backtop


Print 30 comment(s) - last by someguy123.. on Jun 10 at 4:41 PM


Sony claims LulzSec are liars and greatly exaggerated the number of records taken in a recent intrusion.  (Source: LulzSec)

A Sony Pictures Entertainment spokesperson claims only 38,000 records were lost.  (Source: LA Recording School)
Company says 38,000 users' data was lost, not 1 million

Sony Corp. (TYO:9684) issued a statement to DailyTech Thursday, in the wake of attacks that have compromised many of its web properties [1][2][3][4][5][6].

[A] Sony Pictures Entertainment spokeswoman [name redacted] writes us:
I am from Sony Pictures and saw your piece this morning on the attacks Sony has been under.  I wanted to point out that the 1 million number you refer to in relation to an attack was announced June 2 by LulzSec, however, the actual number is less than 38,000.  There is a notice on our web site:
sonypictures.com (click on the red banner)
The company's claims stand in direct contradiction with LulzSec's ("Lulz Security") claim:

We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

The decision to claim LulzSec was lying seems a gutsy one on Sony's part.  Hopefully it doesn't backfire on them.

In related news, LulzSec published a heavily redacted email sent to Britain's National Health Service (NHS) warning them of security vulnerabilities that allowed the group to gain administrative passwords.  LulzSec praised the group's work, writing:

In celebration of little girls getting bigger bones, we're now emailing NHS and informing them of those admin passwords we took months ago.

Because if we fucked over those that give health, people would literally die laughing at our antics. Poor lungs = poor lulz, people.

In the email LulzSec writes, "While you aren't considered an enemy - your work is of course brilliant - we did stumble upon several of your admin passwords."

A spokesperson for the NHS told the BBC, "This is a local issue affecting a very small number of website administrators. No patient information has been compromised. No national NHS information systems have been affected. The Department has issued guidance to the local NHS about how to protect and secure all their information assets."

LulzSec, like the 4Chan-affiliated hacker group Anonymous, is loosely organized.  However the membership of the group is thought to be much smaller and more elite than anonymous.  Despite the fact that no-one is "in charge" the group managed to issue regular press releases.  The group sometimes doesn't publish the results of its findings, if it appreciates the compromised organization.  In other cases, like hacks on PBS and 2600 it has shown itself to remorseless at times.

Updated: June 9, 2011 5:17 p.m.

LulzSec graciously responded to these claims via Twitter:

"Sony Says LulzSec Lied About Number of Records Lost" - we didn't say we stole 1 million, we said we compromised 1 million. Silly @Sony :3

SonyPictures.com = ~1,000,000 total users split into various tables of ~200,000 (x2) ~300,000 (x1) ~75,000 (x2) and ~125,000 (x1)

@Sony tell everyone about how many users are in that SonyPictures database; users we accessed does not equal users YOU didn't protect. :D

(By the way, where's the link love, LulzSec?)

Well, looks like a difference of opinion -- or perhaps semantics is at play here.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Lulz
By bubbastrangelove on 6/9/2011 4:00:03 PM , Rating: 5
Sony = glutton for punishment.




RE: Lulz
By Jjoshua2 on 6/9/2011 4:02:07 PM , Rating: 2
I'm inclined to agree with Sony. I checked out the files and there weren't that many there, and a lot of dupes, which they said were Sony's fault for having a poor DB.


RE: Lulz
By omnicronx on 6/9/2011 4:29:36 PM , Rating: 5
I'm inclined to completely disagree with Sony. Read LulzSec's press release, it clearly states ' compromised (this being the key word here, that does not imply they seized this information)over 1,000,000 users', then goes onto state that they did not actually seize 1,000,000 units, but easily could have.
quote:
Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.
They didnt lie about anything, Sony is just playing the semantics game.

Had LulzSec actually taken the time to do so (which judging from their security had absolutely no idea about the intrusion until LulzSec made the claim), they most likely could have seized the entire thing.

Just seems like a terrible thing to claim for absolutely no reason. Full access is full access, the fact that not all of it was seized is completely irrelevant when it comes to Sony's security shortcomings.

Not to mention the repercussions from calling out LulzSec, especially when you consider the damage they could have done with the information had they chosen to do so.


RE: Lulz
By omnicronx on 6/9/2011 4:32:21 PM , Rating: 4
Here is the original press release:

http://lulzsecurity.com/releases/sownage_PRETENTIO...

And here is a summary of exactly what they claim to have seized for those interested..

http://lulzsecurity.com/releases/sownage_FILE%20CO...


RE: Lulz
By Lifted on 6/9/11, Rating: -1
RE: Lulz
By tastyratz on 6/10/2011 11:28:07 AM , Rating: 4
Absolutely! Sony is taunting the bull here and they are going to get the horns. Have they learned nothing so far?

Dear Sony,
Shut your damn mouth and fix your crap. Done


RE: Lulz
By gorehound on 6/9/2011 4:54:20 PM , Rating: 3
Sony lies not LULZ !!!


RE: Lulz
By someguy123 on 6/9/2011 5:02:23 PM , Rating: 2
Yeah, sony is taking this elitism thing to an entirely new level of delusion.

Just leave these idiots alone for christsakes and try to fix your security.


RE: Lulz
By AssBall on 6/9/2011 6:42:41 PM , Rating: 4
They lied about how much stuff they took from Their insecure system?

Its like saying: They only stuck their cock halfway up our ass so it wasn't actually butt-rape. Like they are asking for the rest of it? WTF?

Can Sony executives really be this daft?


RE: Lulz
By Lifted on 6/9/2011 9:12:32 PM , Rating: 5
It's more like "They pummeled our ass like champs, but they didn't shoot their load... so it wasn't rape."

Suuuuuuuuure Sony. Whateva u say.


RE: Lulz
By Uncle on 6/10/2011 11:07:39 AM , Rating: 2
Can't expect that from an arrogant, egotistical, company whose only goal is to look after their Psychopaths at the top, 2: their shareholders 3: maybe their customers if they happen to fit into the scheme of things.


No word on Citibank?
By wordsworm on 6/9/2011 8:23:38 PM , Rating: 1
There have been a lot of customer compromises on the Internet. From banks, no less. Government. The military. Do we expect Sony to be invulnerable to hackers while the others don't get so much backlash? Citibank just leaked 200k peep's worth of data. No mention? Does DT have a special angst against Sony?




RE: No word on Citibank?
By someguy123 on 6/9/2011 11:12:31 PM , Rating: 3
What? There's an article about that leak right on the front page.

It's pretty hard to miss, what with the picture of citibank's logo and all.

Sony makes a lot of headlines thanks to how stupidly they react and comment about their own security problems. They have no one to blame but themselves.


RE: No word on Citibank?
By wordsworm on 6/10/2011 9:48:34 AM , Rating: 2
You're right, there was an article about Citibank. My bad. I follow DT via a Yahoo RSS.

However, how many earthquakes and tsunamis has Citibank gone through prior to the hack?

I think Sony might have already had its hands full. Sure, maybe they needed to beef up their security. However, I'm also sure that the circumstances have given them an awful lot to deal with in addition to other things.

I'm not really trying to defend Sony. I'm just saying that a lot of the comments here are really over-the-top.


RE: No word on Citibank?
By someguy123 on 6/10/2011 4:41:44 PM , Rating: 2
These are "hacks" of the lowest caliber.

Sony quite literally left their doors open. If lulzsec had circumvented a complicated security system sony would be getting less flack. The fact that they are able to constantly steal from sony's databases is what makes this an interesting story, and what generates such resentment against sony's comments.


RE: No word on Citibank?
By omnicronx on 6/9/2011 11:54:51 PM , Rating: 2
quote:
There have been a lot of customer compromises on the Internet. From banks, no less. Government. The military.
I'll be willing to wager a lot of money Citibank (or the banks and governments you menthion) was not foiled by a simple SQL injection attack.

Nothing on the internet can be 100% secure, but this is like locking the door to your house but leaving the key in the door..

So please for the love of god do not enable them..


RE: No word on Citibank?
By Smilin on 6/10/2011 2:13:59 PM , Rating: 2
You are missing some technical details it seemed. Nobody expects Sony to be invulnerable but they do expect them to have *some* security measures.


Won't Sony ever learn?
By HoosierEngineer5 on 6/9/2011 6:46:21 PM , Rating: 2
Back around 30 years ago, I swore off Sony (they intentionally designed their electronics to have an abbreviated life span). Since then, with their rootkits, refusal to support advertized features, and apparent disdain for their customer base, I am glad not to be part of the Sony Baloney all these years. They should be tucking their tales between their legs, apologize, and seriously considering a better business model.

Busting into their database is inappropriate and can only cause more difficulties for the rest of us, but I can't seem to shed a tear for Sony. Maybe makes up for the junk they sold me.

Of course, there is always the next generation to exploit.




RE: Won't Sony ever learn?
By BZDTemp on 6/10/2011 3:30:35 AM , Rating: 2
quote:
Back around 30 years ago, I swore off Sony (they intentionally designed their electronics to have an abbreviated life span).


You're my hero. It's amazing to find someone with such foresight and understanding of what is going on in the world. Please do enlighten us on how Sony designed the short life span into their products. Oh, and let us know if some other company is perhaps making their cassette players to last the test of time.


RE: Won't Sony ever learn?
By HoosierEngineer5 on 6/10/2011 2:32:17 PM , Rating: 2
I don't expect you to understand or believe this, but is is possible to predict with fair certainty (over a large population) what the mean time between failure of certain devices is. In order to design a reliable product, is important to derate the components used. In one particular device I disassembled, this was not done. Additionally, some composition resistors actaully CRACKED due to thermal cycling (they appeared also to be operated above their recommended rating). They were poorly designed, either accidentally or intentionally. Either is worth avoiding.

Based on the number of Sony devices I had at the time, the chances of this many random failures was very low.

If you believe Sony has the consumer's best intention at heart in lieu of extracting as much money as possible, please continue to purchase their products. It will please them greatly.


LulzSony
By gevorg on 6/9/2011 4:19:25 PM , Rating: 3
It would suck big time for Sony if LulzSec would release the list of those 1 million users. :)




RE: LulzSony
By GTVic on 6/9/2011 5:28:52 PM , Rating: 2
No, they just need to release the name of the 38,001st name :)


By MadDogMorgan on 6/9/2011 8:02:00 PM , Rating: 2
Correction, the Dam only "partially" broke. It's irrelevant to us that your family, and 37,999 others were wiped out by the flood. It was NOT 1 million.




By greylica on 6/9/2011 11:32:38 PM , Rating: 2
Fact -> It's worse, they also picked up sony asses for pandering...




Love Boat
By Kurz on 6/10/2011 8:06:14 AM , Rating: 2
Lulz Security I have to say they have excellent taste in music.




By Uncle on 6/10/2011 10:37:03 AM , Rating: 2
So it looks like your on the same bandwagon and agree that sony was incompetent, and derelict in their duties as a company and not safe to hold on to their customers information. Its obvious you wouldn't hand over your personal information to sony especially your own personal credit card#,not the corporate one, or would you.




By Uncle on 6/10/2011 11:39:04 AM , Rating: 2
Forgot to mention it looks like sony is trolling the sites for damage control to figure out the next big PR con, to make them look like the victims instead of their customers. Sonys motto" its a dog eat dog world, means that you must first watch out for your own interests", which is why sony is in the situation it is in now. Sony is just bumbling along, their mental capacity doesn't allow for mistakes this serious,especially when they have been caught with their pants down lower then normal.




no way
By Smilin on 6/10/2011 2:12:30 PM , Rating: 2
Sure they gang raped us but we totally did not do oral for them. WTF?

Didn't Lulz say the didn't have enough storage to hold everything they had access to?




Can Sony back their claim?
By shompa on 6/9/2011 5:05:03 PM , Rating: 1
How do Sony know which data based that where copied? How many tables? How many schemas from that data base?




Difference
By okey20 on 6/10/11, Rating: -1
"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki