Thinking and brainstorming on it a little more. I am starting to really think we are all way off base in blaming annonymous or Geohotz or even just some rogue "really good" hackers. The whole PSN and SOE getting hit raises some interesting questions.NickCaligo42 said:
- Could it have been an inside job from Sony? Possibly, but unlikely. As far as we know the two entities are operated as entirely separate businesses. It is unlikely that there would be any single point of compromise between the two, unless there was some sort of internal contracting or consulting going on. If one division was in some way borrowing say IT support staff from another.
- Could it have been some third party contractor. This is a far more likely scenario. if I read it right, both the compromised PSN servers and the compromised SOE servers were housed in the same AT&T datacenter. That's raising some huge red flags right there. The common point might not be Sony at all, but AT&T. and think about the scare potential in that thought. These are the same folks that host a lot of other similar services, such as Blizzard. Particularly telling is the sudden sprint by Sony to get their servers out of that datacenter and moved to some super secret undisclosed location. Am I wrong in thinking that that is not a normal response to an outside breach from the internet? You would normally only move the servers when the site itself has been physically compromised or the internal network. So add to the list of very strong possibilities that this is not Sony's fault. This may have happened on AT&T's watch.
- Why are we assuming that this was perpetrated by some lone wolf third party individuals. Sony is a huge multinational corporation, but is also quite possibly the most recognizable symbol of one of the worlds largest economies. Japan. In many ways Sony is Japan, Japan is Sony. In much the same way that Samsung and Korea are linked. This was two targeted breaches at two disparate sub companies with independent security. US Department of Homeland security is involved. There are several sovereign nations that maintain extremely advanced data hacking capabilities. Some of them do not put the same separation on government vs private enterprise that we mentally do. This could be part of an asymmetric harassment of a national industry by a hostile foreign power. Both China and North Korea have ongoing disputes with Japan. Both have proven many times over a willingness to do these sorts of things. Just saying.
- The final really scary thought. Why are we assuming that it is just Sony? We are all assuming that this happened because Sony has in some way failed at security. That they had some glaring hole in their network or policies and procedures that they negligently failed to plug. what if they didn't? What if they were operating under current security standards? What if they were simply the target of choice due to that above mentioned "all the cards falling the right way" with their war with anonymous? What if the hole is not unique to Sony, but rather is more widespread throughout the online e-commerce industry? Is any of our personal info safe? How secure is anyplace you have given your credit card to? What differentiates Sony from iTunes or XBox Live, or Amazon? If they weren't doing something different from everybody else than what does that say or do to a huge piece of the national and global economy? (gee doesn't that just give the possibility of national governments being involved in this a whole scary new twist?)
Just 2c worth of brainstorming. I really know nothing and all of this is pure speculation. Just trying to work out possible points of convergence from what little we know.
