Forgot your password?
typodupeerror
Security Sony Technology

Daily Sony Hacking Occurs On Schedule 353

Posted by Soulskill
from the at-least-they're-consistent dept.
jjp9999 writes "LulzSec was compromised and a member of the group, Robert Cavanaugh, was arrested by the FBI on June 6. Meanwhile, LulzSec hacked Sony again, this time leaking the Sony Developer Network source code through file sharing websites."
This discussion has been archived. No new comments can be posted.

Daily Sony Hacking Occurs On Schedule

Comments Filter:
  • by GodfatherofSoul (174979) on Monday June 06, 2011 @04:59PM (#36355592)

    Not a network guy, but if they're repeating these hacks so quickly and with such regularity I imagine their backdoor is still up.

    • by NoSleepDemon (1521253) on Monday June 06, 2011 @05:02PM (#36355632)
      I think Sony's chief failure in this whole incident is that they believe their customers like to take it in the back-door as frequently and as messily as they do.
      • by tripleevenfall (1990004) on Monday June 06, 2011 @05:39PM (#36356026)

        Well, no, I think this is one of the few times that the "terrorists", so to speak, actually won.

        LulzSec said they would do this as revenge for Sony taking legal action against someone for jailbreaking the PS3. LulzSec has successfully cost Sony far, far more than jailbreaking ever would have.

        • by Darinbob (1142669)

          This is an important point. People seem to defend these actions because they're demonstrating security holes. On the contrary this group did not set out to expose security holes but instead were intent on causing disruption. They're not doing this out of any higher sense of moral values. It's bad guys vs bad guys.

          • by Yvanhoe (564877)
            That is the nasty look of revenge. Sony unfairly used its weight against an innocent person, knowing very well that an individual cannot stand in front of an army of lawyers, and these hackers unfairly attack Sony causing as much disruption as they can. Two wrongs do not make a good, but this was not totally uncalled for. I can't help to see a bit of Robin Hood spirit there : "Trying to bankrupt someone to win in tribunal ? Let's let that cause you some comparable financial damages as well".
        • by TubeSteak (669689) on Monday June 06, 2011 @07:06PM (#36356986) Journal

          Well, no, I think this is one of the few times that the "terrorists", so to speak, actually won.

          10 years ago no one would have used the word "terrorists" (in quotations or otherwise) to describe straight forward black hat hacking.

          There are at least a hundred definitions of "terrorism" and they all include violence or the threat of violence.
          There's no violence here.

          • No violence, but there was some intended allusion to the ever typical THE TERRORISTS HAVE WON type of bleat.

          • by ShakaUVM (157947)

            >>There are at least a hundred definitions of "terrorism" and they all include violence or the threat of violence.

            They certainly spread terror among all the Call of Duty players - my cheevos!!! NOOOOOOOOOO!!!! (Ok, well, they're trophies on the PS3, but still.)

            They spread terror at Sony - let's hope their president gets axed for his ridiculous persecution of GeoHot, and his subpoenaing of all the donors to his legal fund.

            But yeah, "terrorists" is a bit of an extreme label. Maybe "bullies" would apply

        • by commandermonkey (1667879) on Monday June 06, 2011 @07:38PM (#36357262)
          One of the few times? Seriously??

          Can you name one "terrorist" attack that hasn't been severly one sided in terms of cost?
          • Oklahoma city - for less than $5k there was 82.5Million in investigative cost alone
          • 9/11 -4 Planes, Several buildings, more expensive airport security, loss of jobs, etc have been estimated at over 2 trillion. +10 years of expensive war in Afghanistan
          • Anthrax Attacks - for the cost of 7 letters we got a clean up that the FBI put over 1billion and the war in Iraq
          • Liquid bombers - didn't even happen and we got more security theater and still have restrictions on liquids
          • Times square bomber - unsuccessful attack that got politically elites talking about suspending Miranda
          • Underwear bomb - Super expensive scanners and more security theater.

          Seriously, what "terrorist" attack in the last 10 years were you thinking of that hasn't caused a serous disproportionate response? Why do you think there seem to be more attacks in the last few years? For every couple thousand spent blowing, or attempting to blow, something up we spend hundreds or millions/billions/trillions reacting to it and every few large attacks causes the US to give away more of the "freedom(s)" that the terrorists hate. Over the last decade

          the "terrorists", so to speak, [have] won.

    • by MozeeToby (1163751) on Monday June 06, 2011 @05:08PM (#36355698)

      Maybe you didn't read the earlier articles about just how horrible Sony's security setup is. Here's a hint: It's every bit bad enough that a dedicated group could find a different way into the system every day for weeks on end.

      • by Gravatron (716477)
        It's not the same system though. they are hacking different departments, who obviously don't have any sort of centralized network authority. I don't think they have been able to hit the same department twice.
      • Re: (Score:3, Funny)

        by Anonymous Coward

        Maybe you didn't read the earlier articles about just how horrible Sony's security setup is. Here's a hint: It's every bit bad enough that a dedicated group could find a different way into the system every day for weeks on end.

        Yes, but think how much money they saved on IT!

      • by TubeSteak (669689) on Monday June 06, 2011 @05:43PM (#36356080) Journal

        Maybe you didn't read the earlier articles about just how horrible Sony's security setup is. Here's a hint: It's every bit bad enough that a dedicated group could find a different way into the system every day for weeks on end.

        I don't think you're doing anyone a favor when you present Sony as a monolithic corporation.
        It's not as simple as Sony vetting one security setup and replicating it across all websites tagged as Sony.
        Sony is made of of endless domestic and international subcorporations, each with its own (poor) security setup.

        At least these hacks are a return to the previous trend of defacements, revenge, and lulz,
        as opposed to the last few years of organized crime, ID theft, and renting out botnets.

        • by Osgeld (1900440)

          so they are a poorly organised along with being a clueless gang of fucktards! thanks for clearing that up

        • by alcourt (198386)

          Security culture is something that either is present in a large organization, or it isn't. The evidence suggests that Sony did not take security seriously in its projects until the series of attacks. Once that culture of insecurity is present, it takes years to undo. Think about how long it has taken Microsoft to shed even part of their image of insecurity.

          Projects often need to be rewritten from the ground up to actually permit something remotely resembling security. Attackers are using far more sophis

        • by Xest (935314)

          "At least these hacks are a return to the previous trend of defacements, revenge, and lulz, as opposed to the last few years of organized crime, ID theft, and renting out botnets."

          I absolutely agree with this, for some years now I've been concerned that real hackers had disspeared, many grown up and moved on, others gone over to organised crime. That new kids entering the scene were either too scared by the police to try more harmless hacking and those that weren't just going for the money in the crime game

    • by IBitOBear (410965) on Monday June 06, 2011 @05:43PM (#36356082) Homepage Journal

      Just like the TSA hasn't stopped a single act of terror, only passengers have done that; most security measures cannot stop a determined professional.

      Safety and Security are largely mythological, the concepts are sold to a public that feels the need to exist with impunity.

      In point of fact, it is largely manners that keeps people safe and secure. Most of us do not act on our darker natures because it would be rude.

      Sony has demonstrated that they don't care about being well-mannered, and that they honestly believe that technology can keep them safe. They believe in DRM and they believe that they have the right to change a deal they have already made as if they were Darth Vader. They believe in their own Empire and they are willing to use any means necessary to maintain their grasp.

      In point of fact, the technological community is simply having a very high immune response to this bad actor in their midst.

      If Sony were to just come out, apologize for being douche-bags and promise never to do it again, they attacks would taper off quickly. They don't even have to mean it.

      For all that the *IAA have been idiots and evil, they didn't mess with the technologists as a whole, so they have gotten a pass so far. They also don't actually do anything, so they have been impossible to strike.

      Sony, as a member of *IAA(s) _and_ as a first person actor in technology via the PS3 etc, _and_ having stepped far across the line with the Hotz thing, has simply taken the first hit of lightning.

      Thing is, the community at large has now learned that they _can_ make a company pay. The frontier has been opened. The Streisand Effect is real, and it will, sadly, take the business world a little longer to learn that "The Angry Villagers Rule" is real as well.

      The torches are alight and the pitchforks are out and waving.

      In the technological circles, the technologists are peasants, but they do feed the nation and they do strike back.

      Companies need to rediscover their manners.

      • by memyselfandeye (1849868) on Monday June 06, 2011 @05:52PM (#36356202)

        Wait what? You talk about 'bad manners' as agents of malcontent.

        I don't know where you come from, but I would consider it 'bad manners' to crack a security system just because you don't like a person, organization, or company... just as I would consider it 'bad manners' to punch someone in the face because I think they have 'bad manners.' Isn't it 'bad manners' to force someone to do something they would rather not... such as change their password because you just stole it from them?

        I don't know of a single nation that forces people to buy Playstations, Sony Music, or Sony TVs. If you don't like it, don't associate with them. Anything else is 'bad manners.'

        • by IBitOBear (410965)

          I made no claim that the crackers were well mannered.

          Bad manners never engender good manners in others.

          I was also not advocating the process, just diagnosing it.

          • I made no claim that the crackers were well mannered.

            Bad manners never engender good manners in others.

            I was also not advocating the process, just diagnosing it.

            We'll you are correct, and it's a shame that this happens. The sad truth is, this is some ridiculous war between Sony and some image it has of how the world is. The same can be said for LulzSec and like minded people. The victims are the users caught in the middle. It's no different than some poor SOB getting shot in the face between two guys going at it outside a club because one guy pissed of the other

            • by taucross (1330311)
              Welcome to war. If you're a peasant, you're a pawn.
            • Re: (Score:3, Insightful)

              by IBitOBear (410965)

              Ah, but in objective view, we are into "the contractors working on the Death Star" debate. Blindly supporting one bad actor (Sony) and then complaining about suffering the fallout from another bad actor (hackers) is a tad disingenuous.

              You may not have _known_ you were supporting a bad actor, but its not so much that you happened to be in a bar when a brawl broke out, more you got into his car and rode to the convenience store, sat there in the car while he attempted a robbery, and then complain about gettin

        • by sjames (1099)

          Throughout time, the penalty for having bad manners has often been others showing you none in return until you get the point.

          For example, make a lewd comment to someone's wife and indeed he will punch your face because he thinks you have bad manners.

      • by Darinbob (1142669)

        If sony admitted faults, the lulz would not go away. They are not being hacked out of any sense of moral indignation but because it seems like a funny idea. These are not even up to the very low moral level of vigilantes, they are merely causing disruption for it's own sake. These people are not "the community."

    • Either that or they sold something useful to the biggest geeks in the world and then took it away, but that would be daft.
    • by _KiTA_ (241027)

      Not a network guy, but if they're repeating these hacks so quickly and with such regularity I imagine their backdoor is still up.

      Nope, you're giving Sony too much credit. This is a basic SQL Injection Hack, one that every one of Sony's servers are vulnerable to and that they still haven't patched.

    • http://89.248.164.63/dox/xyz/ [89.248.164.63]

      (for the lulz)...spoiler alert: mIRC, smoke weed errrday, WinXP, Amazon shopping spree
  • by v1 (525388) on Monday June 06, 2011 @04:59PM (#36355594) Homepage Journal

    no wait, I don't. Get me some popcorn, this is a good show.

  • by WrongSizeGlass (838941) on Monday June 06, 2011 @05:02PM (#36355634)
    TFA doesn't tell us much except that Sony got hacked and some guy got arrested. The summary sums up the whole thing.
  • Arrested (Score:5, Insightful)

    by Hatta (162192) on Monday June 06, 2011 @05:04PM (#36355644) Journal

    Guess the seven proxies weren't enough.

    How did this arrest go down? This is clearly a more interesting development then yet another Sony hack. Hopefully there will be more information forthcoming.

    • Re:Arrested (Score:4, Interesting)

      by Delgul (515042) <gerard&onlinespamfilter,nl> on Monday June 06, 2011 @05:13PM (#36355760) Homepage

      Might be they arrested one of the seven proxies? ;-)

    • Some more info (Score:3, Informative)

      by Anonymous Coward

      The article is pretty bad:

      One member of the group, Robert Cavanaugh, was apprehended and taken into custody by the FBI after an apparent counter hack, according to an internal chat log from their private IRC server, posted through SecList, a network mapper website.

      SecList? I think they meant the full-disclosure mailing list, which happens to be archived by seclists.org, which happens to be a "sister site" of insecure.org (the home of the nmap network mapper).

      Anyway, here is the relevant post [seclists.org]

  • by Anonymous Coward

    This kid isn't apart of LulzSec, he was in the process of being recruited. As you can see his arrest as no effect on LulzSec.

  • by Capeman (589717) on Monday June 06, 2011 @05:06PM (#36355672)
    The posted details here: http://pastebin.com/yut4P6qN [pastebin.com]
    • by h4rr4r (612664)

      Parent is not goatse. Parent link appears to not contain any horrible images.

  • I'm not sure which is more frightening - the fact these guys backdoor Sony repeatedly or that Sony doesn't seem to want to stop them.

    For the record:
    1) Yes, I am aware of the double entendres.
    2) No, I do not believe rape is funny.
    3) No, I am not homophobic.

    • by creat3d (1489345)
      I beg to disagree. Rape jokes concerning Sony ARE funny.
    • Re: (Score:2, Interesting)

      by Gravatron (716477)
      Sony isn't just one company, it's more like a holding group. The different parts rarely seem to talk to each other, and most likely have no centralized network authority. Saying 'Sony was hacked again' isn't really accurate, it's 'a division/company belonging to the sony group was hacked'. I don't believe they have been successful in hitting the same target twice.
      • Re:Bad Porn (Score:5, Insightful)

        by xMrFishx (1956084) on Monday June 06, 2011 @05:40PM (#36356032)
        Although it also comes with the downside of being a holding group, umbrella naming. To Average Joe (via the sensationalist media), Sony X and Sony Y are the same thing. As it all masquerades under the name Sony, hacking Sony Music and Sony TV is essentially the same thing, even if, to the rest of us, it isn't. Ultimately though, I find the whole thing very funny and am rather enjoying watching.
    • For the record:
      [snip]
      3) No, I am not homophobic.

      ...so, how about a date this Friday night?

  • by mark-t (151149) <markt@@@lynx...bc...ca> on Monday June 06, 2011 @05:23PM (#36355874) Journal
    I mean, these intrusions are happening with such frequency that I can't imagine there's still a point to be proven... plus, reading about it all the time on slashdot is starting to feel like seeing a headline for a traffic light changing color.
  • Go FBI! (Score:3, Insightful)

    by Haeleth (414428) on Monday June 06, 2011 @05:25PM (#36355894) Journal

    Seriously, I expect this will be modded into oblivion because Slashdot hates Sony and loves anyone who sticks it to the man (see also: Wikileaks, Anonymous, etc).

    But they are criminals, and therefore I for one am glad that the FBI has had some little success in tracking them down, and look forward eagerly to the day when the ringleaders are forced to defend their actions in court.

    The fact that they are committing crimes against someone you hate cannot justify those crimes. Indeed it must not, because turning a blind eye to crime just because you don't like the victim leads to mob rule. It is the antithesis of the rule of law on which our society is founded, which protects our rights as well as Sony's. That's one slope that history has proven time and time again to be very slippery indeed.

    And, hey, maybe they'll put up such a good defence that the jury will refuse to convict them and the balance of power between corporations and common people will be shifted, and that would probably be good too. But it should be done in courts or congress, not by vigilante mobs deciding to lynch a corporation that offended them.

    • Re: (Score:3, Interesting)

      by h4rr4r (612664)

      And, hey, maybe they'll put up such a good defence that the jury will refuse to convict them and the balance of power between corporations and common people will be shifted, and that would probably be good too. But it should be done in courts or congress, not by vigilante mobs deciding to lynch a corporation that offended them.

      Does it hurt to be that naive?

      Sure they are breaking the law, and they are probably bad people, but this is like watching Stalin fight Hitler. No matter who loses we win. In reality s

      • The people who are going to get hurt are those whose personal information has been released, and who may suffer identity theft or worse as a result. Again, like Hitler vs Stalin, it's the millions of people who got caught in the middle who suffer.

    • by manekineko2 (1052430) on Monday June 06, 2011 @05:39PM (#36356024)

      Indeed it must not, because turning a blind eye to crime just because you don't like the victim leads to mob rule. It is the antithesis of the rule of law on which our society is founded, which protects our rights as well as Sony's. That's one slope that history has proven time and time again to be very slippery indeed.

      I don't think the history has conclusively proven at all whether the rule of law enforced blindly without regards to who is right or wrong is a good thing.

      For example, the Underground Railroad illegally helping escaped slaves, or every revolution in the history of the world.

      Obviously the importance of the cause is different here, but it helps make my point clearer by using high-profile examples.

      • by Nimey (114278)

        /Every/ revolution? Even the Bolshevik revolution? The Khmer Rouge one in Cambodia?

    • But they are criminals, and therefore I for one am glad that the FBI has had some little success in tracking them down

      You can not be serious Haeleth. By that rationale, any time a tyrant needs to gain your approval he only needs to make any opposing
      act a criminal offense and you'll be certain to point out that "but they are criminals!".

      You sir, need to read up on some philosophy, particularly Thoreau's Civil Disobedience. Regardless of government, that essay
      applies to all authority as far as I'm concerned

    • You are correct sir. I should be able to park a dump truck full of gold anywhere in the world and know that it will be safe. Likewise, I should be able to create an account with and not worry about criminals misusing that information. Criminals, weather premeditated or not, always think that "because I could, I should." It doesn't matter if you are stealing my truck full o' gold because I was stupid, or stealing my identity because you can. It isn't yours, and you have no privileges to access it....

      Un

    • I'll give a rat's ass when Sony is held to the same legal standards as Joe Hacker.

    • Re:Go FBI! (Score:5, Interesting)

      by houghi (78078) on Monday June 06, 2011 @06:07PM (#36356384)

      Where was the FBI when Sony hacked our systems?

      We KNOW where the ringleaders are who did that and I am also looking forward eagerly to the day when the ringleaders are forced to defend their actions in court.

      My guess is that yours comes first and mine won't come at all.

      So yeah, I stick it to the man, because there is REASON to do so.

      • Where was the FBI when Sony hacked our systems?

        Wait.. when did SONY hack your system?

        Did I miss something? Was somebody at SONY - presumably somebody high enough in the ranks to be referred to as 'SONY', and not some kid who got bored - actually connecting to your computer, exploiting a vulnerability, and using that to their advantage somehow?

        I ask because that's what I'm thinking of when somebody says 'hack'.

        I'm pretty sure that installing software when a CD is inserted, for the purposes of copyright prot

    • by Urza9814 (883915)

      The fact that they are committing crimes against someone you hate cannot justify those crimes. Indeed it must not, because turning a blind eye to crime just because you don't like the victim leads to mob rule. It is the antithesis of the rule of law on which our society is founded, which protects our rights as well as Sony's. That's one slope that history has proven time and time again to be very slippery indeed.

      Sure, they did they crime, they should do the time...that's part of civil disobedience. But cheering on the hackers against Sony is no different from, say, cheering on MLK during the '60s. Or any major civil rights leaders. Almost all of them have done something illegal as part of their movements. Sit-ins, for example. Illegal and immoral are two entirely different concepts, and while I understand the importance of firm laws, I for one support moral behavior over legal behavior every time.

    • But it should be done in courts or congress, not by vigilante mobs deciding to lynch a corporation that offended them.

      Yes it should, but it won't be. Those same corporations own those politicians and courts lock stock and barrel. The only time we ever see any government action against a corporation is when it's one corporation verses another, biggest bastard take all. There is no realistic legal action that any individual can take against a corporation. The laws and legal processes make sure of that.

      Laws were broken and heads were busted the last time that individual American's actions had any effect on the state of th

    • What? Are you kidding? Corporations own all branches of the government. They write the laws, pay off their rubber stamps in Congress, and promise sweet, sweet cash for reelection of the President. The people won't get justice through the court nor through the law. Yes, they broke the law but I'll side with them until people with money and power are beholden to the same laws and penalties.

      I suppose I can't justify the exposure of personal data but at the same time how do we know all this data wasn't abused i

    • by Raenex (947668)

      Seriously, I expect this will be modded into oblivion

      Of course it wasn't, because you used the karma-whoring trick by complaining in advance.

      because Slashdot hates Sony and loves anyone who sticks it to the man (see also: Wikileaks, Anonymous, etc).

      Actually, there have been quite a few posts, highly moderated no less, that have disparaged the hackers. Done without karma-whoring, too.

    • Re:Go FBI! (Score:5, Insightful)

      by Risen888 (306092) on Monday June 06, 2011 @07:00PM (#36356936)

      I'm losing all the mods I made thus far (and resisting the temptation to downmod you just because you coughed up that stupid "I'll get modded down for this" crap, which is my usual policy for such whiny attention-seeking dickweedism), but I can't let this go by uncontested.

      turning a blind eye to crime just because you don't like the victim leads to mob rule. It is the antithesis of the rule of law on which our society is founded, which protects our rights as well as Sony's.

      That's just crazy. Our society in no way "protects our rights as well as Sony's." Our legal system is designed to protect Sony's "rights" (which are not rights, but privileges granted to an artificial construct called Sony) at the expense of our rights (which are in fact, as enumerated in our Constitution, actual and legal rights). The idea you propose here matches neither the theoretical nor the actual system under which we live. And you know it.

      That's one slope that history has proven time and time again to be very slippery indeed.

      I'd say the exact same thing, but I don't think we're talking about the same slope.

      And, hey, maybe they'll put up such a good defence that the jury will refuse to convict them and the balance of power between corporations and common people will be shifted, and that would probably be good too. But it should be done in courts or congress, not by vigilante mobs deciding to lynch a corporation that offended them.

      Because that happens in courtrooms across this great land of ours every day, doesn't it? Congresscritters are pushing each other out of the way to champion Joe Everyman against the nefarious interests of Big Media, aren't they? And our well-informed, socially aware, and technologically savvy courts deal defeat after defeat to these villains! Why, it's a wonder things like this ever happen given the enlightened society and legal code under which we live!

      Are you fucking kidding me?

      Are you for some reason under the impression that those people work for you or something? I can assure you they do not.

      Given all that, I'd like to hear a realistic alternative to vigilante mobs.

    • by jthill (303417)

      Hey, that's pretty good. Vandalism, theft, fraud, abuse of process, all crimes when done by kids and rights when done by corporate thralls.

      I'm going to break something of yours, now. But it's ok, see, I wrote myself a permission slip, AND I'm going to let you choose which of these two things to let me break!

      I'll even let you watch, and if you try to fix it afterwards I sue your ass into oblivion in a court case I and everyone on the planet knows I can't win, but I don't care. I get paid the same eit

    • Seriously, I expect this will be modded into oblivion because Slashdot hates Sony and loves anyone who sticks it to the man (see also: Wikileaks, Anonymous, etc).

      I don't think anybody is describing these guys as 'good' or 'heroes' or 'right'. I think they're just happy to see Sony take its lumps.

      If my estimation of the current feelings of the GroupThink, you'd get modded down for saying that this should never have happened to Sony, but I don't think anybody'll give you crap about calling these guys criminals.

    • by Xest (935314)

      Your unwavering view that the rule of law is moral and just is disturbing.

      I live in the UK where we have a first past the post voting system such that most governments are elected to have a majority giving them 100% of power with the support of only 30% - 35% of the population. This has led to schemes such as the ID card database which well over half the population opposed. Many laws are similarly opposed by such large proportions, but due to the nature of our voting system may be passed anyway.

      I do not res

  • - or at least has folks with the same mentality, even if they're not from /b/ or 4chan. Although the Anons I know in real life are proud to admit their affiliation (to people who are okay to know), I also suspect that members of Lulz are quite okay being totally silent on what their are doing, considering how dangerous is it.

    If nothing else, this has provided me the impetus to go and change all my passwords.
    • by Thud457 (234763)
      well, seeing that their self-chosen moniker is lulzsec, I would assume that excludes the moralfags
  • By now I'm surprised there aren't actually several groups which have turned this whole thing into some kind of sport. It's certainly not for a lack of opportunities.

  • Does anything in the article indicate that they actually "hacked" anything? Doesn't it sound at least as feasible as anything that somebody from the inside leaked the source code and there was no network security breach as such at all? I've seen plenty of other things from this group to indicate that they are willing to make their successes out to be more impressive than they were, so it wouldn't really surprise me.

Kleeneness is next to Godelness.

Working...