10 Biggest Tech Cover-Ups: Shut Up and Act Like Nothing's Wrong

Like any industry, high tech has its share of scandals. But they are invariably made worse by companies that react to bad news by hoping no one will notice. As the saying goes, it's not the crime, it's the cover-up that kills you.

"People say, 'I'll just sit here with my mouth shut and not answer the phone, and eventually it will go away,'" says Richard Laermer, principal for RLM Public Relations and author of 2011: Trendspotting for the Next Decade. "If they just spoke up, they'd save their companies headaches and money."

Sony, of course, is the most recent example. It suffered a major security breach of its PlayStation Network and its Qriocity network on April 19. The company didn't disclose that officially until the U.S. subsidiary issued a statement on April 26. The company issued full details and apologized on May 1. But Sony isn't alone.

The growth of blogs, Twitter, and other 24/7 news streams has made keeping secrets much harder, which is why so many scandals seem to have happened in the past few years. It's not that more scandals are breaking out--they're just more difficult to hide.

Here are 10 of the biggest high-tech scandals of the past 20 years, made worse by companies trying to keep the lid on. And special kudos to Apple and Sony: Each made our list twice.

Intel: Divided and Conquered (1994)

When Lynchburg College math professor Thomas Nicely told Intel in October 1994 that its Pentium chips were producing inaccurate results, the company quietly replaced his defective chips and hoped that nobody else would notice. Wrong. Three weeks later, the Pentium FDIV bug made international headlines. A month after that, Intel was forced to issue a recall that cost the company some $475 million, not to mention its reputation.

Even worse: As he writes in his summary of the incident, Nicely says Intel admitted that it had first identified the bug six months earlier and did nothing about it.

The flawed chip was later made into a keychain and given to Intel employees, along with an inscription by Andy Grove: "Bad companies are destroyed by crises; good companies survive them; great companies are improved by them." Still, that's not nearly as catchy as the more popular slogan the bug inspired: "Intel Inside: Can't Divide."

(Image: Courtesy of Chipdb.org)

Iomega: Click Click, You're Dead (1998)

Iomega Zip disks and drives
Before USB flash drives, the only way to carry more than a floppy's worth of data in your pocket was via an
Iomega Zip disk. But woe unto those who heard the click of death--an audible signal that the Zip drive's head was misaligned, which was followed shortly thereafter by the destruction of data on those 100MB disks.

Though the phrase "click of death" hit public consciousness in January 1998, it had been a subject of heated discussion for over a year on Iomega newsgroups. Yet Iomega took until February 1998 to acknowledge the problem, and only after a class-action lawsuit was filed did it agree to replace all affected Zip drives, not just those purchased within the previous year.

Then what did Iomega do? It began selling a new, even smaller portable storage device called--wait for it--Clik (later renamed the PocketZip). It too died an untimely, though less noisy, death.

Sony: The Rootkit of All Evil (2005)

Sony BMG rootkit
If you played a CD from Celine Dion, Neil Diamond, or any of two dozen other Sony BMG artists on your computer in the mid-2000s, your PC probably got infected with malware. That's because Sony had the bright idea of secretly installing a rootkit--a hackers' tool designed to hide malware--to cloak the existence of its digital rights management software.

Security researcher Mark Russinovich posted a blog entry detailing the secret Sony rootkit on October 31, 2005. (Security vendor F-Secure later revealed that it had notified Sony of the rootkit weeks before Russinovich spilled the beans.) The company's response? "Most people don't even know what a rootkit is, so why should they care about it?" Sony BMG executive Thomas Hesse told NPR.

On the stupid scale, this was cranking the meter up to 11. Once a rootkit is installed, any smart malware author can take advantage of it (and one did, nine days after Sony's kit became public). A few days after Russinovich's post, Sony issued a statement downplaying the risks, and distributed a service pack to remove the rootkit. It didn't work. Two weeks later, the company vowed to stop distributing CDs with rootkits on them, but by then lawsuits were already being filed. Sony BMG eventually was forced to pay nearly $6 million to settle cases brought by 40 states, as well as to pay fines to the FTC.

Two years later, F-Secure found another rootkit on a Sony product, a biometric-secured USB drive. Once you turn the stupid meter up to 11, it's hard to turn it back down.

TJX: Hacked to the Maxx (2005)

TJX hack
In January 2007, the parent company of the TJ Maxx, Marshalls, and HomeGoods retail chains admitted that its porous Wi-Fi network had been hacked, and that personal information for more than 45 million customers had been stolen. Although TJX said it first detected the intrusion in December 2006, it later admitted that it had been hacked as early as July 2005--or a year after an internal security audit had revealed "serious deficiencies" in its systems--and that the total number of victims was over 90 million.

The bigger cover-up? The mastermind of the TJX intrusion, as well as the theft of some 100 million credit card numbers from Heartland Payment Systems, was a paid Secret Service informant. According to Wired.com's Threat Level blog, 29-year-old hacker Albert Gonzales was earning $75,000 a year by helping the Feds track down cyberbaddies--chicken feed compared with the millions he is suspected of earning from black-market credit card sales. Gonzales is appealing his 20-year sentence, claiming that he performed the TJX and Heartland hacks at the behest of the government. If that doesn't work, he can always wait for Oliver Stone to buy the movie rights.

Next: HP, Dell, Amazon, and Apple join the club.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Security Watch Newsletter

Comments