Jun 13, 2011, 07:48AM

Sony's Security Troubles Continue

The latest round of hacks.

Sony hacked again.png?ixlib=rails 2.1

Since I last wrote about Sony, the hacking has continued. Sony had a chance to get their systems up and working with the promise of securing their customers’ data; the company didn’t. The number of hacks in the span of several weeks leads me to assume Sony isn’t doing anything at all. The probability of discovering several new exploits that no one has ever heard of, let alone patched, is highly improbable. Sony talks big after firing their IT staff and then does the least amount of work possible. That’s the way to restore user confidence!

A recent attack was the handiwork of a group know as LulzSec, which then immediately published what they extracted from Sony’s systems. All of it: the song, dance, unencrypted usernames, passwords, personally identifiable information, coupons, music codes and on and on. Yet again, Sony stored user passwords and information unencrypted; making it harder for users to recover their accounts in the event their accounts got hijacked.

I’ll make this clear: I don’t blame LulzSec if any user accounts get hijacked. For all we know someone else could have run the same hack, and Sony wouldn’t have been the wiser. The entire time Sony has been storing user info, it’s been vulnerable to anyone with knowledge of SQL-injection (this means they’re so far behind the curve on security that it’s embarrassing). Sony is in the wrong for non-compliance with legally required PCI standards. In other words, Sony got hacked because they didn’t even lock the doors and we have no idea about who else has access to the information LulzSec went public with.

But it isn’t just LulzSec hacking Sony’s systems; there are a few known and unknown players in this game of “Hackers vs. Sony." LulzSec takes responsibility for at least six hacks so far. And the game isn’t just lined with scores and stats... searching the hashtag “#sownage” [https://twitter.com/#!/search/%23sownage] will show you some interesting commentary on how many people don’t feel bad for Sony, with the occasional moron trying to make the users feel like it’s their fault. The main focus should be on Sony’s blatant irresponsibility.

This really is bad news for Sony’s customer base as well as the company. Their stock went flat the day the hackers went public. Sony’s head honchos, of course, will try their best to point the finger of responsibility to everyone but themselves. I was thinking that the recent wave of hacks was Sony’s Deep Water Horizon, but that might be insulting BP.

Here’s a telling quotes from attrition.org:

One thing should be noted; the attacks against Sony are not coordinated, nor are they advanced. If anyone... ANYONE at all uses the term "advanced persistent threat" in describing the attacks on Sony, please hit them very hard before disregarding them as ignorant charlatans hell-bent on serving their own interests. Given the wide variety of attackers (see below), the attacks on Sony can only be described as an uncoordinated effort at best.
I agree. Sony has betrayed their customers. If it were an airline, how long would the company be in business before planes started falling from the sky? If Sony ran an oil company how many gallons would be spilled? As a company that deals in intellectual properties, they’ve not secured gigabytes of data and we’ve seen the fallout of that carelessness.


Register or Login to leave a comment