In the 20 days since Sony’s PlayStation Network was taken offline due to a major hack compromising the personal information of 77 million PSN accounts, the embattled company has faced a public relations nightmare worse than Jason, Freddy Krueger, and the Candyman combined. Since that April 20th date, so far the Great Sony Breach has brought the conglomerate 2 class action lawsuits, investigations and inquiries from international governmental authorities, reports of lost sales from game developers setting up shop on PSN, a new law from Australia forcing companies to swiftly reveal network security failures, not to mention a great loss in public confidence.
April 23rd brought the death of Norio Ohga, the former Sony Chairman, who was instrumental in establishing Sony Computer Entertainment and ushering Sony into the videogame business. This crisis which exposed the names, addresses, countries, birthdates, account passwords/logins, handles, network IDs, and credit card information of its users may usher their way to the exit. Sir Howard Stringer, Sony’s current Chairman, compares Japan’s recent earthquake/tsunami tragedy to this man-made comedy of errors in a May 5th letter to affected users. But as this saga slogs on, you have to wonder: Can Sony recover from this unnatural disaster?
Popzara’s wordy but wonderful Nathan Evans (Mr. Universal) and John Lucas try to make sense of the Great Breach that will surely change Sony forever. Enjoy the following pictures and phrases, laddies and gentlewomen!
Sony’s Unnatural Disaster
Half-assed. That’s the only word I can think of when I look at this whole PSN mess. I know that nothing in LIFE much less computer networks is 100% secure. If it can made, it can be un-made. I can deal with that. What I can’t deal with is the obvious lack of backup planning Sony undertook. In that – frankly late – April 26th statement from Sony’s PlayStation Blog, Sony says that they take information protection very seriously. They say that providing quality and secure entertainment services to their customers is their utmost priority. Then why was it so alarmingly easy to dismantle this network? Why did it take them so long to properly inform their supposedly highly prioritized customers about identity theft? Why couldn’t they know what had been hacked and what had not been nearly immediately after the incident? For God’s sake they didn’t realize that 24.6 million Sony Online Entertainment (SOE) accounts had been hacked by the same attack until over 2 weeks later!
And furthermore why do they have to get a team from outside the company to help them investigate what happened in the first place? Isn’t this the mighty Sony Corporation? A corporation built on technology and media? Don’t they have an internal task force monitoring these kinds of situations? I’m imagining a dark underground room full of lit-up beeping monitors with a crack team of tech wizards on call. Sort of like those Brink’s Home Security commercials. But obviously Sony’s network security is just as much a fantasy as those laughable commercials.
I’m not a high-level tech whiz by any means. I hear the word “hash” and I’m thinking about corned beef from Hormel. But I do understand the meaning of a firewall. It’s pretty hard to scale a wall of fire (pretty impossible, actually) so that type of wall will always block out anything trying to enter. Why is Dr. Gene Spafford from Perdue University giving testimony to the U.S. Congress about PSN not only NOT having a firewall but also using non-updated unpatched server software? This information he gets comes from security mailing lists from people who work in computer security and participate in the Sony network. Outdated unprotected network ripe for the plucking. Incompetence on discovering the scale of the hack. Vague mealy-mouthed late responses to their customers. Delay in contacting FBI about such a large-scale incident of identity theft. And on top of all that, weak compensation to the victims with a planned “Welcome Back” package giving you 30 free days of PlayStation Plus. The word I have for all of this is HALF-ASSED. Sony, you haven’t bowed ENOUGH!
I think the Great Sony Breach of 2011 is about more than simply inconveniencing millions of PSN users from playing their new copies of Mortal Kombat or Portal 2 online (as bad as that sounds). For me, the worst part was the complete lack of communication throughout the most critical part of the breach – the first week – which left millions of confused users scratching their heads about what the heck was happening over in Sony Land. Outages happen all the time and can be fixed, but what happened here wasn’t a simple outage; it was a breach. And not just a breach in their security, but a breach of trust between Sony and their millions of trusting users.
And now they want us to trust them again. As if a ‘free’ 30-day subscription to their PlayStation Plus Network makes everything better. Is anyone even awake at the wheel over there? Saying “sorry” for essentially giving hackers access to millions of credit card and other personal info by granting victims ‘free’ 30-day access to their enhanced PSN services, which ties every download made to having a continued subscription, means losing everything you’ve downloaded after the 30 days are over. Way to double-dip and hit everyone with a double-dose of losses, Sony. Wow.
But what’s most alarming is what this whole fiasco means for Sony’s planned future of an entirely connected digital ecosystem, which would include not only the PlayStation game consoles (i.e. the PS3, PSP, etc) but other Sony-branded networked machines. This includes all those shiny new cellphones, tablets, home computers, televisions, and practically anything that can easily be networked into their futuristic ‘Sony World’. They’ve partnered with Google on several projects already (i.e. NGP, Google TV), and I think they’re still making the world’s biggest guest list to this digital party.
Sure, it sounds great on paper: The world’s biggest orgy, filled with the world’s most beautiful and desirable people, and Sony’s giving you the freedom to ‘play’ with anyone you want. Only a few of them have herpes, and you can’t tell who’s got it.
Brings new meaning to the word “anonymous”, doesn’t it? But there’s not a damned thing casual about this situation. And to play off my first sentence, there’s no doubt Anonymous has knocked Sony World off its Sixaxis. This mysterious group/un-group/non-group of hackers, pranksters, and all-around anarchists is highly suspected of being behind the attack which the individually-assembled collective (contradiction?) has repeatedly denied. Kaz Hirai, Sony Corp.’s Representative Chief Executive Officer/Executive Deputy President and heir to the Sony throne, says that the not-yet identified intruders left a file on SOE’s servers titled “Anonymous” containing the words “We Are Legion” in his letter to the U.S. House of Representatives Subcommittee on Commerce, Manufacturing, and Trade. This comes after Sony’s recent court battles with hackers George Hotz (GeoHot) and Alexander Egorenkov (Graf_Chokolo) and Anonymous’ subsequent declaration to attack Sony’s websites in retaliation.
Now while it isn’t absolutely definite that Anonymous are behind this, they certainly haven’t done much to undo belief that they are the prime suspect (even 2 former Anonymous members say the group is most likely responsible). With their infamous track record of hacktivism and the timing of their declaration of war on Sony, they would make the perfect patsy if some other entity was the perpetrator. Do Anonymous see themselves as the internet’s guardians against organizational corruption? Or do they see themselves as an untouchable band of renegades who can control the internet anytime anywhere anyhow? And will any of that change the closer world governments get to discovering who Anonymous are? Now that the FBI and U.S. Department of Homeland Security are involved in this investigation, we’ll see one way or another if all those Guy Fawkes masks will retain the smirks on their faces. Will the conclusion be White hat, Grey hat, or Black hat for this uncollected collection of network decoders?
A few years back I actually investigated this so-called hacker-group Anonymous when they first got their digital panties all bunched up over Tom Cruise and the Church of Scientology, and let’s just say that I didn’t come away that impressed. Back then I called them “a movement that seems at odds with itself, hastily assembled from a collection of internet fringe groups and anti-social youths with only the most cursory understanding of civil liberties and the concepts of liberty.” Three years later, nothing has changed, and they’re still the go-to group when you need your online fix of spooky time-lapsed clouds and electronic voices to represent the teenage rage and delayed adolescence that comes from living vicariously behind keyboards and plastic Guy Fawkes masks.
But do I think that Anonymous is behind the Sony Breach? That’s hard to say, as nothing they’ve been involved with up to this point suggests they’re capable of taking down their frazzled Marilyn Manson posters from their bedroom walls, let alone a major corporation’s online service. For the most part, they’re a group of disparate internet nerds who fancy themselves revolutionaries of the digital age, one fueled by 24-pack sugary sodas and Hollywood films; certainly not the anarchist superheroes they read about in their torrented .PDF files and bootlegged books. At best, they’re a group of electronic tricksters whose biggest claim to fame has been producing annoying online screeds and issuing digital fatwas against anyone who threatens to keep tabs on their amateur lolicon porn collections, although I don’t think they’ve ever been that successful at anything more than the occasional (and completely fixable) denial-of-service attack. Do I think that Anonymous was behind the Sony Breach? That’s like asking if I think Peewee Herman pulled the kill shot on Osama Bin Laden.
But as you mentioned above, it doesn’t sound like Sony was doing themselves any favors by not implementing even the most basic firewall and spyware protections against whomever was able to take them down. Does this mean they were “asking for trouble”? Not necessarily, but as I said, if Sony envisions the PSN as the future gateway to a wider connected digital universe of devices and platforms, i.e. their version of Apple’s ubiquitous iTunes ecosystem of iDevices, they’ve got their work cut out for them. That is, if it’s even possible at this point.
Apple has been able to create and maintain a massive 200 million+ device digital empire, storing millions of credit card and personal information data with nary a hitch. It’s such a trusted network that we’re hearing talk of iTunes facilitating NFC (near-field communications) online payments via the millions of iDevices already out there. How can anyone at this point trust Sony to deliver an online presence that can possibly compete against this juggernaut, especially after they acted like complete amateurs in the face of what might be the biggest – and apparently easiest – breach of personal data in history. It’s going to be one hell of a sale, especially when your biggest competitor is running the largest and most trusted network in the world – and circles around your impotent attempt at ‘security’. Good luck taking a bite from that Apple, Sony.
Boy the Apple name is ripe for puns, ain’t it? But there’s more fruit in the bowl Sony has to worry about too. Microsoft, Sony’s most consistent rival in this generation, depends on players seeing XBox Live as superior to PSN despite Live’s insistence on subscription fees. The PS3 benefited each time a player got fed up with Live and moved into the PSN neighborhood. But what happens now if this breach sours loyal PSN users on the service? Where are they going to go? Not likely to Nintendo’s protective and restrictive Wi-Fi Connection for a host of reasons. Back to the PC networks? That’s mostly for MMO fans & Steam users nowadays. Where? To XBox Live, that’s where. Unless they drop out of network gaming altogether.
If enough people are turned off by this situation, this disaster could potentially destroy what was left of the PlayStation name. After such a catastrophic launch coming off of 12 years of PlayStation dominance, I said repeatedly that the PS3 would be dead within 2009. Well, they did die – in a sense – and were reborn with renewed vigor under the PS3 Slim model that September. This was a PS3 that was seemingly repairing its past mistakes and slowly but surely recovering its standing in the market worldwide. This PS3 started to reciprocate with the PSP in Japan helping it even the market score with Nintendo, improved its overall standing in Europe, and gradually built strength in the 360’s strongest market, America. They were getting better developer support than ever before and all that was needed was one last price drop to shift the American market more in their favor. The fumbling and stumbling that Sony has showed in this breach’s aftermath may erase all of that accumulated goodwill.
Distrust and disbelief in the security of Sony’s services can make customers unsure about Sony’s products when they are tied to those services. And since we certainly can’t go back to the days of offline consoles, that distrust and disbelief will directly apply to anything PlayStation (even NGP). But as much as I would like to think that people will hold Sony accountable for their half-assed handling of this whole matter, the fact is most PSN users will continue on like business-as-usual. You would be lucky to see 20% or even 25% of them hold Sony to task, forget about 50%! XBox 360’s notorious manufacturing defect, the Red Ring of Death, proved that many people will re-buy, repair, and refurbish their 360s over and over again without punishing Microsoft for its failure to deliver a properly quality-tested product. There are those who are angry enough to refuse to do business with Sony and mean it but there are many more who look at this as just another annoying service interruption to be fixed. “I never used my credit card on the thing anyway! Change passwords, yeah yeah, whatever. Just let me get back to my game!”
Sad thing is that pitiful “Welcome Back” PlayStation Plus package is probably all it’ll take to smooth everything over. The fundamental distinction I make between a consumer and a customer is this: Unlike customers, consumers are like Pac-Man. They eat anything!