Home network hacked?

[Blue407]

Hi All

On Monday my Fiancé noticed some unusual transactions on her bank account for Sony Ent Network - she has reported this to her bank and cancelled her card.
My Son has now noticed some purchase transactions on his PS3 account that he hasn't done.

Now unfortunately it looks like these 2 things tie up together and are of the same amounts.
However, my Son swears blind that he has not used her card to make purchases, no card has even been setup by us on his account. We believe him.

I have spoken to Sony who have been very helpful and are investigating the matter.

Has anyone come across a similar scenario where card details have been obtained from being used on a home network and then purchases made with them?

At the moment, unfortunately, all the evidence is building up against my Son and I need to find evidence to exonerate him.
We have the usual collection of laptops, iPhones and iPads being used on our home wireless. Its a new BT router with WPA enabled.

Any advice, suggestions gratefully received!

 

[Roadki11]

While not a security expert, I would say your son is hosed. Makes no sense why a hacker would gain access to credit card info from someone in your house then use that info to buy stuff on the Sony network with an account from in your house. The big question is how was the card info was obtained, do you know? It would be unusual for anyone to store their card number, expiration date, and cvv/cvc number in plain text on their home network. Does your fiancé do a lot of online shopping or none at all? Really hard to overlook the obvious in this case....

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[Blue407]

I know, evidence is becoming overwhelming against him. But he still maintains his innocence.....
So I have to exhaust all obvious possibilities...

Bottom line is that the fraud benefits nobody but him, only he can use the downloaded games/extras as its on his account. We have already proved that if we login on another PS3 with his account it logs him off. So nobody else could benefit....

No, the card info would have to have been grabbed when a online transaction was done a few weeks ago - I know, highly unlikely!

 

[Roadki11]

Right, and if they had compromised his Sony account they surely would have changed his password so they would have exclusive access.



RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[Roadki11]

Sony should be able to provide the IP address the transaction was performed at. If it’s your IP, it doesn’t necessarily prove anything other than either your hackers have inside access to your home network or your son did it. If it’s a China IP block then you can pretty well prove your son didn’t do it unless he was smart and used a proxy.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[SamBones]

You might also consider his friends. Does he have a lot of friends over to play on the PS3?

We had an issue with our son, where one of his friends that we liked a lot turned out to be a thieving underhanded druggie scumball. He was all smiles and politeness to our faces, but couldn't be trusted.

While it does look like your son is the most likely perpetrator, someone else with physical access to your house and his PS3 could be the culprit.

If your son was the one who brought the unknown purchases on his PS3 account to your attention, that actually argues in favor of his innocence. If he had knowingly used her card to buy some things on his account, I would think he would try to keep it hidden and hope it wasn't found out.

I feel bad for you being in this situation. Although the financial damage was small, the damage to your trust for your son could be huge. And that's whether he did it or not. Trust is important, and it's easily lost and difficult to restore.

 

[stubnski]

==>On Monday my Fiancé noticed some unusual transactions on her bank account for Sony Ent Network

Just to point out the obvious, if a hacker was able to get your Fiancé's credit card information, I highly doubt the hacker would buy games on your son's Sony account. They would drain the card to get all the cash they could.

I assume there is a subscription to the Sony online network, how is it paid every month? Could someone accidentally order the games without having to enter credit card details?

I also agree with SamBones, your son might be telling the truth in that he didn't use the card but does he know if a friend used it or not? Are there any time stamps for when the games were purchased or credit card was used? Does your son have an alibi for that time frame?

 

[SamBones]

I think the possibility of it being a hacker is pretty much zero. Why would a hacker buy your son something on his Sony account? What would the hacker's motive be? I can't see any.

Going with stubnski's line of thought, has anything ever been purchased on your son's Sony account using your girlfriend's card before? I don't know if Sony keeps credit card info like that, but if it has been used before, it could have been an accidental purchase.

Another possibility, going down a very Machiavellian path, how well do you know your girlfriend? It's possible (though probably not probable) that she snuck onto your son's Sony account and made the purchases to frame him, thus making your relationship with him weaker, giving her more time with you. Ok, maybe that's the soap opera version. I think I watch too much TV.

Hmmm, but how well do they get along?

As stubnski mentions, the time stamp on the transaction may give you more information. It could eliminate, or implicate, a suspect.

 

[raggmopp]

[tt]Beef up your passwd! Doesn't matter if your son did it or not, just the thought of this happening should give you motivation.
At the risk of telling everybody what your passwd might be ...

At least 1 upper case alpha, at least 1 lower case alpha, at least 1 numeric, at least 1 special character and it is min 8 characters in length.

If you're running UN*X/Linux look into installing something like 'denyhosts' or 'fail2ban' If they're hijacking you as a 'man in the middle' then Sony should know that as well.

I get 100+ attempts every night. I traced them to either China or East Europe/Russia.
Sometimes they go nuts with their brute force ssh attacks.

[/tt]

 

[Noway2]

Has anyone come across a similar scenario where card details have been obtained from being used on a home network and then purchases made with them?

Yes. My wife has a small business and makes purchases for materials and supplies. Three times, her account has been compromised and used to make fraudulent purchases. Each time, it followed purchasing from one particular vendor, one that she doesn't buy from anymore.

Just to point out the obvious, if a hacker was able to get your Fiancé's credit card information, I highly doubt the hacker would buy games on your son's Sony account. They would drain the card to get all the cash they could.

The multiple experiences with my wife's card say otherwise. Each time, they tried to make a series of small purchases from places like iTunes.