Security

PlayStation Hacker: Sony Has Only Itself to Blame for Breach

The hacker who has received widespread grassroots support after being sued by Sony for posting code that can jailbreak Sony PlayStation consoles blamed the company's recent data breach on executive-level arrogance.

George Hotz is now barred from hacking Sony products, but he's still happy to blog about the company and point out what he sees as an institutional misunderstanding of the hacker culture.

Sony's latest problems -- the company responding to what could be one of the largest data breaches in history -- lie with heavy-handed corporate management more interested in prosecuting its customers than protecting their data,

Hotz said Thursday in a blog post.

"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts," said Hotz, who settled his lawsuit with Sony just days before the PlayStation Network online gaming service was hacked. "Alienating the hacker community is not a good idea."

Hotz, already famous for jailbreaking the iPhone, became a hacker icon after Sony's legal department used heavy-handed tactics, including asking the court for permission to view the Internet Protocol addresses of people who visited his website, apparently to discourage users from downloading and distributing this type of software.

The battle between Hotz and Sony illustrates the growing tensions between rights of the corporations that build products and the consumers who own them -- in particular, hacker enthusiasts who want to modify devices that they have legitimately purchased.

Hotz hacked the PlayStation so that it could run the Linux OS. Sony claimed that his software violated the U.S. Digital Millennium Copyright Act, which prohibits the reverse-engineering of encryption protections.

When Sony's online networks went offline last week, some thought that they might have been attacked in retaliation for Sony's prosecution of Hotz.

In his blog post, Hotz said that he had nothing to do with the attack. "I'm not crazy, and would prefer to not have the FBI knocking on my door," he wrote. "Running homebrew and exploring security on your devices is cool, hacking into someone else's server and stealing databases of user info is not cool."

Sony's PlayStation Network and its Qriocity music subscription service both went offline last Wednesday. On Tuesday of this week, the company acknowledged that consumer data was stolen in a criminal intrusion, possibly including credit card numbers. Although Sony hasn't said how many customers are affected, that number could be in the tens of millions.

The services could be offline for another week as the Sony scrambles to contain the damage and restore its systems.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Subscribe to the Security Watch Newsletter

Comments