backtop


Print 95 comment(s) - last by AntDX316.. on May 27 at 8:42 AM


Sony Ericsson Canada was among the latest Sony online properties to be hacked and lose customer records. Sites in Indonesia and Thailand were also compromised and take down.  (Source: Wayfaring)
Should Sony quit the internet?

It's almost unprecedented.  We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758battery recall.  It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records.  The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack.  The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting.  It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week.  Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform.  This platform is separate from the servers on which the user database is found.  Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well.  Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted.  He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers.  Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks.  Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties.  The company clearly is lost as to what to do.  Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Angry little men
By KarmakazeNZ on 5/25/2011 5:21:27 PM , Rating: 1
"Ok I do NOT give a shit that maybe 100 people in the entire planet want to run Linux on a console. I'm tired of hearing that."

And I'm even more tired of hearing a bunch of whiny gamers complaining about not being able to play their games.

"I DO care that PSN was down for a goddamn MONTH because of something that doesn't even impact me!"

Funny, PSN being down doesn't impact the hackers... so sucks to be you.

"I'm an adult. We don't lash out and blow stuff up when we get pissed or someone doesn't let us have our way."

Sony lashed out at every PS3 owner because of the actions of one man, then lashed out at everyone who ever visited one of GeoHot's sites, whether they ever bought or hacked a Sony product, and the courts even helped them.

Remember the hack isn't the FIRST act of the hackers. They asked politely. They explained why taking OtherOS away wouldn't help Sony's security. They even took Sony to court.

Sony's reaction was to punish everyone for one person's act ('collective punishment' is a crime against humanity), then breach people's privacy with the help of the court.

The hackers have simply responded in kind.

PSN is down because Sony is incompetent. The hackers tried to warn them about it too.

"And we don't ruin everything for millions of people who don't even care about our self importance."

So when OtherOS was stolen from millions of people, you didn't care because it meant you could avoid cheaters in your games, but that wasn't being selfish. When the people who were stolen from did everything they could to get back what they paid for, you cheered Sony on, not even caring about their heavy-handed tactics against innocent people.

You didn't care that this was about software licensing and could easily effect you if Sony decides to "take back" Call Of Duty or some other piece of software that YOU bought, but they don't want you to have any more.

NO, that doesn't matter because it won't effect you, right?

Well, it does now. You have no right to complain. You didn't give a shit about the hackers, so they don't give a shit about you.


RE: Angry little men
By Nfarce on 5/25/2011 7:57:00 PM , Rating: 3
About 77 million people disagree with your premises, Karma. And you bet your ASS people have a right to complain being OUT OF SERVICE for over a month.

There were other ways to go after Sony. In the end, we the PS3 users were the sacrificial lambs. And you can bet the hacker community lost some brownie points with those who were sympathetic to their causes.

END OF DISCUSSION.


RE: Angry little men
By Uncle on 5/26/2011 2:30:04 AM , Rating: 3
Oh their might of been one or two of you upset.


RE: Angry little men
By Dark Legion on 5/26/2011 1:03:47 PM , Rating: 3
You the PS3 users are sacrificial lambs to both the hackers AND Sony, don't kid yourself. Sony certainly played their part with lax security and taunting, but this shouldn't have been able to happen, period.

By my understanding, none of this information has been used as of yet, and who knows if or when it will be? At the end of the day it could turn out no harm done and you customers could have a Sony product that is actually secure, though that remains to be seen.


RE: Angry little men
By Reclaimer77 on 5/25/11, Rating: -1
“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki