http://www.blogcdn.com/www.joystiq.com/media/2011/04/codename-rebug-042511-530w.jpg (http://www.joystiq.com/2011/04/25/rumor-rebug-custom-firmware-enabled-free-psn-downloads-for/)
According to PSX-Scene former moderator, "chesh (http://psx-scene.com/forums/804617-post807.html)," the now six-day-long PlayStation Network outage (http://www.joystiq.com/2011/04/21/psn-down-for-maintenance-in-north-america-and-europe/) is the result of a particularly exploitative custom firmware (CFW) modification for PS3. In a post on Reddit (http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/), chesh claims that a CFW known as "Codename: Rebug" had given its users the ability to log into PSN as if they were doing so from a developer console (or "debug unit").

As a result, chesh contends, this same exploit allowed its users to add funds from "dummy" credit card accounts into their PSN wallets, ostensibly giving them the ability to "unlock" (read: steal) certain PlayStation Store content. Joystiq's research into the purported exploit has turned up multiple (http://www.team-blizzard.com/showthread.php/636-rebug-cfw-free-psn-store!) tutorials (http://www.mateogodlike.com/2011/04/how-to-get-free-ps3-games-and-dlcs.html) detailing the process, which appears alarmingly easy to execute on consoles running the Rebug CFW.

The hack does not allow its users to access the credit card or other personal information of PSN users, chesh adds. Nevertheless, as we reported earlier today (http://www.joystiq.com/2011/04/25/sony-still-investigating-scope-of-psn-attack-as-maintenance-outa/), Sony is working to rule out information theft as part of its investigation during the maintenance outage in which the company is also implementing new security measures.

Sony has not yet responded to our request for comment on this story.

http://www.joystiq.com/2011/04/25/rumor-rebug-custom-firmware-enabled-free-psn-downloads-for/

1 phrase comes to mind for every aspect of Sony security.. Chocolate fireguard, i remember everyone joking that Mac's have the best security because no one clever enough to hack it would ever buy 1, but Sony's created some enemies that are MUCH cleverer than them and think it's a just cause to crack their security out of simple malice, so Sony's got some major changes to make.

Sony appear to be following guide lines set out in PCI compliancy rules. I suspect when they detected a huge number of downloads from PSN but credit control weren't confirming transactions it looked like massive credit card fraud. Procedure would be to pull the site offline to protect PCI data and prevent further loss. Sony will be going through all the transactions for the last 3 months and confirming each one. I suspect they'll also revoke each fraudulent transaction, and report them to the authorities as you would do for every case of credit card fraud. The difference this time is they will not only have the originating IP address, userID and associated email address, but also the CPU ID and MAC address, confirming exactly which console did it.

I'll expect the fraud investigation team are going to be very busy over the coming months, and I suspect a number of pirates will get caught.

Anyone running CFW and stealing from PSN has just left their digital DNA all over the Sony transaction servers and application gateway.


I work in a different industry, but the infrastructure is still the same.

Exactly... SONY were falsely allowing the media to blame Anonymous, whom had nothing to do with the outage.

I have news and what I think, through my four days of research and now a video.



http://www.youtube.com/watch?v=jPtCY2v7JFg