The PlayStation Network was an open target for hackers, if evidence brought up by security experts is to be believed. Dr. Gene Spafford, a professor of computer science at Purdue University, believes that part of Sony’s network, which uses Apache servers to authenticate consoles, was unpatched and had no firewall installed.
Spafford apparently gets his information from a number of Sony employees who use open Internet forums to communicate. The problem of vulnerability was apparently reported by an employee some months ago, but Sony declined to attend a hearing to discuss the security problem.
Spafford’s findings also appear to tally with information retrieved from an IRC chat channel (#ps3dev) used by PlayStation hacking experts and hobbyists. During a chat on Feb 16, one member said: “If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it’s the auth[entication] server."
The more we read and investigate the hacking of Sony’s services, the more it seems likely that Sony must have known about the vulnerability of the network some time ago. And with people even talking about it openly online, it’s quite amazing that the PlayStation Network wasn’t taken down sooner. The PlayStation Network has now been offline since April 18, with Sony releasing an official statement reassuring customers that security will be before it comes back online. Who’s behind it all, we still don’t know. While Sony claims that “Anonymous” left a file on the server, the hackers say they had no involvement. The plot continues…and thickens by the day.