Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony's Plan To Tighten Security and Fight Hacktivism

Posted by Soulskill on from the try-making-people-less-angry dept.

mask.of.sanity writes "Sony Entertainment Network is rebuilding its information security posture to defend against hacktivism. It includes a security operations center that serves as a nerve center collating information on everything from staff phone calls, to CCTV, to PlayStation gamers. If it is successful, the counter intelligence-based system will be deployed across the entire company. 'At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different,' said Chief Security Officer Brett Wahlin."

43 of 247 comments (clear)

  1. *clap* *clap* by FrozenFood · · Score: 5, Interesting

    good for them

    pity I wont buy another sony product ever again.

    1. Re:*clap* *clap* by Ihmhi · · Score: 5, Insightful

      You have to read between the lines here man.

      They're not saying "We were attacked for being a socially irresponsible company, so we're going to do less evil shit." They're saying "We were attacked for doing evil shit, so we're going to keep doing evil shit and make it harder to successfully attack us."

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    2. Re:*clap* *clap* by hairyfeet · · Score: 5, Informative

      I don't know about him but I personally don't buy Sony because they have a serious "Hey, how can we REALLY buttfuck our customers HARD?" attitude. See ATRAC, Minidisc, memory stick, UMD, if given a chance they will completely ignore formats every else uses and is cheap for some proprietary throwback that is worse in every way for the consumer, no thanks.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    3. Re:*clap* *clap* by Nursie · · Score: 4, Informative

      I can't even fully use the products I already have.

      The new SEN, replacement for the PSN, has in its user agreementy a clause that says they can and will do anything they like with your user data, including giving it to any third party they feel like. If you have a problem with this you can't use the service.

      That's me locked out of network features on the ps3 then.

    4. Re:*clap* *clap* by Nursie · · Score: 5, Informative

      Name, address, gaming habits (every game you play, the times you play, how long for), any movies you may have downloaded from them, integrated tv services you've used...

      These are just the things I know the box was sending to Sony from my protocol snooping a year or so back.

      I'm not sure if the machine sends web history to Sony, or what you've been watching/listening to on the ps3 via UPnP/DLNA, but it wouldn't be beyond their capabilities.

    5. Re:*clap* *clap* by Anonymous Coward · · Score: 5, Informative

      Just because of how Sony handled this? Please, after this fiasco they'll be the safest company to trust your info to. Sony didn't handle the breach well, nor did it inform customers as it should have, but guess what? NO OTHER COMPANY would have done ANYTHING different. I'll bet there are many that would've tried to deny the whole thing.

      I'm socially motivated to never buy anything from Sony again as well, but it has nothing to do with whatever their latest stupid shananigans are. Sony earned a permaban with their rootkit. Remember that?

    6. Re:*clap* *clap* by Nursie · · Score: 5, Informative

      And the Vita uses?

      Oh that's right, proprietary "vita cards" for games, proprietary "vita memory cards" for storage, and even a non-standard data cable.

      Good work!

    7. Re:*clap* *clap* by Sneeka2 · · Score: 5, Insightful

      And guess who designed Blu-ray and shoveled tons of money into the project to push it into the market to destroy to rival HD DVD format: Sony. Learn your history.

      Also, comparing two very specific systems which are by definition very closed (gaming consoles) and a music player (which I guess you're going for with that Apple jibe) is hardly an objective comparison in the big picture. If that's all you know about these respective companies, fine, but please stay in your mom's basement.

      --
      Bitten Apples are still better than dirty Windows...
    8. Re:*clap* *clap* by Anonymous Coward · · Score: 3, Interesting

      I would use the term "corporate entitlement" for it. They think the world owes them money because they produce luxury products. Bioware are doing exactly the same thing when their latest title has a bunch of shortcuts and removed (unless you pay extra) content. But in their head space they are entitled to do whatever they want and you are just a source of income who is allowed no opinion or input.

      Corporations have figured out the public doesn't listen to the news any more. Their own greed is too high and self control too low, so Sony can pretty much piss in your face and demand you pay for it and the public will only see a shower and pay the price.

    9. Re:*clap* *clap* by Anonymous Coward · · Score: 5, Funny

      And today on our fun game show My Favorite Random Multi-National Conglomerate Sucks Less Than Your Random Multi-National Conglomerate, we introduce our first contestant: peppepz!

    10. Re:*clap* *clap* by ArsenneLupin · · Score: 3, Funny

      Corporations have figured out the public doesn't listen to the news any more. Their own greed is too high and self control too low, so Sony can pretty much piss in your face and demand you pay for it and the public will only see a shower and pay the price.

      Sure, gold prices are sky hight currently, so what did you expect?

    11. Re:*clap* *clap* by Aerorae · · Score: 3, Interesting

      Isn't that kinda how these big businesses work in general these days? Microsoft, Apple, Sony, Samsung, Motorola, Oracle, Intel, Dell, etc? I guess I'm just saying if someone has an issue with Sony they probably have an issue with the whole industry & it's practices, not /just/ Sony...

    12. Re:*clap* *clap* by Ihmhi · · Score: 4, Insightful

      I think once a business reaches a certain critical mass, evil is inevitable.

      Are there any companies in the Fortune 500 (or even Fortune 1000) that aren't complete monsters?

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    13. Re:*clap* *clap* by peppepz · · Score: 4, Insightful

      That sucks. I'll only buy game consoles that distribute games on non-proprietary storage. Which one can I buy?

    14. Re:*clap* *clap* by SuricouRaven · · Score: 5, Insightful

      I think you have it backwards: If the company management isn't willing to do evil, the company will never reach that mass. Sooner or later the time will come when the management must choose between their principles and their duty to maximise profits - they can't have both.

    15. Re:*clap* *clap* by Sneeka2 · · Score: 4, Insightful

      Both HD-DVD and Blu-Ray were proprietary, patent- and DRM-laden standards. ... For once, the technically best format (Blu-Ray) won.

      I'll just let these two sentences stand next to each other. They're too good. :)

      It's not that Sony beat HD DVD which undermines your argument, it's that Blu-ray is a horrible technology, mostly exactly because it's DRM-laden. The blue laser is nice, the DRM and all the crap that goes onto a typical Blu-ray disc is not. What won is simply one of the two evils. Therefore, choosing Blu-ray as an "open" technology to show how good Sony is in using open technologies is just... let's call it a bad example.

      Both are very closed, but one is a lot more open than the other (the PS3)

      So one sucks less than the other, that doesn't make it a great example for "open".

      whereas the post I was responding to was claiming that Sony uses proprietary formats.

      Because the PS3 is the only device Sony is selling?

      --
      Bitten Apples are still better than dirty Windows...
    16. Re:*clap* *clap* by macs4all · · Score: 5, Insightful

      Isn't that kinda how these big businesses work in general these days? Microsoft, Apple, Sony, Samsung, Motorola, Oracle, Intel, Dell, etc? I guess I'm just saying if someone has an issue with Sony they probably have an issue with the whole industry & it's practices, not /just/ Sony...

      Apple removed DRM from iTunes music. Sony installed Rootkits.

      Apple has no DRM on its OS. Sony has aggressively fought against Playstation hacking.

      Apple has a Cloud service which mirrors your music to all your devices, regardless of where it came from. Sony?

      Apple had a marketing slogan "Rip. Mix. Burn.". Sony created Blu-Ray as an unsuccessful defense against DeCSS.

      Apple builds AirPlay into OS X and iOS. Sony creates SACD's DSD format as an (unsuccessful) attempt to stop CD copying (betcha didn't know that one!).

      Apple actively and significantly contributes to the F/OSS Community. Sony, OTOH has been caught USING F/OSS code without attribution and in violation of those project's licensing (libarc) in its game, ICO, and parts of LAME (id3lib and more) in an OCX control.

      Yep. no way whatsoever to tell those two companies apart by their respective actions.

    17. Re:*clap* *clap* by betterunixthanunix · · Score: 4, Informative

      Apple has no DRM on its OS

      https://en.wikipedia.org/wiki/IOS#Digital_rights_management

      Otherwise I agree, Apple is less evil than Sony. Not that that is saying much.

      --
      Palm trees and 8
    18. Re:*clap* *clap* by Ihmhi · · Score: 3, Funny

      Funny how these guys keep growing without being evil:

      http://www.redhat.com/

      But what they don't tell you is the hat is red because... it's dipped in the blood of emacs users! BOOOOOoooooOOOooOoOOOO!

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    19. Re:*clap* *clap* by betterunixthanunix · · Score: 4, Insightful

      No, iOS has DRM that is designed to prevent its user from running software that Apple does not approve of. You can read more than the first sentence, you know...

      --
      Palm trees and 8
    20. Re:*clap* *clap* by AngryDeuce · · Score: 3, Insightful

      A PC?

    21. Re:*clap* *clap* by betterunixthanunix · · Score: 5, Informative

      What you have failed to realize is that the "App Store Lock-In", and even the "iOS Development Licensing" are actually there to benefit USERS (by keeping Malware OUT, OUT, OUT).

      As well as keeping pornography and political cartoons, software that might compete with Apple, software that might allow people to develop more software in a sandboxed environment, software that might allow people to play old SNES games, etc. OUT OUT OUT. The "this benefits users" argument is nothing more than a cover story; Apple could benefit users without forbidding jailbreaking, without bricking phones that were jailbroken, and without having a policy that forbids lampooning politicians.

      Sony's Rootkit and Playstation DRM battles are there to benefit SONY.

      So how is that not-locked-down gaming platform working for you? Oh yeah, malware:

      https://encrypted.google.com/search?q=windows+malware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

      Apple's iOS DRM serves exactly the same purpose as PS3's DRM: to thwart competition, prevent customers from controlling their computers (which includes phones and gaming systems) and to tap developers' revenue streams.

      --
      Palm trees and 8
    22. Re:*clap* *clap* by mcgrew · · Score: 3, Insightful

      NO OTHER COMPANY would have done ANYTHING different.

      What other company has knowingly and purposely installed malware on paying customers' computers? What other company has shipped a product and then removed some of its functionality after it's already been bought and paid for?

      I was a victim of XCP. Don't expect ME to buy anything else from Sony, ever again. If I did to Sony's computers what Sony did to mine when my daughter innocently installed their damned trojan, I'd be in prison.

      Sony doesn't deserve to live. I wish averyone who owned Sony stock would sell it, and I wish people would stop buying Sony products. Sony is evil and doesn't deserve your business.

      --
      Free Martian Whores!
  2. Cheaper strategy by mcbridematt · · Score: 5, Insightful

    Don't be dicks.

    1. Re:Cheaper strategy by DigiShaman · · Score: 3, Insightful

      Cuts both ways. While Sony has pissed me off lately, the hackers equally so. As a casual gamer, I'm so sick and tired of all these angsty hackers posing an "up your ass with a stance" attitude. Why the hell should I have to take flak from both sides just enjoy a little gaming? I tell ya, it's simply not worth my time or my security being compromised.

      Screw this, I'm gaming elsewhere.

      --
      Life is not for the lazy.
    2. Re:Cheaper strategy by sjames · · Score: 4, Insightful

      He who lies down with dogs gets up with fleas.

      You might want to check the species of your bedfellow.

      It's not like Sony's sins are minor. They include bait and switch and mass hacking on a scale Anon. can't even aspire to. Because they have money, they have gone un-punished.

      So, yeah, gaming elsewhere is probably a good idea.

    3. Re:Cheaper strategy by artor3 · · Score: 4, Insightful

      Evidence also suggests that the internet never, ever, ever forgives. Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon. Are they just supposed to suffer all the beatdowns they get over the next ten years until people start to say, "Hey, that rootkit thing was a long time ago..."?

  3. Wrong use of word? by Anonymous Coward · · Score: 3, Insightful

    Hacktivism is to protest political ends. I belive the term is misused here...

    1. Re:Wrong use of word? by Black+Parrot · · Score: 3, Funny

      Hacktivism is to protest political ends. I belive the term is misused here...

      Right. Unless all those credit card numbers were stolen to support the Club A Baby Seal for Supply-Side Jesus movement, it was just theft, not hactivism.

      --
      Sheesh, evil *and* a jerk. -- Jade
  4. Wrong way of thinking by gzipped_tar · · Score: 5, Insightful

    As part of the society, you should think about how not to become a target of hacking activism. Especially when it's impossible to crush every one of the "hackers".

    Better yet, convert them into your loyal customers, and even better, direct their anger to your competitors.

    --
    Colorless green Cthulhu waits dreaming furiously.
    1. Re:Wrong way of thinking by Sir_Sri · · Score: 3, Interesting

      That seems utterly impractical. The barrier to entry for attempting to hack is sufficiently low that any big company will offend people eventually, no matter what it does. Made a game I don't like, use boxes that are too large for shipping? Price a product some jackass feels entitled to at a point more than they can afford. Etc. etc. etc.

      Sure, sony has earned a lot of their current hate. But every company has to realize that they will offend someone eventually, if nothing else than the thrill of trying to hack a big company.

      From http://money.cnn.com/magazines/fortune/fortune500/2011/index.html
      The largets US Companies in 2011
      Wal-Mart Stores
      Exxon Mobil
      Chevron
      ConocoPhillips
      Fannie Mae
      General Electric
      Berkshire Hathaway
      General Motors
      Bank of America
      Ford Motor

      I challenge you to find anyone on that list that hasn't pissed off a lot of people, intentionally or otherwise, and legitimately or otherwise, but there are still a lot of angry people at them. And you can keep going down the list.

      Sony isn't any different, and even if they change their ways, people will still believe them evil a decade from now. But I don't think you do 100 billion dollars a year in business and not make enough people angry to cause all sorts of hacking problems. Even Warren Buffet has made enemies because he thinks he makes too much money and should be taxed more.

    2. Re:Wrong way of thinking by Anonymous Coward · · Score: 4, Insightful

      I'll grant you that just based on statistics and human nature, any company with a sufficiently-large customer base will invariably really piss off some minority sub-group of their customers. However, there's a difference between pissing off minor subgroups on some matter of debate (e.g. "Wal-mart sells eyeliner that was tested on rabbits! Let's protest these animal-haters!"), and taking flatly evil, anti-consumer actions that affect the entire customer-base in a negative way (e.g. several notable Sony debacles from the past).

      It's like the difference between BofA hiking a subset of their customers' credit card interest rates to pad their profits (with due notice, according to the rules), and BofA deciding "Hey, traditional bank fees aren't really working out for us, so we've decided to just start stealing a flat 1.5% of everyone's checking balance every month". They're categorically different, and so is the response from the customer base.

      Companies who avoid the really huge, categorically evil, moves tend not to get swamped in hacktivist attacks all the time. I work directly on internet-facing services (including in a security capacity) at a Fortune 1K company that's heavily involved in the tech/consumer world, and we've never had a hacktivist attack to date. We might someday, and we have some plans for that sort of event because it's irresponsible not to. But really our primary defense against this is that when *I* go into a meeting with a product development group, and I hear them suggest something really stupid that would likely cause a public Internet-based backlash, I flat-out tell them it's a stupid and irresponsible thing to do, and they back down.

      Sony is getting exactly what they deserve, and it's deplorable that rather than try to turn their *actions* around, they've accepted that they're always going to act evil and modified their security policies to suit a constant condition of "We have a giant target painted on our backs".

  5. Re:wrong medication by Anonymous Coward · · Score: 5, Insightful

    Here's a start:

    1. Bring back OtherOS
    2. Stop supporting CSS, AACS, HDCP and other forms of DRM
    3. Apologise for installing rookits on people's computers without their knowledge
    4. Apologise for taking legal action against people who circumvented their digital restrictions

  6. Everybody needs an Anti-Cyber-Threat-Center! by PolygamousRanchKid+ · · Score: 5, Funny

    NATO just dropped a few billion for one! Now SONY will have one! Where's yours!?!?!

    I smell Y2k sized contract money now!

    I am now a Anti-Cyber-Threat-Security-Response-Operations-Analysis-Coordination-Center Specialist!

    In the train:
    Passenger: "What line of work are you in?"
    Me: "Cyber Security!"
    Passenger: "Do I need that?"
    Me: "Does your wife know about the email to your girlfriend on your laptop that I am reading right now?"
    Passenger: "Ok, I'll buy some."
    Passenger: "But do I need to wear that tinfoil hat . . . ?"

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  7. Re:wrong medication by Sneeka2 · · Score: 3, Insightful

    2. Stop supporting CSS, AACS, HDCP and other forms of DRM

    That is, stop playing DVD, Blu-Rays, and drop the ability to connect to HDMI and DVI displays?

    That's the point, come up with a frickin' format that does not use DRM and distribute movies in said format (Sony is a mayor distributor and user of DRM'd formats).

    If you don't like the above mentioned technologies, you can play unprotected media and connect the PS3 via SCART, VGA or component cables anyway.

    We know you love your PS3, but why do the rest of us have to put up with crippled discs we want to play elsewhere?

    It's not that Sony, like Google, is plotting to insert DRM into the open standard that governs the Web.

    No, because they've already inserted their DRM everywhere that matters to them.

    3. Apologise for installing rookits on people's computers without their knowledge

    Done. Seven years ago. And by the way, did Apple and other phone manufacturers issue any apology for installing CarrierIQ...

    Interesting that you'd pick the one company by name that was the least weasel-worded about what it did and didn't use CarrieIQ for.

    --
    Bitten Apples are still better than dirty Windows...
  8. Sony rootkit by Anonymous Coward · · Score: 4, Informative

    http://en.wikipedia.org/wiki/Sony_rootkit

    Never forget, never forgive.

    1. Re:Sony rootkit by gtall · · Score: 3, Insightful

      Why is this insightful? It is the same mentality that makes the MidEast a battleground for 6000 years.

  9. Who decides what methods are legitimate? by Geof · · Score: 4, Insightful

    Political activists use legitimate methods to increase their influence.

    And who, pray tell, decides what is legitimate?

    Answering that question is what politics is all about. The point of engaging in politics is to determine legitimacy. Look at any political movement and you will see this struggle to define legitimacy. Legitimacy is not the starting point: it is the outcome. You are begging the question.

    Which is, of course, because you are trying to propagate your definition of what is legitimate. You are not describing politics: you are engaged in it. You are not a disinterested obsever: you are a participant.

  10. Sony's CSO has invented time travel! by dstone · · Score: 3, Interesting

    TFA claims that Sony's new CSO, Brett Wahlin, "served as a counter-intelligence officer in the US Military for eight years during the Cold War." The final year of the cold war is generally agreed to be 1991, when the Soviet Union dissolved. This suggests he started working as a C-I officer no later than 1984. Yet the photo in his recent bio suggests he's in his early 40s now. So either 1) he's a prodigy and worked for the US military during high school, or 2) he can travel in time. Either way, the hacktivists might have met their match! Well played, Sony.

  11. Uh by AdamJS · · Score: 3, Insightful

    Why not orient your company and your policies so as not to actively piss off people who like tinkering with their own electronics and people who don't like DRM and spyware-riddled merchandise?

  12. Re:Hacktivists by leromarinvit · · Score: 3, Insightful

    Political activists use legitimate methods to increase their influence.

    So Rosa Parks wasn't an activist when she sat on the whites-only seat on the bus? Her entire point was that what should have been legitimate wasn't. Activism isn't about increasing your influence (that's more NGO territory - lobbying for a good cause), it's about bringing public attention to your cause. Very often the most effective way of doing that is publicly defying the rules to make a point.

    --
    Proud member of the Ferengi Socialist Party.
  13. For all haters by Forty+Two+Tenfold · · Score: 5, Funny

    There's sonmething new from Sony you absolutely MUST have.

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  14. Anti-Social by Doc+Ruby · · Score: 5, Insightful

    Evidently Sony learned nothing from the cause/effect relationship of their brutal approach to both security and their users. Sony set the stage by deploying rootkits and other security attacks on their own customers. Then they retroactively deleted the Linux (OtherOS) option from PS3s, many of which they'd sold to hackers for the very purpose of "hacking Sony". Though OtherOS had been crippled from the beginning, there was little effort by PS3 hackers to crack the lockout from the hardware, until Sony tried shutting all OtherOS users down. Then hacking the PS3 became necessary for every PS3 Linux user.

    It was a case of "when guns (OtherOSes) are outlawed, only outlaws will have guns (OtherOSes)". Why stop at just keeping what you paid for, when you had actually paid for more than you'd originally gotten? Sony had destroyed any ethical relationship, and the community was organized.

    Now, I'm not pinning all or even most of the attacks on Sony beyond keeping Linux on the small PS3 Linux community - maybe not even any of them. But that episode showed the world Sony was a legitimate target. Then after some success in keeping what they paid for resulted in arresting the hacker, Sony was now a legit target for both legitimate hacking and just plain "bash the bad guy". Combine that with Sony's copyright overreaches, its region-encoding scams, its DVD backup denials (also broken and showing Sony both greedy and vulnerable) - Sony fanned the flames of backlash.

    Now Sony is just escalating the conflict. It would be a lot cheaper to give hackers back Linux, this time with some support, to give them more of a common interest with Sony. Instead Sony is further defining itself as an enemy instead of a partner. Sony's awareness of social networks seems to be purely as either enemy or marketing victim. This will not end well. In fact it will not end, and many will suffer.

    --

    --
    make install -not war