Last week Sony officially drew a line under litigation against 21-year-old software hacker George Hotz over a violation of the terms of service on its PlayStation 3 console. Today the company is dealing with the fallout from a six-day service outage on its PlayStation Network (PSN) online gaming service, and the compromising of its entire user base: some 77 million accounts across PSN and the Qriocity music service.
Millions of usernames, passwords, home addresses, dates of birth, credit card numbers could now be in the hands of identity thieves to be openly traded on the black market. Over the coming months a lot of people will be checking their bills for unusual, minute transactions that when added up to the millions, become immensely profitable.
Grand claims
At time of writing no statement has been made claiming responsibility for, the attack, or linking it to any legal procedings, but the timing is more than a little suspicious, and the list of ‘usual suspects’ short.
So what lead to one of the largest consumer technology companies in the world falling prey to the most successful cyberattack in history?
Assuming the George Hotz case and the PSN hack are linked, the story goes back to last February, when the New Jersey-based hacker posted a video on his private YouTube page showing how to jailbreak the firmware on his PlayStation 3, thus enabling it to play pirated and ‘homebrewed’ (made at home) games. Sony’s response was swift. Hotz was issued with a lawsuit for violating the Playstation terms and conditions of use, and sought the IP address of every user who saw the video. Hotz settled with Sony out of court on 31 March, agreeing not to continue jailbreaking any more Sony hardware. Six days later, PSN was attacked by ‘hacktivist’ group Anonymous.
Anonymous, an amorphous collective with no figurehead or spokesperson, issued a statement saying the group would work to destroy the “corrupt stranglehold” the company was maintaining on its intellectual property. To date Anonymous has been involved in so-called ‘distributed denial of service’ (DDoS) attacks against the Church of Scientology; Westboro Baptist Church; and, in one particularly high profile campaign, Amazon, PayPal and Visa over their suspension of services to Wikileaks. A first attack on 6 April was to be followed up by an international sit-in at Sony stores around the world – a protest that failed to materialise as Sony drafted in additional security staff to maintain order. On 17 April the current wave of attacks began.
Magnitude
A cyberattack of such magnitude would certainly be within the abilities of Anonymous, but any success is usually accompanied by a grandiose statement claiming responsibility on behalf of the collective. That Sony has been brought to its knees by a service outage for six days and has exposed it’s entire user base through lack of encryption should be a cause for public celebration for Anonymous, instead the group is conspicuous by its absence. Could this mean the cyberattack worked an awful lot better than it could have imagined?
If so then Anonymous could be about to become a victim of its own success. Causing websites to become unusable by flooding them with bogus traffic is one thing, accessing an entire customer database presents issues of data protection and identity theft that could turn Anonymous from virtuous defenders of individual to an international criminal organisation overnight. The current standing army of keyboard warriors could be on the verge of disbanding.
So, a precocious hacker, an overzealous corporate legal team, a hacktivist collective and an online platform with serious security issues. These could be the elements of the greatest (accidental) identity heist ever.
Subscribers 0
Fans 0
Followers 0
Followers