September 2, 2014

Hackers Steal $253 Million Worth of Michael Jackson Songs from Sony

(LiveHacking.Com) – Sony music suffered its second major security breach in a 12 months, this time hackers have accessed Sony’s servers and downloaded Michael Jackson’s entire back catalog worth some $253 million. If true, this makes this attack the biggest cyber crime of all time.

According to reports (here and here) 50,000 music tracks have been illegally accessed and downloaded by hackers, including thousands of previously unreleased Michael Jackson songs. Song bought the unpublished songs (along with his entire back catalog) from Jackson’s estate for just over $250 Million in 2010. The purchase gave Sony the right to release and distribute the songs. A source reportedly told Britain’s Sunday Times that, “Everything Sony purchased from the Michael Jackson estate was compromised.”

Among the unreleased songs is unreleased material from his studio albums along with duets with various stars including the late Freddie Mercury and Black Eyed Peas singer Will.i.am.

According to Fox News, Sony has admitted there had been a security breach and that the Michael Jackson songs where downloaded. Fox also report that the Jackson estate had been told about the hack but wanted (with Sony) to keep the incident secret as there was no customer data involved. There are unconfirmed reports that the hackers came from the UK.

It is also believed that the attackers gain access to music by other performers including  Jimi Hendrix, Paul Simon, Olly Murs, the Foo Fighters and Avril Lavigne.

More Hacking By LulzSec While Sony Hacked Again, This Time By Idahc

It now seems as if hacking is now reaching epidemic proportions and as more and more of our lives are being moved onto “the cloud” (voluntarily and involuntarily) it looks like security breaches and loss of data is becoming the norm rather than the exception.

Over the weekend LulzSec claimed that it hacked the web site of the Atlanta Chapter of InfraGard and released a download of the user login details along with the decrypted passwords. InfraGard is a partnership of businesses, the FBI, educational entities and the National Infrastructure Protection Center designed to protect IT systems from hacker attacks. Such sites are, of course, prime targets for hackers.

LulzSec claim they attacked the web site because NATO now treats hacking as an act of war.

Once they had the list of user names and passwords, LulzSec continued their illegal activities and found that Karim Hijazi, CEO of Unveillance, used the same password for his personal gmail, and the gmail of this company. LulzSec contact contacted Karim where they claim he offered to pay them to eliminate his competitors through illegal hacking. Karmin released an official statement where he shows proof that in fact LulzSec tried to extort him and his company.

While all this was going on, a Lebanese grey hat hacker – who goes by the moniker Idahc, posted the details of 120 accounts which he claimed came from the apps.pro.sony.eu Sony web site. The web site is currently “down for maintenance.”

Sony Hacked Again – This Time Sony Pictures Targeted

Reuters are reporting that the servers running the Sony Pictures Entertainment websites have been breached by a group known as LulzSec. The same group have claimed responsibility for past attacks against PBS television and Fox.com. As a result of the breach LulzSec has published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

This latest security breach comes on the heels of two separate breaches in April. Sony took down its online PlayStation Network on Wednesday 20th April when it spotted unauthorized access to the network by hackers on the preceding three days (April 17 to April 19, 2011). Sony later confirmed that, certain PlayStation Network and Qriocity service user account information was compromised.

Later, Sony revealed that the breach of its servers was much larger than originally reported. Initially Sony revealed that some 77 million user records where exposed during a breach of the PlayStation Network (PSN), however it then reported that 24.5 million Sony Online Entertainment user records have also been stolen.

Reuters has confirmed the authenticity of the data with several of the contestants who details were published.

24 Million Sony Online Entertainment User Records Exposed

Sony has revealed that the breach of its servers is much larger than originally reported. Initially Sony revealed that some 77 million user records where exposed during a breach of the PlayStation Network (PSN), however now it is reporting that 24.5 million Sony Online Entertainment user records have also been stolen.

Details are now emerging that the attack on the Sony Online Entertainment (SOE) network preceded that of the PlayStation Network, but it was only discovered yesterday. As a result Sony has taken down the SOE network, which hosts games that are played over the internet on PCs, and suspended its SOE games on Facebook.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained is as follows:

  • name
  • address
  • e-mail address
  • birthdate
  • gender
  • phone number
  • login name
  • hashed password

On Sunday, Sony announced that it will shortly begin a phased restoration by region of its PlayStation Network and Qriocit services, beginning with gaming, music and video services. It is unclear if the discovery of the SOE breach will delay this.

Sony Confirms That PlayStation Network Attack Exposed Personal Information

Sony’s online PlayStation Network has been unavailable since Wednesday 20th April when Sony spotted unauthorized access to the network by hackers on the preceding three days (April 17 to April 19, 2011). As a result of the intrusion, Sony are now confirming that, certain PlayStation Network and Qriocity service user account information was compromised.

Sony believe that the hackers have obtained access to users’ name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

It is also possible that profile data, including purchase history and billing address (city, state, zip), along with password security answers may have been obtained.

Sony are alerting its PlayStation Network consumers to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. And they reminder users that Sony will not contact them in any way, including by email, asking for your credit card number, social security number or other personally identifiable information.

Sony are continuing to work on this problem and have engaged an outside, security firm to conduct a full and complete investigation into what happened.

Hackers Hacked PlayStation 3 Systems

Hardware hackers claim to cracked the private key used by Sony to authorize code to run on PlayStation 3 systems.

According to a report by John Leyden at theregister.co.uk ,the hackers uncovered the hack in order to run Linux or PS3 consoles, irrespective of the version of firmware the games console was running. By knowing the private key used by Sony the hackers are able to sign code so that a console can boot directly into Linux. Previous approaches to running the open source OS on a games console were firmware specific and involved messing around with USB sticks.

Fail0verflow hacking group released more information about the crack during the annual Chaos Communication Conference in Berlin.

More information is available here.