Forgot your password?
typodupeerror
Sony Networking PlayStation (Games) Security Games

Sony's Plan To Tighten Security and Fight Hacktivism 247

Posted by Soulskill
from the try-making-people-less-angry dept.
mask.of.sanity writes "Sony Entertainment Network is rebuilding its information security posture to defend against hacktivism. It includes a security operations center that serves as a nerve center collating information on everything from staff phone calls, to CCTV, to PlayStation gamers. If it is successful, the counter intelligence-based system will be deployed across the entire company. 'At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different,' said Chief Security Officer Brett Wahlin."
This discussion has been archived. No new comments can be posted.

Sony's Plan To Tighten Security and Fight Hacktivism

Comments Filter:
  • *clap* *clap* (Score:5, Interesting)

    by FrozenFood (2515360) on Monday March 12, 2012 @02:21AM (#39323513)

    good for them

    pity I wont buy another sony product ever again.

    • Re:*clap* *clap* (Score:5, Informative)

      by Nursie (632944) on Monday March 12, 2012 @02:56AM (#39323691)

      I can't even fully use the products I already have.

      The new SEN, replacement for the PSN, has in its user agreementy a clause that says they can and will do anything they like with your user data, including giving it to any third party they feel like. If you have a problem with this you can't use the service.

      That's me locked out of network features on the ps3 then.

      • by petsounds (593538)

        What personal data did you actually share with them, other than perhaps credit card information (which for many reasons, they wouldn't be sharing)? I'm not defending Sony, I'm just curious. If they want to share with 3rd parties that it took me about three years to finish Shin Megami Tensei: Nocturne, fine. If I was giving them a rich user profile, it'd be a different story.

        • Re:*clap* *clap* (Score:5, Informative)

          by Nursie (632944) on Monday March 12, 2012 @03:12AM (#39323747)

          Name, address, gaming habits (every game you play, the times you play, how long for), any movies you may have downloaded from them, integrated tv services you've used...

          These are just the things I know the box was sending to Sony from my protocol snooping a year or so back.

          I'm not sure if the machine sends web history to Sony, or what you've been watching/listening to on the ps3 via UPnP/DLNA, but it wouldn't be beyond their capabilities.

      • "I can't even fully use the products I already have." I have a solution for that problem: just don't buy Sony stuff. I used to like Sony. Their stuff was a bit more expensive, but it was high quality. Then I bought a Trinitron TV. Within a few months (just after the 90 day warranty expored, as a matter of fact), the power switch stopped functioning. The repair bill was over $300. Now, Sony *could* have done the right thing and said "it's just out of warranty, no problem, we'll cover it". Nope. They h
    • God, you really have to wonder what's going on in the brains of Sony managers. If they had embraced the hacking/modding community like e.g. Lego did or at least tolerated it silently, they'd have obtained tons of free content, fan pages, free customer service, new customers and new uses for their hardware. Instead, they are constantly yelling "fuck you" at their regular customers and, quite frankly, I doubt that there are any "power" users left who would buy a Sony product.

  • wrong medication (Score:2, Interesting)

    by Anonymous Coward

    This is treating the symptom not the problem.

    • What do you propose they do... kill all the would-be attackers?

      • by Anonymous Coward on Monday March 12, 2012 @02:38AM (#39323615)

        Here's a start:

        1. Bring back OtherOS
        2. Stop supporting CSS, AACS, HDCP and other forms of DRM
        3. Apologise for installing rookits on people's computers without their knowledge
        4. Apologise for taking legal action against people who circumvented their digital restrictions

      • I have a strange, maybe backwards, idea, but it just might work: Produce what your customer wants, but, you know, with the actual intent to give him what he wants, not just the bait-and-switch strategy of showing him what he wants, waiting 'til he buys and then yanking it from his grasp to leave him with what YOU want.

        It just might make people actually, you know, WANT to buy your products. I have a hunch it might work a lot better than trying to force people to buy your crap.

        • That is off topic. The topic is about Sony finally improving their security posture (a good thing).

          The GP is suggesting improving their security posture is a worse idea than not pissing people off in the first place. I think that since they need to improve their security either way... it's immaterial whether or not they know how to run the rest of their business properly.

    • That's not even treating the symptom. That's just a painkiller so you don't even feel the symptom anymore.

  • Cheaper strategy (Score:5, Insightful)

    by mcbridematt (544099) on Monday March 12, 2012 @02:24AM (#39323529) Homepage Journal

    Don't be dicks.

    • by DigiShaman (671371) on Monday March 12, 2012 @02:35AM (#39323597) Homepage

      Cuts both ways. While Sony has pissed me off lately, the hackers equally so. As a casual gamer, I'm so sick and tired of all these angsty hackers posing an "up your ass with a stance" attitude. Why the hell should I have to take flak from both sides just enjoy a little gaming? I tell ya, it's simply not worth my time or my security being compromised.

      Screw this, I'm gaming elsewhere.

      • by sjames (1099) on Monday March 12, 2012 @03:17AM (#39323755) Homepage

        He who lies down with dogs gets up with fleas.

        You might want to check the species of your bedfellow.

        It's not like Sony's sins are minor. They include bait and switch and mass hacking on a scale Anon. can't even aspire to. Because they have money, they have gone un-punished.

        So, yeah, gaming elsewhere is probably a good idea.

    • by artor3 (1344997)

      That only works to a point. Hackers frequently don't share the morals of normal people. Sony could easily do something completely innocuous, only to find that they've angered a bunch of internet thugs who respond by making Sony and their customers suffer.

      It's akin to staying on the mob's good side so that they don't torch your shop. It might be cheaper and easier in the short term, but it's not a sustainable strategy. In the long run, you need to be able to defend yourself.

      • by sjames (1099)

        Evidence suggests that being at least neutral greatly reduces your chances of being attacked. Sure, they MIGHT get attacked anyway, but they PROBABLY wouldn't be. The attacks have for the most part been well aimed so far.

        • by artor3 (1344997) on Monday March 12, 2012 @03:44AM (#39323845)

          Evidence also suggests that the internet never, ever, ever forgives. Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon. Are they just supposed to suffer all the beatdowns they get over the next ten years until people start to say, "Hey, that rootkit thing was a long time ago..."?

          • Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon.

            No, but a large amount of "being good" would change that. Bringing back OtherOS, donating $25 million to the Mozilla Foundation, or opening a no-kill shelter for kittens would probably take a lot of heat off of them. Even though Google seems to have gotten away with it, "Don't be evil" is a pretty good rule to live by to keep armies of nerds off your ass.

          • by AdamJS (2466928)

            Well, it doesn't help that after some form of openness (ie otherOS, standardized inputs on the PS3), they immediately clamp shut (proprietary memory designed only for maximizing profit and for screwing gamers over) and that they always follow said process.

    • by Moleculo (1321509)
      If that actually was cheaper, they'd probably be doing it already. Why do you think they became dicks in the first place, for the fun of it?
      • by AdamJS (2466928)

        Because Corporations generally dislike consumers, and Sony is at the top of the pile of disdain.
        Oh, they love the consumers' wallets, of course.

  • Wrong use of word? (Score:3, Insightful)

    by Anonymous Coward on Monday March 12, 2012 @02:25AM (#39323537)

    Hacktivism is to protest political ends. I belive the term is misused here...

  • by gzipped_tar (1151931) on Monday March 12, 2012 @02:29AM (#39323551) Journal

    As part of the society, you should think about how not to become a target of hacking activism. Especially when it's impossible to crush every one of the "hackers".

    Better yet, convert them into your loyal customers, and even better, direct their anger to your competitors.

    • by Sir_Sri (199544) on Monday March 12, 2012 @02:39AM (#39323625)

      That seems utterly impractical. The barrier to entry for attempting to hack is sufficiently low that any big company will offend people eventually, no matter what it does. Made a game I don't like, use boxes that are too large for shipping? Price a product some jackass feels entitled to at a point more than they can afford. Etc. etc. etc.

      Sure, sony has earned a lot of their current hate. But every company has to realize that they will offend someone eventually, if nothing else than the thrill of trying to hack a big company.

      From http://money.cnn.com/magazines/fortune/fortune500/2011/index.html
      The largets US Companies in 2011
      Wal-Mart Stores
      Exxon Mobil
      Chevron
      ConocoPhillips
      Fannie Mae
      General Electric
      Berkshire Hathaway
      General Motors
      Bank of America
      Ford Motor

      I challenge you to find anyone on that list that hasn't pissed off a lot of people, intentionally or otherwise, and legitimately or otherwise, but there are still a lot of angry people at them. And you can keep going down the list.

      Sony isn't any different, and even if they change their ways, people will still believe them evil a decade from now. But I don't think you do 100 billion dollars a year in business and not make enough people angry to cause all sorts of hacking problems. Even Warren Buffet has made enemies because he thinks he makes too much money and should be taxed more.

      • by Anonymous Coward on Monday March 12, 2012 @03:13AM (#39323753)

        I'll grant you that just based on statistics and human nature, any company with a sufficiently-large customer base will invariably really piss off some minority sub-group of their customers. However, there's a difference between pissing off minor subgroups on some matter of debate (e.g. "Wal-mart sells eyeliner that was tested on rabbits! Let's protest these animal-haters!"), and taking flatly evil, anti-consumer actions that affect the entire customer-base in a negative way (e.g. several notable Sony debacles from the past).

        It's like the difference between BofA hiking a subset of their customers' credit card interest rates to pad their profits (with due notice, according to the rules), and BofA deciding "Hey, traditional bank fees aren't really working out for us, so we've decided to just start stealing a flat 1.5% of everyone's checking balance every month". They're categorically different, and so is the response from the customer base.

        Companies who avoid the really huge, categorically evil, moves tend not to get swamped in hacktivist attacks all the time. I work directly on internet-facing services (including in a security capacity) at a Fortune 1K company that's heavily involved in the tech/consumer world, and we've never had a hacktivist attack to date. We might someday, and we have some plans for that sort of event because it's irresponsible not to. But really our primary defense against this is that when *I* go into a meeting with a product development group, and I hear them suggest something really stupid that would likely cause a public Internet-based backlash, I flat-out tell them it's a stupid and irresponsible thing to do, and they back down.

        Sony is getting exactly what they deserve, and it's deplorable that rather than try to turn their *actions* around, they've accepted that they're always going to act evil and modified their security policies to suit a constant condition of "We have a giant target painted on our backs".

      • by sjames (1099)

        So how many times has Anon attacked GE?

        • by Pieroxy (222434)

          So how many times has Anon attacked GE?

          I'd argue that there is very little data on GE's website for Anon to brag about... And the fact that GE is in a business where you seldom make enemies. I mean, if your lightbulb burns out a little too soon, you don't get all mad at GE. They sell 'dead' products. And most of them are there in a heavily regulated / saturated / mature market. Hard to distinguish them from the competition.

          All that makes it a company that is less 'hatable' than SONY that screws with their customers on a weekly basis.

          • I guess you underestimate the areas GE has spread into. There's GE Healthcare, GE Transportation, GE Aviation, GE Money Bank, GE Energy, GE Water, GE Real Estate, GE Insurance Solutions... I'd actually be surprised if they really produce anything anymore...

            If any corporation has the potential to piss off a lot of people, it's probably GE. There aren't too many cookie jars they don't have a finger in.

    • by Hentes (2461350)

      So you want your personal data to be at the mercy of a bunch of self-righteous hackers? While it's not a substitute for a more consumer-friendly policy, securing their systems is something they should have done long ago.

  • About time they get it together - especially when your not the most liked kid on the block.
  • All they have to do is push a download that turns on the Playstation Eye of people they don't like.

  • by VinylRecords (1292374) on Monday March 12, 2012 @03:00AM (#39323707)

    So shutting off PSN access for millions of gamers is now considered hacktivism? Going after Sony's game division, which has almost nothing to do with Sony's corporate division, is now hacktivism?

    I know that the Slashdot crowd is extremely anti-Sony but I fail to see how denying paying consumers the ability to play games is hacktivism. Or preventing dozens of new games from getting released on the PSN store, and allowing those companies and artists to sell their titles, is hacktivism.

  • by PolygamousRanchKid (1290638) on Monday March 12, 2012 @03:27AM (#39323791)

    NATO just dropped a few billion for one! Now SONY will have one! Where's yours!?!?!

    I smell Y2k sized contract money now!

    I am now a Anti-Cyber-Threat-Security-Response-Operations-Analysis-Coordination-Center Specialist!

    In the train:
    Passenger: "What line of work are you in?"
    Me: "Cyber Security!"
    Passenger: "Do I need that?"
    Me: "Does your wife know about the email to your girlfriend on your laptop that I am reading right now?"
    Passenger: "Ok, I'll buy some."
    Passenger: "But do I need to wear that tinfoil hat . . . ?"

    • Oh yea, it's dot-com all over again! And I'm in the right line of business again, just in time, cyber security technology expert... no, wait, sounds too cheesy. Information security ... too formal. Snakeoil peddler... no, too honest...

      I'll just go by the simple, humble title of IT security consultant. It should be good enough for a 300/hour rate, and that's good enough, I don't want to be greedy...

  • Oh i hate the term. Hackers dont hack the phone calls of the staff or hack into cctv to do harm.

    Political activists use legitimate methods to increase their influence.

    If you hack into phone calls for purposes different from demonstrating a problem then you are not a hacker. if you use force (like the Anonymous asshats) you are not an activist.

    Now they discredit political activists and hackers at the same time by calling them hacktivists, joining two very different things. in order discredit both and connect

    • by Geof (153857) on Monday March 12, 2012 @04:44AM (#39324035) Homepage

      Political activists use legitimate methods to increase their influence.

      And who, pray tell, decides what is legitimate?

      Answering that question is what politics is all about. The point of engaging in politics is to determine legitimacy. Look at any political movement and you will see this struggle to define legitimacy. Legitimacy is not the starting point: it is the outcome. You are begging the question.

      Which is, of course, because you are trying to propagate your definition of what is legitimate. You are not describing politics: you are engaged in it. You are not a disinterested obsever: you are a participant.

    • Political activists use legitimate methods to increase their influence.

      Yeah, like gerrymandering, suppressing voter turnout, diddling voting machines, and "losing" the ballots from precincts likely to vote the wrong way.

      • Legal is what the ruling party declares legal. Hey, I don't make the laws, I only get to twist them!

    • Re:Hacktivists (Score:4, Insightful)

      by leromarinvit (1462031) on Monday March 12, 2012 @05:39AM (#39324233)

      Political activists use legitimate methods to increase their influence.

      So Rosa Parks wasn't an activist when she sat on the whites-only seat on the bus? Her entire point was that what should have been legitimate wasn't. Activism isn't about increasing your influence (that's more NGO territory - lobbying for a good cause), it's about bringing public attention to your cause. Very often the most effective way of doing that is publicly defying the rules to make a point.

  • Sony rootkit (Score:4, Informative)

    by Anonymous Coward on Monday March 12, 2012 @04:08AM (#39323925)

    http://en.wikipedia.org/wiki/Sony_rootkit [wikipedia.org]

    Never forget, never forgive.

  • by dstone (191334) on Monday March 12, 2012 @04:44AM (#39324037) Homepage

    TFA claims that Sony's new CSO, Brett Wahlin, "served as a counter-intelligence officer in the US Military for eight years during the Cold War." The final year of the cold war is generally agreed to be 1991, when the Soviet Union dissolved. This suggests he started working as a C-I officer no later than 1984. Yet the photo in his recent bio [sfisaca.org] suggests he's in his early 40s now. So either 1) he's a prodigy and worked for the US military during high school, or 2) he can travel in time. Either way, the hacktivists might have met their match! Well played, Sony.

  • Uh (Score:4, Insightful)

    by AdamJS (2466928) on Monday March 12, 2012 @05:02AM (#39324101)

    Why not orient your company and your policies so as not to actively piss off people who like tinkering with their own electronics and people who don't like DRM and spyware-riddled merchandise?

  • There are cushier jobs than leading Sony Entertainment Network’s burgeoning security shop, but Brett Wahlin was never one to shy from a challenge. So when the entertainment giant looked to revamp its security in the wake of the devastating hacking attacks against its PlayStation Network last year, the former McAfee Chief Security Officer answered the call.

    McAfee, seriously? What, they couldnt shell out a few more bucks to get a guy from Norton? :)

  • by Tangential (266113) on Monday March 12, 2012 @07:14AM (#39324573) Homepage
    Poor Sony. After all they've done to..er..for their customers. Karma is definitely a bitch
  • Anti-Social (Score:5, Insightful)

    by Doc Ruby (173196) on Monday March 12, 2012 @07:37AM (#39324673) Homepage Journal

    Evidently Sony learned nothing from the cause/effect relationship of their brutal approach to both security and their users. Sony set the stage by deploying rootkits and other security attacks on their own customers. Then they retroactively deleted the Linux (OtherOS) option from PS3s, many of which they'd sold to hackers for the very purpose of "hacking Sony". Though OtherOS had been crippled from the beginning, there was little effort by PS3 hackers to crack the lockout from the hardware, until Sony tried shutting all OtherOS users down. Then hacking the PS3 became necessary for every PS3 Linux user.

    It was a case of "when guns (OtherOSes) are outlawed, only outlaws will have guns (OtherOSes)". Why stop at just keeping what you paid for, when you had actually paid for more than you'd originally gotten? Sony had destroyed any ethical relationship, and the community was organized.

    Now, I'm not pinning all or even most of the attacks on Sony beyond keeping Linux on the small PS3 Linux community - maybe not even any of them. But that episode showed the world Sony was a legitimate target. Then after some success in keeping what they paid for resulted in arresting the hacker, Sony was now a legit target for both legitimate hacking and just plain "bash the bad guy". Combine that with Sony's copyright overreaches, its region-encoding scams, its DVD backup denials (also broken and showing Sony both greedy and vulnerable) - Sony fanned the flames of backlash.

    Now Sony is just escalating the conflict. It would be a lot cheaper to give hackers back Linux, this time with some support, to give them more of a common interest with Sony. Instead Sony is further defining itself as an enemy instead of a partner. Sony's awareness of social networks seems to be purely as either enemy or marketing victim. This will not end well. In fact it will not end, and many will suffer.

  • I hear the CEO recently heard about this thing called a "firewall" and is very interested in looking into one. He also heard a rumor about "passwords" and their possibilities for increasing security. Things are a changing at Sony it seems.

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...