Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawsuit Claims Sony Canned Security Staff Just Before Data Breach

Posted by Soulskill on from the perhaps-a-lesson-has-been-learned dept.

Stoobalou writes "A lawsuit filed this week suggests that Sony sacked a group of employees from its network security division just two weeks before the company's servers were hacked and its customers' credit card details were leaked. The suit, which seeks class action status, is being brought by victims of the massive data breach that took place in April."

9 of 99 comments (clear)

  1. 2 weeks by Aladrin · · Score: 5, Insightful

    Like 2 weeks was enough to cause the massive problems Sony had. Hah.

    No, more like, Sony found out they were incompetent and was firing them for that. Too little too late, obviously.

    And what should have Sony done, when they realized they weren't secure? Shut down their entire business for months until they could hopefully secure things?

    I'm not pulling 'months' from nowhere, either. Sony's Japanese PSN is still down while they secure it because the government won't let them bring it back up.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    1. Re:2 weeks by zigziggityzoo · · Score: 4, Insightful

      Or - they were fired, and two weeks later hacked into the systems themselves.

      --
      Zing!
    2. Re:2 weeks by Obfuscant · · Score: 4, Funny

      Well, Obama is literally a puppet, a mechatronic puppet; controlled by brainwaves from the fleet of orbiting spacecraft piloted by angels who protect us from the lizards. And....

      Much simpler and more nefarious than that. He's receives his control messages from one or more visual cuing devices placed in front of him whenever he appears in public, which contain encoded messages for him to speak at the appropriate times.

      Humans, I mean we, call them 'teleprompters'.

    3. Re:2 weeks by hey! · · Score: 5, Insightful

      We're speculating here, and it's easy enough to cast the fired guys as villains or victims depending on what you want to imagine.

      In the universe where they're victims:

      That the security breech occurred so soon after these guys were fired is far from proof that they were incompetents. Two weeks is plenty of time for key systems to be mis-configured by a replacement who doesn't understand what's going on, or to fail to perform some important maintenance task like applying a critical security patch. It is also possible that the attack ought to have been detected and contained, but there was nobody left who knew how to do that.

      In the universe where they're villains:

      That the security breech occurred so soon after these guys were fired suggests they failed to secure the system, or were in fact actually malicious themselves. Two weeks would not be enough time to fix much after you fired them.

      In any conceivable universe:

      It would be stupid fire all your security guys for incompetence without bringing in replacements *first*. Even if these guys are incompetent, they know details that their competent replacements will need to know, and which are probably not well documented. Not knowing these details would set the competent replacements back far enough that they might take several more weeks to get things locked down properly.

      Being prepared before you give the old team the boot goes even if you have *malicious* network guys. If management knows its job, they get the security tiger team AND the legal team AND the computer forensics team ready for action before the evil admins realize anyone's on to them. Then one morning the admins find themselves locked out of work and subpoenaed, and the systems all shut down damn the cost until the new security team say it's kosher to open for business.

      In the universe we actually live in:

      As yet we know very little about how the security disaster happened, and have no idea whether the events mentioned in the lawsuit are relevant at all.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Re:So they sacked them too early by tjkwentus · · Score: 5, Interesting

    Or too late

    Or the sacked were involved in the breach.

    --
    Shameless self-plug: http://nerdramblings.com (my blog)
  3. and now for something completely different... by space_jake · · Score: 4, Funny

    Those responsible for the sacking have also been sacked.

  4. Re:So they sacked them too early by ElectricTurtle · · Score: 4, Funny

    Those responsible for sacking have been sacked. They've all been replaced at the last minute at great expense by trained llamas.

    --
    I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
  5. Re:Are they responsible? by marcosdumay · · Score: 4, Insightful

    Maybe they were fired because they complained too much that Sony didn't care about security. Or that they upped that complain into the CEO, that preferred the CIO version. Maybe they threatened to make the problem public and their boss didn't like it. Maybe they weren't seen as productive because they kept fixing things the entire day, instead of helping build new things, and were understaffed. Maybe the company didn't like the policies they tried to put in place, so not only didn't accept the policies, but also fired them (this option seems to be quite likely). Maybe they weren't competent enough to put some good security in place, but still dedicated enough to security so that they anoyed people. Or, finally maybe they were justly fired by incompentence.

    --
    Rethinking email
  6. Who cares why they fired them- I want Sony $$ by gearloos · · Score: 4, Interesting

    I could honestly care less why they sacked them. I just want something out of SONY. For the PS3 storing open text negligence, for taking away a feature I paid for (Linux- Other OS) and not giving a rats ass about me, for the Rootkit they put on my system with no real punishment, for the liars that lobbied the Bluray to win over the far superior technology that was HDDVD, for well, "EVERYTHING SONY". For the rootkit alone, their senior staff should have been criminally prosecuted. If I was to put a rootkit on a SONY Server by giving an employee a cd to listen to at work, I'd certainly be in jail. The best part- I went to GTPlanet (for the Gran Turismo Game, GT5) after this and the dam Fanboi mentality of today is every post I saw that complained or said anything remotely bad was shut down by 100 posts saying Sony is such a great company for trying to rebuild everything and that it is so great they are looking out by telling everyone about it..blah blah blah I've had enough- Boycott these thieving asshats. I want my $0.99 from the Class Action Suit. It's almost as good as a company changing the law like Verizon and ATT with their "Unlimited" Plans that are actually 5GB or less.... Truth in advertising? But I digress... I only mention them because they are also tops up there on the list with Sony of companies that do what they please and colude but yet give lots of $$ to lobby their cause to a corrupt (or rather incompetent) judicial system.

    --
    "Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"