We were going to title today's Sony breach as "Better Safe Than Sony" as was widely mentioned in twitters and blogs and commentaries. However, it turns out that this breach was done by non other than LulzSec (aka Lulz Security), instead of the usually-blamed Anonymous, who had a field day giving PBS news a makeover via a fake story on Tupac Shakur still living and shooting cans with good ol' Elvis. We will not delve much in to Sony's recent string of breaches, rivaling those of companies that use RSA SecurID and military contractors, as we have already done that in some previous posts, but we do want to quote Lulz Security as relayed in the BBC article:
'Asking for it'
In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.
"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it.
"This is disgraceful and insecure: they were asking for it."
The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.
We wish Sony a fat 'good luck' after what seems to be their umpteenth data breach. It leads us to a second thought: Is this the hacking equivalent of the Streisand Effect (named by after the illustrious Barbara Streisand and not the Duck Sauce song). Could we call this the Sony Effect?
After all, these breaches all occurred after Sony took a very heavy handed approach with George Hotz, (whose nom-de-hack is GeoHot) for hacking the Playstation 3 . Sony opened up a classic can of worms by managing to anger enough people in the hacker community to suffer all these cyberattacks. Luckily for GeoHot, the Pentagon had not released their new military doctrine of bombs-for-hacks yet.
Sony may well be on its way to getting an eponymous "Effect", an entry in Wikipedia and a song. RSA SecurID breaches, especially in regards to military contractors, may well follow suit as well.
No comments:
Post a Comment