Ask HN: Why do Hackers always (it seems) go after Sony?

9 pointsdesouzt11y ago4 comments

Hey guys,

I read another article today http://www.bbc.co.uk/news/technology-30373686 where the Playstation network has been hacked. What is with all the hacks to Sony? Are they perceived to be easy to hack or are they a company that are for whatever reason hated?

4 comments

debacle11y ago

Hackers are always going after everyone. A lot of the vulnerability detection is automated, so really if you are vulnerable it's only a matter of time before you are exploited, and if you are a juicy target that timeframe is probably hours, not days.

Sony just seems to have more high-profile cases than others. Media companies tend to have a pretty devil-may-care relationship with security, and Sony has also done a few things in the past to earn people's ire.

fiberloptic11y ago

If you read the news, others have been hacked too like Home Depot, Target, etc.

Perhaps it is you focusing on Sony that is the issue, since others are getting hacked as well?

desouztOP11y ago

I do read the news, and I am aware of the hacks on other companies.

Specifically I meaning this - http://attrition.org/security/rant/sony_aka_sownage.html and the table at the bottom. Over 30-40 high profile attacks on a regular basis (every couple of months). And more recently hacks on the PS network, Sony pictures, customer details etc that were so high profile.

junto11y ago

Ok, here are just two items of recent history:

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki... and https://www.schneier.com/blog/archives/2005/11/sonys_drm_roo...

  In the days after the rootkits were exposed, Thomas Hesse, president of
  Sony's global digital business, was quoted on NPR as saying, "Users don't
  know what a rootkit is, so why should they care about it?"

http://en.wikipedia.org/wiki/PlayStation_Network_outage#Crit...

  Credit card data was encrypted, but Sony admitted that other user information
  was not encrypted at the time of the intrusion.[44][58] The Daily Telegraph
  reported that "If the provider stores passwords unencrypted, then it's very
  easy for somebody else – not just an external attacker, but members of staff
  or contractors working on Sony's site – to get access and discover those passwords,
  potentially using them for nefarious means."[59] On May 2, Sony clarified the 
  "unencrypted" status of users' passwords, stating that:[60]

  While the passwords that were stored were not “encrypted,” they were transformed
  using a cryptographic hash function. There is a difference between these two types
  of security measures which is why we said the passwords had not been encrypted. 
  But I want to be very clear that the passwords were not stored in our database in 
  cleartext form.

Bottom line is that Sony haven't helped themselves in the last few years. Whilst they build pretty good hardware, building software systems (especially to support things like the Playstation) isn't their forté. Worse is that when they do screw up, they are arrogant and disrespectful to their customers.

Their arrogance has irked a generation of hackers and script kiddies, who see Sony as a carte blanche target. The recent hack shows both their arrogance and negligent attitude to the security of their customer and private company data. Investors should be punishing Sony and calling for the heads of the board.

j / k navigate · click thread line to collapse