

Ask HN: Why do Hackers always (it seems) go after Sony? - desouzt

Hey guys,<p>I read another article today http:&#x2F;&#x2F;www.bbc.co.uk&#x2F;news&#x2F;technology-30373686 where the Playstation network has been hacked. What is with all the hacks to Sony? Are they perceived to be easy to hack or are they a company that are for whatever reason hated?
======
debacle
Hackers are always going after everyone. A lot of the vulnerability detection
is automated, so really if you are vulnerable it's only a matter of time
before you are exploited, and if you are a juicy target that timeframe is
probably hours, not days.

Sony just seems to have more high-profile cases than others. Media companies
tend to have a pretty devil-may-care relationship with security, and Sony has
also done a few things in the past to earn people's ire.

------
fiberloptic
If you read the news, others have been hacked too like Home Depot, Target,
etc.

Perhaps it is you focusing on Sony that is the issue, since others are getting
hacked as well?

~~~
desouzt
I do read the news, and I am aware of the hacks on other companies.

Specifically I meaning this -
[http://attrition.org/security/rant/sony_aka_sownage.html](http://attrition.org/security/rant/sony_aka_sownage.html)
and the table at the bottom. Over 30-40 high profile attacks on a regular
basis (every couple of months). And more recently hacks on the PS network,
Sony pictures, customer details etc that were so high profile.

------
junto
Ok, here are just two items of recent history:

[http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...](http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal)
and
[https://www.schneier.com/blog/archives/2005/11/sonys_drm_roo...](https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html)

    
    
      In the days after the rootkits were exposed, Thomas Hesse, president of
      Sony's global digital business, was quoted on NPR as saying, "Users don't
      know what a rootkit is, so why should they care about it?"
    

[http://en.wikipedia.org/wiki/PlayStation_Network_outage#Crit...](http://en.wikipedia.org/wiki/PlayStation_Network_outage#Criticism_of_Sony)

    
    
      Credit card data was encrypted, but Sony admitted that other user information
      was not encrypted at the time of the intrusion.[44][58] The Daily Telegraph
      reported that "If the provider stores passwords unencrypted, then it's very
      easy for somebody else – not just an external attacker, but members of staff
      or contractors working on Sony's site – to get access and discover those passwords,
      potentially using them for nefarious means."[59] On May 2, Sony clarified the 
      "unencrypted" status of users' passwords, stating that:[60]
    
      While the passwords that were stored were not “encrypted,” they were transformed
      using a cryptographic hash function. There is a difference between these two types
      of security measures which is why we said the passwords had not been encrypted. 
      But I want to be very clear that the passwords were not stored in our database in 
      cleartext form.
    

Bottom line is that Sony haven't helped themselves in the last few years.
Whilst they build pretty good hardware, building software systems (especially
to support things like the Playstation) isn't their forté. Worse is that when
they do screw up, they are arrogant and disrespectful to their customers.

Their arrogance has irked a generation of hackers and script kiddies, who see
Sony as a carte blanche target. The recent hack shows both their arrogance and
negligent attitude to the security of their customer and private company data.
Investors should be punishing Sony and calling for the heads of the board.

