Sony's Plan To Tighten Security and Fight Hacktivism

← Back to Stories (view on slashdot.org)

Sony's Plan To Tighten Security and Fight Hacktivism

Posted by Soulskill on Sunday March 11, 2012 @06:17PM from the try-making-people-less-angry dept.

mask.of.sanity writes "Sony Entertainment Network is rebuilding its information security posture to defend against hacktivism. It includes a security operations center that serves as a nerve center collating information on everything from staff phone calls, to CCTV, to PlayStation gamers. If it is successful, the counter intelligence-based system will be deployed across the entire company. 'At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different,' said Chief Security Officer Brett Wahlin."

28 of 247 comments (clear)

Min score:

Reason:

Sort:

*clap* *clap* by FrozenFood · 2012-03-11 18:21 · Score: 5, Interesting

good for them
pity I wont buy another sony product ever again.
1. Re:*clap* *clap* by Ihmhi · 2012-03-11 18:36 · Score: 5, Insightful
  
  You have to read between the lines here man.
  They're not saying "We were attacked for being a socially irresponsible company, so we're going to do less evil shit." They're saying "We were attacked for doing evil shit, so we're going to keep doing evil shit and make it harder to successfully attack us."
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
2. Re:*clap* *clap* by hairyfeet · 2012-03-11 18:51 · Score: 5, Informative
  
  I don't know about him but I personally don't buy Sony because they have a serious "Hey, how can we REALLY buttfuck our customers HARD?" attitude. See ATRAC, Minidisc, memory stick, UMD, if given a chance they will completely ignore formats every else uses and is cheap for some proprietary throwback that is worse in every way for the consumer, no thanks.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
3. Re:*clap* *clap* by Nursie · 2012-03-11 18:56 · Score: 4, Informative
  
  I can't even fully use the products I already have.
  The new SEN, replacement for the PSN, has in its user agreementy a clause that says they can and will do anything they like with your user data, including giving it to any third party they feel like. If you have a problem with this you can't use the service.
  That's me locked out of network features on the ps3 then.
4. Re:*clap* *clap* by Nursie · 2012-03-11 19:12 · Score: 5, Informative
  
  Name, address, gaming habits (every game you play, the times you play, how long for), any movies you may have downloaded from them, integrated tv services you've used...
  These are just the things I know the box was sending to Sony from my protocol snooping a year or so back.
  I'm not sure if the machine sends web history to Sony, or what you've been watching/listening to on the ps3 via UPnP/DLNA, but it wouldn't be beyond their capabilities.
5. Re:*clap* *clap* by Anonymous Coward · 2012-03-11 19:33 · Score: 5, Informative
  
  Just because of how Sony handled this? Please, after this fiasco they'll be the safest company to trust your info to. Sony didn't handle the breach well, nor did it inform customers as it should have, but guess what? NO OTHER COMPANY would have done ANYTHING different. I'll bet there are many that would've tried to deny the whole thing.
  I'm socially motivated to never buy anything from Sony again as well, but it has nothing to do with whatever their latest stupid shananigans are. Sony earned a permaban with their rootkit. Remember that?
6. Re:*clap* *clap* by Nursie · 2012-03-11 19:40 · Score: 5, Informative
  
  And the Vita uses?
  Oh that's right, proprietary "vita cards" for games, proprietary "vita memory cards" for storage, and even a non-standard data cable.
  Good work!
7. Re:*clap* *clap* by Sneeka2 · 2012-03-11 19:52 · Score: 5, Insightful
  
  And guess who designed Blu-ray and shoveled tons of money into the project to push it into the market to destroy to rival HD DVD format: Sony. Learn your history.
  Also, comparing two very specific systems which are by definition very closed (gaming consoles) and a music player (which I guess you're going for with that Apple jibe) is hardly an objective comparison in the big picture. If that's all you know about these respective companies, fine, but please stay in your mom's basement.
  
  --
  Bitten Apples are still better than dirty Windows...
8. Re:*clap* *clap* by Anonymous Coward · 2012-03-11 20:13 · Score: 5, Funny
  
  And today on our fun game show My Favorite Random Multi-National Conglomerate Sucks Less Than Your Random Multi-National Conglomerate, we introduce our first contestant: peppepz!
9. Re:*clap* *clap* by Ihmhi · 2012-03-11 21:11 · Score: 4, Insightful
  
  I think once a business reaches a certain critical mass, evil is inevitable.
  Are there any companies in the Fortune 500 (or even Fortune 1000) that aren't complete monsters?
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
10. Re:*clap* *clap* by peppepz · 2012-03-11 21:53 · Score: 4, Insightful
  
  That sucks. I'll only buy game consoles that distribute games on non-proprietary storage. Which one can I buy?
11. Re:*clap* *clap* by SuricouRaven · 2012-03-11 21:54 · Score: 5, Insightful
  
  I think you have it backwards: If the company management isn't willing to do evil, the company will never reach that mass. Sooner or later the time will come when the management must choose between their principles and their duty to maximise profits - they can't have both.
12. Re:*clap* *clap* by Sneeka2 · 2012-03-11 22:58 · Score: 4, Insightful
  
  Both HD-DVD and Blu-Ray were proprietary, patent- and DRM-laden standards. ... For once, the technically best format (Blu-Ray) won.
  I'll just let these two sentences stand next to each other. They're too good. :)
  It's not that Sony beat HD DVD which undermines your argument, it's that Blu-ray is a horrible technology, mostly exactly because it's DRM-laden. The blue laser is nice, the DRM and all the crap that goes onto a typical Blu-ray disc is not. What won is simply one of the two evils. Therefore, choosing Blu-ray as an "open" technology to show how good Sony is in using open technologies is just... let's call it a bad example.
  
  Both are very closed, but one is a lot more open than the other (the PS3)
  So one sucks less than the other, that doesn't make it a great example for "open".
  
  whereas the post I was responding to was claiming that Sony uses proprietary formats.
  Because the PS3 is the only device Sony is selling?
  
  --
  Bitten Apples are still better than dirty Windows...
13. Re:*clap* *clap* by macs4all · 2012-03-11 23:51 · Score: 5, Insightful
  
  Isn't that kinda how these big businesses work in general these days? Microsoft, Apple, Sony, Samsung, Motorola, Oracle, Intel, Dell, etc? I guess I'm just saying if someone has an issue with Sony they probably have an issue with the whole industry & it's practices, not /just/ Sony...
  Apple removed DRM from iTunes music. Sony installed Rootkits.
  
  Apple has no DRM on its OS. Sony has aggressively fought against Playstation hacking.
  
  Apple has a Cloud service which mirrors your music to all your devices, regardless of where it came from. Sony?
  
  Apple had a marketing slogan "Rip. Mix. Burn.". Sony created Blu-Ray as an unsuccessful defense against DeCSS.
  
  Apple builds AirPlay into OS X and iOS. Sony creates SACD's DSD format as an (unsuccessful) attempt to stop CD copying (betcha didn't know that one!).
  
  Apple actively and significantly contributes to the F/OSS Community. Sony, OTOH has been caught USING F/OSS code without attribution and in violation of those project's licensing (libarc) in its game, ICO, and parts of LAME (id3lib and more) in an OCX control.
  
  Yep. no way whatsoever to tell those two companies apart by their respective actions.
14. Re:*clap* *clap* by betterunixthanunix · 2012-03-11 23:56 · Score: 4, Informative
  
  Apple has no DRM on its OS
  https://en.wikipedia.org/wiki/IOS#Digital_rights_management
  
  Otherwise I agree, Apple is less evil than Sony. Not that that is saying much.
  
  --
  Palm trees and 8
15. Re:*clap* *clap* by betterunixthanunix · 2012-03-12 00:30 · Score: 4, Insightful
  
  No, iOS has DRM that is designed to prevent its user from running software that Apple does not approve of. You can read more than the first sentence, you know...
  
  --
  Palm trees and 8
16. Re:*clap* *clap* by betterunixthanunix · 2012-03-12 00:50 · Score: 5, Informative
  
  What you have failed to realize is that the "App Store Lock-In", and even the "iOS Development Licensing" are actually there to benefit USERS (by keeping Malware OUT, OUT, OUT).
  As well as keeping pornography and political cartoons, software that might compete with Apple, software that might allow people to develop more software in a sandboxed environment, software that might allow people to play old SNES games, etc. OUT OUT OUT. The "this benefits users" argument is nothing more than a cover story; Apple could benefit users without forbidding jailbreaking, without bricking phones that were jailbroken, and without having a policy that forbids lampooning politicians.
  
  Sony's Rootkit and Playstation DRM battles are there to benefit SONY.
  So how is that not-locked-down gaming platform working for you? Oh yeah, malware:
  
  https://encrypted.google.com/search?q=windows+malware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
  
  Apple's iOS DRM serves exactly the same purpose as PS3's DRM: to thwart competition, prevent customers from controlling their computers (which includes phones and gaming systems) and to tap developers' revenue streams.
  
  --
  Palm trees and 8
Cheaper strategy by mcbridematt · 2012-03-11 18:24 · Score: 5, Insightful

Don't be dicks.
1. Re:Cheaper strategy by sjames · 2012-03-11 19:17 · Score: 4, Insightful
  
  He who lies down with dogs gets up with fleas.
  You might want to check the species of your bedfellow.
  It's not like Sony's sins are minor. They include bait and switch and mass hacking on a scale Anon. can't even aspire to. Because they have money, they have gone un-punished.
  So, yeah, gaming elsewhere is probably a good idea.
2. Re:Cheaper strategy by artor3 · 2012-03-11 19:44 · Score: 4, Insightful
  
  Evidence also suggests that the internet never, ever, ever forgives. Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon. Are they just supposed to suffer all the beatdowns they get over the next ten years until people start to say, "Hey, that rootkit thing was a long time ago..."?
Wrong way of thinking by gzipped_tar · 2012-03-11 18:29 · Score: 5, Insightful

As part of the society, you should think about how not to become a target of hacking activism. Especially when it's impossible to crush every one of the "hackers".
Better yet, convert them into your loyal customers, and even better, direct their anger to your competitors.

--
Colorless green Cthulhu waits dreaming furiously.
1. Re:Wrong way of thinking by Anonymous Coward · 2012-03-11 19:13 · Score: 4, Insightful
  
  I'll grant you that just based on statistics and human nature, any company with a sufficiently-large customer base will invariably really piss off some minority sub-group of their customers. However, there's a difference between pissing off minor subgroups on some matter of debate (e.g. "Wal-mart sells eyeliner that was tested on rabbits! Let's protest these animal-haters!"), and taking flatly evil, anti-consumer actions that affect the entire customer-base in a negative way (e.g. several notable Sony debacles from the past).
  It's like the difference between BofA hiking a subset of their customers' credit card interest rates to pad their profits (with due notice, according to the rules), and BofA deciding "Hey, traditional bank fees aren't really working out for us, so we've decided to just start stealing a flat 1.5% of everyone's checking balance every month". They're categorically different, and so is the response from the customer base.
  Companies who avoid the really huge, categorically evil, moves tend not to get swamped in hacktivist attacks all the time. I work directly on internet-facing services (including in a security capacity) at a Fortune 1K company that's heavily involved in the tech/consumer world, and we've never had a hacktivist attack to date. We might someday, and we have some plans for that sort of event because it's irresponsible not to. But really our primary defense against this is that when *I* go into a meeting with a product development group, and I hear them suggest something really stupid that would likely cause a public Internet-based backlash, I flat-out tell them it's a stupid and irresponsible thing to do, and they back down.
  Sony is getting exactly what they deserve, and it's deplorable that rather than try to turn their *actions* around, they've accepted that they're always going to act evil and modified their security policies to suit a constant condition of "We have a giant target painted on our backs".
Re:wrong medication by Anonymous Coward · 2012-03-11 18:38 · Score: 5, Insightful

Here's a start:
1. Bring back OtherOS
2. Stop supporting CSS, AACS, HDCP and other forms of DRM
3. Apologise for installing rookits on people's computers without their knowledge
4. Apologise for taking legal action against people who circumvented their digital restrictions
Everybody needs an Anti-Cyber-Threat-Center! by PolygamousRanchKid+ · 2012-03-11 19:27 · Score: 5, Funny

NATO just dropped a few billion for one! Now SONY will have one! Where's yours!?!?!
I smell Y2k sized contract money now!
I am now a Anti-Cyber-Threat-Security-Response-Operations-Analysis-Coordination-Center Specialist!
In the train:
Passenger: "What line of work are you in?"
Me: "Cyber Security!"
Passenger: "Do I need that?"
Me: "Does your wife know about the email to your girlfriend on your laptop that I am reading right now?"
Passenger: "Ok, I'll buy some."
Passenger: "But do I need to wear that tinfoil hat . . . ?"

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Sony rootkit by Anonymous Coward · 2012-03-11 20:08 · Score: 4, Informative

http://en.wikipedia.org/wiki/Sony_rootkit
Never forget, never forgive.
Who decides what methods are legitimate? by Geof · 2012-03-11 20:44 · Score: 4, Insightful

Political activists use legitimate methods to increase their influence.

And who, pray tell, decides what is legitimate?
Answering that question is what politics is all about. The point of engaging in politics is to determine legitimacy. Look at any political movement and you will see this struggle to define legitimacy. Legitimacy is not the starting point: it is the outcome. You are begging the question.
Which is, of course, because you are trying to propagate your definition of what is legitimate. You are not describing politics: you are engaged in it. You are not a disinterested obsever: you are a participant.
For all haters by Forty+Two+Tenfold · 2012-03-11 21:40 · Score: 5, Funny

There's sonmething new from Sony you absolutely MUST have.

--
Upward mobility is a slippery slope - the higher you climb the more you show your ass.
Anti-Social by Doc+Ruby · 2012-03-11 23:37 · Score: 5, Insightful

Evidently Sony learned nothing from the cause/effect relationship of their brutal approach to both security and their users. Sony set the stage by deploying rootkits and other security attacks on their own customers. Then they retroactively deleted the Linux (OtherOS) option from PS3s, many of which they'd sold to hackers for the very purpose of "hacking Sony". Though OtherOS had been crippled from the beginning, there was little effort by PS3 hackers to crack the lockout from the hardware, until Sony tried shutting all OtherOS users down. Then hacking the PS3 became necessary for every PS3 Linux user.
It was a case of "when guns (OtherOSes) are outlawed, only outlaws will have guns (OtherOSes)". Why stop at just keeping what you paid for, when you had actually paid for more than you'd originally gotten? Sony had destroyed any ethical relationship, and the community was organized.
Now, I'm not pinning all or even most of the attacks on Sony beyond keeping Linux on the small PS3 Linux community - maybe not even any of them. But that episode showed the world Sony was a legitimate target. Then after some success in keeping what they paid for resulted in arresting the hacker, Sony was now a legit target for both legitimate hacking and just plain "bash the bad guy". Combine that with Sony's copyright overreaches, its region-encoding scams, its DVD backup denials (also broken and showing Sony both greedy and vulnerable) - Sony fanned the flames of backlash.
Now Sony is just escalating the conflict. It would be a lot cheaper to give hackers back Linux, this time with some support, to give them more of a common interest with Sony. Instead Sony is further defining itself as an enemy instead of a partner. Sony's awareness of social networks seems to be purely as either enemy or marketing victim. This will not end well. In fact it will not end, and many will suffer.

--
--
make install -not war