A Ransomware Group Claims To Have Breached 'All Sony Systems' (videogameschronicle.com) 57
Tom Ivan, reporting for VGC: Ransomware group Ransomed[dot]vc claims to have successfully breached Sony Group and is threatening to sell a cache of data stolen from the Japanese company. While its claims remain unverified, Cyber Security Connect reports that the relative ransomware newcomer "has racked up an impressive amount of victims" since bursting onto the scene last month. "We have successfully compromissed [sic] all of sony systems," the group claimed on both the clear and dark nets. "We won't ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE."
According to Cyber Security Connect, the group has posted some proof-of-hack data, although it says this is "not particularly compelling information on the face of things." It includes what appear to be screenshots of an internal log-in page, an internal PowerPoint presentation, several Java files, and a file tree of the leak which seemingly includes fewer than 6,000 files. Most of the Ransomed[dot]vc's members reportedly operate out of Ukraine and Russia.
According to Cyber Security Connect, the group has posted some proof-of-hack data, although it says this is "not particularly compelling information on the face of things." It includes what appear to be screenshots of an internal log-in page, an internal PowerPoint presentation, several Java files, and a file tree of the leak which seemingly includes fewer than 6,000 files. Most of the Ransomed[dot]vc's members reportedly operate out of Ukraine and Russia.
Would not surprise me (Score:4, Insightful)
Remember when Sony had no internal email for 6 weeks or so? Apparently they have not fixed their shoddy IT security practices.
Re: Would not surprise me (Score:5, Insightful)
Re: (Score:2)
It's not about underestimating them. It's about overestimating Sony's abilities to secure their data and networks. They have proven time and time again to NOT be good at it. Ever. The PSN is absolute trash and has gone down several times. Microsoft has never had the same issue with Xbox Live? Why? Probably because it's a paid service and Microsoft actively invests in its security and infrastructure. Sony was the biggest hold out on cross-platform play. And do you know why? Because the PSN couldn't handle it
Re: Would not surprise me (Score:2)
Re: (Score:2)
Not the same things.
Re: Would not surprise me (Score:2)
Re: (Score:2)
False. Sony only greenlit specific games for crossplay, at first. Microsoft and Nintendo both globally opened their networks to crossplay long before Sony. Sony cited "privacy" concerns for their main reason. More like security concerns because, as has been made clear numerous times, their security sucks. I can only imagine the number of morons who store their CC info on their PSN just asking for people to take it.
Re: Would not surprise me (Score:2)
Re: (Score:2)
Re: (Score:2)
Going down due to DDoS is not even remotely related to anything I'm talking about. But speaking of outages, let's compare the worst outages. Xbox: 11 days back in 08/09. PSN: 23 days in 2011. Biggest causes for Xbox: as you said, DDoS's. Biggest causes for PSN: security (and I wouldn't be surprised if they were more susceptible to DDoS as well, but too lazy to look into that specifically at the moment).
Re: (Score:3)
Microsoft has actually been hacked and exposed themselves as the most stupid fuckers imaginable because they did everything wrong. Sure, they did invest a lot of effort. But they did not understand how to do it right. All that saved Azure and most data in it from getting destroyed globally was that the attackers did not want to cause damage and did want to remain undetected.
References:
https://www.schneier.com/blog/... [schneier.com]
https://techcrunch.com/2023/09... [techcrunch.com]
Re: (Score:3)
Nope. I am not naive. I just know a bit more about this than you do. No idea why you try to defend Sony.
Things start with these people very rarely using zero-days. Zero days are very valuable. Depending on what they are for, you can literally make millions by selling them to secret agencies. Also, zero-days mean you have to develop the attack code yourself and that is high-effort, time consuming and requires a lot of expertise. The second thing is that there are plenty of targets where zero days are not nee
Re: (Score:2)
That is, finding a remote zero-day in the networking stack of the linux kernel is a tremendous amount of effort, because it's been hardened. However, finding a zero-day in any random website is maybe as easy as entering a username with an empty password (a surprisingly common flaw). If someone puts their build
Re: (Score:2)
Well, you have a point. If the defenders are really stupid, it may be very easy to get in.
This is not called a "zero day" though. A "zero day" refers to a class of systems being attackable, not just the ones where they have thar "special" security admin.
Re: (Score:2)
Remember when you assumed things just to be among the first to post something on Slashdot? Yep, that was just now.
Don't assume incompetence against what could be state-sponsored (or at least state-ignored) hacking. Never heard of 0-day exploits?
Maybe wait for more information before jumping to conclusions.
Re: (Score:2)
A state-sponsored attacker claiming to be a ransomware group? That would be a first.
Re: (Score:2)
Nice job not reading. Also not a first for you.
I also included state-ignored attackers, meaning groups that operate from impunity from within Russia, as long as they don't cross the oligarchs or Putin.
Re: (Score:2)
There is no difference between "state sponsored" and "state ignored/tolerated/whatever". States have an obligation to enforce their laws and any international treaties they are signatories of. If they chose to not do so, they support whatever criminal activity is going on.
Re: (Score:2)
So you're conceding my point, which is an expansion of what I originally said before you replied.
Are you contending that it's not a well known fact that Russia looks the other way towards hacking groups operating out of Russia, as long as they leave Russian interests alone?
Re: (Score:2)
I don't remember that, but I do remember the time Sony had a Ransomware attack https://it.slashdot.org/story/... [slashdot.org]
Re: (Score:2)
Nice! I did not remember that one. So they pretty much have a history here.
Payback ... (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Okay. You got two more years. Then you're gonna have to let that one go.
Re:Payback ... (Score:5, Interesting)
Okay. You got two more years. Then you're gonna have to let that one go.
The rootkit is a symptom of everything that led up to it.
Sony made a fortune with the Walkman, a device that itself was popular due to the ubiquity of dual-deck cassette recorders, enabling both radio recording and cassette swapping. Then, Sony's record label division got a bit too deeply in bed with their consumer electronics division...Minidisc/NetMD were innovative products for their time, but they employed DRM at levels other things didn't.
Right around when Sean Fanning was in the courts and the existing labels were trying to put the digital music genie back in the bottle, Sony tried to present consumers with the clearly-inferior solution that was SonicStage and the proprietary, DRM-ridden ATRAC3 format. Conversions on Pentium 3 machines took forever (and were lossy), playlists were obnoxious to use, the software itself was slow and gobbled up RAM and disk I/O at levels we wouldn't see again until modern Chrome, and existed to enforce a silo that was more onerous than Apple at the time, because SonicStage was the only thing that would sync songs to Sony "digital music players", which couldn't be marketed as MP3 players because they didn't, in fact, play MP3s.
So, in this environment, some admittedly-smart folks devised a piece of software that was installed without a EULA or other form of disclosure, that was not only itself malware that caused issues with other DRM systems of the time as well as perfectly-legal emulation software (like Daemon Tools or Nero Imagedrive), but was used by other malware writers for more insidious reasons. A half-baked uninstaller was only available *after* the public outcry; reformatting computers was really the only way to get rid of it. The real icing on the cake was that bands at the time (most of whom didn't have a choice regarding whether the DRM was implemented on their albums) were clearly coerced into making statements regarding how "real fans would be missing out" if they didn't buy the album in spite of the DRM. Many band websites at the time added lines of this nature into their FAQs; band Myspace pages also had a number of 'buy it anyway' statements. ...The issue wasn't merely bad software, it was the incredible audacity of Sony to go down that route in the first place. The company who made billions on both music sales *and* the equipment to duplicate them was suddenly willing to cause damage to their paying customers' computers to prevent duplication of purchased content.
Now, there's a piece of me that wonders if Sony really has mellowed out over the past few years; Xperia phones are some of the easiest to mod and they don't seem to be pushing nonstandard formats or custom DRM systems in the consumer space anymore...whether it's because they wised up, the folks responsible retired, or they're accepting their fall to an almost bargain brand against Apple and Samsung, is pure conjecture. The reason we don't forget the rootkit, however, is because it is the propensity of any company or division who sells intellectual property to get to that level. If we forget the rootkit debacle and the climate for which it was a culmination, we will end up having the same mistake repeated again, in a far more insidious and problematic way.
Re: (Score:2)
I'm not disputing any of that. I'm saying it's been 18 years. It's time to move on to new complaints. I don't judge Porsche "today" for making stuff for the Nazis.
Re: (Score:2)
That may absolutely be true. But move to the newer examples! :)
Re: (Score:2)
Re: (Score:2)
And now, Sony, all your system are...
Sounds lame (Score:2)
A PowerPoint and a couple lines of Java code? Probably some two-bit contractor fell for a phishing page. "All of Sony systems" compromised is absolute bull.
Sony showing how it's done (Score:3)
Re: (Score:2)
Send the Yakuza in to make sushi out of their brains.
Re: (Score:2)
Sony showing the world it can't secure it data and networks. Sony showing the world why no one should buy a PS5 or use the PSN. Sony showing the world they're an incompetent company who makes garbage products. Good job Sony!
Better not fuck with my ps5 gaming! (Score:4, Insightful)
I don't care about Sony but if my gaming is impacted then I want those fuckers droned!
Re: (Score:2, Flamebait)
Go piss off your time gaming you useless sack.
Re: (Score:2)
Lol, so funny!
Laughing at you, not with you.
What's your world saving hobby? Go ahead, tell us, I'll wait.
Re: (Score:2)
Hard? He insulted me for no reason, I replied with a total of 20 words in 3 short sentences. AC was a really good idea today, troll.
Or maybe 20 words is a lot for someone as stupid as you. After all, I am way smarter than you! Lmao, omg I bust myself up.
I love you AC troll guys!
Re: (Score:2)
Well, you're the dumbass who bought a piece of shit PS5 so that you can use the piece of shit PSN. Should have spent your money intelligently on literally anything else.
Re: (Score:2)
Awwwww, poor baby so upset someone is retired and enjoying stress free life while you're working your ass off for the man.
Same question as to the other clown: what amazing world saving hobby do you have?
I don't expect a reply but I find it amusing to ask.
Re: (Score:2)
Awwwww, poor baby so upset someone is retired and enjoying stress free life while you're working your ass off for the man.
Lmao. I haven't had to work in years, and I'm probably younger than you are too.
Same question as to the other clown: what amazing world saving hobby do you have?
Irrelevant. I don't care about your hobby itself nor am I criticizing it. I game more than you. You're "enjoying a stress free life" but this event "better not fuck with [your] gaming". If you wanted stress free, then you picked the wrong company's console.
Re: (Score:2)
True, I should have chosen Nintendo which is mostly kiddy games or Xbox which is Microsoft's shitty low end clone of PlayStation. Your gaming advice is... inadequate.
Re: (Score:2)
True, I should have chosen Nintendo which is mostly kiddy games or Xbox which is Microsoft's shitty low end clone of PlayStation. Your gaming advice is... inadequate.
Well, now I know you aren't a gamer as you don't have a clue of what's going on in either of those camps. I mean, sure, maybe you really enjoy those few PS exclusive games. But those are few and far between. Some are kiddy games, so not those ones. Many are straight up not good. Most aren't even actually exclusive since they get released on PC. So, what's the real point in defending your shitty choice? Other than you already made the shitty choice, and you aren't going to spend more money to fix it - which
Re: (Score:2)
U R S0 EL8!!!11 Howe kan eye B U?
Lol, you're on your third post and have yet to give me an alternative, say why ps5 is bad, or really do anything else except start up a trolling attack like the old Apple vs pc days, vi vs eMacs, iPhone vs android, and so many other childish religious tech wars.
Oh Great Gaming God! I beseech you! Please oh dear Gaming God, please tell me how I should have spent my gaming dollars!!!
Lmao
Re: (Score:2)
U R S0 EL8!!!11 Howe kan eye B U?
Can't even do that right.
yet to give me an alternative,
You know all of them. You named two and I alluded to the third.
say why ps5 is bad
...this article we're commenting on alone should have been enough to tip you off.
Well, I guess your life is pretty stress free. Being completely incapable of any level of critical thinking allows, and proves, that.
Re: (Score:2)
4 posts. Nothing but spew. You posted your fact free idiocy 4 times! Soooo funny!
I'll give you my answers:
PC.
eMacs.
iPhone.
Ps5.
Which religions are you a follower of?
Or let's just get right down to it. Instead of buying the most popular system which is targeted by the most game makers and has the most games, what system do you own oh great G@m3r G0D?
I notice in 4 posts you still have t said. Let's make it 5 fact free posts! Go for it!
Re: (Score:2)
Or let's just get right down to it. Instead of buying the most popular system which is targeted by the most game makers and has the most games
This implies that you believe that the PS5:
A) is most popular
B) has the most games
That would be false on both fronts. The Switch has almost double the library size of PS5 and has sold 3x times the number of PS5. Now, of course, you believe that Nintendo is "mostly kiddy games", but you've never done the research to confirm, because if you had, you would actually be smarter and not regurgitate wrong information.
Not "wanting" to pay... (Score:2, Troll)
Well, duh! Of course they don't "want" to pay. That's not how this works. You're a scumbag hacker who can't get a job doing something useful and you think people should "want" to pay you for that?
I worked at Sony years ago (Score:5, Insightful)
The head of US IT was an amazingly smart guy. He taught me a lot about networking. For one reason or another, he quit and his assistant was put in charge. After a while, he quit as well and eventually the most junior person in the group was put in charge. Methinks that something about the management culture pushed out all of the talented people
Re: (Score:2)
I met one of the high up Sec Ops Analysts that worked started working at Sony shortly after the LulzSec incident in response to George Hotz. I met George at the same DEFCON, I believe it was DEFCON 24. The analyst told me that Sony had a shit show of zero patch management and very little cyber security response. This was a bit tragic considering the size of Sony.
Re: (Score:2)
This sounds like many large I.T. departments honestly, corporate and government...the ones who are smart enough to see the writing on the wall leave the other poor bastards to fend for themselves...sometimes after and sometimes even before they get what they want/need out of the job.
Re: (Score:2)
The head of US IT was an amazingly smart guy. He taught me a lot about networking. For one reason or another, he quit and his assistant was put in charge. After a while, he quit as well and eventually the most junior person in the group was put in charge. Methinks that something about the management culture pushed out all of the talented people
Consistently promoting the junior person into what is absolutely a senior position, screams one thing about that "culture".
Cheap fucks.
The result, was predictable.
Good, they took on Sony (Score:2)
Sony is notoriously hard-nosed about their intellectual property. Expect an F-35 strike on whatever Carpathian village these perps inhabit any time now.
9 year old Dupe (Score:3)
I mean it's not like a company wouldn't learn from a ransomware incident https://it.slashdot.org/story/... [slashdot.org] is it? This is a dupe right? Surely they wouldn't have fallen for this twice...