Chronology of the attack on Sony’s PlayStation Network

Sony sent a letter to Congress today that describes the details of the hacker attack on its PlayStation Network and The Station online gaming services.

The information shows how Sony’s information technology team discovered and then responded to the attacks, which forced Sony to shut down the services and tell more than 100 million registered users that their personal data might have been stolen. It also says that 12.3 million account holders had credit card information on the system, including 5.6 million in the U.S.

Sony says it believes it knows how the attack occurred but is reluctant to make details available. It has not yet determined who is responsible for the attack, although it found some evidence pointing to hacktivist group Anonymous on its PC online service servers. Sony said that major credit card companies have not reported any increase in fraudulent credit card transactions.

Here’s the timeline:

January 11, 2011. Sony sues George “GeoHot” Hotz and others for jailbreaking, or circumventing the security system of the PlayStation 3.

January 27, 2011. Sony asks for a temporary restraining order stopping Hotz from further distributing the jailbreak tools to users, who can download them and break the security on their machines so they can run unauthorized software.

February 12, 2011. Hotz posts a rap video on his YouTube page explaining his side of the case. (It now has 1.8 million views).

February 19, 2011. Hotz starts a blog about the lawsuit.

March 6, 2011. Court approves Sony request to access all the internet protocol addresses of the people who visited GeoHot’s blog to download the jailbreaking tools.

March 23, 2011. Sony claims that Hotz has fled to South America and destroyed evidence. That turns out not to be true, according to Hotz’s attorney.

April 3, 2011. Hacktivist group Anonymous launches a cyber attack against various Sony web sites in an operation called #OpSony in retaliation for Sony’s pursuit of George “GEoHot” Hotz and Graf_Chokolo.

April 11, 2011. Sony settles the PS 3 jailbreaking case with Hotz. Anonymous says it will continue with boycott of Sony on April 16.

April 19, 2011, 4:15 pm Pacific time. Members of the Sony Computer Entertainment network team detect unauthorized activity in the PlayStation Network system in San Diego, Calif. Certain systems are rebooting when they are not scheduled to do so. The network service team starts reviewing the logs from the system to see what is wrong. It takes four servers offline.

April 20, 2011, early afternoon. Sony’s team discovers evidence that an unauthorized intrusion has occurred and that data of some kind has been transferred off the PSN servers without authorization. Six more servers are found to have been possibly compromised. Sony hires a forensic investigation team that afternoon. That team begins to “mirror” Sony’s systems, a meticulous process.

The team can’t determine what has been taken and so it shuts the network system down. At that point, the 77 million registered users of the network can’t play online games, access their accounts, or purchase movies and other entertainment on the network. Sony’s experts have to delve through 130 servers and 50 programs.

April 21, 2011. Sony hires a second computer security and forensic consulting firm to provide more manpower.

April 22, 2011. The forensics team completes the mirroring of nine of ten servers that are believed to be compromised. Sony Computer Entertainment’s general counsel provided the FBI with information about the intrusion. Sony’s forensics team has not reached any conclusions at this point.

April 23, 2011. Sony’s forensics teams confirm that very sophisticated and aggressive techniques were used to obtain access, hide their presence from system administrators, and steadily escalate their privileges inside the servers. The intruders deleted log files to hide their work. Sony now realizes it needs yet another forensic team to help.

April 25, 2011. The forensics teams determine the scope of the personal data that has been stolen from all PSN and Qriocity service accounts, but the team does not know if credit card numbers have been accessed.

April 26, 2011. Sony provides public notice about the intrusion. It also notifies regulatory authorities in a variety of states about the criminal intrusion.

April 28, 2011. Hotz denies any involvement in PSN attack.

April 29, 2011. House of Representatives subcommittee asks for more information on the attack as it considers legislation to require companies to notify consumers in case of data theft.

April 30, 2011. Sony’s No. 2 executive, Kazuo Hirai, apologizes to Sony’s customers and holds the first public press conference about the attack. He says the PSN should be up within a week and that Sony has beefed up its security.

May 1, 2011. Sony finds new evidence that hackers broke into the servers of Sony Online Entertainment, the PC online gaming division of the company which runs online games such as Free Realms and EverQuest. Sony discovers a file that says “Anonymous,” “We are legion.” That’s the slogan for the hacktivist group.

May 2, 2011. Sony says it will explain what happened to Congress but won’t testify yet.

May 4, 2011. Sony sends letter to Congress answering questions.

[photo credit: ant network]