After last year's PlayStation Network security breach, Sony has had a hard time winning back the trust of PSN users. As they take steps to strengthen their security network, the man entrusted with ensuring the ongoing safety of the system has outlined his strategy for keeping user profiles safe.
Brett Wahlin joined Sony last October. Prior to this he was the chief security officer at McAfee, and before that he served as a counter-intelligence officer in the US military during the Cold War. He is now using user profiling as a way of detecting unusual activity.
"We are looking to see if there are there key elements within a person's interaction with their environment," he told SC Magazine.
"That could be interaction with badging systems, with telephones — when and who do they call — and with systems like browser habits and applications used. All these things allow us to set up a pattern for users, so when something different happens we can respond.
"If we detect unusual activity, it may be that someone's been owned by a Trojan that we don't know about, and we can stop data flying out the door."
According to Wahlin, his intelligence work during the Cold War will come in handy when it comes to dealing with cyber criminals.
"You start to see a lot of similarities to the social engineering tradecraft in the Cold War... they have a discrete set of characteristics and targets and if we can begin to adapt some of the pattern recognition to a digital-based [environment]... we may be able to detect fraud more effectively," he said.
Wahlin aims to couple fraud detection with social engineering methods so that legitimate PSN transactions aren't mistakenly blocked. His team is collecting data on gamer activity so that Sony will be able to detect fraud.
Wahlin is particularly interested in coupling available fraud detection systems with social engineering prevention methods to reduce false positives that result in legitimate transactions on the PlayStation Network being blocked. The security team is now building a profile on what makes a typical gamer to generate data that Wahlin hopes will position Sony to detect fraud and fight social engineering attacks by phone, email and physical intrusion.