Seems Sony really has kicked up the swarm with that GeoHot clamp down.
I am fairly certain that there are some executive meetings that are seriously questioning whether or not that initial action was wise.
I never thought this type of extortion could work, but Hot Damn. This is an effective campaign.
Talk about relentless!
Edit: This is really a losing battle for Sony. They are too big, there are too many vulnerabilities. They are too exposed. I know this sounds extreme, but are we witnessing the end of Sony as we know it ? It sounds ridiculous on the surface, but think about the distraction this has become. The billions of dollars of civil liabilities they are now open to, and this is not stopping any time soon. Talk about the perfect storm created by one anonymous group. Kinda insane, but also feels kinda cool....in a weird way. There is something liberating about a small group of 'anonymous' hackers taking on a Goliath of a corporation and winning. And I am a Capitalist to the core.
Although, the likely, annoying outcome of this is that this strengthens the hand of those that want a 'censored' Internet to prevent these types of things from happening. So this could very well lead to the end of the internet as we know it today. Also very hyperbolic, I know....but I believe it to be true.
I don't think we're witnessing the end of Sony, but we are certainly witnessing the end of their online ventures.
What is very interesting is that all of their Web properties seem so stove-piped. No common architectural direction, no standards, no common security defenses.
It's almost as if Sony's marketing departments are leading all Web development efforts for the company. No serious enterprise ever lets that happen.
My experience with working for companies of a similar size in the beverage, fast food and running shoe industries is that the cost in money and time of developing on the corporate mandated development platform makes it impossible for marketing departments to deliver their crazy websites. This results in the marketing department paying to host websites outside of the corporate infrastructure. So I expect that Sony is letting its marketing departments lead their web development effort since most of the sites will be marketing sites.
I'd be surprised if the majority of their web properties were built in-house. A large chunk of the Japanese software industry is composed of companies that fight over contracts from the MNCs to do those kinds of projects (websites, software for embedded systems, customized software for internal use).
Sony is not a Goliath. Sony is the old, senile neighbor shaking his fists as the kids throw stones at his windows.
They have a huge surface area to be targeted and very few people tasked with defending them, against god knows how many hackers that take joy in doing this. And it takes only one to wreak havoc, and they can only do something with the person after the damage is done.
This is true for most corporations with online presence, but Sony gave the hackers a reason to target them specifically.
As someone who doesn't own any Sony products and doesn't know or is in the groups making this madness, I can just sit back and enjoy some popcorn.
I didn't see anything being attributed to anonymous here.. just some hackers looking to hop on the bandwagon, stumbling across a very simple vulnerability in one of the many Sony properties.
I think you're right. I was lurking in the anonops irc earlier and there was quite a bit of chatter about lulzsec. There was some talk about paying lulzsec to attack new targets, but I'm pretty sure it was idle chatter. Either way, it seems probable that there's some significant overlap in membership.
Just in case you really don't know, the various branches of Sony have demonstrated technological contempt for [their] customers for years. I'll omit their insistence on promoting their own products over other standards and general push for increased DRM, such as Minidisc/ATRAC, Blu-ray, etc. and focus on their actual attacks.
It started with the CD root kit fiasco, in which music CDs distributed by Sony infected Windows PCs with software designed to prevent the ripping of music CDs to the computer, which also contained exploitable holes used by malware to infect computers.
Sony then removed the Other OS (e.g. Linux) feature from the new version of its PS3 consoles. This wasn't too egregious, but next they retroactively removed Other OS from older consoles that originally supported it. That upset a lot of people.
Along came GeoHot, a reverse engineer determined to get Other OS back, and no doubt other less-outspoken hackers. So he and the others did, and along with it recovered Sony's private key used to sign PS3 software, allowing Linux to access all the hardware of the PS3, as well as running other homebrew software.
Less-scrupulous individuals, not including GeoHot himself, used the aforementioned work to run pirated software on the PS3. This upset Sony.
The straw that broke the camel's back, though, was Sony suing GeoHot into oblivion (I personally suspect they also astroturfed gaming sites to get GeoHot's hack associated with cheaters at Call of Duty, which it was not). This is the final event that triggered the misguided but potent onslaught of attacks against any and all Sony properties.
>I personally suspect they also astroturfed gaming sites to get GeoHot's hack associated with cheaters at Call of Duty, which it was not
I don't know about that. Remember, the vast majority of gamers only know hackers as one of two things: people who take over websites, and people who cheat in video games. GeoHot being a "PS3 hacker" would likely naturally have led these people to assume the latter, and the combination of general ignorance of the issue and an emotionally charged reaction to cheaters likely enabled that rumour to spread virally. I certainly don't think astroturfing was necessary to spread that rumour, and barring any evidence showing Sony's complicity in doing so I'm happy to apply Occam's Razor and assume it spread naturally.
Never presume malice where stupidity will suffice.
I say misguided because it's highly unlikely the attacks will have the desired outcome. I heard the most recent hack mentioned on the local NPR broadcast of BBC radio, and all they said was that Sony was attacked again. I'm not aware of any mainstream media saying why.
The only effect seems to be people portraying hackers negatively in general, and at best, questioning why Sony was so vulnerable. The root motivation I described above seems to get no mention.
A well known cracker named George Hotz (GeoHot), best known for iPhone jailbreaking, began to target the PS3's security to enable full access to the PS3's graphics capabilities via the Linux install option that the PS3 originally shipped with. Sony was concerned that that would enable piracy, so they removed the Linux install option in a firmware update.
If you refused to install that firmware update, you could continue using your PS3 with that Linux installation, but you wouldn't be able to play new games or potentially play online. Basically, compute clusters that relied on that install continued working, and continue to work today.
The removal of that option incensed many PS3 purchasers, tech writers, hackers, etc. George Hotz then went on to crack the PS3's security anyway, enabling arbitrary code to run on the device (including applications that would let you run pirated PS3 games). Sony sued Hotz, ostensibly because he enabled massive piracy. This further incensed varied and sundry "hacking" organizations which began to target Sony. Eventually, Sony dropped the case against Hotz, for reasons that are difficult to discern (bad publicity for the most part). At this point, various hacking groups were able to penetrate the Playstation Network as well as many other Sony properties, resulting in hundreds of millions of dollars of lost income at this point.
That's exactly what George Hotz does. He breaks security. iPhone security, PS3 security, etc. He's not a hacker according to the RMS definition, the pg definition, or probably most of the classical definitions. He may fit the current journalist's definition of "hacker" which is much closer to RMS' cracker. Since the web site we are on is named hacker news after the original definition, I think we should probably go with cracker for the people that primarily break security.
However, he primarily breaks security on devices he purchased, so that he and others can repurpose them for their own needs and desires. That is a very "hacker" thing to do. "I have this device. Can I make it do something useful?"
If he were primarily breaking security on other people's computer systems, then the distinction would likely be merited.
I disagree with this, let's not forget RMS did a lot of "cracking" himself, like the ITS password hack and some shady things like reverse engineering code from Symbolics and gave it to Lisp Machine.
GeoHotz did a hard and ingenious hack to get his ps3 to do things it's not longer suposed to do. That's not cracking per se. I think cracking mostly happens with things like these folks did. Using a simple SQL injection (probably automated) to hack Sony's site.
It's all in the ingenuity level. That where the distinction should be.
Sony is a big member of the RIAA and MPAA who have been suing people for a decade for downloading mp3s because it's "lost revenues". They recently carried these practices over from alienating people who have little clue about technology but really like music, to people who actively work to hack consoles and phones.
It's rather safe to fire a gun into a crowd and expect no one will challenge you. It's rather different to fire a gun into an army division and not expect everyone to fire back with better guns than your shitty pistol.
Sony has secured its customer data like it's a fucking fire alarm. Sure it has the illusion of safety hidden behind that plate of glass, but when you provide people with a hammer to break the glass and pull the handle it's really rather pointless. They're going to bitch and moan in front of congress, parliament and every other government that asks them WTF about cyber security and blah. When they've installed a turn style at their revenue source and got surprised when people started stealing.
> I know this sounds extreme, but are we witnessing the end of Sony as we know it ?
Well, Sony (and the rest of Japanese industry) has been on a downward spiral for the last 2 decades. This is just the final blow. Their end has been in sight for at least 5 years now.
I am fairly certain that there are some executive meetings that are seriously questioning whether or not that initial action was wise.
The only thing happening in those executive meetings at Sony is a discussion of which lobbyists to hire and which laws to buy in order to punish their legitimate paying customers even further.
I am fairly certain that there are some executive meetings that are seriously questioning whether or not that initial action was wise.
I never thought this type of extortion could work, but Hot Damn. This is an effective campaign.
Talk about relentless!
Edit: This is really a losing battle for Sony. They are too big, there are too many vulnerabilities. They are too exposed. I know this sounds extreme, but are we witnessing the end of Sony as we know it ? It sounds ridiculous on the surface, but think about the distraction this has become. The billions of dollars of civil liabilities they are now open to, and this is not stopping any time soon. Talk about the perfect storm created by one anonymous group. Kinda insane, but also feels kinda cool....in a weird way. There is something liberating about a small group of 'anonymous' hackers taking on a Goliath of a corporation and winning. And I am a Capitalist to the core.
Although, the likely, annoying outcome of this is that this strengthens the hand of those that want a 'censored' Internet to prevent these types of things from happening. So this could very well lead to the end of the internet as we know it today. Also very hyperbolic, I know....but I believe it to be true.