PSN Breach – An IT Perspective

PSN Breach - An IT Perspective

The Playstation Network security breach was bad… really bad. Usernames, passwords, emails, and address were taken, and Credit Card numbers may have been taken (I’ve seen people post comments that they have noticed illegitimate charges to their credit cards so this is true, at least for some people). The Playstation Network has been down for three weeks, with services starting to be restored. Sony is offering lots of things to their customers, including: Free credit monitoring, free games, free trials to paid programs, and a few more things. I could give you all the information regarding this, but there’s enough news articles around with that information. I’m going to give you my opinion on all this mess.

I’ve heard lots of opinions. People are going to swear off Sony products; some people will continue trusting Sony. Some people blame Sony, while others want blood against the hackers. I want the people who stole the PSN information brought to justice. I’m currently going to school so I can work in the Information Technology field. Along the way, I’ve taken many business classes. This means that I know how technology works, and how corporations works, so lets examine everything from these two points of view. First some background.

A hacker going by the name of GeoHot found a way to hack the PS3. His hack allowed people to do whatever they wanted with the system, such as harmless things like homebrew games, and illegal things like play pirated games, and using cheats online. I could go on, but that’s for another article. Anyways, he was sued by Sony. A group of hackers calling themselves Anonymous didn’t like this, and attacked Sony with a denial-of-service attack, which basically overloads Sony’s servers with so many requests that the servers just shut down. Sony’s servers were down for a few days, but PSN was back up fairly quickly. Then GeoHot and Sony settled their lawsuit, and then Sony went down again… this time without Anonymous taking any credit. This was the PSN breach downtime. It took 6 days for Sony to finally give a statement saying that the PSN was hacked and personal information was stolen. With that information, let’s examine this.

This could have happened to any company. Hackers attack Amazon and Microsoft every day, but they usually do not obtain personal information. There’s security in place to prevent that. Encrypting the files on the servers is one way. Encryption converts readable information to cypher text (unreadable information). It uses a complex algorithm to do this. The information is only readable to those possessing the cipher key, which is also generated by an algorithm. There are several different kinds of algorithms, and most of these servers are using the latest algorithms. Encryption is also used in transaction processes, such as when you buy something from Amazon. You’ll notice that the page changes from a “http://xxxxx” to a “https://xxxxx”. This means encryption is being used. So if someone catches that information between you and the server, the information will be unreadable to the hacker. I could go more in depth with encryption, but that would take forever.

Security protocols on network devices, firewalls, and more security settings on servers are also used to make sure your personal information is not taken. Bigger corporation and brands are using the latest security and encryption, so I trust these companies. However, if a server is connected to the Internet (and they are) they are vulnerable to attack. Like I said, a breach could happen to anyone. Sony had most of these measures in place. They were actually in the process of moving their servers to a more secure location. This breach sped up that process. It takes time to upgrade, and companies are always upgrading, because technology is always changing. So this scenario of being in the process of upgrading is not isolated to just Sony. As soon as a new security upgrade gets into place, it is obsolete because hackers are always finding new ways to get access to restricted systems, and security professionals are always upgrading security protocols and hardware to combat the hackers. Much like a consumer buying a brand new, top-of-the-line PC, and the PC being obsolete soon after.

We’ve established that this could have happened to anyone, but did they handle it correctly? I mean, six days for them to tell the public? That’s a long time for people to have credit card information. Well, business classes told me there are lots of stakeholders in a company. You have employees, stock holders, customers, distributors, etc. From a security prospective, they did everything right. They shut down the network, brought in an external, highly regarded security company, examined the network, and found out what was stolen. Now they are fixing the security holes and upgrading the security. That’s why it took three weeks, which is a very short time actually. It took them six days to inform the public. During this time, they needed to tell Japan (corporate red tape demands it) and Japan took over and started to call the shots (more red tape). Once all that got figured out, they needed to see if anything was compromised. With so many stakeholders, they needed to know for sure. If they came out early and told everyone that they were compromised and personal information may have been stolen, they would lose stockholders. As a corporation, you do not want to lose stockholders. Especially if no information was taken, which, unfortunately, was not the case. So I could see why it took six days.

Unfortunately, as a customers, we do not care about them losing stockholders and we would like to know if our information was potentially stolen, and we want to be kept up to date on what they are doing. Personally, I can forgive Sony for waiting six days, but I also understand why customers will not forgive Sony. In the end, I feel Sony is not at fault. Any corporation is fallible to security breaches. Unless you don’t have the Internet, your information is not secure anywhere. Saying that this will not happen to Microsoft is being ignorant. Microsoft has a huge target on their head by hackers, which probably makes them more secure, but not invincible. I feel Sony has learned from this and will provide a more secure environment in the future. I will continue using Sony products. I’ll probably be using PSN cards from Gamestop from now on, but I’ll stand by Sony.

Sleepless Slumber

It’s all poetic and stuff. And yet so very true. So I haven’t updated in a long, long time (that’s the slumber part), because I have been very, very busy (that’s the sleepless part). I had an intense semester, so that’s my excuse. I literally submitted my last assignment just now. I’m going to be updating more often this summer. To prove it, I’m going to be posting a three part series within the next couple of weeks. I don’t know what I’m going to name the series, but it’ll be witty and clever… terrible and stupid. Anyways, here’s what is to come.

Part one will deal with games that I played throughout this semester. Yes I was busy doing homework, yet I found time to play a few games. Part two will deal with the big games that came out so far in 2011. There’s been a lot. Will part one and part two have some overlap? Maybe. Part three is a look into the future: the second half of 2011. I’m thinking of waiting until after E3 to do this part, but I’ll probably be yammering about E3 during E3. E3 is the first part of June, by the way. So that gives me a month.

The point is, don’t give up hope for this site. I’m going to try, but I know that the fall semester is going to be another intense semester. Keep checking back.