I've been embarrassed by my fellow game journalists before. I've written articles about how we need to mature – rapidly – if we ever wish to garner any respect from other journalists. But obviously, thanks to this PSN fiasco, we've once again proven we're incapable of delivering the news in an objective fashion without alarmist opinions.
While a few of the larger sources have done just fine (most childishness at GameSpot is long since gone), others have produced scathing, poorly written, and poorly researched articles, lambasting Sony for their error. And an error it was, make no mistake; I'm just as upset as anybody and I was one of the first to call out Sony for their uncomfortable silence . But through it all, it seems nobody wants to list Sony among the victims of this ordeal, and nobody wants to pin blame on the rightful shirt: the "I'm a loser" t-shirt proudly worn by the hackers responsible. Sony has already lost a large chunk of change and given the lawsuits, they're going to lose more. They've also lost something even more valuable; a giant chunk of respect and trust.
However, it's irritating and embarrassing that only the alarmist headlines gain any traction whatsoever on the Internet, and as a direct result, that aforementioned chunk of respect and trust is far bigger than it should be. Headlines about the compromising of PSN accounts hit ridiculous traffic levels; follow-up headlines about how the card data was encrypted at the time of the hack barely registered. Headlines concerning the compromised SOE accounts flew everywhere in record time; very few sources even bothered to mention the facts; i.e., the data was from 2007, none of the exposed card data was from U.S. subscribers, and only 900 of the 12,700 exposed cards were even active.
We've got articles predicting the "end of Sony;" actual, supposed news articles from "journalists." We have estimations and "reports" that fail to deliver anything but more widespread panic. And then we have analysts offer calm, clearheaded, rational feedback on the matter, saying it's unlikely that Sony will suffer long-term ill effects . In fact, most analysts are saying that. Most industry insiders are saying that. There's no doubt that Sony got themselves into a mire of muck and…wait, I just did it myself. "Got themselves into." Who put them there? We're knowingly and willingly ignoring the criminal activity, which is of the utmost importance.
As security experts will tell you, your personal information isn't truly safe anywhere and at the end of the day, all systems can probably be safer. Hacking can and will continue to happen all over the world. It's Sony's job to be as secure as possible, of course, and it's also their job to tell us the moment things go awry, but then again, we're all forgetting another fact there, too- the forensics required in this investigation took time; Sony wasn't aware of the compromised personal info until much later. Now, that may be a little shaky but it's the lone big question I have concerning Sony's guilt. I have no doubt as to the root cause; as to where blame lies.
Common criminals assaulting innocents. That's what this comes down to. I notice I see very few articles pinning the blame on hackers. Why? It's easier to blame the visible; it's easier to blame the bank rather than the robbers who broke into the vault. After all, the bank has a responsibility to safeguard our information, and the thieves are a faceless threat. But we really can't take this too far. Once we do, we lose all sight of reality and end up with an Internet full of misleading, knee-jerk reactions loaded with adolescent ranting badly disguised as either "news" or "informed opinions." Yeah, I could write a "It's Over For Sony" headline, make up a bunch of nonsense, and subsequently get a ton of traffic. That isn't difficult.
But I must've been asleep the day they announced that game journalists don't have to follow any of the same rules as other journalists.
Thank you Ben for writing this article. I understand everybody being upset with Sony not initially telling us what was going on. But for anybody to sit here and say Sony is in the wrong is completely off base. I've read articles (not gaming, but news), stating that Sony did everything by the books. I've read that as many times as I've ran across these articles smashing on Sony. Go figure. These Journalists are trying to make an invalid point. Everyone of these articles makes me want to puke. I can't believe that people would stoop so low to give the hackers a free pass and put Sony front and center in this. It's ridiculous. I really hate the gaming media, more than most things.
If it wasn't for the great software and hardware advancements I'd probably never pick up a controller again because they are ruining the gaming community more than anything. I could easily just ignore it, but when I play online I have to suffer playing with other people also affected by it. It's embarrassing, and I can't believe how opinionated the gaming media really is. I'll tell you this. Through this whole thing it's become abundantly more clear that, these "journalists" have an agenda, and it shouldn't be that way! We all should he showing Sony support through this, in what is going to be a tough road against hackers. If we blame Sony we arre letting the hackers get away with more than some delicate information!
Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on âThe Threat of Data Theft to American Consumers.â
Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
Act with care and caution.
Provide relevant information to the public when it has been verified.
Take responsibility for our obligations to our customers.
Work with law enforcement authorities.
We also informed the subcommittee of the following:
Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named âAnonymousâ with the words âWe are Legion.â
By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
Protecting individualsâ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the âWelcome Backâ program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
We are working around the clock to have some PlayStation Network services restored and weâll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.
Read that earlier. You should have just posted a link to it haha. Either way, no harm done. Anyways what really irks me is Sony says- "We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named âAnonymousâ with the words âWe are Legion.â". It's irritating to see that mockery plays a role as well. And here we are blaming Sony while these hackers are getting their rocks off! It's BS!
Bigrailer, that was the thing that stood out to me the most as well. They said they weren't the ones that hacked Sony. I guess they are very unorganized, it reminds me of The Kill Point… a little.
You can't fix stupid in people. :/
You know, considering how long the attackers were inside the system, it's rather remarkable that they were not able to get CC information beyond a 4 year old backup table with 900 active cards from SOE. Seriously, if they were truly there to get financial information, either Sony's safeguards were truly awesome, or they really were not there for that information.
What I'm getting at is that the attackers appear to have only got the names, addresses, email addresses and screen names for PSN/SOE subscribers. Most of that information is publicly available to anyone looking. The passwords were hashed and we don't know how strong the hashing/salting was. technically you can defeat even very strong hashing algorithms, so technically having the hashes means that passwords are vulnerable. However since everyone has by now altered their passwords on other systems and will be forced to alter their password when PSN comes back up, there appears to be little use for the password data either.
My point is that If someone wanted to cripple PSN and really hurt/embarrass Sony, hacking into their network and stealing personal information is a very low impact, high visibility way to do it. Anonymous previously stated that their aim was to harm Sony, not gamers. They also claimed they were not responsible for the PSN outage – they weren't, Sony took the network down themselves. Anonymous hasn't ever really said it wasn't involved in the attack itself, nor could it really say that since many parts of Anonymous operate on their own agenda anyway.
The lack of financial data compromised after a 3-4 day long attack just doesn't add up to a financially motivated attack. Not in my opinion anyway. No, this attack was extremely successful in embarrassing Sony and hurting their brand and consumer confidence. To me, that sounds like exactly what Anonymous would have hoped for.
It's clearly early in the investigation, but as more information surfaces, I'm becoming more convinced that this *may* not have been a financially motivated attack, and that some element(s) of Anonymous may well have bee responsible.
Highlander,
You never know, maybe they were after personal data but somehow could not reach it. Maybe this was the first time they did some actual damage on Sonys network. Who knows what they were after… At the end of the day, they hacked into Sonys network and that simply is illegal. No matter what they were after, they shouldn't have done it in the 1st place. `
On a side note, I just got my PS Rewards T-Shirt. It's pretty cool. I find it amazing it was made in El Salvador, it baffles my mind.
That's y I don't look at Gaming Websites.I look at the official Playstation Blog for info on the latest from Playstation.
Sony Playstation Forever!
Last edited by Kiryu on 5/4/2011 11:15:32 AM
I have worked for a bank in Canada for 4 years now. My role is sit down with our customers and investigate access card fraud. I have experienced first hand the misplaced anger towards the corporation instead of the individuals responsible. People need somebody to be angry with when this level of identity fraud is committed. Unfortunately these websites are ripping Sony for their own benefit, creating traffic by posting reports that inflame the gaming community.
I just read another PSN related lawsuit is being proposed from the province I live in for a billion dollars. I am truly embarrassed that people will try this crap before a solution to the problem has even been presented and enforced. I had my info stolen too, you think that they might ask us if we want to be represented?
The main issue here is that in the current day, identity theft is very much amongst us; to what degree will the data that Sony has lost affect us?
77/100 million people's details is not an insignificant number, let's not lose sight of this fact.
For a company as large as Sony, I should probably expect a little more robustness in the security of their systems.
Last edited by D1g1tal5torm on 5/4/2011 11:15:52 AM
Problem is that Sony isn't the first large company or country for that matter to have their network hacked.
The way things are now, if someone wants in your system, odds are it'll happen.
The other problem with your statement is that at least 90% of the information you are concerned about having been taken from PSN is available through public searches, Google searches and social networking sites like Facebook. I don't honestly see the big horrible nature of the data breach at PSN is no CC data was taken. The only remaining data element that was risky was the password hashes (remember hashes, not plain text passwords as the world plus dog have reported for nearly two weeks). However since everyone has known since April 22 that PSN got hacked, and has had the opportunity to modify their passwords/email addresses on other systems and sites, plus PSN will force a password change itself, the effects of that are mitigated, even if the hashing algorithm is easily overcome to perform an attack on the hash data itself.
At the end of the day, the actual impact beyond PSN being down has been remarkably limited.
But it's the important 10% that matters, passwords, the 900 odd people who have had card details taken.
But it's the important 10% that matters, passwords, the 900 odd people who have had card details taken.
But it's the important 10% that matters, passwords, the 900 odd people who have had card details taken.
But it's the important 10% that matters, passwords, the 900 odd people who have had card details taken.
The passwords were not stored, only their hashes and Sony has refused to comment on how they were salted. The truth is though that even a very well hashed and salted password hash value can be successfully attacked with a large enough rainbow table and sufficient time and resource. So, if someone has the password hashes they might be able to get the passwords from that – given time. However since Sony has told everyone to change their passwords and is forcing that change on PSN itself, the danger from the password hash data is quite well mitigated, unless of course you don't change your password (assuming you use that same password elsewhere) wherever it's used.
The 900-odd that have had their car details stolen will undoubtedly be notified specifically and get new cards. I dare say Sony has notified their financial institutions already anyway.
Last edited by TheHighlander on 5/5/2011 11:04:37 AM
I just came from the PS Blog update…and Sony found something very interesting on the SOE server…
(Read the second bullet point)
http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/
Last edited by sonic1899 on 5/4/2011 11:16:01 AM
What a bunch of idiots. I so hope these guys get caught.
Yeah, Sony was attacked, no doubt about it. It would seem some like it and want to twist the events into a reason to hate Sony.
The argument usually boils down to whether Sony could have had a higher security service. But I think the larger issue at hand is how cyber-attacks can become a major threat to business and the economy moving forward. No one wants to be in the position Sony is in and many others could be if they evetually become the next target.
Cyber crime of this nature *is* a major threat to business. Sony had pretty decent precautions in place. CC data was held separately and in encrypted form. Password data was hashed, not stored in plain text. Firewalls and other perimeter defenses were in place. I don't know precisely what the vulnerability in their web application servers was, clearly that's about the only thing they did wrong – not keeping their patching of their web servers up to date. Of course since we don't know the precise vulnerability used, we also don't know whether a fix is available, and if so, how long it's been available.
Either way, the point is that Sony did almost everything right, including the way they have handled the announcement and investigation of the attack. could they have done more? Clearly they could since they are now doing more. But should they have? I don't know, it's always good in hindsight to say you could have done more. It's like saying – after the largest earthquake in history) that buildings should have been better built. Better built than what? If the buildings were designed for a 7.5 magnitude event and everyone thought that was enough, why be a smart-butt after the event and whine that it should have been even safer?
I'm not aiming at you Temjin, I'm talking about the journalists and internet masses.
However, again, Cybercrime is a major threat, and has been for a while. We just haven't caught up yet in the law, or in society.
It seems to me those journalist who align themselves with the 360 brand are the ones waving the end of sony flag. If you own a computer or anything that has the ability to store your personal information electronically is at risk from some douche with too much time on his hands and a computer. Yeah it sucks not being able to go to the Playstation store and see what's there or updating my trophies with my profile. But I'm not going to trade in my PS3 for 360 or a Wii cuz I couldn't use PSN for 2 weeks.
The only hit Sony should take is not speaking up as soon things went down. It's not like the epic 360 burnouts that happen a few summers ago and unlike the great 360 burnout people could still play on their PS3s.
This looks like desperation from those pro-360 gaming news outlets, 2011 is already shaping up as another great year for the PS3 and they're using this incident to knee cap Sony and the PS3.
They are the Fox News of "Journalists" and Sony is Obama.
That is interesting Anonymous and "we are legion" were names attached to the file that brought it down. To me this points the finger at no one else but you know who. They said "for once we didn't do it" but if that name is attached to the file then its pretty clear someone inside the anonymous group is acting on their own accord or their lying about it as a whole. So this brings up my next question. I know that authorities have the ability to access and search private property with a court issued warrant, but is there a rule that applies that to a database. Could the govt. theoretically get a warrant to legally search anonymous' website databses, learn each person's personal info, then track the hacker? This seems like an appropriate action to take especially if probable cause leads to the anonymous group.
It's possible that another group of hackers put the blame on Anonymous to avoid attention (I'm not defending them, but it's possible.) But then again I recall them saying that they were going to plan the biggest attack 'anonymous style' and I have a feeling it wasn't limited to the protests. The fact they denied involvement don't faze me at all; who WOULD'NT lie if the FBI was going to be involved.
Last edited by sonic1899 on 5/4/2011 12:04:55 PM
Anonymous even said themselves they cannot confirm or deny it was people associated with them. They have no control over their members. They all act on their own and sometimes collectively. I have no doubt it my mind it was them even if they don't want to take credit for it. I certain it was the same Anonymous members who attacked the Sony employees and their kids.
Sonic,
Anonymous is a big, poorly organized group of loosely affiliated people and splinter groups. It does not operate as one big Borg collective or hive mind. It's kind of like a migrating herd of wildebeest, the herd goes where the leaders take it, but sometimes smaller groups break off in their own direction, before rejoining the main migration again. Whether the so-called leadership of Anonymous was involved or aware of the attack, there's no reason to suppose that it wasn't some part of this great big Anonymous group that committed the attack.
I've never understood why people continue to laud anonymous as if it's some kind of great social or political movement. It's not it's a loosely organized group of anarchists and hackers with a chip on their shoulder he size of Texas. They decide which laws they wish to obey and which they wish to ignore. That's why I have no trouble believing that some more radical part of anonymous probably was involved in this attack. People should be very wary of applauding Anonymous or supporting them because you really do not know what you are applauding or supporting.
BIGRED15,
I believe that under the laws of our screwed up "Patriot Act, our government has the green light to do just about whatever they like. Bush was always trying to add a lot of shady things into the Patriot act without any safeguards, which would also enable our government to snoop on any American.
And…..the FBI was setting up a secret program codenamed "Carnivore" to snoop into everyone's email until it was leaked by someone.
The public outcry forced them to say they were shutting it done. But who the hell really knows if they've really done so, or if that program was just passed along to the NSA, CIA, & Homeland Security, or even to some other 3-lettered agency that we don't even know about yet.
Last edited by BikerSaint on 5/4/2011 6:11:16 PM
LOL! Biker, I wouldn't worry too much about that unless you are making phone calls and sending emails to people in parts of the world that are terrorist hotspots. The Patriot Act was not set up so the Feds could spy on average Americans, it was put in place to make it easier for law enforcement to track calls and emails coming in and out of terrorist hotspots and make it easier for our intelligence agencies to work with one another and exchange information. I agree,there are some questionable things in the Act but it's not the threat to our civil liberties as some would have us believe.
Last edited by Jawknee on 5/4/2011 7:23:39 PM
Jawknee,
Honestly, as a "biker", I do have worry about it… a lot.
Even though The Patriot Act was first mandated to be used to get the terrorists, Bush & others had also wiggled in items that can & have been used against Americans. I don't have TPA book in front of me at the moment, so I can't quote from it.
And there have also been some clandestine things done so that our government can spy on whomever they want, including it's own average-Joe citizens, but as a average citizen, you'll probably never even notice it or know anything about it.
But trust me on this one(I won't go into it as we consider it club biz only & that always stays a private matter), but as a "biker" many of us have already had some first-hand dealings with them going after us instead of going after who the act was originally intended.
And that's all I'm going to say on the subject cause I said to much already.
Biker,
Ever heard of Echelon? Combined with the provisions of the Patriot act, Echelon potentially provides a means to capture intelligence on just about anything.
It makes joking about anything sensitive in international calls a bit more fun since you know that it will probably turn up a false positive in their systems, same is true in email. Of course you have to be careful, you don't want to pull a joke that's so convincing that someone decides you need further scrutiny. Personally I wouldn't mess with it at all any more, but in my youth…well… 😉
Either way, I'm rather hoping that Echelon still exists and has been set with some key phrases that relate to hacking…and that the DHS/FBI can draw on the international data at least.
Cant wait untill the psn is up & everything is back to noraml.
I remember when the 360 was released & no one gave a toss.
Then when the ps3 was released & the shortage due to blu ray parts every xbot & wiitard went crazy flaming sony all over the net.
And now its happening again!
When the 360 released ps2 users were busy playing gow2,gt4 & MGS3 ect..
When live went down in 2008 ps3 users were busy playing….wait for it….GAMES
Playstation exclusives have elevated the standard of games for 15yrs,ya think these so called journalists would remember this.
I suppose attacking the current 2 time generation champion of the world is the cool thing to do on the interweb.
Anyways…..
Maybe I'm out of the loop, but wasn't PSN supposed to be coming back online yesterday?
I'm getting a Tekken itch that needs some scratching.
i was waiting for it to go back online too. chances are it goes live in japan first then us a day after. so even if japan psn goes back up today we still gotta wait a day.
The PS Blog *suggests* that there may be a post later today with an update on when PSN will return, but I think it was a mistake for Sony to let their previous (albeit provisional) "deadline" (i.e., within a week) expire without at least some explanation and a new projected time.
No reason to give people an excuse to get upset.
I don't want to become a whiner, but I'm starting to tire of failed log-in attempts.
Last edited by Fane1024 on 5/4/2011 4:51:38 PM
i just want to sync all my trophies already. it took a lot of time to get all the trophies for socom 4 and crysis 2 and i dont want to redo them again. socom 4 on elite was a pain. the last level, a group of shotgun guys, about 5 or 6 always blew past my team. those guys are crazy on elite. takes a lot of damage and kills my squad one by one. i was on my ps3 browser and the video suddenly went out. i had to hold the power button a loooong time for it to reset. it works fine now but i'm holding off playing littlebigplanet 2 till i can sync. keeping my ps3 off for now since netflix wont work anyway.
Last edited by johnld on 5/4/2011 10:44:13 PM
Journalism 101, anger and scare the public.
Amen. I've gotten so sick of reading these negative articles that I don't even follow it anymore, except here because I trust Ben to be more objective.
Additionally, if I hear one more XBot tell me, "This would never have happened on Live," Wayne Brady's gonna have to choke a bitch.
Yup, That's going to be pretty annoying for a long time. I figure people will start using that line like the did with "ps3 ain't got no games" line. I still hear people say that too.
Xbots are fools with selective memories or are just being dishonest. Xbox LIVE was hacked and accounts where stolen in 2007.
@Jawknee, I didn't know that. Thanks for the ammo. 🙂
No problem. Here's a link.
http://kotaku.com/#!245887/xbox-live-hacked-accounts-stolen
Not so fast Jawknee, as much as I think Microsoft is just as 'secure' as Sony was – in othe words, everyone is vulneable these days – That wasn't actually a hack of Xbox Live.
http://www.joystiq.com/2007/03/23/pre-texting-the-cause-of-xbox-live-account-issues/
Once again, PSX proves why this is the best site on the internet. Sure, it's Sony Playstation centered, but the writing here is always free and clear of the BS found on other sites.
Excellent article Ben, and thanks for providing a internet home for folks like me!
"thanks for providing a internet home for folks like me!"
Count me in. Just registered to stay on a site with an actual responsible writer.
Nice. Welcome here!!
Thank you, thank you.
I'm sick and tired of kangaroo horse-hockey "journalists." Glad I found this site.
Doppel,
Welcome in,
Although we may get a little animated in our comments occasionally, that's only because we're passionate about our gaming.
Why would anyone wish to "garner any respect from other journalists?" Certainly video game journalists are not the only journalists out there that publish this kind of sensationalism.
Regardless. Keep giving it to us straight and we'll keep coming here. No doubt about that.
Very true.