Former hacker and lead architect at , Kyle Adams, spoke with PCWorld about how the hack may have occurred. Adams suggests Sony may have left its doors wide open for attack by using outdated software.
Hackers likely gained access using an , according to Adams. In other words, hackers inserted malicious code into the database, and the server erroneously executed the code. This allowed the hackers to gain access to the server.
Adams suggests that the attackers may have entered the server . Sony's blog was using an outdated version of Wordpress, which has known .
"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams told PCWorld.
The attack on Sony's PSN was an "advanced persistent threat," which, as the name suggests, is a series of ongoing, planned attacks. Each planned attack opens up more and more doors, allowing the hackers to advance further into the server.
"The depths they went indicates that this hack wasn't arbitrary," Adams said.
He explains that these types of attacks can go on for weeks or even months without being discovered, and that APTs typically involve attempts to obtain valuable data.
"They perceive value in the site they're going after," Adams said. "There's a whole lot of value in the data Sony had. There's always a buyer out there."
Adams did stress that he believes Anonymous had , and notes that the group has never hacked and taken personal information in the past.
Adams seemed to concede, however, that that Anonymous may have made the hacker's jobs easier with their DDoS attacks has some validity.
"It's possible for another group to go through an open backdoor," he said.
For more tech news and commentary, follow Ed on Twitter at and on .