Sony CEO Adamantly Defends Openness On PSN Attack

[Therumancer]

Well, I still insist that Sony pretty much provoked this attack, and I still want to see them admit they were wrong about the other OS thing and apologize.

As far as their comments about their speed of respone, I personally don't consider "oh well, other companies report things much slower, if at all" to be an excuse, other than to say that perhaps various goverments who were concerned here should spend more time looking into the reporting processes of other companies. Start giving CEOs jail time if they don't immediatly inform customers of attacks, their nature, and the possible risks involved. The big reason for not wanting to do so, largely seems to be so that the companies in question won't look weak, and I think "face" is a big part of this whole thing. It's also why I think we might see more attacks on Sony in the near future, because Sony refuses to concede they were wrong about the "other OS" pull back, restore that functionality, etc... largely because that will show a group of hackers took them down, and also establish precedents away from the whole "it's our property, we're just nice enough to let you use it in exchange for money" definition that they (and other companies) are pushing it. I very much do not see Sony as being victims here. What the hackers/Anonymous have done is not right, but at the same time Sony isn't right either, in fact I might say that I haven't let their current woes detract from how angry I was over the "other OS" thing, despite not using it myself, and actually consider them to be MORE wrong here than the hackers. It's hard to take them seriously as victims when they were victimizing their customer base and brought this upon themselves.

In fact it's this kind of arrogrant justification in saying "we weren't wrong here, because other companies do worse" that is at the root of their problems to begin with.

Or in short, this is all about corperate attitude adjustment, I appreciate the gestures Sony has made to users over the down time, but overall I'm getting tired of them flapping their lips and trying to justify their part in the overall situation. The only thing I want to see their CEOS say is "I'm sorry, we were wrong, we brought this upon ourselves and it trickled down to our users, we'll change our policies and do better in the future". Free games are nice, but since I don't believe it's happened yet, I'd also like them to restore the "Other OS" option to users that use it, but of course for that to be meaninful it has to come with an apology.

...you DO realize that a hack like this more or less makes it 100% certain we will never, EVER, see a legal Other OS on a Sony console ever again, right? Between GeoHot and this, the sentiment is likely to be 'screw this, we're never going to even come CLOSE to this can of worms again', with some side comments in the board room about what they'd like to do to these hackers with five minutes in a locked room and a nice sturdy baseball bat. The only corporate attitude adjustment this caused is that they're likely to be fifty times more locked-down with any future creations.

Oh your right, and that's why there is probably going to be another attack. As I said, they need an attitude adjustment. What your describing is a pretty typical corperate response to being challenged for reasons of "face" and also because they don't want to admit that customer response in motivating things like hackers is that powerful. They want to maintain a "the customers do what we want, not the other way around" attitude especially when it comes to things like property rights.

So basically, the point of the hacking is to demonstrate that Sony is at the mercy of the customers as enough outrage or ridiculous behavior is going to get the attention of hacktivists, and they are going to stand up to major corperations and put them in their place. Your quite correct that they would love to take a baseball bat in a back room to a hacker, and heck, a company like Sony probably has it's own hit men and private security personel for exactly those kinds of situations (okay , well, no "probably" about it), of course the very point of something like "Anonymous" is that none of that matters, they could torture some guy to death, and it won't matter because there isn't any kind of organiation to go after, you nail that one guy, legally, or with thuggery, and it means nothing to the overall body and what it's doing.

So pretty much your explaining why I won't be surprised if there is another attack, it might not happen, but if it does, it's going to be because of that reaction and attitude, which is what they are trying to break.

In the end only time will tell. This situation is notable because companies like Sony are generally viewed as being untouchable, and yet we're seeing a group of hackers rather publically drag them around through the mud, rather than being swept under the carpet. The fact that Sony's usual attitudes aren't working is why this is news. Right now it remains to be seen if it turns into a battle of wills. It's not viable for Sony to back away from The Internet entirely, the big question is going to be whether it's going to be able to play by it's rules (or if this is going to be let go for the moment if we don't see another attack) or if it' going to have to concede that The Internet is the territory of the users (pretty much) who when enraged too much lead to actions by groups like Anonymous, and Sony acts as
a guest in their back yard... much like how a corperation that builds a branch in a foreign country abides by their rules.

I'm not saying your wrong, just that I suspect that is exactly why this isn't over. It might be, it might not be. A lot also depends on whether this whole "Anon civil war" is for real and involves the people responsible to begin with. I've also suspected that this civil war might very well have been set off by Sony. See instead of taking a baseball bat to a hacker they catch, I've suspected this might have started with them getting someone fairly influential and turning them. No way to tell that, but understand while companies do a lot of underhanded things, they are liable to hand someone a briefcase of money to do what they want, than to say take the risks involved in pounding the crap out of someone, or sending a hitman to their house... such events are very rare unlike on TV. Sony however admittedly has a bit more of a reputation for that going back to the "Japanacorp invasion" of the 1980s, being the inspiration for a lot of the evil corperations in fiction, that have things like entire wetworks divisions and private security forces equal to the militaries of many first world countries... all exagerrations (massive ones) of the reality based on hypothetical ideas of what the real deal was actually doing at the time.

Incidently, don't get that I hate Sony overall. I just happen to think they are wrong in a lot of what they do, especially in cases like this. That "other OS" thing makes it fairly difficult for me to defend them on any grounds. Their mentality aside, it's still bloody wrong, they sell a service to someone, and then find a backdoor way of taking it away from the people who use it, there is no way to present that as being right. Pointing to things like TOS and EULA agreements which incidently only appear AFTER you paid for a product which you probably can't return at full value (and even then have to jump through hoops), only makes it clear that such agreements are themselves wrong due to what they are enabling and have gone too far.

Sony also didn't pull the "other OS" option for security reasons. They pulled it to hurt piracy so they could potentially pocket a few extra bucks by cutting down on a portion of their losses. Their issue was the option enabling piracy... piracy being a whole differant topic of discussion. The big problem of course being that while piracy is wrong, what they were doing is a bigger wrong. On top of that, they were lying about their reasons for doing it by claiming it was some kind of major security risk. The point of the hacker attacks isn't just the damage they are doing by taking down the networks, but to show that their network was complete tissue paper, Sony had no real security, and any halfway decent hacker could tear thrugh their system "Other OS" or not... and all of this became outed because of the attacks. It's important to understand WHY the hackers attacked in the way they did, and also that the real damage/point was in showing that Sony lied and what a state their security was in to begin with, taking down the network is kind of tertiary, it just demonstrates how weak the security was and how much work Sony had to do to bring it back up and up to code.

If there is another hacker attack on Sony, even if it's motivated by the same thing, I'm not sure if it's going to be an attack on PSN. After all that's what Sony expects, and is ready for. Generally speaking hackers operate through misdirection and by not going after the obvious target. Of course in this case if they want to prove "Sony can't stop us" they might very well go after PSN again, letting Sony set up all it's pieces, open up their store, and say that they are confident, so bringing the whole thing down proves who the big dawg on the Internet is. It's really hard to say what they are going to try, or even if they will do anything at all. Hacking, and Anonymous in general, tend to be pretty chaotic.

 

[xxBucdieselxx]

Being better than terrible does not make you great. We haven't been too harsh with Sony. We've just been far too lenient towards everyone else

Exactly right. Stringers statement above almost makes it sound like we should be happy they did anything at all. While I understand time constraints working with PC's (as I work in IT as well), if my company were to have a breach of that kind, then wait a week to notify clients, we would be lucky if we had any clients left a week later. But because this is "just video games" I suppose our personal data isn't supposed to be taken seriously. Sony deserves all the bashing they get (mind you I am a Sony faithful). I just am not gonna curb my opinion of what went down because it is with a company I happen to like. They screwed up. Their security was bush league at best. They got tagged, now they have to deal with it, bad PR and all. Grab that spoonful of humble soup and shovel down.

 

[Redd the Sock]

Two interesting yet BS points.

First we have the obvious deflection used by ciragette comapnies to try and say that because they aren't the worst in the room, they shouldn't do better.

Second, as for the week on no knowledge, two things: 1) none of us know how long it should take to determine the extent of a hacked system, and nothing that's been said has helped enlighten us. If it legitimately takes a week, fine, but please don't just expect us to just take that on faith. Expalin it. Give timetables. Maybe go over the process. And 2) if you were a doctor with a paitent that "might" have an STD, which should you do, not tell them until you're sure, or tell them the suspicion to prevent further spread in the interem? I know you didn't want to cause a panic, but it isn't "just kdding," it's "good news, I was wrong." Think about the liability you might have faced if the hackers had been faster with getting card numbers and your lack of communication gave them a week's free reign.

 

[PettingZOOPONY]

I would agree but I found out from blogs 3 days earlier than sony that my account plus CC info was taken, I should of heard it from Sony first not 3 days later.

 

[Wicky_42]

Two interesting yet BS points.

First we have the obvious deflection used by ciragette comapnies to try and say that because they aren't the worst in the room, they shouldn't do better.

Second, as for the week on no knowledge, two things: 1) none of us know how long it should take to determine the extent of a hacked system, and nothing that's been said has helped enlighten us. If it legitimately takes a week, fine, but please don't just expect us to just take that on faith. Expalin it. Give timetables. Maybe go over the process. And 2) if you were a doctor with a paitent that "might" have an STD, which should you do, not tell them until you're sure, or tell them the suspicion to prevent further spread in the interem? I know you didn't want to cause a panic, but it isn't "just kdding," it's "good news, I was wrong." Think about the liability you might have faced if the hackers had been faster with getting card numbers and your lack of communication gave them a week's free reign.

Kinda what I was feeling, but I was planning to sum it up with a simple :

"Most of these breaches go unreported by companies... Forty-three percent notify victims within a month [footnote]*citation needed*[/footnote], we reported in a week. You're telling me my week wasn't fast enough?"

You can say what you want but I'm not going to take it at face value

 

[poiuppx]

Well, I still insist that Sony pretty much provoked this attack, and I still want to see them admit they were wrong about the other OS thing and apologize.

As far as their comments about their speed of respone, I personally don't consider "oh well, other companies report things much slower, if at all" to be an excuse, other than to say that perhaps various goverments who were concerned here should spend more time looking into the reporting processes of other companies. Start giving CEOs jail time if they don't immediatly inform customers of attacks, their nature, and the possible risks involved. The big reason for not wanting to do so, largely seems to be so that the companies in question won't look weak, and I think "face" is a big part of this whole thing. It's also why I think we might see more attacks on Sony in the near future, because Sony refuses to concede they were wrong about the "other OS" pull back, restore that functionality, etc... largely because that will show a group of hackers took them down, and also establish precedents away from the whole "it's our property, we're just nice enough to let you use it in exchange for money" definition that they (and other companies) are pushing it. I very much do not see Sony as being victims here. What the hackers/Anonymous have done is not right, but at the same time Sony isn't right either, in fact I might say that I haven't let their current woes detract from how angry I was over the "other OS" thing, despite not using it myself, and actually consider them to be MORE wrong here than the hackers. It's hard to take them seriously as victims when they were victimizing their customer base and brought this upon themselves.

In fact it's this kind of arrogrant justification in saying "we weren't wrong here, because other companies do worse" that is at the root of their problems to begin with.

Or in short, this is all about corperate attitude adjustment, I appreciate the gestures Sony has made to users over the down time, but overall I'm getting tired of them flapping their lips and trying to justify their part in the overall situation. The only thing I want to see their CEOS say is "I'm sorry, we were wrong, we brought this upon ourselves and it trickled down to our users, we'll change our policies and do better in the future". Free games are nice, but since I don't believe it's happened yet, I'd also like them to restore the "Other OS" option to users that use it, but of course for that to be meaninful it has to come with an apology.

...you DO realize that a hack like this more or less makes it 100% certain we will never, EVER, see a legal Other OS on a Sony console ever again, right? Between GeoHot and this, the sentiment is likely to be 'screw this, we're never going to even come CLOSE to this can of worms again', with some side comments in the board room about what they'd like to do to these hackers with five minutes in a locked room and a nice sturdy baseball bat. The only corporate attitude adjustment this caused is that they're likely to be fifty times more locked-down with any future creations.

Oh your right, and that's why there is probably going to be another attack. As I said, they need an attitude adjustment. What your describing is a pretty typical corperate response to being challenged for reasons of "face" and also because they don't want to admit that customer response in motivating things like hackers is that powerful. They want to maintain a "the customers do what we want, not the other way around" attitude especially when it comes to things like property rights.

So basically, the point of the hacking is to demonstrate that Sony is at the mercy of the customers as enough outrage or ridiculous behavior is going to get the attention of hacktivists, and they are going to stand up to major corperations and put them in their place. Your quite correct that they would love to take a baseball bat in a back room to a hacker, and heck, a company like Sony probably has it's own hit men and private security personel for exactly those kinds of situations (okay , well, no "probably" about it), of course the very point of something like "Anonymous" is that none of that matters, they could torture some guy to death, and it won't matter because there isn't any kind of organiation to go after, you nail that one guy, legally, or with thuggery, and it means nothing to the overall body and what it's doing.

So pretty much your explaining why I won't be surprised if there is another attack, it might not happen, but if it does, it's going to be because of that reaction and attitude, which is what they are trying to break.

In the end only time will tell. This situation is notable because companies like Sony are generally viewed as being untouchable, and yet we're seeing a group of hackers rather publically drag them around through the mud, rather than being swept under the carpet. The fact that Sony's usual attitudes aren't working is why this is news. Right now it remains to be seen if it turns into a battle of wills. It's not viable for Sony to back away from The Internet entirely, the big question is going to be whether it's going to be able to play by it's rules (or if this is going to be let go for the moment if we don't see another attack) or if it' going to have to concede that The Internet is the territory of the users (pretty much) who when enraged too much lead to actions by groups like Anonymous, and Sony acts as
a guest in their back yard... much like how a corperation that builds a branch in a foreign country abides by their rules.

I'm not saying your wrong, just that I suspect that is exactly why this isn't over. It might be, it might not be. A lot also depends on whether this whole "Anon civil war" is for real and involves the people responsible to begin with. I've also suspected that this civil war might very well have been set off by Sony. See instead of taking a baseball bat to a hacker they catch, I've suspected this might have started with them getting someone fairly influential and turning them. No way to tell that, but understand while companies do a lot of underhanded things, they are liable to hand someone a briefcase of money to do what they want, than to say take the risks involved in pounding the crap out of someone, or sending a hitman to their house... such events are very rare unlike on TV. Sony however admittedly has a bit more of a reputation for that going back to the "Japanacorp invasion" of the 1980s, being the inspiration for a lot of the evil corperations in fiction, that have things like entire wetworks divisions and private security forces equal to the militaries of many first world countries... all exagerrations (massive ones) of the reality based on hypothetical ideas of what the real deal was actually doing at the time.

Incidently, don't get that I hate Sony overall. I just happen to think they are wrong in a lot of what they do, especially in cases like this. That "other OS" thing makes it fairly difficult for me to defend them on any grounds. Their mentality aside, it's still bloody wrong, they sell a service to someone, and then find a backdoor way of taking it away from the people who use it, there is no way to present that as being right. Pointing to things like TOS and EULA agreements which incidently only appear AFTER you paid for a product which you probably can't return at full value (and even then have to jump through hoops), only makes it clear that such agreements are themselves wrong due to what they are enabling and have gone too far.

Sony also didn't pull the "other OS" option for security reasons. They pulled it to hurt piracy so they could potentially pocket a few extra bucks by cutting down on a portion of their losses. Their issue was the option enabling piracy... piracy being a whole differant topic of discussion. The big problem of course being that while piracy is wrong, what they were doing is a bigger wrong. On top of that, they were lying about their reasons for doing it by claiming it was some kind of major security risk. The point of the hacker attacks isn't just the damage they are doing by taking down the networks, but to show that their network was complete tissue paper, Sony had no real security, and any halfway decent hacker could tear thrugh their system "Other OS" or not... and all of this became outed because of the attacks. It's important to understand WHY the hackers attacked in the way they did, and also that the real damage/point was in showing that Sony lied and what a state their security was in to begin with, taking down the network is kind of tertiary, it just demonstrates how weak the security was and how much work Sony had to do to bring it back up and up to code.

If there is another hacker attack on Sony, even if it's motivated by the same thing, I'm not sure if it's going to be an attack on PSN. After all that's what Sony expects, and is ready for. Generally speaking hackers operate through misdirection and by not going after the obvious target. Of course in this case if they want to prove "Sony can't stop us" they might very well go after PSN again, letting Sony set up all it's pieces, open up their store, and say that they are confident, so bringing the whole thing down proves who the big dawg on the Internet is. It's really hard to say what they are going to try, or even if they will do anything at all. Hacking, and Anonymous in general, tend to be pretty chaotic.

But there in lies the problem. I don't see Sony EVER looking at this and going 'Well, we better change our ways'. I see it becoming one of two things; an arms race where they use increasingly vicious means to defend and prosecute those they find who are responsible for such hacks, or they'll just give up and walk away from the industry, sell their stuff off, and decide to call the whole thing fun while it lasted, letting someone else deal with the hacker crowd. Under NO circumstances can I see them going 'Well, we sure were wrong. Good thing those hacktivists showed us the better way!'.

More-so, each time something like this occurs, it not only enforces for Sony but for everyone else in the industry paying attention that THESE are the wolves at the gates. Which means the Other OS you and they defend? Yeah, don't expect to see something like that on a new console again any time in the next decade, at minimum. Instead, expect more locked-down consoles with more vicious punishments for breaking said lock-downs in place.

Don't get me wrong, I know hackers will respond in kind, undoubtedly. But that's where the arms race comes in, and if they find you, news flash; there's not a lot of legal ground to stand on when millions of accounts, people's personal information, and potential identity theft are involved. THAT is the big issue with how this all was done; crash the network to prove a point, you piss some folks off but point out the weaknesses. Steal tens of millions of accounts worth of data, you now have entire governments standing up and taking notice. If it becomes clear this was done not for profit but for some hacktivist social-engineering effort, the prosecutors might even be able to convince a judge to just full on label the act terrorism. And once that happens, all the 'good work' this lot 'tried' to do goes out the window on a one-way trip to Gitmo.

Now, mind you, I think that's honestly incorrect. I'm of the mind that, most likely, this was done by someone who saw the vulnerabilities, knew hacktivists would get the blame, was looking to turn a profit, but when it became THIS well known, they freaked and went to ground. That info isn't likely to resurface any time, cause with Sony, the FBI, and Homeland Security looking for the ones behind it, the only smart move is to scrub all the data, trash the computer, and pray they never piece it all together. But the damage, for Sony, gamers, the gaming industry, and yes, for hacktivists, has already been done.

Personally? I would hope for the sake of hacktivists who actually try to do some good in this world, like the ones who helped set up the virtual servers for the Green Revolution in 09 so the protestors could stay in touch with each other, would be smart enough to just let this go. Sony isn't going to change their spots, other than adding armor, spikes, and turret guns to their coat. And further actions will only serve to demonize them to the point that the hard-sell-to-Gitmo won't be too difficult to pull off.

 

[ryo02]

"Most of these breaches go unreported by companies."

so there are breaches we have NEVER been told about? ... erm that seems bad

 

[Jumplion]

I would like to know where he got the "Forty Three percent" statistic, but whatever.

They could have done a better job at informing customers, obviously. They shut down PSN without any real warning, and while it may very well have taken a week to find out what happened, the lack of real communication after that assessment wasn't exactly that great. Most news was on the blog or twitter which I doubt over 70 million PSN users go to.

Still, they are at least trying to make up for it. They do get points for basically admitting they fucked up (apparently bowing is a big deal for Japan), which most companies would go about saying "no comment" or some crap. They're offering free identity theft protection for a year (standard offering, apparently) and giving compensation for the scare.

So, points for admitting your mistake, slaps on the face for not handling it as well as they could have.

They may have had up-to-date security, they might not have. At this point, with everyone flinging poo everywhichway to blame someone, it really doesn't matter. What's done is done. I just say let Sony and whatnot find the bastards that did this, rip them a new one, and then we can continue to ***** to Sony if need be.

 

[sunburst]

I would like to know where he got the "Forty Three percent" statistic, but whatever.

I'll give you a hint. He poops from there.

 

[Jumplion]

I would like to know where he got the "Forty Three percent" statistic, but whatever.

I'll give you a hint. He poops from there.

Rather not go that far, though I'm always skeptical whenever statistics are brought up no matter what it is used for.

Giving him the benefit of the doubt that the statistic is real, then it would at least show they're better than most. Being better than shit isn't that much better, but hey, at least the other shit can look up to the better one.

 

[Dogstile]

You're better than most?

Thats a relief, here I was thinking you were the worst! Its a good thing good ol' sony told us at all! They could have just shoved it under the rug! Thanks dude!

Do you ever think he would have realised that its better to tell people to be wary than hope to god that the information wasn't stolen? A week is a long time with credit card details that "might" have been stolen. Hell, they're usually used in a day if they're stolen from you.

 

[sunburst]

-snip-

You're right of course. I apologize. We do need to be fair. So in the spirit of fairness, I must admit that he used a legitimate statistic. [footnote]Sauce [http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf] (Search the document for "forty-three" to find the pertinent information)[/footnote]

That study found that only forty-three percent of the companies surveyed reported information breaches to the affected users within one month. Unfortunately, that's not what they were studying. They wanted to know the relationship between speed of user notification and cost per record. The Ponemon Institute used a sample of only fifty-one organizations because that's all they needed to gather data on that specific relationship. However, that is not a large enough sample size to create an accurate statistic on the average speed of notification toward affected customers. So Stringer used a real statistic; he just used it wildly out of context.

 

[Jumplion]

You're better than most?

Thats a relief, here I was thinking you were the worst! Its a good thing good ol' sony told us at all! They could have just shoved it under the rug! Thanks dude!

Do you ever think he would have realised that its better to tell people to be wary than hope to god that the information wasn't stolen? A week is a long time with credit card details that "might" have been stolen. Hell, they're usually used in a day if they're stolen from you.

And a month is even longer. That's the thing, while the response time was still shit, at least it was better shit than most shit. Still shit, of course, but better shit, if that is possible.

-snip-

You're right of course. I apologize. We do need to be fair. So in the spirit of fairness, I must admit that he used a legitimate statistic. [footnote]Sauce [http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf] (Search the document for "forty-three" to find the pertinent information)[/footnote]

That study found that only forty-three percent of the companies surveyed reported information breaches to the affected users within one month. Unfortunately, that's not what they were studying. They wanted to know the relationship between speed of user notification and cost per record. The Ponemon Institute used a sample of only fifty-one organizations because that's all they needed to gather data on that specific relationship. However, that is not a large enough sample size to create an accurate statistic on the average speed of notification toward affected customers. So Stringer used a real statistic; he just used it wildly out of context.

Mmmmmmmmmmm, sauce....

Ehem, but yeah, awesome that you found it. Interesting statistic to say the least, though I must wonder what would be considered a good sample size when surveying large companies/corporations? Also, what kind of companies did they survey in the first place, specifically data keeping organizations or just general?

 

[brinvixen]

Good on Stringer for telling those critics to shut up. I thought Sony was rather thorough with their investigation. Yes maybe there was a week between when PSN went down and when we were told the extent of the damage, but its not like they spent that entire week sitting on information and twiddling their thumbs. They were hiring teams to investigate the breach, and make sure they reported something close to accurate, as opposed to flinging shit. Yes, I see where saying the worst, then saying "just kidding" technically means things are better, but once mass hysteria starts, it's rather hard to get that first impression out of people's minds.

I was championing Sony's behavior from the beginning and will continue to do so now. I think they handled everything rather well, and I'm glad to be a (loyal) customer to the company. Can't wait to see Playstation Store restored as well.

 

[Jyggalag]

I was glad that Sony was honest with it's costumers from the start. I appreciate that they didn't withhold information. I'm NOT thrilled to see that the network is STILL down.

 

[Therumancer]

[
But there in lies the problem. I don't see Sony EVER looking at this and going 'Well, we better change our ways'. I see it becoming one of two things; an arms race where they use increasingly vicious means to defend and prosecute those they find who are responsible for such hacks, or they'll just give up and walk away from the industry, sell their stuff off, and decide to call the whole thing fun while it lasted, letting someone else deal with the hacker crowd. Under NO circumstances can I see them going 'Well, we sure were wrong. Good thing those hacktivists showed us the better way!'.

More-so, each time something like this occurs, it not only enforces for Sony but for everyone else in the industry paying attention that THESE are the wolves at the gates. Which means the Other OS you and they defend? Yeah, don't expect to see something like that on a new console again any time in the next decade, at minimum. Instead, expect more locked-down consoles with more vicious punishments for breaking said lock-downs in place.

Don't get me wrong, I know hackers will respond in kind, undoubtedly. But that's where the arms race comes in, and if they find you, news flash; there's not a lot of legal ground to stand on when millions of accounts, people's personal information, and potential identity theft are involved. THAT is the big issue with how this all was done; crash the network to prove a point, you piss some folks off but point out the weaknesses. Steal tens of millions of accounts worth of data, you now have entire governments standing up and taking notice. If it becomes clear this was done not for profit but for some hacktivist social-engineering effort, the prosecutors might even be able to convince a judge to just full on label the act terrorism. And once that happens, all the 'good work' this lot 'tried' to do goes out the window on a one-way trip to Gitmo.

Now, mind you, I think that's honestly incorrect. I'm of the mind that, most likely, this was done by someone who saw the vulnerabilities, knew hacktivists would get the blame, was looking to turn a profit, but when it became THIS well known, they freaked and went to ground. That info isn't likely to resurface any time, cause with Sony, the FBI, and Homeland Security looking for the ones behind it, the only smart move is to scrub all the data, trash the computer, and pray they never piece it all together. But the damage, for Sony, gamers, the gaming industry, and yes, for hacktivists, has already been done.

Personally? I would hope for the sake of hacktivists who actually try to do some good in this world, like the ones who helped set up the virtual servers for the Green Revolution in 09 so the protestors could stay in touch with each other, would be smart enough to just let this go. Sony isn't going to change their spots, other than adding armor, spikes, and turret guns to their coat. And further actions will only serve to demonize them to the point that the hard-sell-to-Gitmo won't be too difficult to pull off.

Saying "Sony is too big to make a differance" is exactly why they need to be brought down this way. Your correct that them saying "we're sorry" and changing their ways isn't likely, but you know if they are basically ejected from the internet and this entire area of business instead, that's not a bad thing. There is enough money to be made through video gaming and the internet without victimizing people where someone is going to step up and do it right.

I myself have been saying that I'm expecting another attack, because Sony has so far recovered, and has not capitulated on any level.

To be honest the very fact that the issue is a big one where it doesn't seem anything can be done that will matter, is exactly why it matters, and exactly why Anonymous has been getting attention for these feats, more so than the "hackers" who supported an enviromentalist movement.

In the end only time will tell, personally I think Sony was so dead wrong on the "other OS" thing that it's hard for me to not support the actions being taken against them. Sony set it up so there was obviously no way that the legal system was going to stop them, after all they have their hooks into the lawyers (at least enough to create a conflict of interest) that could sucessflly go after and defeat things like their EULAs and TOS agreements by going after them from the right avenue. Saying "oh well, I guess we should have no rights when it comes to our own property that we paid for" doesn't strike me as being a paticularly good thing any way you look at it, and that's what got these hacker attacks going. The basic ultimatum from where I'm sitting is that The Internet is Anonymous' territory, either Sony backs off, or gives up on having an online prescence.

Now I'd *PREFER* for Sony to get trashed in the legal system, but nobody on the receiving end of thei actions seems to have the money to launch a campaign on that level, and if they DID, there is a question about their abillity to obtain the level of expert counsel they would need to fight Sony's lawyers.

To be honest though, I think a lot of this comes down to pride. I honestly don't think Sony would lose much by admitting it was wrong here, and making a meaningful apology. I actually think they would benefit from it in the long run, but that's a whole differant rant. In the end only time will tell if there are going to be more attacks, and if this is going to go anywhere or if in a couple of years we'll barely remember this little footnote on internet history took place.

 

[Sabinfrost]

I know it's hard to sympathise with big corporations but Sony took a big blow, they are victims in all this.

 

[BrotherRool]

It didn't take you a week to figure out the breach was serious enough to SHUT DOWN THE PSN!
THAT is why people were/are pissed at you Stringer.

Look at it this way. They didn't know what went on and yet they instantly shut-down something which has had a negative knock-on effect from indie devs to bigs publisher and inconvenienced millions of people, because they wanted to keep your data safe in the worst case scenario they could then imagine.

Then after just a week of work, instead of telling you what likely (and actually went on) they told you the worst case scenario so you could look after your credit cards if they had been taken.

Would you have preferred they told you with even less information so they could do even more damage to themselves which wasn't justified in the first case? All they could have told you was they didn't know what happened. Instead they waited what, 100 or so hours? Until they had a small idea of what happened and took the hit on the face and openened themselves up to being sued from all over the world. And then when they knew what happened they kept you informed. Even after all this work and multiple security agencies and the frickin' secret services working on the problem for multiple weeks they still don't know what happened.

There wasn't anything they could have told you

 

[harvz]

43% notify people in a month? any idiot can give a random and impressive sounding figure, 83% of all people know that.

it would be nice if they said "we believe its possible our servers have had intruders on them, we arnt sure if anything was taken, please change card details", it would be an inconvenience but would be easy to do and wouldnt have caused all these issues...or, you know, they could have atleast had a free firewall up.