Hackers and the PSN

An Editorial By Stefano Terry

I tend to try and keep a cool head about most things, observing and evaluating before making any final judgments. The same applies to the PlayStation Network outage that occured on April 20th, 2011, and continued until May 14th, 2011. My thoughts on the matter were kept fairly low key, as I like to keep these sorts of dramas off of Select/Start Games. But now that the dust is settling, I can look back on the whole event with a clear head and weigh in.

Initially, I didn’t realize anything had gone wrong on April 20th. PSN was down, and there was apparently maintenance going on. As the hours, then days wore on, millions of PlayStation 3 owners began to suspect foul play, and Sony wasn’t saying much. Eventually, they posted an update on the PlayStation Blog detailing that they had shut off the PSN due to an “external intrusion.” Upon hearing this news, my mind immediately jumped to “Anonymous.”

I’m sure many of you have heard of the “organization that is not an orginization” known as Anonymous. For those that don’t, they are a group of individuals who make it their modus operandi to leap from life to life, striving to put right what once get wrong, and DDOS various other organizations such as Scientology and Westboro Baptist Church. Recently, they targeted Sony, for bringing litigation to George Hotz, aka, GeoHotz, for releasing confidential security keys for the PS3 across the internet.

The case with Hotz was eventually settled, but not before Anonymous declared that Sony had “stuck their penises in a hornets nest,” and will therefore feel the wrath of Anonymous. After a DDOS attack; a bit of “hacking” that will bring down a website, keeping people from accessing the page, Anonymous declared that that wasn’t the end of their battle against the evil corporation known as Sony. They declared that they were organizing a massive boycott of Sony at their stores located across the world.

To be quite honest, I’m all for boycotting. If Anonymous wants to express their discontent with Sony through boycotts, I’m all for it. Do your thing. Personally, I don’t purchase Activision products. These sorts of acts by consumers aren’t hurting other consumers that don’t care if you like the product or not. I’m fine with that. Anonymous also declared that the boycott was only the start of an attack on Sony the likes of which had never been seen.

The boycott, which took place on Saturday, April 16th, 2011, didn’t go as planned, however. Turnout was practically non-existent, despite big talk on various irc (internet relay chat) channels. The following Monday, Anonymous declared that they were ceasing further attacks on Sony. It seemed like the drama of the previous month was at an end. Until two days later, when the PlayStation Network was shut off by Sony. Most people recalled the threats by Anonymous, although, not so surprisingly, Anonymous denied being responsible for this attack on Sony.

As the days went on, Sony revealed more and more information concerning the attack. It was an external intrusion by a hacker, and the personal information of 77 million users had been compromised. Everything from names, addresses, secret question answers, and most troubling, potentially credit card information. Ultimately, it was revealed that our CC information was safe and encrypted, but not before millions of people cancelled their cards.

It didn’t take long for the gaming media to jump on this story like vultures to a fresh carcass, and soon people were ready to storm Sony’s headquarters in earthquake ravaged Japan and tear the building assunder. I wasn’t part of this “blame Sony” camp, because, well, shit happens. Networks get hacked all the time. It just so happens that this breach happened to a service we have personal interest in. If the story was that the Pentagon had been hacked (which DID happen, in 1999), most of us gamers wouldn’t have batted an eye. But since it’s our beloved gaming console and PlayStation Network, people were livid.

I can’t say I don’t understand the anger and rage, because I do. What I didn’t get then, and don’t get now, was the bulk of the rage being directed at Sony. “They should have protected our information better, they should have told us as soon as it happened, I’m never trusting them again, I’m selling my PlayStation 3 and getting an Xbox!!” On the first point, it’s hard to determine how protected and encrypted our information was.

Earlier misinformation had people assuming that there was no encryption whatsoever, and that passwords were stored in plain text. Turns out that that wasn’t the case. That Sony’s security systems were not only up to date, but that passwords and other information (like our CC information), was, indeed, encrypted.

On the second point; I can  understand people being upset that Sony didn’t inform us all sooner, but I’m willing to give them the benefit of the doubt and assume that they didn’t know of the extent of the breach, like they said. Or, maybe they simply panicked, bickered amongst themselves of how to proceed, then eventually decided to hold off telling us until they knew more. I think both are reasonable assumptions, and I think it’s a mix of the two.

To the third point, I understand that as well. Trust in the company has been shattered for some. For me, I can’t say I’ve been terribly shaken by this breach. As I stated before, these things happen. When our personal information is stored anywhere, it is at risk of being accessed by unauthorized parties. What’s even more staggering and disturbing to me is that you can search the names of many people close to you on Google or other search engines, and be presented with a startling amount of information about that person.

For fun, I typed in a close friend’s full name, and was given her city and state, her birthday, her work place, her work address, and her home address. That was from a simple Google search. Typing in my own name didn’t reveal nearly as much information, but my name, city and state, and birthday were present. Most of this information is easily accessible. Since our credit card information was protected, I don’t see a reason to continually be pissed at Sony for that aspect of the case.

Moving on, a few interesting wrinkles in the scenario played themselves out during the 3 weeks that the PSN was down. Firstly, in Sony’s report to Congress about the outage, they disclosed the information that, in one of the files found during investigation of the breach, there was a text file with the message “Anonymous, We are Legion.”

Anonymous has repeatedly declared innocence, but it is hard to take the word of a known cyber terrorist group in this matter. Anonymous prides itself on not having a particular structure or leadership. It could very well be that the core members of Anonymous were unaware of the attack on PSN. However, it’s very possible, and even more likely, that one of their fringe branches, using the Anonymous moniker, were responsible.

Secondly, Anonymous themselves became the victim of their own “external intrusion,” or I should say, “internal intrusion,” as a member of their own group “went rogue,” and hacked the IPs and personal information of the administrators of Anonymous’ website, and shut it down with a DDOS attack, the same type of attack they used in their fight against Sony.

Thirdly, a man who claims to be the “face” of Anonymous, has stepped down, citing disapproval of how “OpSony” (the name of the operation to attack Sony and their higher up employees) was carried out. Despite the group’s insistence that they have no structure or form, they are quick to describe themselves as such, and even have a “central command,” so to speak. These individuals are trying to now distance themselves from the incident with Sony.

I used to be one of those individuals that didn’t have a particular beef with hackers. I think they are often talented individuals, who are doing what they do for their own interests. I read books, comics, and play video games as some of my hobbies. I viewed hacking as their hobby. Not so much anymore. My whole perspective on hackers has soured during this debacle.

I’ve been denied access to services that I pay for (DC Universe Online, Hulu Plus, PlayStation Plus), as well as being denied the option to buy many of the games that were slated to be released on the PSN during the month of April (those games have yet to come out still, which has impacted not only my gaming, but more importantly, the publishers and developers that work hard to produce this content for us, and earn a paycheck to feed their families).

Maybe it’s because I work in the gaming industry myself that I have a vested interest in its success, but I get absolutely furious when I think of the many developers who have been financially hurt by this crisis. This wasn’t just an attack on Sony by the self righteous hacker who decided to attack a video game manufacturer. This was an attack on the industry.

Sony is a major player in gaming and they will not be hurt too horribly by this (sure, they’ve lost millions of dollars in revenue, but they are a multi-billion dollar corporation, they’ll recoup those losses fairly quickly), but those smaller developers who don’t rake in billions a year, have been hurt the most by their game not releasing on the PSN for three weeks. Release schedules are often meticulously planned to maximize exposure and potential revenue.

April was a relatively dry month for releases on the network, meaning some games (such as Outland, from Housemarque), had the chance to get some maximum exposure. Three major console titles also released the week of the outtage; Portal 2, SOCOM 4, and Mortal Kombat, each having an online component, and some exclusive tied to the PlayStation 3 and PSN. I imagine that the developers of these games are not pleased with the timing of the cyber attack.

I’m all for people doing what they want with their consoles. Sony wasn’t suing GeorgeHotz for hacking his console, and yet Anonymous waged this battle against Sony based on that concept. The suffering of millions of PSN owners, PS3 publishers, and developers, was due to a gross misunderstanding of the situation by Anonymous, or some fringe arm of Anonymous.

The PSN has been restored in part, with players being able to play online again, with word that the PlayStation Store is expected to be up by the end of the month, and I believe that eventually this will all fade to memory, but the damage to Anonymous is much more long term, I think. I’ll never respect the group, despite agreeing with some of their causes (such as exposing Scientology for it’s many genuinely harmful affects on people’s lives), and they have done a lot of damage to their name by not policing themselves thoroughly if this PSN attack was truly orchestrated by one, or many of their own.

I certainly hope that this mess is behind them, and maybe the group will be more discerning and thorough when deciding to wage “war” against companies like Sony. As far as evil corporations go, I don’t think Sony is in the top 5. They make consumer electronics, not nuclear warheads. My PS3 isn’t going to cut my throat in my sleep, or eat my pets. Not yet at least. There are more worthwhile causes for these hackers to battle against, my gaming toy ain’t one of them. So leave it the frick alone.

Advertisements

One Response to “Hackers and the PSN”

  1. oner001 Says:

    This is wholeheartedly EXACTLY how I see the situation. I really couldn’t have said it better myself except for this part ~

    “…but not before millions of people cancelled their cards.”

    I am not sure that there were millions of people cancelling their cards. Tens or maybe Hundreds of thousands I could agree with…but Millions is probably a bit much. Other than that keep up the great articles & thoughts Fig. They are always great reads, informative and accurate.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: