The Sony PlayStation
Network (PSN) has had a handful of hacks and incidences since its release in November
of 2006 from jail broken PS3s to a mass intrusion of privacy, but the hacks
that took place in April and June of 2011 were two for the record books. In
April, Sony said it discovered that between the 17th and 19th, an "illegal and unauthorized person"
got access to 77 million PSN users names, addresses, email address, birthdates,
usernames, passwords, logins, security questions and more. At
first, Sony and the rest of the world believed it to be George Hotz, the hacker
that made public instructions on how to jailbreak your PS3. Come to find out
that the splinter hacktivist group of Anonymous known as Lulzsec was
responsible by using a DDoS attack on the network, deliberately flooding the
PSN server with traffic causing a loss of income for a company that does
business online. Jake Davis (20), Mustafa Al-Bassam (18), Ryan Ackroyd (26) and
Ryan Cleary (21) from Lulzsec all claimed responsibility and plead guilty. This
hit Sony big time, shutting them down for nearly a month to try to recover and
costing just about $171.1 million in damages. A few months later, a separate
attack on the PlayStation Network, Sony Online Entertainment and Sony's
Qriocity media-streaming service led to the theft of private data pertaining to
more than 100 million user accounts, including credit-card numbers. All three
services were offline for more than three weeks. Anonymous later came forward
and took credit for the attack, saying that it was unintentional that they
obtained the information of all PSN’s users. Using a basic SQL injection attack to
expose millions users' personal data, 3.5 million digital coupons and 75,000
music codes.
A couple questions that
I ask Sony are:
- Why were PSN passwords apparently stored in plain, human-readable text?
- Why were email addresses, personal details, and credit card details also stored in unencrypted form?
While it might be
impossible to fully prevent unauthorized access to a system, it’s very simple
to encrypt data in a way that both secures user privacy, and makes it almost
valueless to any hacker with an intent to use that information for their own
personal gain, profit or otherwise.
Some questions that I have
for the hacktivist groups are:
- Why make user accounts public? Users aren’t the ones at fault so they shouldn’t be the ones that are punished.
- Instead of hacking a big league company like Sony, why not simply inform them that their security was not as tightly secured as they claimed it to be? Why was the result of your hacking necessary?
I
was in either of the hacktivist’s shoes, I would probably have the same ideals
in terms of trying to make being online safe for all users. As I mentioned in
one of my questions to the hacktivists, I would simply inform a company that
did business online that the security that they claim to be fool proof, isn’t. I
wouldn’t put any of the users at risk because that isn’t my goal.
Sources:
Very interesting! I didn't see a place in this post where you situated the moral philosophy ideas in the context of other philosophers. Don't forget that the guidelines advise you to do that!
ReplyDeleteStrength/Insight/Improvement
ReplyDeleteThis one of my favorite topics so far, as a video game fan, I remember this accident, but thanks to you I know know more about it.
Like Monica said as improvement just support your opinion with philosophers that value to right of privacy.
Great intro, but what is the moral point of view, is it who is to blame? Maybe make that clearer and then back it up by the philosopher's point of view.
ReplyDeleteThis is a very interesting topic, I had heard about it but didn't really know the details and what actually happened, you did a great job describing the case, telling us what happened, who was involved and what was compromised.
ReplyDeleteTo improve your post, I would suggest, use philosopher to back up your ideas, and also like Mzqueen Green said, be more specific on what your point of view is
Very well explained case! Maybe your moral point of view can come from the hackers intention. Then add on with your point of view and philosopher's moral views.
ReplyDelete