Sony Website Hacked By the "Lulz Boat"

[Denamic]

They already have been, you know, with the whole PSN thing?

That's my entire point.
That they got hacked like that bad is really bad.
They have been going on about having better security now, but now this happens.
Having plaintext user data is absurdly incompetent, never mind being open to the most basic hacking method in existence.
In simple terms, that'd be like having a door protected by a keypad that requires a code, but it'll let you in if you don't enter a code.

So far this seems like:

Two kids are fighting, and the larger kid knocks down the other one and tells him to defend, but instead of letting the other kid get up and try to defend. They continue to kick him while he is down and not let him get back up.

They've had months since the initial attack.
Encrypting data is an half-hour job tops for one guy.

 

[Therumancer]

As I've said before, I think Sony could end this very simply, all it has to do is publically apologize, restore the other OS functionality, and concede that people own the products they pay for. Now I understand why a massive Godzilla-like corperation doesn't want to do those things, and what is at stake, but really that's pretty much what is going to end this.

Am I the only one that is fucking terrified by the realization that people are suggesting that someone should give in to terrorist demands if they're attacked enough?

I was chatting with a friend and telling him about how I was providing my input on this whole ugly thing, and he said to be careful what I said so I wouldn't provoke someone into hacking me. That REALLY frightened me, seeing that we're turning into a culture where anyone with computer knowledge can threaten and intimidate you into not expressing your true opinions.

What the hell is happening to our society?

I think it's ridiculous to call them terrorists, people overuse that term to the point where soon it's going to miss any relevency or meaning. That's why I also find the idea of getting Homeland Security or invoking The Patriot Act here ridiculous, and while I support both that's the kind of thing that *I* was concerned about when they got started, things well out of context of protecting the US as a whole being put under their mandate.

What we're looking at here is more akin to vigilantism, and if anything I think the system should be looking at where it went wrong here in order to prevent it. Sony is just as wrong as the hackers are, and there was no viable way of dealing with Sony within the system. It's a sign that the legal system needs to reform itself so that companies can be viably be held accountable for their actions and victimization of the consumer base, rather than being able to shield themselves with their money. If people could have successfully confronted Sony over the "Other OS" incident we wouldn't be here right now.

Screaming terrorism because someone can't spend money on a website is bloody ridiculous to my way of thinking. What's more, as a few people have pointed out, not a single credit card or incident of stolen identities being used to steal money or whatever has been linked to these events. The hackers aren't using the information, and by putting it up publically and telling everyone where they are ensuring that various identity protection services can prevent any damage from being done. Eventually if they keep it up someone will get hurt, but as far as such things go the only ones being hurt are Sony who are a bunch of thieves and just as bad, and users being prevented from giving them money.

Context is everything.

 

[Sikratua]

I think it's ridiculous to call them terrorists, people overuse that term to the point where soon it's going to miss any relevency or meaning.

I took the liberty of looking up the word "Terrorist." Dictionary.com defines "Terrorist" as

a person, usually a member of a group, who uses or advocates terrorism.

So, I looked up the word "Terrorism." Webster.com defines "terrorism" as

the systematic use of terror especially as a means of coercion

Explain to me how this doesn't qualify. And, please, don't give me any bullshit about how we shouldn't base our language by what words actually mean. Frankly, once you get past your VERY flawed opening statement, upon which you base your entire arguement, not a single word in your post has any validity, whatsoever.

 

[AdumbroDeus]

I think you underestimate the amount of knowledge the public has about hacking into websites... If the group wanted to make sure everyone knew this was really simple then they sure as hell aren't doing a good job at it by saying it's SQL Injection, when you take into account the fact that your average joe probably thinks an SQL injection is like hacking into the fucking pentagon. This was not a PR strategy to discredit Sony, it was some hackers claiming responsibility for a hack and that's it.

You give them too much credit by saying they're lying about their methods to make it seem like the attack was easy when your normal pedestrian off the street probably doesn't even know what MySQL is...

I'll give you credit. When you shovel bullshit, you use both hands. The original article removes most of the need for a true understanding of what level hacking was required. Read the language used. "Primitive." "Simple." "Botched." These words, and others, were chosen to make the task seem basic and easy. In fact, the article directly says as much.

Seriously, who needs to know a lot about hacking, when the artcile itself directly tells people that the hack was simple and the security was "primitive?" Giving the name of an actual hacking technique seems, to me, like this group is using a trope called the "Genius Bonus." That way, a couple people who actually do know something about hacking will chime in with "My God! That was it? Sony, you fudge-donkeys!" Or, something to that effect. Then, people who don't know jack shit on the subject will see that post, and try to seem smart on the subject. "They're right! Sony sucks! Fuck you, Sony!" Have you actually read this thread? That's exactly what happened.

What's your point?

People who know the technique are telling you that it's ridiculously easy to execute, so what if other people are bandwagoning? Point is it's something that any admin with due diligence could've dealt with easily.

 

[DustStorm]

While I certainly don't agree with the hackers posting all of this personal information online and hacking Sony illegally, They still made a very good point when they said that Sony had this information unencrypted on their and so vulnerable that it was obtainable through SQL injection. I would imagine that Sony would have security at the top of their list of priorities right now. I hope that they hire professionals to deal with their security issues before more hackers attempt to hack Sony.

 

[Sikratua]

What's your point?

People who know the technique are telling you that it's ridiculously easy to execute, so what if other people are bandwagoning? Point is it's something that any admin with due diligence could've dealt with easily.

Simply put, my point is that these hackers have every possible reason to lie, because their only goal is to discredit Sony. Everything else you've said, you said on the assumption that these hackers are telling the undiluted truth. Excuse me for not takinjg criminals at their word, particularly about how they committed their crimes. Bluntly, you're making my point for me very nicely. Thank you.

 

[Gender Unknown]

I don't believe the story. Sounds fake. *shrug*

 

[tzimize]

I just don't get this. How can Sony keep letting this happen to themselves? They've been attacked constantly recently. They should have increased security across the board right now. Plus these guys were constantly bragging about how they were going to hack Sony prior to actually doing it. I understand that threats on the internet aren't usually taking seriously, but if your company has been ransacked by hackers recently you'd think that would be a cause for concern.

Que a bunch of people calling the hackers pricks even though they clearly don't give a shit and know they are being assholes.

Other thought is why do these people want to be dicks. They can find all the security flaws they want as long as they report them in a nice mannor. They have no right to be a dick by embaressing a company and causing problems for the users who did nothing wrong.

Because they enjoy being assholes and want as much attention as possible. "Hackers carefully point out flaw in Sony security" isn't much of a headline compared to "Hackers steal a ton of data from Sony and post it online".

Still. One thing is finding a tiny flaw in a huge locked security door. Another is pointing out that sony has basically not even got a door guarding their non-encrypted personal data storage.

While I dont like hackers...one really has to wonder what Sony is thinking. Its not like they dont have the money to make the personal data they collect more secure. I'm pretty disgusted by them to be honest.

 

[eels05]

Oh jesus these fuck these hackers and their moral high ground BS.
When will this end?

 

[RA92]

Anyone who gives these people money might as well set a match to it instead.

Hey, MS could make some donations, and it would be money well spent for them...

I mean, they've been deliberately sabotaging the PC with GFWL, I can easily picture them gleefully jumping into this.

Somehow I don't think Aiding and Abetting criminals is a good business plan.

I didn't say they would do it publicly...

Uh, money in big corporations like that is theoretically tracked as to where it goes. If a couple grand disappears for no reason someone's going to notice.

What if an employee is instructed to anonymously dropped the money from his paycheck? You're not telling their spending habits are tracked as well...

So, add conspiracy to commit crime to that list of charges as well?
What Employee is going to give up their pay cheque for that? Would you? And if the Employee on the other hand gets a bonus specifically for that purpose, how is that bonus explained?

I don't think Sony really needs any help screwing up anyway. They already lost to Xbox when they put a 700$ pricetag on their machine.

Sheesh man, chillout! I wasn't trying raise any 'conspiracy theory', I was just making a tongue-in-cheek reply to you equating sending money to these hackers to buring said greenbacks.

And you honestly believe that companies can't spend money anonymously? Seriously?

Anyway, this thread is bonkers, I'm outta 'ere.

 

[SomeBritishDude]

I am so happy I never got a PS3. Honestly, I never thought I'd say that, but I am. Partly because they clearly can't keep my information safe, but mainly because they've now become a target. I seriously doubt this is the last attack Sony wil have to deal with.

 

[Someone Depressing]

Sony - you've got to stop this bullshit. PSN just went up; the store saw the light a' day; you clear the Annonymous business; and the credit-card trouble... and this happens....

I doubt Sony'll survive another hack. Trust me - in a month-or-two-from-now, I can already see Sony posting a blog-post about the company shutting down.

But I'm not really convinsed that the "Lulz Boat" even exists, actually - I mean, all the proof we get in a text-art image of a viking-boat that says "LOL" on the crow's nest.

 

[Wicky_42]

"Oh noes, those terrible hackers!"

Oh no, that fucking terrible Sony. Christ, how little respect can you show your customers and users? It's a complete mockery that they think literally NO security is sufficient - there goes any semblance of respect I had for them in their relatively botched dealings right from the first hack.

Kinda funny to see them crumbling to a bunch of guys just casually having a laugh - it just shows how inadequately our personal data is being handled by the people we trust with it (and why you should NEVER give out accurate data to anywhere that's not delivering to you or important for, say, a job!)

No one's in the right here. The hackers shouldn't hack, and Sony shouldn't be inept.

This whole fiasco is just insane.

Yeah, but in a way by publicly exposing just how shitty internet security is by being able to continuously ravage Sony, all these hacks have massively increased public awareness of digital vulnerabilities. That's the first step to being more careful and less blindingly trusting of these seemingly invulnerable corporations. Doesn't make them any better, but at least the results of their actions may be positive. Maybe.

 

[GonzoGamer]

Also, I must have missed the memo that said, "Everyone gang up on Sony for the next couple of months." Seriously, their online stuff has been attacked how many times now? More than I can be bothered keeping track of anyway.

Really. I thought everyone got it. It went to the tune of "Sony sues hacker - geohots."

Whatever excuse these guys are using, Sony has been in a long running war with hackers and both sides just keep making things worse.

I'm expecting they're probably going to try something else on PSN just in time for E3. That'll be a fun day for Jack Trenton.
They might even pull it off but I don't think they can take Sony down completely like they're threatening to.

 

[beema]

So yeah, Sony is ridiculously incompetent, but that doesn't excuse these assfucks for deliberately invading people's privacy.
"LOLz, we posted ur personal data to harm Sony!" Uhh, what? Am I missing something here?
This type of attack hurts innocent consumers just as much as, if not more than, Sony.
What kind of idiot would donate money to a group of people who are stealing personal data and posting it in public?
I hope both Sony and these hackers rot in a urine-soaked hell.

 

[Iron Mal]

I don't see the use in complaining about Sony's security measures here, yes, they could be better but by the same token it wasn't them who hacked in and leaked all your private data now was it?

Who is the one in the wrong? The guy who forgot to lock his front door or the guy who kicked it in and stole all his valuables?

This whole 'we were doing it to prove how insecure they were' seems like a very weak cover excuse to sound like they're serving some greater cause, like they're on our side all along (which gets a bit hard to justify when they've stolen the private information of thousands of people, for great justice or not, that is a pretty hard thing to justify to an angry crowd).

If they have a major bone to pick with Sony, fine, tell people what your real problem is, you may even get a lot of people legitimately backing you then.

If you're just gonna be an ass and piss on other people's day because you derive some weird laughter out of it then...expect a lot of proverbial pitchforks and torches in your future.

As I've said before, if we want a free and open internet, people who do childish things like this openly show the world that maybe we aren't responsable or mature enough for it.

 

[Johnson McGee]

There's no excuse for sony not having that info encrypted, it's one line of code ffs.

Like Beema said, I'm not sure why anyone would donate money to an organization that has no scruples about posting my or anyone elses' information online for no reason.

 

[Frylock72]

You know, we're just taking the hackers' word for it that all they did was that SQL injection thing. How can we trust them to not lie to us? They're hackers and criminals. I'm not saying Sony's not dropped the ball, but I'm saying we shouldn't take their word at face value.

 

[Wicky_42]

"Oh noes, those terrible hackers!"

Oh no, that fucking terrible Sony. Christ, how little respect can you show your customers and users? It's a complete mockery that they think literally NO security is sufficient - there goes any semblance of respect I had for them in their relatively botched dealings right from the first hack.

Kinda funny to see them crumbling to a bunch of guys just casually having a laugh - it just shows how inadequately our personal data is being handled by the people we trust with it (and why you should NEVER give out accurate data to anywhere that's not delivering to you or important for, say, a job!)

No one's in the right here. The hackers shouldn't hack, and Sony shouldn't be inept.

This whole fiasco is just insane.

Yeah, but in a way by publicly exposing just how shitty internet security is by being able to continuously ravage Sony, all these hacks have massively increased public awareness of digital vulnerabilities. That's the first step to being more careful and less blindingly trusting of these seemingly invulnerable corporations. Doesn't make them any better, but at least the results of their actions may be positive. Maybe.

Yeah, that's pretty much what I mean. This is honestly the first time I've realised just how bad the security was, but to hack it is like saying that it's OK to stab someone in the street because they weren't wearing a Kevlar vest, and then parading it to 'set an example'.

A better analogy would be walking into a bank, right past the teller, into the vault and back out again with those good old money bags without anyone thinking to stop you - no one else did it because it just wasn't something that you did, but once someone had a go, all the cool kids want a go. Of course, the banks are promising to put door on their vaults and hire security guys, but at the moment people are eyeing their local branch nervously, realising just how naive their trust was in placing all their savings there.

Of course, nowadays banks have very good security, requiring very sophisticated teams to break into them, let alone get away with it. As evidenced by this event, digital security lags WAY behind their physical equivalents.