Hacked to death: Sony faces crunch-time over PSN failures

Saturday, 23 April 2011 20:14 GMT By Patrick Garratt

Sony has been found immature and naive on hacking problems this year, and must address PSN security issues now or face dire consequences.

Sony must demonstrate it is capable of dealing with this situation right now. If these episodes become regular in any way, PSN’s users, core or not, will lose faith in its brand and gravitate elsewhere.

On paper, this was Sony’s year. The hardware manufacturer has its best ever PS3 line-up by some margin, is finally about to snake past 360 on a global level, is gearing up for NGP’s launch in the autumn, and is now dominating Japan. Hirai’s ten-year tree-planting exercise is showing ripe fruit.

But PlayStation’s entire 2011 so far has been marred by a single issue: hacking. It’s a problem faced by all electronics manufacturers, but the manner in which Sony’s responded to a story which has refused to drop out of the headlines since returning from Christmas is now threatening the PlayStation brand itself.

This week marked a significant turn in PlayStation’s 2011 hacking saga, with the American and European PSNs taking offline on Wednesday thanks to “external intrusion”. Services have still not been restored.

While PS3’s battle with hacking had been largely contained to the core community and press in the first quarter of the year, Sony has now allowed the issue to affect its entire audience: it has been forced to deny millions of PSN users a key PlayStation feature over a global holiday, leaving anyone that doesn’t read sites like VG247, or is keen enough on PS3 and PSP to read the PS Blog, with no reason why they can’t play Portal 2 and Mortal Kombat online on their Easter break.

That error message really is ugly. And it’s still there.

So what?

It all started relatively innocuously. PS3 got hacked. The publication of the machine’s root key and a demonstration of the ability to sign code on jailbroken versions of PS3’s Firmware in the New Year were interesting as core stories, but for every, “This is massive,” there was a counter, “So what?”

Without exception, every videogame console gets hacked. It’s par for the course.

The question Sony faced was whether or not it actually mattered. The truth is that the huge majority of under-the-TV console users simply don’t pirate games. Chipping or running illicit OS software is always easy to detect, voids warranties and brings inevitable service-banning. For all but the serious hardcore, it’s just too much effort.

Xbox 360 and Wii were cracked years ago, and if you look at download figures for pirated version of games on those platforms last year, Dante’s Inferno was the most torrented 360 title in 2010 with 1.23 million downloads, while Super Mario Galaxy 2 topped the Wii chart with 1.47 million.

Taking 360’s global install base into account – some 50 million units – that means around 2 percent of 360 owners pirated the most popular illegal game last year. Yes, it’s semi-blind calculator-punching, but the number’s obviously very small.

PC piracy is a far greater issue, as it’s largely devoid of consequences to the user: the PC version of Black Ops was torrented 4.7 million times last year, while it was pirated a significantly smaller 930,000 times on 360.

PS3 was only hacked in January this year, having released in 2006. Instead of showing maturity and restraint, Sony sued George Hotz, the man responsible for the publication of PS3’s root key, and embarked on a ludicrous game of legal headline ping pong that, irrefutably, ended in PR disaster.

While many supported the action against Hotz, many did not. A general feeling that Sony had “gone too far” pervaded comments threads, and Hotz himself proved to be a far stronger individual than Sony surely anticipated.

Sony’s legal team was reduced to spurious accusations of Hotz’s creation of a PSN account he’d told a court didn’t exist – in relation to this, one of Hotz’s neighbours later said he’d lent his PS3 to the hacker – and even went as far as highlighting Hotz’s going on holiday to South America as damaging his case.

While Sony managed to finish the Hotz debacle out of court, tying him down to heavy fines if he eversomuch as looks at a Sony product in anger again, the damage was done.

Sony should never have sued Hotz. It solved nothing. The reasoning applied to taking Hotz to court was similar to that behind “drug wars”. You can’t stop people taking drugs: you just start wars. Some did opine in the case’s aftermath that a clear message had been sent to PS3 hackers, but it would be very easy to argue that Hotz got sued largely because he was so visible.

This should never have happened.

Hotz achieved notoriety by hacking iPhone. Apple didn’t sue him. Jailbreaking iPhones was declared legal in July last year, because, as was constantly thrown up by Sony’s opposition in the PS3-Hotz case, some people want to fiddle with the innards of their personal property.

Sony certainly did send a clear message by suing Hotz: hack PS3 and we’ll sue you, you’ll achieve international infamy and eventually you’ll get away with a “settlement”. Will it stop people trying to hack PS3? Of course not. Will it drive PS3 hackers out of sight? Very probably.

And you can’t sue what you can’t see.

The firm should have step-matched the hackers with Firmware updates – as it showed was possible as the legal case got underway – and strengthened PS3’s security without creating such a nonsensical fuss. Hotz, clearly a stupidly talented kid, said after he’d published PS3’s root key that he wanted to work with the likes of Sony and Microsoft on security: instead of taking the guy to court, why didn’t Sony talk to him?

Had Sony behaved more sensibly we could have avoided Hotz rapping about Sony engaging him in forced, unlubricated anal sex – the worst kind – and the “George of the Jungle” headlines.

There has to be a serious question over Sony’s judgement in the Hotz case.

Regardless, the story was too geeky for the mainstream up to this point. If you’re reading this, you’re probably already familiar with what happened, but dude-who-buys-a-few-games-a-year couldn’t care less. What happened next, though, catapulted the story into the glare of the nationals, and was almost certainly the catalyst for the hack attack that crippled the American and European PlayStation Networks this week.

We are Anonymous

As the Hotz case was winding down, ultra-liberal hacking group Anonymous said it was to target Sony over both the Hotz case and that of Alexander Egorenkov, who’s being sued over his efforts to restore Linux use on PS3, a feature removed from the machine by a Firmware update in March 2010 over “security concerns”.

For the record, the removal of OtherOS has always been Hotz’s stated reason for hacking PS3.

This was terrible news for Sony. While there are those that dismiss Anonymous as some kind of A-level irritation rather than a real force, facts are facts: the group has been responsible for denial of service attacks that have taken down government websites, has been demonstrably involved in recent uprisings in Egypt and Tunisia, and took down MasterCard and Visa’s sites in response to their roles in pressuring Wikileaks’ Julian Assange to stop publishing US government cables last year.

Anonymous targeted PSN, bringing the service down for most of a day in early April. The user backlash online was significant enough to make the group change tack, saying it would no longer aim efforts at PSN, but encouraged sit-in protests at Sony stores, an effort which fell flat.

PSN is an intrinsic part of the current PlayStation offering. It is as much a part of PS3 as the console’s Blu-ray drive.

Anonymous has said it will persist with action, but has denied it had anything to do with this week’s attack. No one outside of Sony and those responsible for the most recent incident knows what happened on Wednesday as yet, but whatever it was forced Sony to take the American and European PlayStation Networks offline and start “re-building” the “system to further strengthen our network infrastructure.”

Let’s read that again: PSN is offline, and we don’t know when it’ll be back up. It is an intrinsic part of the current PlayStation offering. PSN is as much a part of PS3 as the console’s Blu-ray drive.

On a most basic level, the fact PSN has been down the last three days is shocking news for gamers, but let’s not forget that Valve released a bespoke version of Portal 2 specifically tying together PSN and Steam earlier this week, and the PS3 version is now unplayable online. You’d have to expect that Gabe and co may think twice before doing that again.

Taking a broader view, PSN has 75 million accounts and is responsible for safeguarding the personal information and credit card details of users all over the world. The implications to a completely unknown hacker or group of hackers – whether a splinter of Anonymous, as some have suggested, or not – waltzing around PSN to such a degree that Sony has to take it offline for the best part of a week, will be casting a long shadow over Mr Hirai’s office tonight.

Sony’s escalation of its war on hacking could potentially threaten not only Sony’s ability to cut content deals, but, in a nightmare scenario, may compromise personal information of its millions of users.

Sony must demonstrate it is capable of dealing with this situation right now. If these episodes become regular in any way, PSN’s users, core or not, will lose faith in its brand and gravitate elsewhere. PSN must be robust enough to withstand external influences, whatever they are.

We can only hope we soon see an apparently hopelessly naive Sony make good on what is, in reality, a disaster for PS3. Services are founded on trust, something Sony now has to work hard to rebuild.