Hackers Offer PSN Credit Cards For Sale

[Krion_Vark]

Okay speaking as someone who investigates this kind of crap (albeit on a much smaller scale)
This has the air of bullshit around it. Most thieves even the stupidest ones, NEVER EVER say WHERE they got something they stole. Even online because if you admit where you got it it's much easier to trace it back to you.

They might have traced some of the credit cards that are being sold on the underground forums back to those that were taken from the PSN. Also I think it would be assumed that if you are selling a shit ton of credit card numbers at this point in time that it came from the PSN. As for me if I was the hacker I would lay low for a while and not try and sell them or sell like 5-6 at a time for a while.

 

[TitanAtlas]

So... Xbox fans cryout around the world, in songs of joy, upon the bad stream of luck that the arrogant Sony corporation is facing....

Men behind lawyers when they needed peopel to work in theyre own security... in theyre arrogance they tought themselfs to be Gods, and trough theyre arrogance theyre falling, right to the solid concrete, like mere man, facing a terrible problem that will end them (TILL THEY GET AN ESCAPE GOAT).

So the time has really come.... when PlayStation begins it dangerous descent into the pits of Lawsuits and Angry Costumers.... Truth be told its a horrible sight....

But i do not worry... PlayStation shall not fall like the incredible (and ahead of its time), the Mighty Dreamcast...

I know that after this descent PS will reappear.... like a soaring Phoenix.... in a Majestic Rebirth, after facing a catastrophy...

We can only wait.... and hope...

 

[Longsight]

Didn't Sony announce, that the Credit card info was safe? and encrypted even if it was taken?
I doubt this claim is true.

Yes it is likely all Sony has on the network is an MD5 hash of the information that their internal computers then decrypt when needed. The hackers likely copied the encrypted data and put it against scripts on their own machines when they had time, and it doesn't take long for a script to run though an MD5 hash anymore. Even on a simple machine. Especially if it is against rainbow tables of likely values.

Actually from a computer security standpoint (as one with a degree in Information Assurance) the amount of time that would take lines up suspiciously closely with the claim that they are now selling it. They probably decrypted enough of it yesterday to get started.

I assume that, with your degree in Information Assurance, you're aware that you can't "decrypt" an MD5 hash, or indeed any hash? That all you can do is find collisions, which are useful when verifying entered data (like passwords) but useless when you need to know the original data (like credit card info for repeated transactions)?

Rainbow tables are yesterday's news, and anybody that really wants to hash something these days uses the likes of bcrypt, not MD5. It's far more likely that they used something akin to RSA, which is breakable if poorly implemented. Which it may well have been.

 

[MattAn24]

Not only that, if this guy was seriously interested in helping, why didn't he simply report what the hell was going on to the proper authorities instead of opening his yap and alerting the "hacker forums" in question?

If there were a comment on The Escapist that would make me believe humanity still exists, it would be this.

Why the fuck would anyone, much less Trend Micro, go and announce these "findings" to the media, potentially alerting the hackers involved.. Rather than contacting authorities and going "Um.. Y'know 'bout that whole Sony thing? Well here's what I just discovered!"

When it's shit like identity theft/fraud, you INFORM THE POLICE OR FBI.

 

[Dark Sup3rn0va]

Why are people here assuming that credit card encrytion can't be broken. They might of only had light encrytion on the CC numbers. What really irritates me is that Sony are now saying that they are moving the location of where they store all these details and making it more secure, but why wasn't it that secure in the first place. It should of been as secure as they could of made possible.

 

[jakefongloo]

Someone needs to held accountable
No, No this not the place.

Laughter is the guardian of sanity in times of darkness

I wonder if the FBI is capable of getting involved? Sony's HQ is in Japan right? However, alot of the accounts stolen were Americans and I would bet dollars to donughts that the hacker team who did this is comprised of Americans.

Alot of the personal information they have acquired can change.
Really, the only thing that can't is names and reasonably addresses. So wouldn't Sony be in the green if it just compisated it's customers when the money is stolen? IDK. Idealism I suppose

 

[andy10623]

Why would you need to change your account number ? Can't you just have your debit card cancelled and have a new one issued ?

 

[Ked]

Personally I think this is a threat, they do have the info and they have the means to sell it, they are using this to blackmail sony, and then they will probably sell the info as well.

The reason they are announcing how and where they got it is to put sony in a hard place, and they are not going to use the info themselves to avoid being caught.

All in all its pretty bad for people on the PSN, but I think sony have made one too many dick moves and they sort of deserve it

 

[viking97]

fuck, fuck fuck, fuck

i really hope these turn out to be rumors

 

[mjc0961]

Well I need to laugh right about now to keep from crying, so hey look, Sony gave an official statement on this whole situation!
http://www.youtube.com/watch?v=eaBUeINW_3s&t=42s

Haha, that's good for a chuckle right? Ah... I'll be over there weeping if you need me.

 

[tommy15994]

I bought something on the PSN once with a card, then deleted it off, but later switched to only using PSN cards. Is my CC in danger?

 

[Sovereignty]

How many idiots said, "You're blowing this out of proportion."

Seriously. Looks like all that fear was well founded.

 

[Orcus The Ultimate]

Not only that, if this guy was seriously interested in helping, why didn't he simply report what the hell was going on to the proper authorities instead of opening his yap and alerting the "hacker forums" in question?

If there were a comment on The Escapist that would make me believe humanity still exists, it would be this.

Why the fuck would anyone, much less Trend Micro, go and announce these "findings" to the media, potentially alerting the hackers involved.. Rather than contacting authorities and going "Um.. Y'know 'bout that whole Sony thing? Well here's what I just discovered!"

When it's shit like identity theft/fraud, you INFORM THE POLICE OR FBI.

yup this is clearly a lack of profesionalism and personal ethics.

 

[Dr. Pepper Unlimited]

Whether or not they have enough info to sell off the credit card information, I think we can all agree that Sony is in a horrible amount of hot water. It just keeps getting worse for them.

 

[Raesvelg]

How can we test the validity of either story. I can come forward and say that i had money charged to my card fallaciously and offer no proof except a statement and it would probably make it here as well.

And that's only half of it. Situations like this are an ideal opportunity for unscrupulous individuals to get away with credit card fraud on their own. Additionally, the fact of the matter is that millions of people every year are the victims of CC fraud, and given how many people are members of PSN, you would expect dozens of them to have such issues every month.

In short; No, we won't really know anything until either someone comes up with the info and the ability to prove that it's legitimate (which would be counterproductive if they were actual cybercriminals with said info), or Sony comes out and says that the CC info was compromised.

 

[andy10623]

Do these hackers not have a life ? How do they find the time to do something like this ?

 

[Spygon]

and the shit storm begins for psn users this is going to suck.Good luck people and i hope things dont get too bad.Also what happens if people who have stopped gaming have paid for things on there ps3 there going to have the accounts rinsed and not even know what has happened.

This is a dark day for the comunity