How Sony Really Dropped the Ball
Have you been wondering why Sony was targeted so heavily by hackers? I'll go through what happened at the beginning to set this all off, how it happened, and my personal take on Sony's response.
Once Upon a Time
Before all this started, Sony had a pretty good reputation with the bulk of the gaming community. They really warmed up to Sony in the PlayStation and PlayStation 2 da ys, but when it came to the PS3 there were some stumbling blocks. Starting with a price point that many saw as much too high, Sony struggled.
First year sales of the PS3 were comparable to those of the Microsoft Xbox, but most media outlets focused on the differences in sales at a particular date. Sony knew that their sales were normal and what they expected, but tunnel vision from the media caused Sony confident attitudes to seem a bit out of touch. Still, to the consumers that were fans of Sony already, the company was moving forward and everyone could see a lot of potential.
Fast Forward to 2010
In January 2010, Geohot first made his presence known in the PS3 community at large. Already known for jailbreaking the iPhone, he reported that he was able to hack the PS3. Using the OtherOS feature of the PS3, he was able to access the locked parts of the internal memory, and over the next month he increased his access to the system and was able to access the GameOS itself.
By the next month Sony was already responding by adding a new 'feature' to the next firmware of the PS3; removal of the OtherOS. This was the first time that Sony had really upset a large part of the PS3 community. They gave gamers a choice - Linux or games. New games were being released that forced people to have the new firmware installed, so for most people it wasn't much of a choice. Annoyed, people upgraded to the new firmware. The new firmware was also built into the new Slim model of the PS3 when it came out a few months later.
Too Little Too Late
Sony hoped that this bold move would put the entire issue behind them - even if it didn't sit right with gamers. However, the one thing you don't tell a hacker is that they're no longer allowed to do something. Before Sony's lockdown, it was possible to fiddle in the Linux sandbox as much as you wanted, within Sony's previous limits.
It was open enough that ordinary consumers could play with it and hackers felt the system was open enough to preform homebrew. Hackers didn't feel compelled to see deep within the system and access all of the PS3's secrets. They moved onto what they felt were challenges they could compete against others in and feel more accomplished while doing it. While technically you could use it as a computer, it wasn't a very good one for a normal user.
For the hackers it was open enough that they didn't feel justified in spending time on it until one particular hacker wanted to do something specific with it. After Sony put up the wall and said no one could look behind the curtain however, some people could think of nothing else except getting the full show of what Sony was hiding.
The Battle Begins
Several months later, in August 2010, the PS3 showed once again how vulnerable it could be when the first USB dongle was released for the 3.41 Firmware. This dongle was specifically designed to allow copied games to be played for the PS3. Sony responded quickly by releasing a new firmware that stopped the exploit. This is quickly shown to be far from enough as the PS3 hacks proceeded to get worse.
Over the next several months a back and forth battle began between Sony and the people that wanted to crack the PS3. Firmware downgrading became possible, spoofing of legitimate software allowed access to the PlayStation Network, and Sony fought back with new firmware and blocking of people from the PSN. With the start of the new year however, things took a major turn.
On Jan 2nd 2011 Geohot returned to the scene and released the master key into the wild. Although his jailbreak did not allow pirated games, more and more information was getting released and more of the keys were being accessed. In less than a week other hackers took that information and with custom firmware allowed backups to be played. Two days after that, Sony sued George Hotz. Claiming that he was promoting piracy and distributing software that allowed piracy to the public, Sony started down the road of sending everything that they could muster at George Hotz. This was soon expanded to Graf_Chokolo in Europe.
The Worm Turns
While Sony might have felt like they were under attack as they perused legal action against Geohot and Graf_Chokolo, the tactics that they were using were starting to enrage the group known as "Anonymous". Forming an attack with the code name 'Operation Sony' the Anonymous group began preparations for their assault on Sony's servers.
Starting on April 2nd, Anonymous started to attack various locations that were owned by Sony. Likely in the works before Anonymous even started its protest, on April 11th Sony settled its case out of court with George Hotz with the details being highly muzzled. Sony was still on the war path with Graf_Chokolo however, and on the 13th Anonymous announced a day of protest against Sony once again. The attack was launched, and the PSN went down.
The protest didn't go on for long however, as it affected the users more than Sony, but by that time the damage was done. Days later Sony detected a possible breach and shut the PSN down while it investigated. A week later, Sony announced that it had been breached. The PSN stayed down for weeks, and Sony was hit again and again with attacks.
Good Will Lost
No one can really blame Sony for being hacked. It’s something that happens, and no one can prevent it. There is no system that cannot be broken into. While people would like to say they didn't respond fast enough, it’s better than keeping quiet for months like some other companies.
Some people are upset by the amount of stuff Sony is giving out, but I view it as a peace offering more than a payoff. Yes, the free games that you get outright are old and could even be seen as promotional. And yes, the free games you get from your 30 day PlayStation Plus subscription will only be available for the month you have the subscription. You'll only have a short time to watch the movies too.
It might not be something that all consumers would like, but Sony will never please everyone. The place where they lost my good will however was in their communication and how they handled my data.
My Take on Things
In the initial communications, it wasn't clear if either my credit card information or my password was safe. Suddenly I had to change all my passwords and make sure either to cancel my card or just monitor it closely.
While the rest of my information is probably being bought and sold by companies all the time, my date of birth isn't something I give out lightly, and having that stored in plain text is also an issue. Just the month and year would have served the same purpose but would have been of limited use to a hacker. I'm not going to sell my PS3, or stop using the PSN.
Sony has lost a lot of respect over these last few years, but I'm willing to give them a chance. Whatever happens next, for me, Sony has really dropped the ball on this one. I only hope that they're going to work hard to earn back the trust and respect that they've lost from a lot of people out there.