Mon, Apr 25, 2011 | 09:55 BST

Hacked to death: Sony faces crunch-time over PSN failures

Sony has been found immature and naive on hacking problems this year, and must address PSN security issues now or face dire consequences.

Sony must demonstrate it is capable of dealing with this situation right now. If these episodes become regular in any way, PSN’s users, core or not, will lose faith in its brand and gravitate elsewhere.

On paper, this was Sony’s year. The hardware manufacturer has its best ever PS3 line-up by some margin, is finally about to snake past 360 on a global level, is gearing up for NGP’s launch in the autumn, and is now dominating Japan. Hirai’s ten-year tree-planting exercise is showing ripe fruit.

But PlayStation’s entire 2011 so far has been marred by a single issue: hacking. It’s a problem faced by all electronics manufacturers, but the manner in which Sony’s responded to a story which has refused to drop out of the headlines since returning from Christmas is now threatening the PlayStation brand itself.

This week marked a significant turn in PlayStation’s 2011 hacking saga, with the American and European PSNs taking offline on Wednesday thanks to “external intrusion”. Services have still not been restored.

While PS3’s battle with hacking had been largely contained to the core community and press in the first quarter of the year, Sony has now allowed the issue to affect its entire audience: it has been forced to deny millions of PSN users a key PlayStation feature over a global holiday, leaving anyone that doesn’t read sites like VG247, or is keen enough on PS3 and PSP to read the PS Blog, with no reason why they can’t play Portal 2 and Mortal Kombat online on their Easter break.

That error message really is ugly. And it’s still there.

So what?

It all started relatively innocuously. PS3 got hacked. The publication of the machine’s root key and a demonstration of the ability to sign code on jailbroken versions of PS3’s Firmware in the New Year were interesting as core stories, but for every, “This is massive,” there was a counter, “So what?”

Without exception, every videogame console gets hacked. It’s par for the course.

The question Sony faced was whether or not it actually mattered. The truth is that the huge majority of under-the-TV console users simply don’t pirate games. Chipping or running illicit OS software is always easy to detect, voids warranties and brings inevitable service-banning. For all but the serious hardcore, it’s just too much effort.

Xbox 360 and Wii were cracked years ago, and if you look at download figures for pirated version of games on those platforms last year, Dante’s Inferno was the most torrented 360 title in 2010 with 1.23 million downloads, while Super Mario Galaxy 2 topped the Wii chart with 1.47 million.

Taking 360’s global install base into account – some 50 million units – that means around 2 percent of 360 owners pirated the most popular illegal game last year. Yes, it’s semi-blind calculator-punching, but the number’s obviously very small.

PC piracy is a far greater issue, as it’s largely devoid of consequences to the user: the PC version of Black Ops was torrented 4.7 million times last year, while it was pirated a significantly smaller 930,000 times on 360.

PS3 was only hacked in January this year, having released in 2006. Instead of showing maturity and restraint, Sony sued George Hotz, the man responsible for the publication of PS3’s root key, and embarked on a ludicrous game of legal headline ping pong that, irrefutably, ended in PR disaster.

While many supported the action against Hotz, many did not. A general feeling that Sony had “gone too far” pervaded comments threads, and Hotz himself proved to be a far stronger individual than Sony surely anticipated.

Sony’s legal team was reduced to spurious accusations of Hotz’s creation of a PSN account he’d told a court didn’t exist – in relation to this, one of Hotz’s neighbours later said he’d lent his PS3 to the hacker – and even went as far as highlighting Hotz’s going on holiday to South America as damaging his case.

While Sony managed to finish the Hotz debacle out of court, tying him down to heavy fines if he eversomuch as looks at a Sony product in anger again, the damage was done.

Sony should never have sued Hotz. It solved nothing. The reasoning applied to taking Hotz to court was similar to that behind “drug wars”. You can’t stop people taking drugs: you just start wars. Some did opine in the case’s aftermath that a clear message had been sent to PS3 hackers, but it would be very easy to argue that Hotz got sued largely because he was so visible.

This should never have happened.

Hotz achieved notoriety by hacking iPhone. Apple didn’t sue him. Jailbreaking iPhones was declared legal in July last year, because, as was constantly thrown up by Sony’s opposition in the PS3-Hotz case, some people want to fiddle with the innards of their personal property.

Sony certainly did send a clear message by suing Hotz: hack PS3 and we’ll sue you, you’ll achieve international infamy and eventually you’ll get away with a “settlement”. Will it stop people trying to hack PS3? Of course not. Will it drive PS3 hackers out of sight? Very probably.

And you can’t sue what you can’t see.

The firm should have step-matched the hackers with Firmware updates – as it showed was possible as the legal case got underway – and strengthened PS3’s security without creating such a nonsensical fuss. Hotz, clearly a stupidly talented kid, said after he’d published PS3’s root key that he wanted to work with the likes of Sony and Microsoft on security: instead of taking the guy to court, why didn’t Sony talk to him?

Had Sony behaved more sensibly we could have avoided Hotz rapping about Sony engaging him in forced, unlubricated anal sex – the worst kind – and the “George of the Jungle” headlines.

There has to be a serious question over Sony’s judgement in the Hotz case.

Regardless, the story was too geeky for the mainstream up to this point. If you’re reading this, you’re probably already familiar with what happened, but dude-who-buys-a-few-games-a-year couldn’t care less. What happened next, though, catapulted the story into the glare of the nationals, and was almost certainly the catalyst for the hack attack that crippled the American and European PlayStation Networks this week.

We are Anonymous

As the Hotz case was winding down, ultra-liberal hacking group Anonymous said it was to target Sony over both the Hotz case and that of Alexander Egorenkov, who’s being sued over his efforts to restore Linux use on PS3, a feature removed from the machine by a Firmware update in March 2010 over “security concerns”.

For the record, the removal of OtherOS has always been Hotz’s stated reason for hacking PS3.

This was terrible news for Sony. While there are those that dismiss Anonymous as some kind of A-level irritation rather than a real force, facts are facts: the group has been responsible for denial of service attacks that have taken down government websites, has been demonstrably involved in recent uprisings in Egypt and Tunisia, and took down MasterCard and Visa’s sites in response to their roles in pressuring Wikileaks’ Julian Assange to stop publishing US government cables last year.

Anonymous targeted PSN, bringing the service down for most of a day in early April. The user backlash online was significant enough to make the group change tack, saying it would no longer aim efforts at PSN, but encouraged sit-in protests at Sony stores, an effort which fell flat.

PSN is an intrinsic part of the current PlayStation offering. It is as much a part of PS3 as the console’s Blu-ray drive.

Anonymous has said it will persist with action, but has denied it had anything to do with this week’s attack. No one outside of Sony and those responsible for the most recent incident knows what happened on Wednesday as yet, but whatever it was forced Sony to take the American and European PlayStation Networks offline and start “re-building” the “system to further strengthen our network infrastructure.”

Let’s read that again: PSN is offline, and we don’t know when it’ll be back up. It is an intrinsic part of the current PlayStation offering. PSN is as much a part of PS3 as the console’s Blu-ray drive.

On a most basic level, the fact PSN has been down the last three days is shocking news for gamers, but let’s not forget that Valve released a bespoke version of Portal 2 specifically tying together PSN and Steam earlier this week, and the PS3 version is now unplayable online. You’d have to expect that Gabe and co may think twice before doing that again.

Taking a broader view, PSN has 75 million accounts and is responsible for safeguarding the personal information and credit card details of users all over the world. The implications to a completely unknown hacker or group of hackers – whether a splinter of Anonymous, as some have suggested, or not – waltzing around PSN to such a degree that Sony has to take it offline for the best part of a week, will be casting a long shadow over Mr Hirai’s office tonight.

Sony’s escalation of its war on hacking could potentially threaten not only Sony’s ability to cut content deals, but, in a nightmare scenario, may compromise personal information of its millions of users.

We can only hope we soon see an apparently hopelessly naive Sony make good on what is, in reality, a disaster for PS3. Services are founded on trust, something Sony now has to work hard to rebuild.

183 comments

Older Comments

#151

SplatteredHouse
24/04/11, 6:16 pm

Because, step-matching the “hackers” worked really effectively for Nintendo, to tackle the Freeloader! They had to address the root cause and ensure that the loophole was no longer available, to invalidate that software. That took time, and it was done in response, a reaction to events.

If you’re so critical of Sony’s handling of the GeoHotz situation, that you’re recommending they award that guy a paid position – what kind of message is that going to send? Let’s also not forget that these step-matching firmwares are going to need to be regular releases to keep up with the challenge-hunters that would latch on to a new one of those, maybe even with more fervor than Hotz followers did.

Keep altering the firmware, and that will invite more room for error, and incompatibility snags that damage and even brick systems. If the engineers are spending all their time iterating that only exacerbates the danger…

Alternatively, you take the whole lot down, as Sony’s done. There’s a vulnerability logged and identified. No iteration, but instead go for a mk. 2 where that problem is addressed and everything’s back to a foundation again, to build from anew.
Sony CAN get a silver lining from this brooding dark cloud, but it’ll be on the strength of their: communication/(re)action/assurances as to how their future’s going to go. This needs to be fully addressed and gone by E3, or it’ll severely dog their conference and affect confidence going forward, is my assumption.

#152

DSB
24/04/11, 7:09 pm

@151 Really man, that’s the biggest copout yet.

Microsoft have managed to limit the effects, Nintendo have managed to limit the effects, and Apple are pretty much just ignoring it, and making sure people have to jailbreak their stuff all over again every time they release an update.

The only way updating your firmware breaks anything, is if you’re too incompetent to adequately meet that challenge, which really shouldn’t be the case for a global online business in Sonys league. You’re expected to, by everyone from the board to your very customers, to have people who are at least as competent as a bunch of selftaught cracking artists.

Seriously, that’s an extremely thin argument. Updating and improving your software, and having the right people for the job, should be a fact of life for anyone with a persistent online service.

Nobody gets to keep their software free from mischief these days. Sooner or later, a Geohot is going to come along. That’s been the case with every single product in the history of mankind, from the A-bomb to the Playstation Network. Reverse engineering is 100% assured. All you can do is be ready for it, and make sure you limit the impact it has on your business.

#153

Christopher Jack
24/04/11, 7:23 pm

@152, You seem to underestimate the scale of this impact GeoHot caused & the publicity from sites like this have multiplied that effect 100s of times over.
Sony isn’t turning off PSN to prevent jailbreakers, they’re doing this because hackers have infiltrated secure & important information that can affect the end user-us!

#154

DSB
24/04/11, 7:28 pm

@153 Ask Microsoft, Nintendo or Apple about the impact.

Piracy is a fact of life, and it can be limited in various ways. What Nintendo are doing with the DS for example is to try and hit the pirate networks, the people actively doing damage, rather than the guys who simply figured out their secrets. That’s a battle where they can make a difference, as opposed to simply punishing a guy who figured out their system, purely for the sake of punishing him.

Going after Geohot after the fact just ensures that he’ll be extremely popular, and the damage he did to Sony vastly exagerated. By Sony themselves, no less.

The publicity is disastrous, but Sony won’t be a less succesful company as a result of this. They’ve just managed to humiliate themselves, and made sure that this drags out longer than it ever should.

#155

Hunam
24/04/11, 7:55 pm

155 posts including mine. I guess when PSN goes down you guys just climb the walls eh?

#156

gomersoul
24/04/11, 7:56 pm

5 words… what a load of bollocks! chill out guys, it’ll be back on soon, then we’ll all forget about this

#157

Christopher Jack
24/04/11, 8:09 pm

@154, This security breach has nothing to do about piracy, piracy is one of the smaller reasons why Sony is pissed, the main reason is that the PS3 is open for hackers to cause havoc no longer limited to the PS3 itself but PSN as well.

#158

DSB
24/04/11, 8:26 pm

@157 Could you elaborate on that? I don’t know the first thing about programming.

What I’ve been able to read about root keys and certificates, it seems to me like there’d be several other layers of security. Obviously though, if someone opens the door to something you’d rather keep shut, then you have to retweak your systems to accomodate that.

#159

osufan21
24/04/11, 9:17 pm

Gamers (Hardcore) dont forget about things like these, expect a damaged reputation after all this is over Sony. Looking on the bright side of things maybe us gamers will get In-Game Chat. Which for you guys know is the majorly anticpated, rumored and wanted update from “hardcore gamers” since the 2008 in-game XMB update. Only time will tell guys

#160

Gekidami
24/04/11, 9:22 pm

^ Except gamers dont blame Sony, so its not their rep getting damaged.

#161

Phoenixblight
24/04/11, 9:35 pm

@159

You would be surprised to know this but “hardcore” gamers as those that play for more than the majority of players only make up less than 5%. So Yay for Sony ruining their rep for 5% of their players?

#162

Kabby
24/04/11, 9:53 pm

At least Pat has given you all something to do while PSN is down.
The extra traffic is only a bonus.

#163

Mike
24/04/11, 9:55 pm

Gamers do blame Sony. Anyone with a brain would blame Sony.

#164

osufan21
24/04/11, 10:02 pm

I am only saying that this current state of PSN is not good for Sony. Do you understand 160 and 161? It cannot be a good place to be in despite if its Sony’s fault or not. Just for the record, I was not implying it was Sony’s fault to begin with and you both must also realize PSN is Sony’s network and Sony must take some responsibily on some level whether it be big or small. Also I included Future Course of Action from Sony in my previous statment of a Damaged Rep.

Keep in mind that the 5% of Gamers purchasae a lot of games, DLC and indulge in Pre-Order options. Also many of the 5% youre referring to have many online and local friends, discussions amongst themselves have taken place definitely. The 5% is more crucial than you think, dont doubt such a small number. The hardcore gamers matter and deserve to be represented not by a number but for what they do to the industry, good and bad.

#165

Christopher Jack
24/04/11, 10:06 pm

@163, I didn’t realize that Sony were attacking their own system. This would be standard security protocol & if Sony didn’t act now, these malicious hackers could have done some serious damage to several users.

#166

Phoenixblight
24/04/11, 10:15 pm

@164

“Keep in mind that the 5% of Gamers purchasae a lot of games, DLC and indulge in Pre-Order options. Also many of the 5% youre referring to have many online and local friends, discussions amongst themselves have taken place definitely. The 5% is more crucial than you think, dont doubt such a small number. The hardcore gamers matter and deserve to be represented not by a number but for what they do to the industry, good and bad.”

Uh huh Nintendo, Zynga, DS would like to have a word with you. If you stuck your head outside or have done some research you would see that what you’re saying is complete BS. You would like to think hardcore gamers matter but if this was so why is industry broadening itself to the casuals and to people who have never played before. That is just so weird if the hardcore are their focus.

Believe what you want but the research is there majority of the games bought are rated E, the average gamer both male and female (75%) put in 6-7 hours a week into gaming. 5% (hardcore) No mater how many games, dlc they buy can never equal (75%)

Information is out there just have to look for it.

http://www.escapistmagazine.com/articles/view/issues/issue_110/1344-The-Future-of-PC-Gaming-Isnt-You

“WildTangent CEO Alex St. John is of the opinion that casual gaming is “unequivocally today.” He estimates the U.S. has about 2 million hardcore gamers compared to 143 million casual. “Over 90 percent of games are sold to people who are not young male gamers,” he says. “Hardcore gamers aren’t even the primary customers for traditionally hardcore games anymore”

#167

osufan21
24/04/11, 10:43 pm

#168

DSB
24/04/11, 10:50 pm

Honestly, hardcore gamer is the stupidest term ever.

Not even hardcore gamers know what makes them hardcore, beyond the fact that it sounds better than nerd. It doesn’t exactly become easier to take it seriously when you see people like Wildtangent CEO Alex St. John (Who?!) claiming that he can somehow deduce the hardcore gamer from some kind of profile of age, gender and location.

I wish people would put that crap to rest.

You are not your collection of Razer peripherals.

If you’re so insecure that you have to somehow desperately make yourself stand out from people who do the exact same thing as you in a different way, then get help, don’t start inventing funny titles for it.

Maybe I should join in the fun. How does Gamesmaster General sound? Is that a cool title? What about Original Gamester? Kinda like gangster, but with games. OG, dawg!

#169

Phoenixblight
24/04/11, 10:55 pm

@168

I couldn’t agree more. Organizations and corporations find the “hardcore” to be those that spend a lot more hours playing video games then the majority of gamers.

#170

furby
24/04/11, 11:00 pm

@163. Well, actually, people like you – what with their years and years of trolling and blaming Sony, posting anti-Sony bullshit, always trying to make a mountain from a molehill and tirelessly banging the pro-360 drum on this site and all over Eurogamer..

..yeah, those sorts of people would definitely blame Sony. Because that’s their stock response to anything: Blame Sony.

Fortunately, there’s less and less of saddos like you around, still believing that it’s 2006 and looking more and more ridiculous as you bury your head deeper and deeper in the sand. But when you’ve invested years and years and years bad-mouthing a company I guess you just have to keep blindly carrying on no matter how sad you look doing it.

Funny how you can always be relied to crawl out from under your bridge when there’s a bold ‘blame Sony’ or ‘praise Microsoft’ article ain’t it?

Folks like you need to big this sort of thing up as much as you possibly can. Make it sound like it’s the end of the world so you can keep repeating that 2006 “Sony are doomed” mantra you’re still hoping will come true.

#171

Alakratt
24/04/11, 11:31 pm

what a surprise! that ms-loving-douchebag O’Connor is back…just with a different name….anyone care to guess who he is?

#172

Ireland Michael
25/04/11, 12:10 am

@171 Uuh.. I’m right here. *waves*

I’ve had this username since the day of the site relaunch, and everyone (and I do mean everyone) that’s a regular here knows that its me. Nobody needs to guess, because everyone already know.

O’Connor. Irish surname. Michael. It’s not exactly rocket science.

Microsoft loving? What the fuck are you on about? I’ve been on Sony’s side in this whole Anonymous thing since the beginning.

Man, I laugh every time someone calls me a Microsoft fanboy.

I guess I better stop playing LittleBigPlanet 2 so much. And cancel my PlayStation Plus subscriptions while I’m at it. Wouldn’t want to give people the wrong idea, now would I? Hahahaha!

Whatever you’re smoking mate, please pass it over. It must be awesome.

#173

Kuwabara
25/04/11, 12:41 am

lol, christopher jack, you’re a stupid jew/atheist . Are you too dumb to understand what the easter period means to christians? we dont care about the easter bunny!!

#174

Dark
25/04/11, 12:48 am

173 Comments?? really??

#175

Phoenixblight
25/04/11, 1:22 am

@173

Way to prove how much of a Christian you really are. You must be that Westboro type you know the ones that call people names and protest at funerals….

What happened to turn the other cheek?

#176

DSB
25/04/11, 1:34 am

Well, you either turn the other cheek or you rip a guys eye out, depending on where you choose to look. It’s so gosh darn convenient like that.

#177

Alakratt
25/04/11, 1:49 am

@172

Oh, it’s gooood, very good. Mistook you for somebody else, sorry dude my bad.

#178

Ireland Michael
25/04/11, 2:04 am

@177 “sorry dude my bad.”

“that ms-loving-douchebag O’Connor”