My Thoughts on the Sony Data Hack

December 12, 2014 Posted by Tiny

If you read a newspaper, watch the television, surf the internet or probably even have a casual conversation on the street, you’ve probably heard someone’s opinion about the Sony data breach.  I’ve got my own impression.  Want to hear it?

HO HUM!  What’s new?  I’m not surprised.

In October of 2012, I wrote an article titled “Companies I Dislike a Lot“.  One of the companies I mentioned was Sony.  I haven’t changed my mind since then.  With the exception of watching Jeopardy and a few Sony movies, I haven’t put any of my money into their coffers.

This isn’t Sony’s first data problem.  In 2009, George Hotz (the first person to jailbreak the iPhone) announced that he was going to hack the PlayStation 3.  The following year he did so.  Sony retaliated by suing him.  They went so far as to obtain the IP addresses of everyone that visited Hotz’s website.

In response, the hacker group Anonymous sent this warning to Sony:

“Your corrupt business practices are indicative of a corporate philosophy that would deny consumers the right to use products they have paid for and rightfully own, in the manner of their choosing. Perhaps you should alert your customers to the fact that they are apparently only renting your products? In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been ‘renting’ your web domains. Having trodden upon Anonymous’ rights, you must now be trodden on.”

About two weeks later, Anonymous launched an attack on the PlayStation Network.  They shut the network down for 23 days and obtained the personal details of about 77 million PlayStation customers.  Even with advanced warning, Sony didn’t protect their customers.  Doesn’t that seem like a company that doesn’t care?

In the next several months, there were many attacks on Sony servers.  In June of 2011, the hacker group LulzSec broke in to the Sony Pictures servers and obtained private information including passwords, email addresses, home addresses, dates of birth, etc. of over one million customers.  Why did they do it?  This was their statement.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

The hackers said that all of the extremely sensitive data was easy to find and stored in plain text.  Does this sound familiar?  Compare it with the recent hack.  I’ll repeat myself, “HO HUM!  What’s new?  I’m not surprised.”

Why does Sony keep getting hacked?  I think it is for two reasons.  Sony doesn’t care about their customers.  Starting with the DRM rootkit, they have made decisions that are both legally and morally wrong.  Many of these customers are also hackers.  They get upset and retaliate.

Secondly, Sony makes it easy for hackers to hack them.  They obviously have not learned any lessons from previous attacks.  They don’t seem to have done much to fix their security problems.

When I think about the latest Sony hack, my first thought is, “Great.  I still have not forgiven them for putting a root kit on my computers.”  I do feel sorry for all of the Sony employees whose data is readily available for downloading.  They did no wrong.  Too bad that corporate thinks as little of their workers as they do of their customers.

Comments are closed.