PlayStation Network Hack Will Cost Sony $170M

alphadogg writes "Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline." Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?

Yeah, but they can make it up in volume

[elrous0]

All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.

Problem solved. You're welcome, Sony.

Re:Yeah, but they can make it up in volume

[mlts]

I doubt it. Come September, things will be exactly business as usual with the PSN breach completely forgotten about by then.

I also doubt Sony lost much money. They might have lost a little bit handing out subscription time to compensate, as well as hiring some consultants to maybe add an IDS/IPS system in some places. However, realistically, their losses from the PSN breach are negligible, probably less than it costs to do a promotion of a new game.

Call me cynical, but a lot of firms know that they can skimp on security because it doesn't make them money. If they get breached, they make a token effort to "clean it up", and business goes on. It is going to take governments stepping in, and having nasty criminal/civil consequences happen to companies who go lax on internal security for this to ever change.

Define "suffered from the outage"

[Whatanut]

Let's be honest. This is an outage of an entertainment network. I don't think anyone can really claim they suffered due to it not being available. If anything they may have gained by the fact that they did something else.

Now, if you want to argue that people are suffering due to the information loss, I'll go with that one. But not from the outage itself.

Re:Define "suffered from the outage"

[Blackwulf]

I imagine publishers that make their living selling downloadable games on PSN suffered from this outage in a highly economic way.

Compensation is Peanuts

[Sonny+Yatsen]

Look, the compensation that Sony is giving out in the aftermath of the PSN attack is peanuts. It doesn't cost them a hell of a whole lot to set up. The free two games? Sony already has deals set up with developers to provide "free" games to PSN plus subscribers, the additional cost of a few extra free games to all subscribers (who might not even take advantage of it, since most of these games are ancient and they probably already have it) is marginal, at best. The one month of free PSN+ for subscribers doesn't cost much, either, since it's only a small minority with PSN+ accounts. I'd doubt that the compensation would cost them much more than a few million dollars at best.

Re:Compensation is Peanuts

[countertrolling]

Peanuts are expensive. There'll be probably three to the package, like what the airlines serve.. to save weight, of course

Was it worth it?

[ArcRiley]

The real question is whether it would have cost them $170 million to leave the OtherOS feature alone. Lets not forget Sony started the fight with the community by removing a feature originally provided on the hardware that was used heavily by researchers and programmers at home. Then the community found a way to root the PS3, then they patched it, then the root keys were found, then they started blocking rooted consoles from the network, then the network was taken down for everyone.

The community is big, Sony is small, and there are enough fringe elements in the community to make us dangerous as a whole. Hopefully they've learned their lesson and begin behaving in a more cooperative manner with the community, but I have a feeling they're just going to raise the stakes even further.

Re:Was it worth it?

[ALeavitt]

They obviously had someone on board, or OtherOS never would have been available in the first place. Because they had someone on board, they purchased PS3s. Then somebody else made the decision to retroactively remove functionality from the devices that they purchased, and they felt rightly outraged. It shouldn't be necessary to be a stockholder to expect that the consumer devices that you purchase won't be remotely disabled without any recourse in what essentially amounts to a bait-and-switch.

Won't cost Sony a dime

[Fujisawa+Sensei]

The hack won't actually cost them a time.

The compensation will be in the form of a PSN+ subscription. But you will still have to cough up a credit card or something. Then it will be the users responsibility to unsubscribe when the free subscription is up. Most of the Sony lemmings won't notice until the CC bill arrives, then they will already be in the second month of service and have to pay for that too.

So Sony is still going to make money from the deal.

When trying to talk to the GPU

[tepples]

No, Sony started the fight by making half the system's RAM off-limits to homebrew. The Other OS hypervisor didn't provide any sort of 3D or 2D acceleration or even a well-defined method to use otherwise unused VRAM as a RAM disk. As I understand it, the only way Geohot and others tried to "hack the PS3's security" before this whole incident was just to try to do basic things with the GPU.

Re:When trying to talk to the GPU

[wierd_w]

Wait-- What!?

The PS3 has had a long standing, and almost glacially low, level of dedicated hacker interest compared to other contemporary systems which were targeted almost immediately after launch. Fail0verflow themselves even pointed out this timeline in their presentation.
http://www.youtube.com/watch?v=4loZGYqaZ7Ii

Throwing the bone to the homebrew community, however sparse on meat, was one of the biggest, if not *THE* biggest things (Given the very very sorry PKI implementation discovered years later...) sony did to help ensure profitability of their system in the face of piracy, since it removed the MOTIVE to hack the console! Why fix what isnt broken? If the console lets you run your own code already, why dig deeper?

The hackers like Geohot who were fuzzing the hypervisor were doing so to get a little more meat on that bone-- Not to raid the table, like you are implying. It wasn't until AFTER Sony took that bone away that the angry pitchfork carrying hackers teamed up to oust the baron from his lofty castle.

By taking the bone away totally, they created HUGE incentive to hack the system, along with deeply seated enmity. That enmity was kindled once before by the sony rootkit debacle, and once restoked, seems to have been one of the major motivational forces behind the seemingly systematic attacks against sony's infrastructure.

To do this right next time, to avoid further hacker enmity, and to prevent piracy on their next console (this one is irreversibly compromised), Sony needs to do the following:

1) Re-enable OtherOS like functionality, with access to the GPU. Access does not == white papers, so a sufficiently advanced custom GPU would take a lot of effort to map out functionality by the community, and would be an activity many would consider *fun*. While they are mapping out what the hardware can do, they are NOT trying to make copied games run. Without a whitepaper to work from, it would be very hard to compete with licensed commercial games. Your average NES emulator or Tetris clone would be about what you would expect to come out. Hardly a competitor for the latest Gears of War, or Red Faction type games.

2) Implement a correct and proper PKI. Give otherOS application code a unique public key to enable execution. Bonus if it uses a totally different private key too.

3) Stop retroactively removing features from consoles. It does not matter how unprofitable that functionality is-- DONT TOUCH IT!

4) Treat users with some dignity, stop warehousing their personal information, and store what information they DO collect on a server that isnt pitifully protected.

But no. You have already made up your mind that Geohot is Teh Badz, that hackers hacked the PS3 exclusively to cheat on online latter play, and that sony is the victim of these dreadful offenses.

No amount of factual reporting will change your mind either.

Please, correct me if I am mistaken in this evaluation, but your tone kept consistently on target with that viewpoint.

Re:And for Developers/Publishers?

[kimvette]

And how do you propose they recoup the lost confidence from their developers and publishers [slashdot.org]?>

Stop being so evil, for starters.

Sony's motto as of late seems to be: "Do as much evil as possible."

And now they are reaping what they have sown. I don't agree with the script kiddies' actions against Sony (i'm partial to destroying them economically through large-scale boycott) but Sony did have it coming to them. Taking away the OtherOS option (which is fraud; a bait-and-switch move by removing one of the key selling points) and then suing a customer who decided to take the functionality back was probably just the final straw. After installing rootkits (infringing on GPL'd code copyrights in the process) to customers' systems (a felonious act; accessing computer systems without authorization), falsely advertising product, building shoddy product and having some of the worst customer service in existence, are they actually surprised they are the target of script kiddies everywhere?

They invited it through their actions.