Anonymous hacker group hits Apple, publishes data (Reuters)

SAN FRANCISCO (Reuters) – Internet vigilante hacker group Anonymous claimed that Apple Inc in a broken server and have released a small number of user names and passwords to an American technology company's website.

Anonymous said Sunday on his account on the microblogging site Twitter that Apple could be a target for hackers and released the information as part of the anti-Security, or "AntiSec" campaign.

"Not so serious, but … Apple may be objective, too. But do not worry, we do something else," Anonymous said on his Twitter feed, where she co-wrote a link to data on text-sharing site Pastebin.

Anonymous said data 27 user names and passwords for the site was www.abs.apple.com.

Apple website for online surveys used, on Monday will get an error message that the server was temporarily offline, said.

An Apple spokesman declined comment.

Anonymous has been linked to the security group of hackers Lulz at the end of June. LulzSec, the great recognition for the violation of the websites of Sony Corp., the Central Intelligence Agency and the British police unit that has among other objectives, said he was disturbing his mission, businesses and government agencies met for the entertainment.

Security experts who have researched the origins LulzSec say, that of Anonymous, who became famous for attacking companies and institutions, the group opponents WikiLeaks and its founder, Julian Assange holds.

Anonymous started earlier this month dozens of e-mails from private data and other Web site of the police in Arizona. LulzSec first dozens of internal documents from the website of the Arizona police themselves, published in June.

(Reporting by Marius Bosch in Johannesburg and Pournami Gupta in San Francisco, Mount Gary Crosse)

LulzSec hackers disband after last data dump (Reuters)

File photo of Chinese businessman talking to clients behind a series of Sony Computer for sale at a computer store in Beijing

The Security Lulz known group of renegade hackers that it was closed last Saturday included a last data dump, the internal AOL Inc. and AT & T documents – NEW YORK (Reuters).

LulzSec, the great recognition for crimes against the Web sites of Sony Corp., the CIA and a British police unit, received among other goals, said in a statement that it their mission to disrupt business and government for the complete entertainment.

"Our planned 50-day cruise is over, and now we have to sail in the distance, leaving behind – we hope – inspire fear, denial, happiness, acceptance, rejection, ridicule, embarrassment, worry, jealousy, hatred, even love, "the group said.

Known for its irreverence and a fondness for metaphors ship, the group of hackers is on Twitter – the microblogging site where it was more than 277,000 followers – to release his statement.

A link to the press release was posted on http://www.lulzsecurity.com, but there was no way to contact the group to independently confirm the release.

The dissolution came suddenly after a few days LulzSec threatened to intensify its attack and steal confidential information from governments, banks and other large institutions.

LulzSec had also said that it was working with a group of anonymous activists hackers to more serious problems.

"…Our scheduled 50-day cruise has ended, "hackers said in his statement," and we must now sail in the distance, leaving behind – we hope – inspire, fear, denial, happiness, acceptance, rejection, ridicule, embarrassment, consideration , jealousy, hatred, love yet. If anything, we hope to have a microscopic impact on someone somewhere. Everywhere. "

Ends?

In what may be a sign that cyber police had made progress towards the end of LulzSec do, said British police Tuesday they had a 19-year-old man arrested on suspicion that he was connected to the attack on Sony, the CIA and the British police unit that combats organized crime.

Metropolitan Police declined to say whether the teenager was a member of LulzSec, but hacking group said on Twitter that he was one of the chat room hosted on its computer server.

The arrest came after police in Spain this month, three men arrested on suspicion they helped anonymously.

Published to LulzSec attacks mostly to temporary disruptions in some sites and the release of useful data out.

The data of the group spent Saturday was a mixed bag.

Reuters could not delete any files, but those that were available included a list of access routers – devices that Internet traffic – and their passwords, but also provide information for an Irish private research service. AOL's internal documents revealed elements of a technical manual.

Gave a list of files in a download site stated it clearly is not an AT & T's internal data in the landfill, although this was the kind of information immediately.

AOL was not immediately available for comment, while an AT & T spokesman did not immediately comment.

(Reporting by Ben Berkowitz and Paritosh Bansal; Editing by Tiffany Wu and Bill Trott)

Sony restoring game network in Asia; to testify in U.S. (Reuters)

Man looks at Sony Corp's products at an electronics store in Tokyo

TOKYO/NEW YORK (Reuters) – Sony Corp said it will start restoring its PlayStation videogame network in Japan and elsewhere in Asia on Saturday, more than a month after a massive security breach leaked personal details on tens of millions of accounts.

The Japanese electronics and entertainment giant also said on Friday it plans to testify before U.S. lawmakers at a hearing on data security in Washington on June 2 to address what is thought to be the biggest Internet security breach in history.

The company has been under fire since hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts — 90 percent of which are in North America and Europe — and may have stolen credit card information.

Video game fans and security experts alike have criticized Sony for its handling of the incident, which sparked lawsuits and cast a shadow over its plans to combine the strengths of its content and hardware products via online services.

The company apologized to customers for the outage and said a range of new security measures had been introduced. These included a better early warning system that could alert the company about breaches.

In a new letter sent to U.S. lawmakers late on Thursday evening, Sony said it added more firewalls and introduced policy changes and thorough testing of its systems. But Sony warned the new measures might not be enough to fully secure its networks.

"No security system is absolutely foolproof, and changing conditions in the future can make a currently secure environment less secure," Sony said in the letter signed by Kazuo Hirai, the head of Sony Computer Entertainment, the company's games unit.

Japan's trade ministry ordered the games unit on Friday to adopt measures to improve the management and security of personal information, following the data breach.

"Considering the content and volume of information leaked, it is an extremely grave incident, and it is truly regrettable that it occurred and took a considerable time to notify users and the ministry," the ministry said in a statement.

Sony has said it will offer a new identity protection service to customers in Asia.

COUNTING COSTS

On Thursday, Sony said it was keeping to its target of restoring all PlayStation Network services by the end of May, with any delay beyond that not likely to be more than a few days.

It has said it expects the hacking to drag down operating profit by 14 billion yen ($172 million) in the current financial year, including costs for boosting security measures.

Sony shares fell 3.2 percent ahead of the announcement on the restart, with analysts concerned Sony's forecast for a $975 million net profit this business year may not meet expectations. Its ADR shares in the United States were down a little over 1 percent in early afternoon trading.

Some users have said the prolonged outage prompted them to switch to rival Microsoft Corp's Xbox Live games service.

The attack on Sony is the highest-profile of a series that have affected large corporations recently, fueling doubts about the security of cloud computing services.

Sony discovered unusual activity on its PlayStation Network, which enables games console owners to download games, chat with friends and pit their skills against rivals, on April 19.

It shut down the network and its Qriocity online music and movie service, frustrating many users, but waited almost a week before alerting users to the extent of the security leak.

The company later found out a separate online games service had also been penetrated, allowing access to another 25 million user accounts.

($1 = 81.345 Japanese Yen)

(Reporting by Isabel Reynolds and Liana B. Baker; writing by Anshuman Daga; editing by Lincoln Feast and Andre Grenon)

Sony says Greece music site security breached (AP)

TOKYO – Sony said it discovered a security flaw 8500 user accounts in a music-entertainment site in Greece, coming on the heels of a hacker attack that forced its flagship online gaming site.

Sony Corp. spokesman Shigenori Yoshida said on Tuesday that personal information such as names, phone numbers and email addresses can be stolen. Yoshida said no credit card numbers were affected.

Sony closed the website for Greece on Sunday and investigate the attack. Yoshida had no further details.

Sony's "PlayStation Network" system was hacked last month, more than 100 million accounts worldwide online and forces it to shut down the popular online gaming service.

The Japanese manufacturer of the PlayStation 3 video game machines and Bravia flat-screen TV has said it aims to fully restore service by the end of May

The security breach is a huge blow to Sony's reputation as the struggle over years of losses at its TV operations and new challenges to overcome shortages in parts of Japan March 11 following the earthquake.

The company said Monday it did 14 billion yen (170 million) to the insurance that identity theft for customers, improve network security, free access to content, customer service and included a cover of 'research on software piracy.

Sony predicts a loss of $ 3,200,000,000 for the fiscal year that ended in March 2011.

Sony to report $3.2 billion annual loss (AP)

Masaru Kato

TOKYO – Sony Corp. expects a loss of 3.2 billion, reversing its previous projection of a return to profit as the electronics giant struggles with production interruptions and the tsunami in Japan hacker attack on its online gaming service.

The Japanese manufacturer of the PlayStation 3 video game machines and BRAVIA flat-panel, said Monday that the projection of a loss of 260 billion yen (3.2 billion), net income for the year ended March 2011 largely due to the writing of 360 billion yen (4.4 billion dollars) on a tax credit reserved for the previous quarter.

Sony has announced the loss of his first official results were announced Thursday under the guidelines of the Tokyo Stock Exchange. The company had previously expected a profit 70000000000 yen (860 million).

Like many other Japanese manufacturers, Sony has been hampered by production interruptions offset the March 11 earthquake and tsunami that killed more than 25,000 people, destroyed many factories and sent to the country's economic recovery in the opposite direction.

The company has maintained its expected operating profit unchanged at 200 billion yen (2.46 billion U.S. dollars). It expects to report sales of 7180000000000 yen (88.2 billion dollars), a bit 'down from a previous forecast of 7.2 trillion yen (88.5 billion U.S. dollars).

Masaru Kato, Chief Financial Officer of Sony said the party as a result of the disaster shortage has eased, but a full recovery has not yet been realized.

"During the first quarter, we saw a big enough impact to our manufacturing industry," he said. After the earthquake, the "negative factors have become more and better balance the previous games division of previous losses, dashing hopes for a profit.

Tokyo-based Sony also faces a new challenge, the call for a massive security hole that more than 100 million online accounts.

Following the temporary closure of the online service last month, Sony began restoring PalyStation network services in the U.S. and Europe on May 15 specifically for online gaming, chat and music streaming services.

Sony 14000000000 yen (170 million U.S. dollars) spent on a price that identity theft insurance to customers, improve network security, free access to content, customer service and an investigation of hacking, including lid.

Sony has seen declining sales of flat-screen TVs and other gadgets, and was probably in the red in the TV business to remain in the seventh year law.

Sony also has a better game for music players and other portable devices to Apple's iPod, the iPhone and put iPad.

The company booked a loss 40800000000 yen (439 million U.S. dollars) for the fiscal year ended March 2010 after a loss of 98.9 billion yen the year before Sony before_ annual red ink in 14 years.

___

Associated Press writer Tomoko A. Hosaka contributed to this report.

AP Source: Apple nears music deal with labels (AP)

LOS ANGELES – Apple Inc. is committed near safe with all four major record labels for music service that allows users to stream songs stored on a remote server, presumably made for a range of Apple portable devices, a person close with the matter said Friday.

This service would take care of people with a wide range of music on-the-go to transfer without connecting most of limited space and the need to physically different tracks devices.

Universal Music Group, a division of Vivendi SA, is going to give that agreement, Apple will have the right to sign songs for its current customers, though, is how exactly the service function remains unclear, the person said.

The music service is likely to cloud the annual Apple developers conference in San Francisco, which is the way to the Sixth Announced in June.Agreements with units of record songwriting royalties collected that are still ongoing, but should be completed soon, said the person.

The person was not authorized to speak publicly about the business and spoke on condition of anonymity.

Universal would be the largest record company and the last, a cloud with Apple to face the music after the creator of iPhone and characters iPads section looks at arm's Sony Corp. 'music, EMI Group and Warner Music Group Corp. Ltd. , said the person.

A spokesman for Apple declined comment.

Bloomberg News reports that Apple had earlier agreements with Sony, EMI and Warner, Universal and satisfied that it was close to an agreement.

Over the past two months, Amazon.com Inc. and Google Inc. both music and Cloud had submitted plans, but does not deal with the label provided.The services appeared to have limited functionality and was giving people access to content is uploaded.

Apple deals with companies allow music downloading, streaming and mobile use – and can offer a more complete service, said the person. But it is also unclear how much Apple will charge for these possibilities, and if people would pay per song or subscribing to a common plan.

Amazon offers free storage for up to 5 gigabytes of storage clouds, but the fees, which start at $ 20 per year for 20 gigabytes and more. Google service by invitation and is free to use during the test.

___

AP business writer Rachel Metz in San Francisco contributed to this report.

Sony begins restoring PlayStation after security breach (Reuters)

File photo of a woman walking past a signboard of Sony Corp at its headquarters in Tokyo

TOKYO (Reuters) – Sony said it had begun restoration of its PlayStation Network games service on Sunday, almost a month after a massive security breach of the network forced the company to shut it down.

Gamers and security experts had criticized Sony for its handling of the incident, which sparked lawsuits and cast a shadow over its plans to combine the strengths of its content and hardware products via online services.

The Japanese electronics and entertainment giant apologized to customers for the outage, and said a range of new security measures had been introduced. These included an early warning system that could alert the company to any attempt to penetrate the network.

"I can't thank you enough for your patience and support during this time," Sony No. 2 Kazuo Hirai said in the news release, which was also posted as a video message on the PlayStation Network blog.

"We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, companywide commitment."

A single message from a PlayStation Network user under the name SG-1_F-302 on the blog read simply: "Thank you Sony!!!!"

But some users have said the prolonged outage has prompted them to switch to rival Microsoft's Xbox Live games service.

In what is thought to be the biggest security breach of its kind, hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are in North America and Europe, and may have stolen credit card information.

Hackers rented a server from Amazon for the attack, Bloomberg news said earlier in the day, citing a source with knowledge of the matter.

Sony discovered unusual activity on its PlayStation Network, which enables games console owners to download games, chat with friends and pit their skills against rivals, on April 19.

It shut down the network and its Qriocity online music and movie service, frustrating many users, but waited almost a week before alerting users to the extent of the security leak.

The company later found out that a separate online games service had also been penetrated, allowing access to another 25 million user accounts.

PROCESS TO BE COMPLETE BY MAY 31

Sony said the restoration of PlayStation Network and Qriocity online movie and music services would take place on a country by country basis and that it expected the process to be complete by May 31.

Sony Online Entertainment services are also being restored and customers will be offered free game time as compensation for the outage, the company said.

Sony also said it had appointed an acting chief information officer to oversee security on its networks.

The attack on Sony is the highest-profile of a series that have affected large corporations in recent months, fuelling doubts about the security of cloud computing services.

"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses," Sony quoted Francis deSouza of Internet security company Symantec as saying.

Japanese games company Square Enix, known for the Final Fantasy series, said on Saturday that hackers had accessed one of its websites and obtained information, including up to 25,000 customer e-mail addresses and possibly job applicants' resumes.

(Editing by Ron Popeski)

Sony PlayStation Network access begins to return (Digital Trends)

Sony's PlayStation Network has finally started to come back online, Sony Corp. president and CEO Kazuo Hirai announced Saturday night. The PlayStation 3 system update needed (v3.61) is now available. Once installed, many PSN services, including online play for PlayStation 3 and PSP, which should soon be available to users in the Americas, Europe, Australia and New Zealand and the Middle East. Sony expects to have full access worldwide restored May 31

"I send my sincere apology for any inconvenience this interruption of service you have caused, and I want you for the patience you showed as we worked through the process of recovery thanks," Hirai said in a video announcing Return of the NDP. "I can not thank you enough for your patience and support during this time."

Functions in a phase of the return of the NSP are restored: Reproduction Service Charter of the PlayStation Network video service for PS3 and PSP devices MediaGo; on Qirocity Music Unlimited subscriber, and access to third-party services like Netflix and Hulu, buddy list, chat, and Trophy Compared to the PS3 and PlayStation Home.

As part of enhanced security measures to Sony, all users must change their passwords and PSN Qirocity. Passwords can be changed only on the machine that was used to activate the account.

All PSN and Qirocity do users get the "Welcome Back" package as soon as their PSN access is restored. U.S. users can verify that the card, indicate whether the service has been restored to her. (You know, just trying desperately to maintain a link until it works.) At the time of this writing, had no access states, such as Restoration really should start on Sunday.

In addition to his apology, Sony maintained that they believed they were prepared for such an attack, but said that the black hat hackers trick the modern ever-changing, making it more difficult to defend.

The hackers, who is responsible is guilty of catastrophic vulnerability and theft of data on nearly 13 million credit cards left in the dark, even if members of the group Anonymous were hacktivists suspects have been taken right after.The group denies any official role in the breakup.

Watch Sony President Kazuo Hirai full statement:

Sony yet to fully secure its networks: expert (Reuters)

People walk in front of the Sony Corp's headquarters in Tokyo

BOSTON (Reuters) – Sony Corp's computer networks remain vulnerable to attack three weeks after the company learned that it had been victim of one of the biggest data breaches in history, according to an Internet security expert.

The expert found a handful of security flaws in Sony's networks while remotely studying its systems via the Internet to see how difficult it would be to penetrate the electronics giant's systems in the wake of the attacks.

Security researcher John Bumgarner discovered a potential bonanza for hackers by using little more than a web browser, Google's search engine and a basic understanding of Internet security systems.

"Sony still has several external security issues that need to be addressed," said Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a research group funded by government and private sector grants that monitors Internet threats.

Bumgarner, a well-regarded Internet security researcher and U.S. military special operations veteran, identified a handful of flaws that would be easy for a hacker to identify and potentially exploit.

Sony did not respond directly to Reuters on the security lapses that Bumgarner said he had uncovered, but three of five flaws that Reuters pointed out to the company on Thursday were fixed later in the day.

"The first and most important thing to note is that protecting our customers data is a company-wide commitment that we take very seriously," a Sony spokesman said in an email on Thursday. Sony officials did not return calls seeking further comment on Friday.

It was not immediately clear if the identified security gaps allowed for access to active or defunct systems.

Several flaws remain, according to Bumgarner, who said he had viewed only parts of Sony's network that were visible over the Internet and did not attempt to break in to password-protected sites or exploit any vulnerabilities.

He found no evidence of breaches beyond the two Sony has disclosed. But he said he was able to find gateways to internal systems and locate data that would be useful to hackers by using simple techniques that he shared with Reuters.

SONY SANTA

The techniques uncovered a number of security gaps.

Through a series of Google searches, Bumgarner was able to find a software program that Sony developed in 2001 to run a SonyStyle.com Christmas gift registry and sweepstakes program called Sony Santa.

That program gathered users' names, addresses and ages. The names and partial addresses of some 2,500 of those sweepstakes contestants were posted on a website.

Sony said on Thursday that it learned of the error on May 5. The site has been taken down and Sony is working to remove any residual links to the list, a spokesman said.

Bumgarner also found an access point to a server running an identity management system that he said controls access to logins and passwords for employees throughout Sony Pictures Entertainment. He located that system by conducting a Google search using the terms "site:.Sony.com identity."

Most companies attempt to hide these servers from the prying eyes of potential hackers because these systems are linked to sensitive employee account data, he said.

In a file on Sony's website that alerts search-engine crawlers to which sections of the site that Sony wants a search engine to avoid cataloging, the company provided a link to an internal password-protected software application.

Bumgarner said the domain on Sony Corporation of America's network where the application was located was carefully hidden from view, so a web crawler or casual surfer would not have located it. But putting the URL in the file effectively served as a red flag to potential hackers who might see it as a potential weak spot in Sony's armor, Bumgarner said.

On May 4, Bumgarner located a server in the Sony network that disclosed the names, Facebook IDs and IP addresses of Sony customers who were playing online games through Facebook.

IP addresses allow somebody to track the general location of a player. He Tweeted his discovery on May 4 and Sony plugged the leak two days later.

The company installed a security management system from Riverbed Technology on the server that leaked the Facebook data. Bumgarner was able to view an access screen to the Riverbed system that had the login field filled with a user ID through May 10.

"No one should be able to point a web browser at Sony and see a security management console or find their identity management system that has been indexed by Google," he said.

Sony has fixed some of the flaws after Reuters detailed them in an email. They include removing the file from its website that tells search-engine crawlers which sections of the site to avoid cataloging. Sony disabled access to the password-protected application that the file originally pointed to and eliminated access to the Riverbed security system.

WIDESPREAD PROBLEMS

Bumgarner's research showed that the problems with Sony's systems are more widespread than the company has acknowledged. Sony has said that only its PlayStation Network and Sony Online Entertainment systems were hacked.

Most of the flaws that Bumgarner discovered were in other Sony networks — that of the Sony Corporation of America, Sony Pictures Entertainment and Sony Electronics Corp.

Security experts say companies need to be discerning when deciding which servers to expose to the Internet.

Many of the flaws that Bumgarner discovered were identified with a tactic known among hackers and security experts as "Google hacking" — using the search engine's advanced features to find information that would be of use to hackers.

He found the Sony Santa program by searching for items on Sony's network written in Microsoft Excel format (site:.sony.com filetype:xls).

Mikko Hypponen, chief research officer at computer security firm F-Secure, said Sony should have been more careful.

"They've been running in circles for the past three weeks," Hypponen said.

"The first thing a consultant group or an Internet response group would do is run a basic vulnerability scan and that's what they would find," he said, referring to the lapses found by Bumgarner.

Security experts have said they believe the hackers initially gained access to Sony's network through a "spear-phishing" attack that targeted a systems administrator who had broad privileges to access data on Sony's networks.

In "spear-phishing" campaigns, hackers craft e-mails with personalized messages so that the recipients let their guard down and click on links or download attachments that launch malicious software programs that take over their computers.

Once one PC is corrupted, hackers can use that machine as a base from which to launch sophisticated operations, such as the attacks on Sony's networks.

Bumgarner found a page on Sony's website that lists the names, e-mail addresses and phone numbers of IT managers that he said the hackers could have used to launch a spear phishing attack. He found that information through Google searches.

(Additional reporting by Liana B. Baker; Editing by Ken Li and Ted Kerr.)

Sony says 25 million more accounts hacked (AP)

NEW YORK – Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 — earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

Company spokeswoman Taina Rodriguez said Sony had no evidence the information taken from Sony Online Entertainment, or SOE, was used illicitly for financial gain.

“We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible,” Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment games, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include “EverQuest,” “Free Realms” and “DC Universe Online.”

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a “make good” plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20. The company is working with the FBI and other authorities to investigate what it called “a criminal cyber attack” on Sony’s data center in San Diego, Calif.

The company said it would offer “welcome back” freebies such as complimentary downloads and 30 days of free service to PlayStation customers around the world to show remorse and appreciation.

PlayStation spokesman Patrick Seybold, in a blog post Monday, denied a report that said a group tried to sell millions of credit card numbers back to Sony.

He also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.