idealty (User)

  • Trainee
  • 5 bubbles
  • 5 in CRank
  • Score: 1950
""

Hacking Game Companies: Who is to Blame?

idealty | 1185d ago
User blog

April 17th 2011, a day that will live in infamy in gaming history. Of course, this is the date that the Sony Playstation Netowrk (PSN) was first taken down due to unauthorized intrusion on the PSN servers from hackers. This event had two significant consequences: first it prevented nearly 50 million PS3 and 70 million PSP owners from accessing any of the network features of their respective systems (i.e online play, playstation e-store, trophy syncing, etc), and second it exposed over 100 millions user accounts to hackers including emails, passwords, usernames, download history, and credit card credentials. Naturally, panic insued more so because hardcore fans could not fathom life without being able to sync their trophies to watch their trophy level increase or get online with their buddies for nearly a full month. In all seriousness, it was one of the largest hacker events in the internet age and something that has cost Sony dearly in terms of customer confidence, money, time, and momentum.

As unfortunate as all this was for fans, developers, and Sony what really struck me was that most people seemed to actually put the blame for all of this on Sony for not doing enough to protect the confidential information of the users and for taking too long to inform the users on the breach. While browsing numerous game sites and forums during the network outage, it wasn't uncommon to see talk like "I'm never buying a Sony product ever again!", "I'm not going to buy the new PSP when it comes out because it will still be on PSN", "I've sold my PS3 and moved to Xbox", "I will never trust Sony again", "Sony screwed up big time" etc. In my opinion, to draw conclusions like that sound naive, immature, and ignorant of the real issue. The real issue of course is that the Internet is not secure in any sense and you should never blindly trust Sony or any other company with your confidential information on any network.

I've always contended that to blame Sony (or any other victim of a hacking attack) for allowing themselves to be hacked is analogous to blaming a robbery victim for letting the burglar get into the house. The key point is the same in both scenarios: there is no such thing as complete 100% protection against intrusion. Throughout history, people have been victims to robbery whether they had a wooden door with no locks or a 10 ton safe protecting their assets. The reason for this is simple: if the person(s) committing the robbery is dedicated enough to the task and given adequate resources, there is always a way of working around any security measure. Security mechanisms are intrinsically made to be broken because there is always at least one party who should have access to the protected content. Thus for every lock out there, there is a key somewhere. For every encryption algorithm, there is an encryption key. The best thing the victim can do is not make it easy for them. Use a metal door with deadbolts instead of a wooden door without locks. Invest in an alarm to accelerate notification and potential recovery. But there is no guaranteed security for anything.

So did Sony make it easy for the hackers to access the personal information of over 100 millions customers? Well it couldn't have been too easy given that PSN debuted back in 2006 when the PS3 was released and was not hacked for over 4 years. In fact, among gaming companies and hardware, Sony's PS3 was the only system to not have been hacked as of end of 2010. Then of course, the PS3 master key was finally broken opening the flood gates for hackers in December 2010. By that time, both the Xbox360 and Wii hardware had long been hacked and Xbox live has been victim to intrusion on more than one occasion. Let's not even put the words "security" and ipod, ipad, or PC in the same sentence. So I would argue that Sony has been relatively secure for quite some time and has arguably increased the target on themselves with some questionable decisions (i.e removing otherOS). But at the end of the day, let's not confuse what this is: this was not a high school student playing around who happened to stumble upon the database of the PSN and its users accidentally (that would be making it easy). This was a concentrated, sophisticated, and deliberate attack on Sony that could have honestly happened to any of the large gaming or tech companies out there. Think of this attack as more like the Ocean series or the Italian Job instead of the apartment robbery seen on your local news.

If I was being rash with my thinking that this attack could have happened to anyone, the last few weeks have proven me correct. The list of just gaming companies that have been victims to cyber attacks in just the past few weeks since the PSN attack include (but not limited to)

Codemasters (DIRT series)
Bethesada (Brink, Fallout)
Eidos (Tomb Raider)
Epic (Unreal engine, Gears of War)
Sega (Sonic)
Nintendo (Mario)
Mircosoft (Xbox)
Square Enix (Final Fantasy)
Bioware (Mass Effect)

So again nobody is safe from these coordinated and determined attacks. So tell me, are each of these companies to blame just as Sony was for the PSN hack?

http://uk.ibtimes.com/artic...

Solid_Dave  +   1185d ago
I think its Skynet. Look out John Conner!
TheComedian  +   1183d ago
God...
JellyJelly  +   1183d ago
The hackers?
gunnar2906  +   1183d ago
absolutely agree
Pillville  +   1183d ago
This is the way I see it (just an OPINION!):

Your money is in a Bank ABC.

Someone on the internet posts that they found out that Bank ABC uses a safe that is easily broken into, and that they plan on braking into it.

Bank ABC does nothing.

Bank ABC gets broken into.

You go to Bank ABC to take some money out, only to realize that it is closed because of the brake in, and they don't know what was taken.

Who do you blame?
The answer: BOTH

Put the criminals in jail, and find a different bank.
idealty  +   1183d ago
Fair point Pillville. Part of the problem is that the core issue really isn't with the bank itself in that case, but with the system.

I think at some subconscious level a person want's to feel that their asset is safe and cannot be stolen. But the system is flawed in such a way that ALL banks are vulnerable to intrustion. In the same way, all networks systems and databases are vulnerable. So abandoning the bank or platform may not really be solving anything.

You mentioned blaming the bank and the criminal but neglected to put some of responsbility on yourself. One should never completely trust any entity (bank, company, etc) with their assets and everyone should accept that as soon as you trust your assest to that entity, it is at risk. From there take whatever measures you need to for yourself to mitigate the risk (i.e credit monitoring, changing passwords, etc)
Hicken  +   1181d ago
I think this is a silly question, and for one reason: whatever it is, it can be broken into.

Sony- or any company, for that matter- could have the best security in the history of the world. Leonidas and his 300 could be manning the gates; eventually, they would fail.

Trust, however, is earned as that defense succeeds: an impenetrable defense gains notoriety as attacks against it fail. As such, the trust placed in that defense is warranted, despite the logic that what is being defended is at risk(here, though, you could argue that everything is always at risk, whether you entrust its safety to another, or to yourself; you generally give something to another for safekeeping because it is safer there than with yourself).

After years of no issues, and the successful safe handling of tens of millions of accounts, Sony had gained that trust(the actual strength of the security is irrelevant; a small country with 100 troops and two nukes is as secure as a country with hundreds of thousands of soldiers and thousands of nuclear missiles, as the threat of said missiles being used still effectively keeps danger at bay). That they defense was breached is lamentable, but inevitable.

Who to blame, then? Yes, you are responsible for placing your information in their hands. And yes, they are responsible for securing that information. But, when it comes to hacking, only the hacker is responsible for that action. You cannot be blamed, because you cannot control the hacker. Sony cannot be blamed, because Sony does not control the hacker. Both you and Sony could have taken more measure to ensure the safety of your information, but the final decision was and is with the hacker.

That is the only REAL place the blame should lie. We do not (or should not, as it's been said in public far too many times, and is an abhorrent thought) blame a rape victim for being raped. We do not blame the murdered for being killed. These are extremes, but the basics hold true: the victim of a crime should not be blamed for the commission of that crime, as only the criminal was truly capable of preventing the event.

Add comment

You need to be registered to add comments. Register here or login
Remember