A conversation log of a group of Playstation hackers has revealed some interesting claims about the way that the Playstation Network hack went down. If the claims are true the intrusion attempts began on March 3rd at 16:00 GMT. The hackers didn’t get through until March 16th and when they did, the successful probe came from a US Department of Defense IP address.
In the transcript the hackers discuss the hack, Sony’s response and failures by the company to recognize known vulnerabilities in the version of Apache that they were running on their servers.
One of the hackers, trixter, claims to know when the intrusions began and exactly when the successful breach of the network occurred. When asked about the source of his information, he replies with a coy “it magically appears on my monitor.”
the probes to get into PSN appear to have started March 03 16:00 GMT. It seems it took them until March 16 to actually get in though
from a US Department of Defense IP no less
[21:13:38] trixter: where did you get that info from? :)
it magically appears on my monitor
Then he derides Sony for running an older version of Apache, 2.2.3 which he claims has ‘even more’ known vulnerabilities than version 2.2.19, which was the version that the servers were running with the intrusion occurred.
what is funny is that the auth server used to be a redhat box running apache 2.2.19 (which has some known vulns in it) but now its a redhat box with apache 2.2.3 which has even more known vulns.
He also speculates that the hacker to breach Sony’s network successfully resides in Europe.
given the probe date and time I am guessing that it is someone in europe (after school or work for example) and in relation to graf
He then says that he is not affiliated with the hackers that attacked the PSN but that he tried to ‘warn’ Sony months ago.
note I am not affiliated with the person or persons that attacked PSN, but I did say MONTHS ago “sony if you are monitoring this channel you should upgrade your servers they have known vulnerabilities”
He attributes the server’s vulnerabilities to the success of the hack.
[21:29:37] so is the downtime due to server-side holes?
yes, someone penetrated
raped em like a prison bitch
Now we’re taking this report with a grain of salt, because we know how hackers like to talk and there’s no way of verifying the contents of this log. But if this is true then it raises some questions about Sony’s knowledge of system vulnerabilities and how long they knew without taking steps to
We’re continuing to look into this matter and will update if we find any more information.