PS3 & PSN Hacking Timeline
Written by Dana Olson
Published at 2011-05-06 01:48:59
8 88 382 1957     16



This is a brief, chronological timeline of many key events leading to the cracking of the PlayStation 3 system and the disruptions in PSN service, and the current downtime caused by an cyber intrusion and data theft on Sony's servers.

This page will be updated as new details become available. Feel free to post additions in the comments, with which we can also update this article.



September 8th, 2009
Sony officially announces slim PS3 won't support OtherOS.

January 23rd, 2010
George Hotz announces near-useless exploit under OtherOS.

March 29th, 2010
Sony announces PS3 firmware v3.21, which removes OtherOS support entirely, from all PS3s, rather than fixing the useless exploit Hotz discovered months earlier.

March 29th, 2010
George Hotz announces plans to work on CFW:
"When 3.21 comes out, I will look into a safe way of updating to retain OtherOS support, perhaps something like Hellcat's Recovery Flasher. I never intended to touch CFW, but if that's how you want to play..."

April 1st, 2010
Mandatory PS3 firmware v3.21 releases, removes OtherOS support.

August 19th, 2010
A USB dongle that allows piracy of PS3 games, called PSJailbreak, is announced. Price is set at $170US.

September 7th, 2010
Mandatory PS3 firmware v3.42 releases, prevents PSjailbreak from functioning.

December 30th, 2010
fail0verflow announces major security flaw in PS3's security discovered. PS3 now believed to be permanently cracked wide open.

February 16th, 2011
Sony issues statement about PS3 homebrew and piracy.

March 31st, 2011
Sony and George Hotz quietly settle their legal dispute.

March 31st, 2011
Over 200 employees laid off from Sony Online Entertainment. Three studios shut down completely. Reportedly, employees given two week's notice, which puts their final days around April 15th or so.

April 4th, 2011
PSN and various PlayStation websites faces intermittent issues due to a DDoS attack by Anonymous group, which is retaliation for Sony's legal barrage against George Hotz and other hackers.

April 7th, 2011
Anonymous cease DDoS attack on Sony's servers due to it affecting the customer rather than the corporation:
"Anonymous is on your side, standing up for your rights. We are not aiming to attack customers of Sony. This attack is aimed solely at Sony, and we will try our best to not affect the gamers, as this would defeat the purpose of our actions. If we did inconvenience users, please know that this was not our goal."
The group resorts to organizing in-store protesting, planned for April 16th, 2011.

April 11th, 2011
Sony and George Hotz announce their March 31st, 2011 legal settlement publicly.

April 16th, 2011
George Hotz donates his donations $10K to EFF. Closing line in blog post is either a lucky guess, wishful thinking become reality, or potentially he had some insight:
"It wouldn't surprise me if the people who did PS3 security were fired. And I'm curious as to who Sony is hiring for NGP security. Lawyers? Get the code to sign a contract that it won't have exploits? You shouldn't piss off the community of people who are actually talented at this stuff. Hell, maybe you even pissed off your engineering employees enough to leave some nice backdoors?"

April 17th-19th, 2011
PSN intrusion occurs, customer data is stolen.

April 21st, 2011
Sony takes down PSN and says it might be down for "a day or two."

April 26th, 2011
Sony informs the public of the intrusion and known extent of personal data theft.

April 27th, 2011
A moderator from PSX-Scene.com posts on Reddit, posing a theory that Sony pulled the PSN down because of piracy enabled by the Rebug custom PS3 firwmare.

April 28th, 2011
George Hotz issues statement on PSN situation, chastises perpetrator for stealing identities.

May 1st, 2011
Sony holds a press conference in Tokyo, Japan, and partners it with an official press release detailing plans to bring the PSN back up in stages. Welcome Back program confirmed, to reward customers for their patience and suffering in this matter. Shinji Hasejima confirmed a known vulnerability in the server software was exploited.

May 3rd, 2011
Sony Online Entertainment servers shut down, also due to intrusion. Credit card data confirmed stolen. Only 900 of stolen credit cards are not expired.

May 4th, 2011
PSN breach currently under investigation by the F.B.I., Data Forte, Guidance Software, Protiviti. Law firm Baker & McKenzie is also in on this with Sony.

May 4th, 2011
Sony sends written response to US Congress. Letter includes mention of the discovery of a text file named "anonymous" with a portion of the Anonymous group's motto inside, "We are legion." Many people jump the gun and immediately believe Anonymous are definitely behind this attack.

May 4th, 2011
Anonymous group releases statement, showing confidence that if a fair investigation continues to be conducted, they will be found innocent, as privacy is one of the things the group stands up for, and stealing customer info or credit card information is of no benefit to them and contrary to their entire modus operandi.

May 5th, 2011
Sony announces the rebuilt PSN is currently being tested internally, and will be launching very soon. They also began emailing US PSN residents with an offer for a free year of identity theft protection, up to $1 million through Debix.

May 5th, 2011
CNET reports that hackers in an unnamed IRC channel are plotting another attack on Sony's servers within the next three days, and reportedly currently have access on some systems.

May 6th, 2011
Anonymous veterans tell the Financial Times that they believe Anonymous is behind this, not as a collective, but because of the nature of the group - if you say you're in Anonymous, you're in Anonymous, even if your actions are contrary to the group's MO.

May 7th, 2011
Hackers discover Sony's servers are hosting a publicly-accessible file which includes information of around 2500 customers. The data is old, from a 2001 sweepstakes. Sony quickly pulls the file. The PSN launch continues to be delayed.

May 10th, 2011
Hacker group Anonymous begins to break apart, fighting amongst each other, leaking members' IP addresses and other details.

May 13th, 2011
Square Enix announce hackers breached Eidosmontreal.com and two product sites. Data that was stolen includes around 350 resumes submitted to the company, as well as 25000 email addresses.

May 13th, 2011
Security expert John Bumgarner reports Sony's networks are still extremely vulnerable, using nothing more than a web browser.

May 13th, 2011
Details leaked that Amazon's EC2 servers were used in the breach of the PlayStation Network. An account was setup under an alias, and attacks launched from there.

May 14th, 2011
PS3 firmware v3.61 is released, allowing users to change their passwords on their PSN accounts. Sony begins phased rollout of PlayStation Network across the globe.

May 16th, 2011
Security expert Bill Caelli publicly calls for Sony to pull the PSN down, as it is not yet certified to be safe and secure, echoing concerns expressed by John Bumgarner. The Japanese government blocks Sony from restoring the PSN service in the region for similar reasons.

May 19th, 2011
Well-known public face of Anonymous, Barrett Brown, announces his parting with the group. His reasons seem to indicate Anonymous is involved with the PSN hack.

May 23rd, 2011
Sony estimates the PSN breach will cost them $170 million by the end of FY2012.

May 25th, 2011
More websites have been hacked into, this time Sony Ericsson Canada and Sony Music Entertainment Greece. Customer data has been stolen once again, however, no credit card details were believed to have been taken.

May 27th, 2011
After claiming responsibility for attacking Sony BMG Japan, hacker group LulzSec claim they are planning more attacks, stating, "this is the beginning of the end for Sony." The group has not taken responsibility for the main intrusion.

May 30th, 2011
Sony plan to restore the full PSN by the end of the week.

June 1st, 2011
Security expert Gregory Evans speaks out about internet security, specifically as relates to the PSN and Sony.

June 2nd, 2011
PlayStation Store relaunched with a bunch of content.

June 2nd, 2011
LulzSec issues press release claiming to have stolen passwords, email and home addresses, dates of birth and other info for over one million users and administrative accounts from SonyPictures.com. They allege this was accomplished via a simple SQL injection.

June 3rd, 2011
Codemasters' website has also been hacked. Customer data has been stolen, which includes: name, address, email address, telephone number, encrypted password, and order history.

June 10th, 2011
Spanish police arrest three men, supposedly members of Anonymous, in connection with various breaches, including the PSN attack.

June 10th, 2011
Epic Games' website and forum has been hacked and user data has likely been compromised, including email addresses and encrypted passwords. All this hacking is starting to become more than a little suspicious, if you ask me.

June 13th, 2011
Bethesda is the next in line to have their site hacked. User data that may have been compromised includes user names, email addresses, and passwords.

June 13th, 2011
Microsoft COO Dennis Durkin and Corporate VP for Xbox Live Mark Whitten discuss the PSN hack, stating that it's bad for the games industry as a whole.

June 14th, 2011
Jack Tretton says that 90% of PSN users (70 million) have returned and connected online since the PSN has come back online.

June 14th, 2011
BioWare is also compromised. 18 thousand Neverwinter Nights forum user accounts were potentially stolen. Data includes usernames, passwords, email addresses, and birth dates.

June 16th, 2011
VG247 interviews a member of Anonymous about the hacking and the recent arrests in Spain.

June 20th, 2011
LulzSec and Anonymous team up to increase hacking activity. They dub this "Operation Anti-Security."

June 20th, 2011
A class action lawsuit is filed alleging Sony laid off security staff shortly before the big PSN heist. They also allege that Sony failed to respond to smaller attacks on the Network.

June 25th, 2011
LulzSec announces they are ceasing hacking activity.

July 6th, 2011
Sony brings PSN services back up in Japan.



Check back occasionally as this saga continues.



13 comments:


Nice timeline. regardless who what when this sure is a shit storm for Sony. Considering this was the "year of the PS3" this is taking a ton of wind out of the sails (or sales lol). I wonder if they will ever save face lost from this fiasco.

I know as a solid Sony fan going into this my patience is getting thin. Lots of blame game and BS, plus having my legit info data mined. Add the extended downtime and I'm not a happy customer, hope they realize this and try to make up for this better then initial announcments

I'm finding myself less and less inclined to even turn on my console right now. I've been spending more time outside than in front of my TV... so this issue has turned into a bit of a blessing. I do eagerly await the return of the PSN, but I can't help but feel that this long down time is going to hurt them. Hopefully we get an update soon.

@Tayler Bell: ya my PS3 hasn't been turned on since the Tuesday before the outage lol. That has been normal for me much less gaming lately, for me its the many principles of the matter my data and timeline/length of Sony's handling of it.

Or as Big Perm from Friday says "its the principalities of the matter"

I've actually been gaming more lately. Which is odd, but I rarely play online to begin with. But my in-game time is going up. I think it has more to do with EA Sports Active 2, though, because now that I've been working out for a while, I feel better than I have in a long time. That means I can do more, and for longer, including (but not limited to) sedentary activities, such as playing games. I haven't really gotten outside much lately because our weather has been fickle, but I definitely plan to get out and take pics very shortly. I did build a big wooden thing not long ago, though that was mostly indoors... But it is now outdoors. And I go out on my deck to BBQ food. So there's that.

Just got my Primo Oval BBQ cleaned up... mmmmm BBQ. Think its time for an all day slow roast one of these weekends :)

Dec 6th, Codename:Rebug video is posted showing the ambitions of Cyberskunk and Evilsperm's team to have a payload requiring jailbreaking that turns retail ps3's into debug ps3's. The pre-release videos showed PSN access was possible. It was released in beta form January 1st without access to PSN enabled.

January 5th a new version that installs as easily as official fw was released and did so by taking advantage of the failoverflow hack with signing keys. March 10th a spoofer is released that makes your fw appear to be 3.60 (current) and has developer sp-int PSN access. March 11th the tool Sever Mapper releases allowing users of the dev server to reroute into individual games public servers. Stats will sync with the developer account if named the same as a public account. March 31st the current version of Rebug is released.

As of April 26th there were PSN server logs unsecured and viewable by anyone with the address in a regular browser. Within an hour of that information being accessed it was locked up. In these logs an alleged IP from the US Dept of Defense is recorded March 3rd, for whatever reason.

Thats all I got. While I still don't know if rebug alerted the hackers to this flaw (I doubt it) I believe they had to do some serious house cleaning to put a stop to it.

Well I have to admit... this makes me want to go watch Hackers :) I almost forgot all about that movie.

Also March 9th Sony roll out fw 3.60, I believe this is a significant turning point. They moved the signing keys and got rid of a bunch of loaders that were being exploited pissing off a lot of pirates and basically making asses out of failoverflow. Games specific to it like Portal 2 do not work on older CFW whether spoofed or not from what I understand.

This was on EU blog, not seen it mentioned anywhere else:

look out for more information on the rest of our Welcome Back programme, including which free content you will be eligible for. We will be offering PSN users the opportunity to select two PS3 games from a list of five, as well as offering PSP users the opportunity to choose two games from a list of four. We will let you know exactly what games are available very soon

Last night (May 8th) Sony issued a service restoration update. In a nutshell: no PSN yet, even though they promised it this week. Key quote:

As you've heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won't restore the services until we can test the system's strength in these respects.

"No update, guys" is not actually an update. This has been the bulk of Sony's communication to us, and it's getting pretty lame.

An update from the other side of things:

http://www.computerandvideogames.com/300876/news/anonymous-website-attacked-as-group-splinters/

Found something interesting from Anonymous' End

http://www.anonops.tk/

the sony video is at the bottom. It's dated back to April 12th but still interesting none the less.

The other interesting part is this post by an Anonymous member posted today:

http://www.presstorm.com/2011/05/there-is-no-anonymous-civil-war/
Adding comments to old posts has been disabled.