
Sony gives more PSN attack details, details "Welcome Back" packages - shawndumas
http://arstechnica.com/gaming/news/2011/05/hirai-update.ars
======
thaumaturgy
I like how nobody seems to be able to discuss their systems' compromise for a
full paragraph anymore without using terms like, "illegal attack", "criminal
act", "illegal cyberattack", etc.

I've been noticing a lot more language like that in recent years, whether the
subject is Sony or Wikileaks or a government. I wonder if there's been a
recent shift in the language used for this stuff, or if I've just become more
sensitive to it recently?

edit: Hmm. Some preliminary digging through Google implies an increase in this
kind of language recently. The number of search results for "illegal
cyberattack" (unquoted search string) in news.google.com is 150 for 2011, 242
for 2010, 185 for 2008-2009 _combined_ , 72 for 2007, and 55 for 2002-2004,
and a number of the older results appear at first glance to be unrelated to
actual hacks.

That's odd.

edit 2: Massaging the search terms a bit seems to yield proportional results.
For example, compare the language in this article from 2007
(<http://abcnews.go.com/TheLaw/story?id=3966047>) against the language of
similar articles today.

I know it's off-topic, but now I'm quite curious why around 2009 or 2010
everyone suddenly decided that they needed to emphasize the illegality or
criminality of compromising systems?

~~~
waterlesscloud
Wild guess- Illegality makes them feel less responsible (or irresponsible),
sort of like an Act Of God.

~~~
ams6110
Agree. In cases like this, organizations will seize on _any_ language or
phrasing that implies "not our fault."

Of course just because something is illegal does not mean you shouldn't be
trying to prevent it. See: money, banks, theft.

~~~
tptacek
Without igniting a huge argument hinging on the (incorrect) notion that I
think providers like PSN aren't responsible for the safety of their users
data: we _don't_ tend to focus stories about bank theft on the ineptitude of
the banks. We tend to focus them on the criminals who commit the bank thefts.

~~~
JoachimSchipper
On the flip side, banks tend to be at least somewhat competent. We don't know
much about this particular hack, but some things are just embarrassing -
plaintext passwords ;-), but also stuff like putting AT&T putting iPhone
subscribers' data on publicly-accessible incrementing URLs (e.g.
<http://security.goatse.fr/hypocrites-and-pharisees> \- keep your salt shaker
handy.)

------
ShabbyDoo
I am reminded of Sony's ham-handed response when it was discovered that
certain music CDs included a rootkit of sorts in an attempt to control piracy:

<http://www.npr.org/templates/story/story.php?storyId=4989260>

For the past few years, this quote has played in my head whenever I have
encountered the Sony brand:

Mr. THOMAS HESSE (President, Sony BMG Global Digital Business): Most people, I
think, don't even know what a Rootkit is, so why should they care about it?

Intellectually, I know that this exec really didn't understand the
implications of his statement, but still it's hard for me to buy Sony products
because I feel like I'm supporting the company's self-proclaimed right to
abuse its customers like this.

~~~
Argorak
Please be aware that Sony BMG Music and the Playstation group are totally
different beasts. Sony is the company that bans its own advertisement from
Youtube because it contains music from Sony Entertainment, so I would even
say: there is no connection between the two.

------
olivercameron
Given just how much data has potentially been stolen from every single PSN
user, 30 days free membership seems incredibly weak and insufficient. Hell,
even 60 days wouldn't feel like enough, but they need to do better than this
if they're going to regain any sort of good PR.

~~~
estel
This is in addition to 'free software'.

Lots of people seem to be complaining about this outlined package, but I'm not
sure what more Sony could do other than offer direct cash rewards to ever
member; and even then they'd have huge issues collating duplicate accounts and
the like.

~~~
marshray
Well they could offer something with a significant marginal cost.

Even if Sony thinks it's sold gold, everybody knows it's BS to offer "free"
some bits off of a server you probably wouldn't have paid money for anyway.
(77M PSN subscribers, 10M CCs)

------
ams6110
_[Sony Network Entertainment International] has created a new position: Chief
Information Security Officer_

I found it mildly surprising they didn't already have one. Any ideas on how
many large corporations don't?

~~~
Shamiq
Ooo...a job opening. And CiSO will have a bit of sway for a few more weeks at
least. It's surprising how fast someone can de-prioritize security when they
see how much it costs.

~~~
estel
They only posted two vacancies for these two more junior roles a month ago:
[http://www.linkedin.com/jobs?viewJob=&jobId=1526321](http://www.linkedin.com/jobs?viewJob=&jobId=1526321)

------
cosmicray
> the data center has been moved to an undisclosed location

I fail to see the importance of physically moving the servers. What value is
this ? Was the attack an inside job with physical access ?

~~~
sdkmvx
I never saw anything to suggest that it was, so I believe it simply makes them
feel good. Also, undisclosed location is very suspect. How long will it take
to traceroute it and find the nearest Level3/other major company node's
location, therefore the probable location of Sony's servers.

Of course, to your average user "we've moved the datacenter to prevent
attacks" looks pretty good.

~~~
marshray
I don't think anybody old enough to care about their personal info really
falls for that.

~~~
sdkmvx
> I don't think anybody old enough to care about their personal info really
> falls for that.

I would like to think that, but have you ever tried to read the comments on
Sony's blog. They love Sony and I'm sure Sony likes to encourage _that_.

------
agscala
While I don't really think this is enough compensation for the losses incurred
on the users, I think that most people were expecting nothing and will be very
happy with a free 30 days and a free game (or discount, or whatever). I think
most of us here on Hacker News are unhappy because we are more involved in
watching what Best Business Practices are, but realistically most PSN users
don't care about that at all.

~~~
ayu
I disagree. If anyone learns there's a high chance their identity or credit
cards will be stolen they would be thoroughly concerned; simply offering
people extra PSN time strikes me as immature and even a little silly.

