Sony CEO Howard Stringer: Month-long Hackathon Merely A 'Hiccup'

from the sony-shouldn't-be-left-in-charge-of-your-metaphors-much-less-your-personal-i dept

Wed, May 18th 2011 9:38am — Tim Cushing

As we've all seen over the last thirty days or so, Sony has handled their month-long data breach/pwnage with all the grace and humility that one expects from an out-of-touch megacorporation. Between dismissing the breach as "harmless" and fingering the ever-popular "Anonymous" for all the trouble, Sony has managed to stay at least one step behind their attackers the whole way. To add insult to injurious class action lawsuit, it emerged from the 30-day hackout bruised, bleeding and completely unable to go back online in its own country.

CEO Howard Stringer apparently has come to the conclusion that there's still plenty of room for more foot in Sony's mouth, dismissing the longest outage by any console maker as merely a "hiccup in the road to a network future."

Now, I don't want to presume to speak for everybody, but generally when I have the hiccups (inside or outside of the road), it tends to leave the nearest 77 million people unaffected. Sure, I may get some random advice (drink a glass of water/hold your breath/salt your passwords), but otherwise life goes on and I'm the only one bothered by it. Plus, these hiccup attacks never run more than 10-12 days at the most and only rarely do I lay the blame at the feet of unrelated hacking entities.

Thank you, Howard, for clearing that up. I'll be sure to dismiss any unknown charges to my credit cards as mere "hiccups in the road to financial instability" and when my linked email account becomes a spam-spewing zombie, I'll just hold my breath until it all goes away.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hack, hiccup, howard stringer, psn
Companies: sony

32 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Nathan F (profile), 18 May 2011 @ 9:42am

For even more fun, Slashdot is reporting that SOE is back down again. Apparently the info they want you to enter for the password change.. is the same information that the hackers got away with.

http://games.slashdot.org/story/11/05/18/151211/PSN-Up-And-Then-Down-Again
[ link to this | view in chronology ]
- taoareyou (profile), 18 May 2011 @ 11:25am
  
  Re:
  Not sure when it went down again. I am logged into it right now and watching Netflix. Haven't experienced any downtime since it came back up.
  [ link to this | view in chronology ]
  - taoareyou (profile), 18 May 2011 @ 11:26am
    
    Re: Re:
    In fact, when following the link, you learn that:
    
    "This story's headline is completely inaccurate. What's been taken down is several website login pages that use PSN accounts, such as Qrocity.com."
    [ link to this | view in chronology ]
    - Nathan F (profile), 18 May 2011 @ 11:55am
      
      Re: Re: Re:
      Oh?
      
      http://www.engadget.com/2011/05/18/psn-logins-exploited-again-sony-takes-sign-in-pages-offlin e/
      
      http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
      [ link to this | view in chronology ]
      - taoareyou (profile), 18 May 2011 @ 1:22pm
        
        Re: Re: Re: Re:
        The statement that the PSN was down was incorrect and still is incorrect. Still up. Still signed in. Not saying there wasn't an exploit, just saying that the PSN is not currently down here in eastern US.
        [ link to this | view in chronology ]
crade (profile), 18 May 2011 @ 9:46am

If that's just a hickup, then they are probably in trouble. Who ever has just one hickup and then they are done? They come in scores. Just imagine what Sony will look like by the time they subside.
[ link to this | view in chronology ]
Phillip Vector (profile), 18 May 2011 @ 9:47am

Don't taunt hackers...
Just.. don't. Speaking as someone who is an old school hacker, there are 3 things you never do.

1) Never hit a beehive.
2) Never wave fresh meat in front of a bear.
3) Never say that a hacker attack is "Harmless".

All 3 will get you in a load of hurt.
[ link to this | view in chronology ]
- Anonymous Coward, 18 May 2011 @ 9:53am
  
  Re: Don't taunt hackers...
  Don't tug on Superman's cape.
  
  Don't spit into the wind.
  
  Don't pull the mask off the ol' Lone Ranger.
  
  Don't mess around with Tim.
  [ link to this | view in chronology ]
  - Dark Helmet (profile), 18 May 2011 @ 10:35am
    
    Re: Re: Don't taunt hackers...
    "Don't mess around with Tim."
    
    You're goddamn right....
    [ link to this | view in chronology ]
    - The eejit (profile), 18 May 2011 @ 11:34am
      
      Re: Re: Re: Don't taunt hackers...
      I think he meant Tim Drake. Sorry!
      [ link to this | view in chronology ]
      - Anonymous Coward, 18 May 2011 @ 7:23pm
        
        Re: Re: Re: Re: Don't taunt hackers...
        I just wanted to provoke a Tim fight.
        [ link to this | view in chronology ]
Irving, 18 May 2011 @ 9:55am

Merely a hiccup...
... compared to what we plan to do to our users (tents fingers in evil scheming manner).
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2011 @ 9:57am

Well said, Tim. Looking back on their history of asshattery (smackdown from the FTC over BMG CD rootkits, rootkits on USB sticks, COPPA violations for collecting kid info, DADC Securom and its attendant class actions), I'm surprised Sony's permitted to operate without regulators perched on their shoulders 24/7.
[ link to this | view in chronology ]
Andy (profile), 18 May 2011 @ 9:58am

Hiccup attack
Hiccup or no, reports seem to indicate another serious failure allegedly caused by a major problem. This site apparently found the problem and reported it to Sony:

http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

There are a series of updates there relating progress.
[ link to this | view in chronology ]
A.R.M. (profile), 18 May 2011 @ 9:58am

I laughed.
[ link to this | view in chronology ]
- A.R.M. (profile), 18 May 2011 @ 10:01am
  
  Re: I laughed.
  DANG IT! FIX THAT ACCURSED ENTER KEY ISSUE ON SUBJECT ALREADY!
  
  Back on track...
  I laughed at the "salt your passwords" advice.
  
  I'll see how this works the next time someone gets them.
  :)
  
  As for Sony's issues: doesn't matter. According to NPD, people are still buying their products.
  [ link to this | view in chronology ]
  - weneedhelp (profile), 18 May 2011 @ 10:18am
    
    Re: Re: I laughed.
    "people are still buying their products"
    
    Uninformed masses. Typical.
    [ link to this | view in chronology ]
    - A.R.M. (profile), 18 May 2011 @ 10:44am
      
      Re: Re: Re: I laughed.
      Of course they're uninformed. Their network is down. ;)
      
      I just read this it's down again.
      
      Because the information originally compromised was needed to restore access.
      
      I'll repeat this because it truly does suck, but it's damn sickening to see a once FANTASTIC company like this go down in flames from its own stupid mistakes.
      
      I have to admit their products were awesome (and probably still are) but no way in hell will I buy one in exchange for their recent actions, which started with a damn rootkit file.
      
      No way.
      [ link to this | view in chronology ]
      - Anonymous Coward, 18 May 2011 @ 11:18am
        
        Re: Re: Re: Re: I laughed.
        actually not so much anymore
        
        http://www.hdtvtest.co.uk/news/outsourcing-sony-design-bravia-201104291133.htm
        
        and has anyone actually looked at the tv part of sony's google tv? its absolutely awful
        [ link to this | view in chronology ]
        
        A.R.M. (profile), 18 May 2011 @ 11:26am
        
        Re: Re: Re: Re: Re: I laughed.
        Well, it's not like Sony actually made their TV anyway, given only a handful of companies actually make the screens.
        
        "Made In Japan" isn't something I see stamped on anything imported from Japan anymore.
        
        I'm more than used to it. It's like "Made in USA", where the "made" only means "A company, based in the US, imported and taped the box shut".
        
        Not that this is a bad thing.
        [ link to this | view in chronology ]
  - jjmsan (profile), 18 May 2011 @ 10:37am
    
    Re: Re: I laughed.
    But who's credit cards are they using?
    [ link to this | view in chronology ]
  - CommonSense (profile), 18 May 2011 @ 1:21pm
    
    Re: Re: I laughed.
    "DANG IT! FIX THAT ACCURSED ENTER KEY ISSUE ON SUBJECT ALREADY!"
    
    Just [TAB] instead of [ENTER]. An old boss of mine used to use the space bar instead of enter for selecting things too, so he would tab around all over the page until he got to the submit button and then press space....because far too often the enter key doesn't give you the desired response...
    [ link to this | view in chronology ]
Chronno S. Trigger (profile), 18 May 2011 @ 10:16am

Hiccup?
I've sneezed hard enough to crack a rib before, but I've never hiccuped hard enough to land in the hospital for a month. I have heard they can get dangerous, but I wouldn't label them as "just a hiccup".
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2011 @ 10:36am

Friends don't let friends buy Sony
A philosophy I've used and it's worked pretty well so far.
[ link to this | view in chronology ]
Hephaestus (profile), 18 May 2011 @ 10:40am

""The PlayStation Network is down again. Sony had originally enabled passwords to be reset onscreen simply by entering an email address and date of birth. Whoever has the data from Sony, could, in theory, then reset any of the captured users accounts simply by entering the details they stole.""

It would be funny if hackers went in and changed everyones e-mail addresses using the stolen data.
[ link to this | view in chronology ]
- Anonymous Coward, 18 May 2011 @ 10:52am
  
  Re:
  Some people are reporting exactly that.
  [ link to this | view in chronology ]
Mike42 (profile), 18 May 2011 @ 10:48am

Humility
Sony, repeat after me:
We are being attacked by some amazingly skilled hackers. We can't touch them. I hope that we can figure out who they are, just so we can give them jobs securing our network. We were a very technologically advanced company in the 80's, but now we are just a bunch of inept empty suits.

Hackers, please don't hurt us!
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2011 @ 10:49am

Shoot Our Network and put it out of it's miserY
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2011 @ 11:53am

Even if they did get the credit card numbers, sony claims that they were encrypted. Depending on the encryption used on the data, they probably won't be able to hack it for a long time. They would have to have a lot of time on their hands in order to get any of that data. Years depending on the strength of the ecryption used.
[ link to this | view in chronology ]
- Atkray (profile), 18 May 2011 @ 12:34pm
  
  Re:
  Given the fact that someone got the data in the first place I wouldn't want to be relying on the encryption to save my credit card.
  
  It would be ironic if the people responsible used the credit card information to purchase boatloads of Sony products.
  [ link to this | view in chronology ]
- New Mexico Mark, 18 May 2011 @ 12:47pm
  
  Re:
  Imagine everyone's relief, given the general Sony security cluelessness and prevarication.
  
  Stored BASE64 -- Check
  Credit card numbers were encrypted -- Check
  
  Seriously:
  
  1. Believe NONE of Sony's claims unless verified by an independent (preferably hostile) third party.
  2. Encryption is tricky to get right and incredibly easy to do wrong, even by security professionals.
  3. If you know what the encrypted data are supposed to contain (general format and/or specific text), any encryption method could probably be attacked with much less effort and much greater likelihood of success.
  4. "But it was encrypted" sounds nice. Replace that with "They stole our safe with everything in it, but don't worry, we think it is a really strong safe with a good lock" and see how that sounds. Especially if it is *your* money and reputation locked in there.
  5. The "but it was encrypted" defense is probably just another damage control dodge to avoid specifically notifying millions of customers until the encryption is proven to be weak or worthless.
  
  NMM
  [ link to this | view in chronology ]
  - Ryan (profile), 18 May 2011 @ 1:51pm
    
    Re: Re:
    Plus 'encrypted' is great but if you accessed the data via their own API that decrypts the CC info before passing it along for a purchase it doesn't help much. Encrypted HD's are great if your Laptop gets stolen, not so much against a machine that has a legit reason to decrypt the data into memory. After all it has to be 'plain text' to someone at some point or it's useless, but if you WANT one I'll sell you a SUPER secure hash that makes all credit card numbers store as 'x' totally 100% non-reversible :P
    [ link to this | view in chronology ]