I find it hard to support hackers when their crimes chiefly affect innocent customers.

Legitimately lol'ed here. Thanks.

EDIT: Are they really called Lulzsec? :rofl: They do this for the lulz!

I always thought most of these hackers were actually people who worked for computer companies, not some kid with some hacking tools at his disposal.

http://www.escapistmagazine.com/videos/view/extra-credits/3350-Anonymous - by Extra Credit.

Please at least watch this before someone drowns in your ignorance, please.

:rofl: I thought I was gonna be the only one to catch that.

Also, hackers do svck, even if they are just normal people. They could be cool about it and teach Sony a lesson without stealing personal info from its customers. But no, they are simply criminals.

Just to clarify, although it's been clarified already so I'll just go ahead and be the redundant one today, the difference in definition of a hacker, and what isn't.

free lance security systems anolyst.. is a hacker. A legit one, working for his company to keep his company safe.

a hacker. Does the same, but from an idealistic motif, that companies should have secure systems, end punt. Often moonlights as the above. aka a white-hat (from old westerns where the good guys wore white hats)

gray hats. The above, but with less morals...

cyber criminal. Someone who possesses computer knowledge -usually through earlier training, and uses their knowledge to further their criminal enterprises. These are the scum wads.

script kiddies... not really worth mentioning, more game hacking, some online game cheating and stuff, but nothing on the scale of the PSN attack.

I think Lulzsec also hacked the PBS website. There was an article about it in the WSJ a few days ago. Apparently the hackers replaced the webpage with a picture of Nyan-cat and the text "all your bases are belong to lulzsec".

From what I recall, a hacker was originally a coder who wasn't afraid to use some unorthodox solutions to programming problems; they took exception to the term being applied to people who break into systems who they say should be referred to as "crackers". But even speaking as one who's been referred to in the former sense, I still tend to think of hackers as those who cause security problems.

Most self-styled hackers are script-kiddies though. I've seen the results of such people breaking into computers and the evidence of their cluelessness is almost more amusing than annoying.

My statement was hackers in general are not criminals, which is an undeniable fact. People act as if all hackers are bad guys, which is just not the case. What these guys did was wrong, though not nearly as bad as what they could have done if they were evil criminals (in case you, like many other people in this thread didn't read up on what exactly went down: they released only a portion of the information they purportedly were able to take to draw attention to Sony's weak security practices).


As I said earlier: if the company I work for followed these practices I'd be fired, my boss would pay hefty fines, and probably lose his license. What happens to Sony? Nothing. Not only does nothing happen, but they do nothing about it. After the initial hack they got hacked again multiple times because they didn't improve their security after being shown how abysmal it was. Sony isn't the victim here, the customers of Sony are. Sony should be obligated to protecting their information, which they are doing a piss poor job at doing. So, yes, this is Sony's own fault and they should pay for it. I'm hoping some of the lawsuits against Sony win, so that way some retribution for the real victims manifests itself.


Except it was totally in Sony's control. They were using software with known vulnerabilities to hold tons of personal information. They didn't even attempt security.

To draw an example of this using your example, it'd go as follows: You hire a security guard to guard your house. He sets up cameras and whatnot, but all he does in his little guard hut is watch I Love Lucy and sleep. Worse he opens the gate for anyone who asks to come in. This is complete incompetence. Because of his incompetence all sorts of horrible things happen to your stuff and family while away. Are you going to keep that guard? I know I certainly wouldn't. He'd be fired so fast it's not funny.

Next, a real world example from the Medical field. In case you didn't know, due to HIPPA, all medical institutions are legally required to protect your records from theft. Lets say someone hacks into your local hospital and steals all the patient records. These records were on a public network and left unencrypted. This is a clear violation of HIPPA's stipulations and as such many people will be fired and many fines passed.

What Sony did is no different than the above medical case, the only difference being there is no law that holds Sony legally accountable for this (well, there is, but it's not legally explicit like HIPPA). The one harboring the information has an obligation to keep it safe, and running software with known vulnerabilities is a far cry from keeping information safe.

I never said Sony isn't responsible. But they aren't entirely responsible for what happened. You can't even give a valid argument that excuses the direct, malicious attack against Sony. You can still give some blame to Sony, but trying to blame this entirely on a Company that was a victim of an organized attack makes no sense.

It falls back to me breaking into your house and killing your siblings. Should I be entirely relieved of it because YOU didn't take every possible measure to make sure I WOULDN'T go into your house and kill your family?

Anyone whom is using their private information online should be aware that security is not 100% secure. It never has been, it never will be. It is NOT possible to make something uncrackable, unhackable, or unbreakable. Until the day, a perfect human being, whose never made a mistake in their life, ever, at anything, decides to develop a language that can be 100% secure and never, ever cracked because he is the most perfect human being in the world, and everything he does is perfect, then nothing stored, physically or digitally, will never be secure.

AKA it is not their intention to use the acquired information for malicious means.

Excuse: they did it before someone with more malicious intents did. The group that hacked them only published a fraction of what they stole and are not part of some identity theft group. Hell, Sony may have been hacked by identity thieves and you wouldn't even know about it.

Were they completely in the clean? No, but I never claimed they were. However, if they wanted to they could of done a helluva lot more damage then they did. They were trying to bring to light Sony's bad practices, not steal identities.


Not because of me, but because of my security team failed to take even the most basic of measures to protect me. You still committed a crime, yes, but I am begging for it when I have a mountain of treasure highly visible in my livingroom being guarded by guards with cardboard cutouts for guns.

There are three groups here, which all your examples are missing:

the innocent me trying to protect my valuables (Sony's customers)

The guards of my valuables (Sony)

The thief (the hackers)

I think this is hilarious when that it is even brought up: In every other field beyond consumer markets, it is the company that is legally accountable for the protection of your information. Only in the consumer market is the company not legally accountable. Doesn't that scream of something in need of being fixed?


This is true, but Sony's practices were absolutely abysmal. There are common practices like running up-to-date software and encryption that Sony didn't follow. They didn't even do the bare minimum, that's just like waiving a sign around saying "rob me" (because yes, this information is public, just takes a little sniffing around to see what version of some software someone is using). Sony made themselves a juicy target. It's like what do you do when there is a bear chasing you? You don't have to be the fastest, you just have to be faster than the other guy.

I won't argue over the customers being the victims here, but that still doesn't change the fact that Sony was a victim of yet another attack.

Criticism of Sony is fine, we can criticize them all day long for failure to take better precautions regarding security, but to lay blame at them, the victim in this case IS inexcusable. I am not nor would I ever suggest that there shouldn't have been more done to ensure that this type of attack doesn't happen again, but then I am not excusing the actions of the hackers (good intentions or not, their actions were malicious).

Perhaps it is time for Sony to hire some outside help in assisting them to patch these (apparently) gaping holes in security.

How is Sony a victim? Because they lost business due to insecure practices? Because they had to spend money repairing their vulnerable infrastructure? They weren't robbed of their assets and their information wasn't stolen, only the customers got hurt because of their bad practices. Everything that happened to Sony itself is the same as if a news reporter discovered these facts and published them. That's why I can't see Sony as a victim, because their loss in profits was something that would have naturally happened from securing their infrastructure (which demands downtime as well as additional expenses). If the hackers somehow siphoned off money from Sony, then yes, they'd be a victim, but that's not the case at all.


If their actions were malicious they would have published all that they were able to uncover. They got some million accounts and an admin database, but only published 50k account passwords (zero identifying personal information) -- by the way, that's the exact same thing various media companies have done after self-cracking hashes that other people have stolen when publishing a story on these hacks (for example: after Gawker media got hacked, there were a few news sites that did exactly that).

If you can't figure that part out, then I'm not even going to bother. :facepalm:

They aren't white hat:



http://arstechnica.com/tech-policy/news/2011/06/lulz-sony-hackers-deny-responsibility-for-misuse-of-leaked-data.ars

With this hack in particular: Sony faced zero downtime because if it, and all Sony has to do is patch the vulnerability (which they needed to do anyway), hence Sony is not a victim because absolutely nothing bad happened to them. The victims are Sony's customers.


I already said they aren't white hat. They are grey hat (because if they were in it to be malicious they could have done a lot more damage by their own accounts). Juvenile, yes, malicious, no.

As a consumer, what does this all mean for me? Is Sony going to play the role of the stubborn know-it-all or will they at least address security issues and maintain a level of security? As far as company practices go, do Sony truly seem to care for and provide as little for consumers as some people say they do (i.e. restricting user rights, PR failures, failure to properly secure consumer databases, or, from some of my own experiences, talking down to consumers as though they were gullible children, etc.)?

That was worded poorly on my part, I wasn't saying that you said they are white hat I was more just adding to it.

Consumer data protection is basically a black hole in the eye of the law right now. Only in financial and medical institutions is it the case that your data must be protected lest the company face the full consequences of the law.

Hopefully these events will lead to some mandatory protection of consumer data.

As to Sony addressing these issues: they will and have addressed some of them already. These are known vulnerabilities, so Sony will definitely address them all. The question remains whether Sony will continue down the road of bad security practices or turn around to be a leader in data security. They've been audited by the Payment Card Industry and will probably be audited again in the future, so at least for the short-run I expect Sony to be on good behavior security-wise.

Lulzsec just hacked an FBI cyber securty company site,and released 700MB of emails,throw the bar out the window?
They did as a part of 'f-word' FBI friday,they say.

Reckless or amusing?

Totally malicious, they DDoS'd them.

I just looked at the recent history of these guys: they are all over the chart, completely unpredictable. Sometimes what they do is 100% harmless and other times it's completely malicious. I think they really are living up to their name and just doing it all for the "lulz" :rolleyes:

It's likely,given that they are,as you say,all over the chart,It's likely that they're lose knit.though looking at their irc chats from time to time,some seem to be childish,others bored,any a few with a good idea of their actions.

Sony is atrocious. What's new?

I don′t really care if Sony should be more responsible or not, the hackers are scum and it′s the users own responsibility to decide if they want to trust Sony or not. If they′re publishing passwords that they found they′re not just showcasing that it can be done but are giving info to people who would use such data for malicious purposes but don′t have the same know-how for gathering the information. Basically they′re just making it easier for the dumber crooks to mess around just as much as they do. Like noticing that your neighbor forgot to lock his door and then proceeding to tell the local crack addict about it.

As a customer it′s my own fault if I put too much trust into a company or not. It doesn′t matter if it′s lulsec or a genuine crook who gets my information, they should both get a equal punishment. Thinking it′s okay to do stuff you′re not supposed to do in the first place because it is easy is just bulls*it.

I didn′t commit a crime by breaking in, the door was open!

Right...

I′m not by any means saying Sony should not be more careful, but if I had a Sony account it wasn′t because I was forced to make one but because I took a decision to make one, my choice and my consequences if something goes wrong. Heck even if the Bethesda Forums were hacked and info about me was taken I′d blame it on myself but first and foremost the hacker.

Just don′t do things in the first place if you don′t expect any punishment in case you get caught.

Well, that's too bad, and disappointing. What I still didn't understand with the previous attack was why are they still storing credit card numbers on a central server? That's irresponsible, but may be not an illegal practice. It would make the network a lot more secure and less appealing if they just removed the option for that. If you wanted to improve usability, you could store the number separately for each user on their local PS3 hard drives. Each transaction should be verified with the credit card company and each time the card info would be sent from the local hard drive for verification.

Protecting against SQL injection is basic security these days. Developers should prepare for it, I do, most of the time. Another thing is about updating server software. Skipping that is also irresponsible.

The fault is laid on both, Sony and the attackers. Sony for being clueless about basic security and the attackers for exploiting their cluelessness.