How PlayStation Network Works

PlayStation Network Hacked

To understand the hacking incident on the PlayStation 3, we have to look back quite a few months to an incident involving a hacker named George Hotz. Hotz hacked his way into Sony's console and made it possible to run custom firmware on the system. Sony's response? Remove a feature called OtherOS, which allowed PS3 users to install the Linux operating system on PlayStation 3s. Sony thought this made the system more secure, but in removing this feature it was taking away something it had advertised as a significant selling point for the system [source: Ars Technica]. Unsurprisingly, the hacking community didn't like that decision, as they believed they should have the right to customize hardware they've purchased.

Later, Hotz released the system's master key, making it easy to breach the system's security and run custom firmware or pirated games. Sony sued. An Internet group called Anonymous rallied against Sony, attacking its Web sites with denial-of-service attacks and lashing out against the company on the Web [source: Ars Technica]. Sony is obviously worried about video game piracy, but Hotz's defenders argue this is about freedom, not stealing games.

On April 11, 2011, Sony reached a settlement with George Hotz, who agreed not to hack the console again [source: Ars Technica]. But that wasn't the end of Sony's problem: About a week later, on April 20, 2011, Sony shut down PlayStation Network after detecting an external intrusion [source: PlayStation Blog]. PSN had been hacked. Sony was tight-lipped about the incident for several days until April 26, when it revealed that the hackers may have obtained the personal information of tens of millions of PSN users, including their names, home and e-mail addresses, dates of birth, passwords and login information, and potentially their credit card data [source: PlayStation Blog]. Sony's network stayed down for weeks as it performed a criminal investigation into the hacking incident and rebuilt its infrastructure to increase security.

A letter purportedly from the online group Anonymous claimed the decentralized organization wasn't responsible for the attack and that its leadership does not condone credit card theft. Sony claimed it found a file on its network titled Anonymous containing the text "We Are Legion" [source: Reisinger]. Anonymous obviously has a history of attacking Sony -- it was hitting Sony Websites with denial-of-service attacks even as the hacking incident occurred. Because of the group's decentralized nature, it's hard to say if the leadership truly was responsible or if splinter factions could have been operating independently. Sony received criticism from all sides during PSN's downtime. Had Sony been too slow to notify users that their personal information had been stolen? Was its network properly secured? The fallout from the PSN hacking incident will take months, or even years, to be fully realized.