location every few seconds and transmitted the data to Google at
least several times an hour. It also transmitted the name, location and
signal strength of any nearby Wi-Fi networks, as well as a unique phone
identifier.
(snip)

Cellphones have many reasons to collect location information, which
helps provide useful services like local-business lookups and
social-networking features. Some location data can also help cellphone
networks more efficiently route calls.

Google also has said it uses some of the data to build accurate
traffic maps. A cellphone’s location data can provide details about, for
instance, how fast traffic is moving along a stretch of highway.

The widespread collection of location information is the latest
frontier in the booming market for personal data. Until recently, most
data about people’s behavior has been collected from personal computers:
That data generally can be tied to a city or a zip code, but it is
tough to be more precise. The rise of Internet-enabled cellphones,
however, allows the collection of user data tied with much more
precision to specific locations.

The full story is worth reading.

Reports: Apple iPhones and iPads track users’ every move

Apple’s popular iPhone and iPad products record an unencrypted log of where users take their portable devices, according to several published reports certain to elevate concerns over the potential for consumer electronics to intrude upon privacy.

The data is also stored on any computers synced to iPhones and iPods, according to reports.

From the Associated Press, via San Jose Mercury News:

It’s not clear if other
smartphones and tablet computers are logging such information on their
users. And this week’s revelation that the Apple devices do wasn’t even
new–some security experts began warning about the issue a year ago.

But
the worry prompted by a report from researchers Alasdair Allan and Pete
Warden at a technology conference in Santa Clara, Calif., raises
questions about how much privacy you implicitly surrender by carrying
around a smartphone and the responsibility of the smartphone makers to
protect sensitive data that flows through their devices.

Much
of the concern about the iPhone and iPad tracking stems from the fact
the computers are logging users’ physical coordinates without users
knowing it–and that that information is then stored in an unencrypted
form that would be easy for a hacker or a suspicious spouse or a law
enforcement officer to find without a warrant.

Researchers
emphasize that there’s no evidence that Apple itself has access to this
data. The data apparently stays on the device itself, and computers the
data is backed up to. Apple didn’t immediately respond to a request for
comment by The Associated Press


Continue reading

Report: Google confesses to taking private data

The United Kingdom’s Daily Mail reports that Google has admitted its Street View cars collected private data – including passwords and emails – while roaming British streets.

Google was accused of spying on households yesterday after it
admitted secretly copying passwords and private emails from home
computers.

The internet search giant was forced to confess it
had downloaded personal data during its controversial Street View
project, when it photographed virtually every street in Britain.

In
an astonishing invasion of privacy, it admitted entire emails, web
pages and even passwords were ‘mistakenly collected’ by antennae on its
high-tech Street View cars.

Privacy campaigners accused the company of spying and branded its behaviour ‘absolutely scandalous’.

The
Information Commissioner’s Office said it would launch a new
investigation. Scotland Yard is already considering whether the company
has broken the law.

Google executive Alan Eustace issued a
grovelling apology and said the company was ‘mortified’, adding: ‘We’re
acutely aware that we failed badly.’

Many Tech-Out readers probably have their WLAN settings as secure as they can make them, but may want to take some time to double-check their settings.

Besides the question of whether Google broke any laws in the UK, this country or another others in its Street View activities, the greater question is how willing users should be when it comes to voluntarily giving Google and other companies access to personal information.

This writer uses Google and Facebook, even though it’s obvious those companies services are designed to attract customers to data mining operations. If the government admitted to warrantless spying on everyday Americans, the public (one assumes) would be outraged. Is it any better for a private company to do the same?


Is the Internet the new Colosseum?

Jeffrey Zaslow of the Wall Street Journal writes on just how pervasive the ‘net has become especially when it involves our personal lives. He also asks if the accessibility of a worldwide forum has made us more vicious in humiliating others thanks to how anonymous it can also make us, turning embarrassing photos into a sort of “blood sport”. Has it?

There’s a reason why people say that when it appears on the internet, it’s forever, especially if it’s been preserved on someone’s hard drive or appears on something like the Internet Wayback Machine.

Phone cameras, blogs, Facebook, Myspace, Google, and a whole host of social tools have created a privacy nightmare. I would be pretty amazed, and depressed, at how many people would tell me how cavalier they were when it came to how much personal information they had posted on the ‘net. Today’s family picture can easily become tomorrow’s viral sensation with a few cosmetic changes.

And with more prospective employers looking at social networks to gauge potential employees, taking care in how you treat your life online is becoming increasingly important when you step away from the usual anonymity that the ‘net allows.

It’s certainly come a long way from having to use Notepad to hash out HTML thanks to easy-to-use tools provided by sites such as Facebook or Youtube allowing anyone to become their own star on the ‘net for better or worse. Yay! I’m famous!

Or is that infamous? That’s entirely up to you.