Sony CEO Adamantly Defends Openness On PSN Attack

Recommended Videos

Tom Goldman

Crying on the inside.
Aug 17, 2009
14,499
0
0
Sony CEO Adamantly Defends Openness On PSN Attack



Sony's Howard Stringer snaps back at critics that think the company didn't reveal information about its hacked servers quickly enough.

For more than 3 weeks starting on April 20, Sony was forced to bring the PlayStation Network down (and later customer information [http://www.escapistmagazine.com/news/view/109723-Hackers-Also-Hit-Sony-Online-Stole-12-700-Credit-Cards]. The company has been taking a lot of heat for not mentioning that this data may have been stolen until around a week later, but president and CEO Howard Stringer is having none of it.

Speaking to reporters, Stringer was unapologetic about the timeframe Sony followed in regards to the hacking incident. "This was an unprecedented situation," he said. "Most of these breaches go unreported by companies."

"Forty-three percent notify victims within a month," he added. "We reported in a week. You're telling me my week wasn't fast enough?"

In an interview with the New York Times, Stringer said Sony "reported quickly," and added that the company made security a company-wide focus from "televisions to e-books, and onwards." He revealed that Sony is still in the process of investigating how the attack took place and who may have been responsible.

Sony previously free games [http://www.escapistmagazine.com/news/view/109587-Sony-Claims-It-Told-Users-of-PSN-Info-Breach-Immediately] to make up for the trouble.

I hate to side with the corporation here, but a week doesn't sound like that long a period of time to investigate a server attack and notify customers of its potential (correct me if I'm wrong). In Sony's defense, it could have kept going the "technical difficulties" route but was fairly upfront and honest about what's been going on through this whole process. Sony very well may have been negligent in its security methods, sure, but it was also a victim here to some extent.

The PlayStation Network is now back up [http://www.escapistmagazine.com/news/view/110055-Sony-Restores-the-PlayStation-Network] and running, though the PlayStation Store still has yet to return.

Source: New York Times [http://www.reuters.com/article/2011/05/17/us-sony-hacker-idUSTRE74G41G20110517]

Permalink
 

MrGFunk

New member
Oct 29, 2008
1,349
0
0
I'm alright with how it was handled. I felt like I was kept in the loop. Probably a lot more than I would be if this happened to other corporations with lower profiles.

When I was informed my card details may have been taken I cancelled and replaced my card. Turns out this was unnecessary but I had no issue and no one I know has either. If anything Sony were too cautious - which I guess when people's money and possible litigation is involved they can't be.

And now I get some games I'll probably enjoy and wouldn't have bought.
 

Yopaz

Sarcastic overlord
Jun 3, 2009
6,087
0
0
I honestly think they did a good job keeping users updated. I am not a PSN user myself, but I saw news articles about the progress all the time. Honestly, I don't think many companies would handle it this smoothly and keep their users this well updated. Since I never used PSN I guess that might be a reason why I never really got mat at them too.
 

Fiz_The_Toaster

books, Books, BOOKS
Legacy
Jan 19, 2011
5,496
1
3
Country
United States
I'm fine with how long it too Sony to let us know of its' breach, yeah I'm a little sore with how they handled it, but I felt they kept us in the loop.
Triforceformer said:
I'm going with Randy Pitchford on this one and saying we were a bit too harsh on Sony with this.
I agree. I felt a little ashamed that he had to come out and say this. We were too hard on Sony, and they were a victim in this just as much as we were.
 

mjc0961

YOU'RE a pie chart.
Nov 30, 2009
3,846
0
0
Tom Goldman said:
"Forty-three percent notify victims within a month," he added. "We reported in a week. You're telling me my week wasn't fast enough?"
If it took you a week to find out about it and you reported it as soon as you knew, that's fine. If you knew from day 1 though, no, the week isn't fast enough.

I still don't see we why need this back and forth bullshit though. Aren't multiple governments investigating this whole thing? Can we really not wait for them to say "Okay, here's what we were able to prove in our investigations."?

Seriously, Sony's focus right now should be on everyone's identity theft protection plans they promised. Not on making multiple "WE REPORTED ASAP, PROMISE!" statements.
 

aesondaandryk

New member
Oct 13, 2009
40
0
0
mjc0961 said:
Seriously, Sony's focus right now should be on everyone's identity theft protection plans they promised. Not on making multiple "WE REPORTED ASAP, PROMISE!" statements.
The reason their making this statement is because of people like you who won't stop talking about it.
 

Spygon

New member
May 16, 2009
1,104
0
0
Does this sound abit to much like well "other people would have been slower to tell you" type statement dont try and point the finger at other compaines about your lack of reaction time.

I can noot see how as soon as they knew that had a been hack just made a statement like we have been hacked we dont how bad it is but at the worse they could have all your personal data.

In an event like this time isnt on your side always expect the worse.As i am sure alot of people would perfer to be told then make there own minds up on changing there details than waiting a week to realise that there bank account seems to be empty.

Security and safety should always come over public image.
 

StoryMode

New member
Mar 18, 2010
45
0
0
I think Sony did a great job and more companies should follow its example. Very professional, as always Sony. I'm glad to be a supporter. I don't care to admit fanboyism here... haha
 

fabiosooner

New member
Sep 3, 2010
19
0
0
"I hate to side with the corporation here"

Corporations are nothing more than a bunch of individuals, and therefore are liable to tell the truth as much as anyone else. Don't hate siding with the corporation. Hate the lies people tell. If Sony's telling the truth, it doesn't matter a single bit if they're a corporation or a bum in the street.
 

AndyFromMonday

New member
Feb 5, 2009
3,921
0
0
So what because other companies choose to announce a month later that means you should follow their example? The fact of the matter is, Sony should have reported the theft the moment it happened so people would immediately start monitoring their credit cards.
 

dnadns

Divine Ronin
Jan 20, 2009
127
0
0
A week is pretty quick from my work experience and Mr. Stringer is correct that most companies don't even report the intrusion at all if possible to avoid the bad press.
What most people don't see right away is the fact that a "potential breach" looks pretty similar to a simple hardware or software error at first and only during the investigation it becomes apparent that there is more to it. After that, you most likely still don't know what was affected.
Adding the time it takes to get outside help and most likely the need to stay silent so that an ongoing investigation might not be jeopardized, things got public pretty soon.
I can understand that a situation like this is a bad thing and I was annoyed by the downtime and information leak as anyone else, but I can't really blame Sony for their PR work.
 

Sylveria

New member
Nov 15, 2009
1,285
0
0
82% of statistics are made up right there on the spot.

Maybe a week is a good time table for admitting there was a breach, I don't know. However, Sony hardly handled this in a stellar fashion. The amount of heat they're under not just from consumers but from various national agencies all over the world shows that their network security was sub-par at best. Being apologetic after the fact and being, allegedly, quick to work on damage control does not remedy the situation. Before the apologists get all hissy, no I'm not expecting hackproof security since that does not exist, but I expect more than non-encrypted plain-text databases with a single failure point.

We were not too hard on Sony and you people being all "oh I'm so sorry I picked on you Mr. Sony" are pathetic. Show some bloody integrity. He could just be talking totally out of his ass in an attempt to do exactly that, make you feel sorry for them. We don't know if a single word from his mouth is true or sincere.
 

ThrobbingEgo

New member
Nov 17, 2008
2,765
0
0
Sony's online store shouldn't have been walking around in that neighborhood at night while wearing low cut jeans.
 

Therumancer

Citation Needed
Nov 28, 2007
9,908
0
0
Well, I still insist that Sony pretty much provoked this attack, and I still want to see them admit they were wrong about the other OS thing and apologize.

As far as their comments about their speed of respone, I personally don't consider "oh well, other companies report things much slower, if at all" to be an excuse, other than to say that perhaps various goverments who were concerned here should spend more time looking into the reporting processes of other companies. Start giving CEOs jail time if they don't immediatly inform customers of attacks, their nature, and the possible risks involved. The big reason for not wanting to do so, largely seems to be so that the companies in question won't look weak, and I think "face" is a big part of this whole thing. It's also why I think we might see more attacks on Sony in the near future, because Sony refuses to concede they were wrong about the "other OS" pull back, restore that functionality, etc... largely because that will show a group of hackers took them down, and also establish precedents away from the whole "it's our property, we're just nice enough to let you use it in exchange for money" definition that they (and other companies) are pushing it. I very much do not see Sony as being victims here. What the hackers/Anonymous have done is not right, but at the same time Sony isn't right either, in fact I might say that I haven't let their current woes detract from how angry I was over the "other OS" thing, despite not using it myself, and actually consider them to be MORE wrong here than the hackers. It's hard to take them seriously as victims when they were victimizing their customer base and brought this upon themselves.

In fact it's this kind of arrogrant justification in saying "we weren't wrong here, because other companies do worse" that is at the root of their problems to begin with.

Or in short, this is all about corperate attitude adjustment, I appreciate the gestures Sony has made to users over the down time, but overall I'm getting tired of them flapping their lips and trying to justify their part in the overall situation. The only thing I want to see their CEOS say is "I'm sorry, we were wrong, we brought this upon ourselves and it trickled down to our users, we'll change our policies and do better in the future". Free games are nice, but since I don't believe it's happened yet, I'd also like them to restore the "Other OS" option to users that use it, but of course for that to be meaninful it has to come with an apology.
 

poiuppx

New member
Nov 17, 2009
673
0
0
Therumancer said:
Well, I still insist that Sony pretty much provoked this attack, and I still want to see them admit they were wrong about the other OS thing and apologize.

As far as their comments about their speed of respone, I personally don't consider "oh well, other companies report things much slower, if at all" to be an excuse, other than to say that perhaps various goverments who were concerned here should spend more time looking into the reporting processes of other companies. Start giving CEOs jail time if they don't immediatly inform customers of attacks, their nature, and the possible risks involved. The big reason for not wanting to do so, largely seems to be so that the companies in question won't look weak, and I think "face" is a big part of this whole thing. It's also why I think we might see more attacks on Sony in the near future, because Sony refuses to concede they were wrong about the "other OS" pull back, restore that functionality, etc... largely because that will show a group of hackers took them down, and also establish precedents away from the whole "it's our property, we're just nice enough to let you use it in exchange for money" definition that they (and other companies) are pushing it. I very much do not see Sony as being victims here. What the hackers/Anonymous have done is not right, but at the same time Sony isn't right either, in fact I might say that I haven't let their current woes detract from how angry I was over the "other OS" thing, despite not using it myself, and actually consider them to be MORE wrong here than the hackers. It's hard to take them seriously as victims when they were victimizing their customer base and brought this upon themselves.

In fact it's this kind of arrogrant justification in saying "we weren't wrong here, because other companies do worse" that is at the root of their problems to begin with.

Or in short, this is all about corperate attitude adjustment, I appreciate the gestures Sony has made to users over the down time, but overall I'm getting tired of them flapping their lips and trying to justify their part in the overall situation. The only thing I want to see their CEOS say is "I'm sorry, we were wrong, we brought this upon ourselves and it trickled down to our users, we'll change our policies and do better in the future". Free games are nice, but since I don't believe it's happened yet, I'd also like them to restore the "Other OS" option to users that use it, but of course for that to be meaninful it has to come with an apology.
...you DO realize that a hack like this more or less makes it 100% certain we will never, EVER, see a legal Other OS on a Sony console ever again, right? Between GeoHot and this, the sentiment is likely to be 'screw this, we're never going to even come CLOSE to this can of worms again', with some side comments in the board room about what they'd like to do to these hackers with five minutes in a locked room and a nice sturdy baseball bat. The only corporate attitude adjustment this caused is that they're likely to be fifty times more locked-down with any future creations.
 

sunburst

Media Snob
Mar 19, 2010
666
0
0
Tom Goldman said:
"Forty-three percent notify victims within a month," he added. "We reported in a week. You're telling me my week wasn't fast enough?"
Being better than terrible does not make you great. We haven't been too harsh with Sony. We've just been far too lenient towards everyone else. I know people usually don't care about their information security so I can see why Sony might be shocked now that everybody suddenly does. But this reaction should be normal. Any company taking personal data in exchange for their service must be held accountable for its protection. Taking a week to assess the situation does not fly when it's your customers who are at risk.

Unfortunately, it would seem that public opinion has been swinging back into Sony's favor ever since they began bringing the PSN back online. I guess no one really cared about security after all. They were just upset that they couldn't play their games online for a few weeks.
 

icame

New member
Aug 4, 2010
2,648
0
0
Most companies don't report it? So what? Your using something like that as justification to not letting users know that they could be under threat of identity theft for a week? Don't make me laugh. That is the worst excuse I have ever heard in my life. How can this kind of person be running a multibillion dollar corporation? Oh right, the same kind of person that could let this whole fiasco happen.
 

Therumancer

Citation Needed
Nov 28, 2007
9,908
0
0
poiuppx said:
Therumancer said:
Well, I still insist that Sony pretty much provoked this attack, and I still want to see them admit they were wrong about the other OS thing and apologize.

As far as their comments about their speed of respone, I personally don't consider "oh well, other companies report things much slower, if at all" to be an excuse, other than to say that perhaps various goverments who were concerned here should spend more time looking into the reporting processes of other companies. Start giving CEOs jail time if they don't immediatly inform customers of attacks, their nature, and the possible risks involved. The big reason for not wanting to do so, largely seems to be so that the companies in question won't look weak, and I think "face" is a big part of this whole thing. It's also why I think we might see more attacks on Sony in the near future, because Sony refuses to concede they were wrong about the "other OS" pull back, restore that functionality, etc... largely because that will show a group of hackers took them down, and also establish precedents away from the whole "it's our property, we're just nice enough to let you use it in exchange for money" definition that they (and other companies) are pushing it. I very much do not see Sony as being victims here. What the hackers/Anonymous have done is not right, but at the same time Sony isn't right either, in fact I might say that I haven't let their current woes detract from how angry I was over the "other OS" thing, despite not using it myself, and actually consider them to be MORE wrong here than the hackers. It's hard to take them seriously as victims when they were victimizing their customer base and brought this upon themselves.

In fact it's this kind of arrogrant justification in saying "we weren't wrong here, because other companies do worse" that is at the root of their problems to begin with.

Or in short, this is all about corperate attitude adjustment, I appreciate the gestures Sony has made to users over the down time, but overall I'm getting tired of them flapping their lips and trying to justify their part in the overall situation. The only thing I want to see their CEOS say is "I'm sorry, we were wrong, we brought this upon ourselves and it trickled down to our users, we'll change our policies and do better in the future". Free games are nice, but since I don't believe it's happened yet, I'd also like them to restore the "Other OS" option to users that use it, but of course for that to be meaninful it has to come with an apology.
...you DO realize that a hack like this more or less makes it 100% certain we will never, EVER, see a legal Other OS on a Sony console ever again, right? Between GeoHot and this, the sentiment is likely to be 'screw this, we're never going to even come CLOSE to this can of worms again', with some side comments in the board room about what they'd like to do to these hackers with five minutes in a locked room and a nice sturdy baseball bat. The only corporate attitude adjustment this caused is that they're likely to be fifty times more locked-down with any future creations.

Oh your right, and that's why there is probably going to be another attack. As I said, they need an attitude adjustment. What your describing is a pretty typical corperate response to being challenged for reasons of "face" and also because they don't want to admit that customer response in motivating things like hackers is that powerful. They want to maintain a "the customers do what we want, not the other way around" attitude especially when it comes to things like property rights.

So basically, the point of the hacking is to demonstrate that Sony is at the mercy of the customers as enough outrage or ridiculous behavior is going to get the attention of hacktivists, and they are going to stand up to major corperations and put them in their place. Your quite correct that they would love to take a baseball bat in a back room to a hacker, and heck, a company like Sony probably has it's own hit men and private security personel for exactly those kinds of situations (okay , well, no "probably" about it), of course the very point of something like "Anonymous" is that none of that matters, they could torture some guy to death, and it won't matter because there isn't any kind of organiation to go after, you nail that one guy, legally, or with thuggery, and it means nothing to the overall body and what it's doing.

So pretty much your explaining why I won't be surprised if there is another attack, it might not happen, but if it does, it's going to be because of that reaction and attitude, which is what they are trying to break.

In the end only time will tell. This situation is notable because companies like Sony are generally viewed as being untouchable, and yet we're seeing a group of hackers rather publically drag them around through the mud, rather than being swept under the carpet. The fact that Sony's usual attitudes aren't working is why this is news. Right now it remains to be seen if it turns into a battle of wills. It's not viable for Sony to back away from The Internet entirely, the big question is going to be whether it's going to be able to play by it's rules (or if this is going to be let go for the moment if we don't see another attack) or if it' going to have to concede that The Internet is the territory of the users (pretty much) who when enraged too much lead to actions by groups like Anonymous, and Sony acts as
a guest in their back yard... much like how a corperation that builds a branch in a foreign country abides by their rules.

I'm not saying your wrong, just that I suspect that is exactly why this isn't over. It might be, it might not be. A lot also depends on whether this whole "Anon civil war" is for real and involves the people responsible to begin with. I've also suspected that this civil war might very well have been set off by Sony. See instead of taking a baseball bat to a hacker they catch, I've suspected this might have started with them getting someone fairly influential and turning them. No way to tell that, but understand while companies do a lot of underhanded things, they are liable to hand someone a briefcase of money to do what they want, than to say take the risks involved in pounding the crap out of someone, or sending a hitman to their house... such events are very rare unlike on TV. Sony however admittedly has a bit more of a reputation for that going back to the "Japanacorp invasion" of the 1980s, being the inspiration for a lot of the evil corperations in fiction, that have things like entire wetworks divisions and private security forces equal to the militaries of many first world countries... all exagerrations (massive ones) of the reality based on hypothetical ideas of what the real deal was actually doing at the time.

Incidently, don't get that I hate Sony overall. I just happen to think they are wrong in a lot of what they do, especially in cases like this. That "other OS" thing makes it fairly difficult for me to defend them on any grounds. Their mentality aside, it's still bloody wrong, they sell a service to someone, and then find a backdoor way of taking it away from the people who use it, there is no way to present that as being right. Pointing to things like TOS and EULA agreements which incidently only appear AFTER you paid for a product which you probably can't return at full value (and even then have to jump through hoops), only makes it clear that such agreements are themselves wrong due to what they are enabling and have gone too far.

Sony also didn't pull the "other OS" option for security reasons. They pulled it to hurt piracy so they could potentially pocket a few extra bucks by cutting down on a portion of their losses. Their issue was the option enabling piracy... piracy being a whole differant topic of discussion. The big problem of course being that while piracy is wrong, what they were doing is a bigger wrong. On top of that, they were lying about their reasons for doing it by claiming it was some kind of major security risk. The point of the hacker attacks isn't just the damage they are doing by taking down the networks, but to show that their network was complete tissue paper, Sony had no real security, and any halfway decent hacker could tear thrugh their system "Other OS" or not... and all of this became outed because of the attacks. It's important to understand WHY the hackers attacked in the way they did, and also that the real damage/point was in showing that Sony lied and what a state their security was in to begin with, taking down the network is kind of tertiary, it just demonstrates how weak the security was and how much work Sony had to do to bring it back up and up to code.

If there is another hacker attack on Sony, even if it's motivated by the same thing, I'm not sure if it's going to be an attack on PSN. After all that's what Sony expects, and is ready for. Generally speaking hackers operate through misdirection and by not going after the obvious target. Of course in this case if they want to prove "Sony can't stop us" they might very well go after PSN again, letting Sony set up all it's pieces, open up their store, and say that they are confident, so bringing the whole thing down proves who the big dawg on the Internet is. It's really hard to say what they are going to try, or even if they will do anything at all. Hacking, and Anonymous in general, tend to be pretty chaotic.
 

xxBucdieselxx

New member
May 3, 2011
19
0
0
sunburst313 said:
Being better than terrible does not make you great. We haven't been too harsh with Sony. We've just been far too lenient towards everyone else
Exactly right. Stringers statement above almost makes it sound like we should be happy they did anything at all. While I understand time constraints working with PC's (as I work in IT as well), if my company were to have a breach of that kind, then wait a week to notify clients, we would be lucky if we had any clients left a week later. But because this is "just video games" I suppose our personal data isn't supposed to be taken seriously. Sony deserves all the bashing they get (mind you I am a Sony faithful). I just am not gonna curb my opinion of what went down because it is with a company I happen to like. They screwed up. Their security was bush league at best. They got tagged, now they have to deal with it, bad PR and all. Grab that spoonful of humble soup and shovel down.