Sony's PS3 network was practically begging to be hacked, an insecurity expert told a US congress subcommittee.
Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers. One was an ancient Apache Web server that did not have a firewall installed. What was worse was that the outfit knew about it months in advance of the recent security breaches and did nothing about it.
Spafford said that security experts monitoring open Internet forums learned months ago. The problem was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches.
Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.
However publically it is blaming the hacker group Anonymous for the attack. Apparently Sony thinks that the outfit's DoS attacks, which stopped days before the attack, were a smokescreen, Anonymous has denied turning over Sony's data for profit and said it was not its style.