The Sony PlayStation
Network (PSN) has had a handful of hacks and incidences since its release in
November of 2006. From jail broken PS3s to a mass intrusion of private
information, but the hacks that took place in April and June of 2011 were two
for the record books. In April, Sony said it discovered that between the 17th
and 19th, an "illegal and unauthorized person"
got access to 77 million PSN users names, addresses, email address, birthdates,
usernames, passwords, logins, security questions and more. At
first, Sony and the rest of the world believed it to be George Hotz, the hacker
that made public instructions on how to jailbreak your PS3. They later found out
that the splinter hacktivist group of Anonymous known as Lulzsec was
responsible by using a DDoS attack on the network, deliberately flooding the
PSN server with traffic causing a loss of income for a company that does
business online. Jake Davis (20), Mustafa Al-Bassam (18), Ryan Ackroyd (26) and
Ryan Cleary (21) from Lulzsec all claimed responsibility and plead guilty. This
hit Sony big time, shutting them down for nearly a month to try to recover at a
cost of about $171.1 million in damages. A few months later, a separate attack
on the PlayStation Network, Sony Online Entertainment and Sony's Qriocity
media-streaming service led to the theft of private data pertaining to more
than 100 million user accounts, including credit-card numbers. All three
services were offline for more than three weeks. Anonymous later came forward
and took credit for the attack, saying that it was unintentional that they
obtained the information of all PSN’s users. Using a basic SQL injection attack to
expose millions users' personal data, 3.5 million digital coupons and 75,000
music codes.
A couple questions that
I ask Sony are: Why were PSN passwords apparently stored in plain,
human-readable text? Why were email addresses, personal details, and credit
card details also stored in unencrypted form? While it might be impossible to
fully prevent unauthorized access to a system, it’s very simple to encrypt data
in a way that both secures user privacy, and makes it almost valueless to any
hacker with an intent to use that information for their own personal gain,
profit or otherwise. Some questions that I have for the hacktivist groups are: Why
make user accounts public? Users aren’t the ones at fault so they shouldn’t be
the ones that are punished. Instead of hacking a big league company like Sony,
why not simply inform them that their security was not as tightly secured as
they claimed it to be? Why was the result of your hacking necessary? If I was
in either of the hacktivist’s shoes; I would probably have the same ideals in
terms of trying to make being online safe for all users. As I mentioned in one
of my questions to the hacktivists, I would simply inform a company that did
business online that the security that they claim to be fool proof, isn’t. I
wouldn’t put any of the users at risk because that isn’t my main goal.
I completely agree with
the moral reason in which the hacktivists hacked Sony to make them aware that
their use of simple security programs to protect tons of valuable information,
was not, in fact, fool proof. However, I strongly disagree with the result in
which the methods used, produced. Morally, it’s a breach of privacy on an
enormous scale. The hacktivists took the Fourth Amendment and twisted it to
have themselves believed they were in the right.
I thought of how many
people might misconstrue the definition of “privacy”, and then I found William
A. Parent (1983). Parent explains that he proposes to defend a view of privacy
that is consistent with ordinary language and does not overlap or confuse the
basic meanings of other fundamental terms. He defines privacy as the “condition
of not having undocumented personal information known or possessed by others”.
Parent stresses that he is defining the condition of privacy, as a moral value
for people who prize individuality and freedom, and not a moral or legal right
to privacy. When I think about how valuable information and privacy are, I
looked up Adam Moore (2003). Moore argues that privacy is objectively valuable;
human beings that do not obtain a certain level of control over access will
suffer in various ways. Moore claims that privacy, like education, health, and
maintaining social relationships, is an essential part of human flourishing or
well-being.
Sources:
No comments:
Post a Comment