Sony’s been hacked again. People seem surprised by this.
There are two things in play here. First, at any large company, aside from Apple (and that’s debatable), security is terrible. Just think about the things that have the most competitive advantage for companies: product announcements. Everybody already knows every product that HP, Dell, AMD, Intel, Palm, Sun, etc., will release in the next six months. Any project you don’t know about is because it’s not cool enough for anyone to actually care, not because some security officer is blacking out product references from documents. And if companies don’t really care about their own data, they certainly don’t care about their customers’.
And if you’re a good developer, you’re probably absolutely frightened at a few of the other people on your own team in your own company, and it only takes one bad apple to write a SQL injection. So the fact that Sony has an effectively infinite amount of vulnerable systems shouldn’t surprise absolutely anyone.
What’s different about Sony is that you have a large group of really talented people hell-bent on driving it into the ground, and a lot of equally talented people who have declined to take contracting positions there and just want to watch the thing burn.
What Sony did, in case you’ve been out of the loop, is they sued a guy named George Hotz, who is basically responsible for publishing some papers that let people reprogram the PS3s that they legally purchased to do things other than play video games in a way that wasn’t possible before. Sony, for a lot of reasons that are sort of irrelevant, didn’t want people to have this kind of access to their own equipment, and so they launched the legal machine to drive this guy into the ground.
The problem with this is that a lot of really smart computer guys think messing around on hardware you own is a moral right, and they believe this with about the same fervor that orthodox Jews observe the Sabbath. This isn’t the article for a reasoned discussion of the issue, but by way of explanation a lot of computer guys got their start tinkering around with their own hardware, so for a lot of people this is a very personal issue, an experience that changed their lives even, and is viewed as an attack on the profession. There’s also some anger directed at the legal process in general because Hotz settled the case due to financial costs, leaving what a lot of people believe an important legal issue in a bit of a grey area. There’s a very strong perception that “might made right” in this situation, and Sony was able to steamroll over something that’s a deeply held (or even quasi-religious) belief about human rights.
And so while all that’s been playing out, a lot of people have decided to fight fire with fire. Sony has the high-priced lawyers, sure, and they can drive Hotz into the ground. But “might makes right” doesn’t just operate on a legal plane, it operates on a technical one too. I’m not condoning what these hackers are doing, but I understand the ethical reasoning–the polite, civilized methods for achieving justice have failed. The only reaction you can have is apathy or agression. Sony has the lawyers and papers, the hackers have the bytes and the ion cannons. Looks like a pretty fair fight to me.
People on Reddit and HN are arguing that the hackers attempting to justify their actions are analogous to trying to justify rape. Not even close. The hacking is technically wrong, of course, in the same way that scratching the guy’s car who has double-parked is technically wrong. But it’s not exactly the crime of the century, is it? Even considering the consumer data that’s been “leaked” as a result of these attacks, blaming the criminals for that is like blaming a guy for stealing your Ferrari after you left the key in the ignition. Sure, the thief shouldn’t have taken it, but it’s a pretty forseeable consequence on your part, isn’t it? If you study the ways these attacks have been carried out, they require about the same level of technical ingenuity as our lucky car thief who checked your ignition for the key. We’re not talking about an MI-6 level of operation here, we’re talking about a heist your twelve-year-old could pull off.
And if you don’t like that argument, consider that Sony is singlehandedly responsible for hacking more computers and leaving more consumer data exposed during the whole rootkit fiasco than Anon could ever hope to be. Again, I’m not trying to completely excuse the hackers, I’m just saying let’s make sure we get the body count right when we discuss the finer ethical points of this issue. Anon has taken down PSN for a few weeks. I’ll just put that over here, right next to the… 5 million copies of malware Sony sold to consumers as music. Just so we don’t forget, while we’re discussing the Ferrari heist of the century, who the real criminals are.