It’s Not Sony’s Fault

Anonymous Hackers

If Sony really wanted to turn public opinion against their accused hackers then they shouldn't have picked ones with such a cool logo

Although my time in the MMO world has been limited as of late (I’ll let you all know why in about three weeks… ominous I know!) I’ve been following the news about Sony’s hacker problems quite closely. Surprisingly I’m feeling quite calm about the whole thing given that I have a PS3 hooked up the PSN with all of my (fortunately outdated) details and a stagnant SOE account. Sony sure does have a fair amount of information about me and the idea of it falling into the hands of Russian/Chinese/North Korean/Belgian hackers doesn’t exactly fill me with joy to say the least. Still, I’m pretty chilled about it all and, if anything, I’m actually feeling rather sympathetic towards Sony.

Of course, I feel bad for everyone who’s had their info stolen (although I think it’s highly unlikely that it will really affect anyone too dramatically) and, probably more so, to all of the SOE gamers out there who are currently unable to log into their favourite MMO. That’s gonna suck. However we should probably try to maintain a sense of perspective on it all and remember that there are a lot worse things in life that can happen than having a hacker get hold of your address or being forced to miss a few nights raiding.

Still, Sony seems to have ended up on the receiving end of a huge amount of aggression and finger pointing and I know a few people (more big gaming sites than anyone else) have been having a go at them over their supposed lack of security measures. Now I don’t have any clue as to how good or bad their security was – and likely very few other people truly do too – but frankly I’d imagine it’s as good as any large company like that, with all of it’s layers of bureaucracy and employee lethargy, is ever going to get. Pete from Dragonchasers has a great article up about it all if you want to read more.

Call me a cynic but I believe that once Sony was targeted there was probably nothing they could have done to prevent the hacks. No system is completely impenetrable and if people can still manage to hack into the Pentagon and NASA, how can we really be surprised if someone manages to break into Sony? The unfortunate reality is that it’s impossible for any company like Sony to hire employees clever or passionate enough to ever counter the threat of dedicated and motivated hackers. And yes, I’m sure some readers will disagree with that ;) .

So I say deal with it, move on and let’s try to learn from these mistakes instead of looking to pin the blame on the big, bad large corporation. Our time would be better suited either trying to hunt down and kick the living crap out of the hackers themselves or tightening up and enforcing the laws that govern our rights to data protection. I mean if anything at all has shocked me about these events is that SOE were still holding onto an outdated database of players from 2007. I think it’s about time the US got it’s act together and passed a law similar to the Data Protection Act/Directive in the UK/EU which puts mandatory restrictions on how personal data is gathered, stored and held for. That would certainly make me sleep a lot better at night.

-Gordon

If you liked this post, why not subscribe to the RSS feed.


Related Posts

  1. It’s Not WoW’s Fault New MMOs Suck
  2. It’s All The DPS’ Fault
  3. MMO Account Security
  4. Do Console MMORPGs Work?
  5. Player Loyalty

21 Comments

  1. Gazimoff says:

    I wish I could agree with you, but there are a couple of things which have altered my opinion of Sony.

    Firstly, Sony admitted that they were running outdated versions of apache with known vulnerabilities, and that they did not secure against those vulnerabilities. That’s not unfortunate, that’s negligent.

    http://www.develop-online.net/news/37592/Sony-We-knew-PSN-security-flaws

    Secondly, Sony’s overall behaviour in recent years has been pretty low. From the BMG rootkits they put on audio CDs through to the George Hotz legal activity, Sony isn’t exactly behaving as a good corporate citizen lately.

    The two things combined make me feel that Sony doesn’t have my interests as a consumer as their primary focus, which is why I won’t be using them in the future.

    • Gordon says:

      I don’t really feel any ill-will towards Sony because I know that these things happen in big corporations. It all boils down to the fact that some IT manager neglected to upgrade their software, not due to any grand conspiracy. Perhaps I’m too lenient :)

  2. Pascal says:

    There is a truely fantastic speaker about security in general. Have a look at just about anything by Steve Riley.

    In one of his presentations the core message was: “Think about who you provide your personal information to. Do you trust them? Do you trust whomever / whatever they trust?”

    And that is key. I do not trust any corporation outside of my bank with all my personal information. Because trusting the local pizza delivery company with my credit card # would mean trusting their IT team. And I haven’t yet met them or even know who they are.

    Trusting a game developer that cannot effectively combat gold spam and in-game exploits with your personal details? I cannot do that.

    Fortunately here in NZ it is easy to pick up a pre-loaded credit card. You walk into a Post Shop, put down the money and walk out with it. Takes about as long as it takes to buy a pie or a soft drink.

    In the end, we are all responsible for our own personal information. You need to make sure you take the steps necessary to keep it out of the hands of the unscrupolous and you need to be sure that you only trust those you absolutely need to trust with your personal information.

  3. bhagpuss says:

    Although I am a longtime SoE booster I think it’s worth mentioning that the U.K. Information Commissioner has already expressed concern about Sony’s role in this debacle and has said there may be legal action at a government level. Similar authorities in other jurisdictions have also indicated they may take legal action.

    The BBC have repeatedly reported this as probably the largest corporate data breach in history. If anything, I’d say this whole thing has been underplayed in it’s potential legal impact because media journalists even now aren’t really up to speed with the underlying issues.

    I’ve worked for a couple of very large corporations over the years and the attention to detail I’ve seen applied to statutory care has sometimes been abysmal, but even by those very low standards this looks bad.

  4. Stropp says:

    I absolutely agree with you that this is not Sony’s fault. You don’t blame a rape victim for being raped, nor should you blame a company that has been hacked, it’s the hacker who is to blame for committing a criminal act.

    Still, it was the issue of the outdated database that concerned me too as I said in (http://stroppsworld.com/2011/05/04/mission-critical/) Once SOE had upgraded it, the database should have been archived and removed from the system. I personally don’t care how long they keep that info, just as long as they take proper care of it. Unfortunately this wasn’t done.

    So while I don’t blame SOE for the hack attack, they didn’t have the right procedures in place in the first place. That’s something they should be held to account over.

    • Klepsacovic says:

      Hardly a proper analogy, given that it fails to account for the third party: customers, who were harmed despite not being directly part of the attack. Let’s instead compare it to the bank who didn’t properly secure their vault and it got robbed, taking my deposit with it. Did they cause it? No. But that doesn’t mean they are perfectly absolved of all responsibility, nor does it mean that people who trusted Sony have not been harmed. When you’re trusted with something that belongs to other people, you should take greater care than if it were only your own.

    • Gordon says:

      Agreed. I do find it odd how people are blaming Sony for letting it happen rather than the hackers for doing it.

  5. wilhelm2451 says:

    All I can say is “PCI DSS.” Go look it up. Holding customer data and financial information lays a greater responsibility on Sony than you are suggesting. If Sony had been on top of it, they wouldn’t still be down and we would be talking about game mechanics or some other trivia.

  6. Stabs says:

    “frankly I’d imagine it’s as good as any large company like that, with all of it’s layers of bureaucracy and employee lethargy, is ever going to get”

    We really don’t know, Gordon. Sure they get targeted like NASA and the Pentagon but the Pentagon doesn’t leave the hackers calling the shots for a week while hoping, ostrich-like, the problem somehow goes away.

    There’s a lot of people on blogs and forums suggesting in some technical detail why Sony did not do the acceptable minimum.

    On the other hand we kinda know that Blizzard (the biggest money prize in MMO data theft) and CCP (serving the most tech savvy sociopaths in the world) ARE on top of security and I’m sure there are quite a number of very clever and determined people trying to crack them but failing.

    I suspect the solution is to use false names for every game, disposable email accounts, and third party payment like game cards or paypal. It’s just the nature of the internet.

  7. ScytheNoire says:

    Sorry, but Sony has a history of disregard towards customers, and this just continues their long contempt for them. Sony blaming Anonymous is just a convenient excuse for them and does nothing to actually fix the problems. The only one to blame here is Sony. You can run a secure network, many companies do so. There needs to be a high punishment for companies that expose personal information.

  8. I would agree, except they used an out-of-date security system and did not warn their customers for a week that their information and credit cards could have possibly been hacked. You do not wait that long on that type of security breach to warn everyone that their information might have been stolen. You warn as soon as you even begin to think there was a possible breach so that the consumers can at least patch the damage that you caused. Then Sony should turn right around and give more than a “free month” of the PSN network. That is hardly enough for the possible damages they may have caused with their negligence. Your a corporation. You take the security of your services very seriously or you get out. There is no excuse. Heck, get a third party to do the job for you.

    But alas, in the end, Sony will reap what it sows. They are no doubt facing serious legal litigation. So thankfully its not up to me what happens to them.

    King

  9. aprill says:

    They do. For tax purposes all accounting information must be held on to for 7 years.

  10. Akely says:

    The dealbreaker for me is that I still have not been informed by Sony that my credit card data could have been stolen. I find that quite insulting actually.

  11. Ben says:

    God…people need to grow up. There are MANY other factors we are NOT considering of why Sony was hacked. Sony, the large corporation, was founded by the Japanese. Much of Sony’s policy is under the Japanese…I might even go far to say there are culture barriers associated with this lack of urgency to tell everyone that their credit card information has been jacked. SONY should accept responsibility of admitting to the public they did not have good security for their customers. HOWEVER, what the hackers did were morally wrong. I don’t care if Sony is a greedy company not treating their customers right (as others would say), then don’t buy their products and services. It is never wrong for a hacker to steal private information to show a LACK of Sony security. I do feel my complete sympathy for Sony customers…but a much bigger issue needs to be addressed immediately. The hackers are the problem, and they are doing unspeakable crimes. I am quite concerned to see other individuals criticize Sony than the hackers. This may be ignorance at its finest…and people need to do more research before speaking. Gordon, you hit on the dot, Sony should just learn from their mistakes and progress forward. I am not saying that Sony is off the hook, but they must reform their security in a way that hackers cannot get in. I’m not a IT guy, but I am sure Sony could find very smart individuals that could supply infallible protection.

Leave a Reply