Sony’s PlayStation Network Disaster: What Happens Next?

It's been a full week since Sony's PlayStation Network went belly up. For quintuplet of those days, the outage appeared to be just what Sony said–an outage. Yesterday all that varied when Sony admitted the "international intruder(s)" that prompted them to take the PSN down on Wednesday, April 20th, had in fact grabbed reams of personal information, and maybe (though unconfirmed) financial data such As charge card info. With upwards of 75 million PSN users stilted, some are career IT the largest breach of classified drug user data in history. Where does Sony go from here?

(More on PCWorld: PlayStation Network Hack Timeline)

Soh far, all we recognize about the PSN outage and security breach could fit neatly on the back of gasbag. Someone broke in, Sony shut the service down, at just about point opted to completely rebuild the servers, and finally admitted yesterday that the intruder(s) grabbed a pile of rudimentary personal info, e.g. names, addresses, and birth dates.

What we Don River't bon, by contrast, could in all probability fill a book. For starters: What type of security had Sony enacted prior to the takedown? Did it ramp up security in the rouse of attacks past hacker aggroup Anonymous? Were the hackers related to Anonymous (Anonymous denies it was an administrative unit operation)? How did the interloper(s) gain access? Did the takedown have anything to do with "Rebug" made-to-order firmware free by hackers originally this month? Did Sony really not know until yesterday that a serious reclusive information breach had occurred? Did the intruder(s) actually develop credit card or other sensitive personal financial info?

(More connected PCWorld: PlayStation Network Security Breach: A Survival Guide)

And what we'd genuinely like to know: What sort of recompense will Sony allow for Qriocity and PSN members (take note that many pay $50 a year for PlayStation Plus insurance premium membership)? Has Sony known the parties involved? Does the presumably criminal activity constitute a sobering enough felony (or series of felonies) to involve the FBI? What sort of security measures is Sony taking to ensure an attack look-alike this–or worse–won't find again? How will it express that to its over 75 1000000 PSN members and convince them not to jump ship?

The answer to the last question's the virtually troubling. Corporate trust is earned, non established overnight. When the PSN comes back, as it will, Sony's going to issue press statements and probably dispatch a blizzard of emails to PSN members claiming the problem's been solved and that they've essentially implemented a topping security measure.

Easier said than cooked. When implementing new technology or revising existing system architecture, most companies takes months (and approximately years) to develop, implement, and Beta test. Sony's in an absolutely awful position: It has to pose in place fashionable security and do thusly as fast as potential. From each one day the PSN's Down the spotlight expands, the probability of long-term brand stigma increases, and the likelihood we'll see users trading in PS3s for Xbox 360s snowballs. At least two multiple-A games launched last calendar week for both consoles (Portal 2 and Mortal Kombat). PSN users had altogether of a twenty-four hour period to play either online before Sony pulled the plug (to say zilch of entirely the other games affected, including single-player ones that require PSN get at at inauguration for prize synchronisation).

(More on PCWorld: Portal 2: A Little Better All The Time)

Sony's also painted itself as a target for future attacks, both by legally going after hackers like Hotz (who says he only wanted to jailbreak the PS3, much A he helped unlock Apple's iPhone) and in a way goading headless international hacking groups who'll determine the red-hot security measures as simply a new challenge.

Let's be vindicated here: Thievery confidential ain information is both unconscionable and unacceptable–equally ethically unjustifiable as it is illegal. Spell Sony bears practically of the incrimination for obviously unsuccessful to secure its services sufficiently, we shouldn't forget the real culprits accountable for its recent troubles (whether involved in this latest penetration or no, that includes Anonymous). They merit the lion's share of the inculpation, should Be chased to the full extent of the law, and held accountable as so much. Thither's a proper path and wrong way to protest if you're foiled with a corporate monolith. These recent events are unambiguously the wrong way.

Where does Sony go from Here? 2 priorities: Get the PSN in reply, and establish on the far side the shadow of a doubt what was and wasn't compromised. At present, the enquiry remains whether charge card info was obtained. Sony says it has no evidence of this, but North Korean won't decree it out. It needs to. Then IT of necessity to get both Qriocity and the PSN back on its feet, assure customers both services are in tip-top shape, straighten a "peace offering" (refunds, credit toward the service or its products), and–plainly–insure the service girdle heavenward and performs at acceptable levels, whether under siege or no.

Interact with Game On: Chirrup – Facebook – Touch base