Sony PlayStation hack: welcome to the modern world

The cyber-intrusion highlights a worrying trend. Are the bad guys winning?

News that Sony has brought in external investigators after the personal information of more than 100 million Sony online gamers was compromised in hacker attacks highlights a sombre reality: not even one of the world's most sophisticated technology companies can outwit the hackers in 2011.

Online gamers' disappointment at being denied access to Sony's PlayStation Network and Qriocity service while the hacks were investigated – robbing them of the privilege of being able to blast each other to bits in cyberspace – quickly turned to anger as Sony announced just what sort of information the hackers are thought to have gained access to. As the company put it:

We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility.

At least one lawsuit has already been launched in the US by a PSN user who claims Sony did not do enough to protect the private data of its customers, and the attorney generals for four US states have begun looking into the attack.

Here in the UK, the Information Commissioner, Christopher Graham, appears to be taking a strong stance for a change. He told BBC Radio 4's You and Yours programme that the matter looked like "a very significant breach of data protection law", though he will only be able to hit Sony with his potential fines of up to £500,000 if at least some of the compromised PSN data was stored in the UK.

Even then, while fines are all well and good, locked stable doors and bolting horses come to mind. Fining Sony will do nothing to reduce the risk of identity theft or fraud now faced by users of the PSN or Qriocity services, who Sony has kindly suggested should "remain vigilant to review your account statements and to monitor your credit or similar types of reports".

Missing and action

Identity theft is a real and growing problem. According to CIFAS, the UK's fraud prevention service, identity fraud increased by almost 10 per cent in the first nine months of 2010 compared to the same period in 2009. The number of victims of impersonation rose by 18.4 per cent.

It's easy to blame corporations like Sony for not investing in adequate security measures. But the hacking of servers run by the security firm RSA in March showx just how capable the bad guys – the hackers – are today.

RSA is not just a security specialist. Its authentication technology is specifically geared towards keeping the bad guys out of corporate networks, yet it still had to own up to a severe breach of its defences which could have compromised the security of authentication systems used by 40 million employees to access sensitive networks, both corporate and government.

The UK government has by no means an unblemished security record. In November 2007 two disks holding the personal details of all families in the UK with a child under the age of 16 went missing. The Child Benefit data on them included name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. The then chancellor, Alistair Darling, said there was no evidence that the data had gone to criminals, but urged people to monitor their bank accounts for unusual activity.

In September 2008, the Insolvency Service said the names, addresses and bank details of up to 400 directors of 122 firms were lost after four laptops were stolen. That same month, the Service Personnel and Veterans Agency lost three USB portable hard drives with details of 50,500 staff. A month later, the Ministry of Defence said that a hard drive being held by a contractor, containing 1.7 million records, was missing.

Hacked off

Insider threats and good old-fashioned carelessness are nothing new, and won't stop until people stop being human. Encryption and data loss prevention (DLP) technologies have come a long way, but there is no such thing as "100 per cent secure", and no technology in the world can prevent a malicious insider with the right level of access privileges from helping himself to a little sensitive data.

Yet the Sony and RSA hacks are more worrying, if anything, than a lost or stolen memory stick or laptop. These are the ominous signs that the bad guys - increasingly so, it seems - are outsmarting what should be some of the most secure defences.

As Andy Cordial, managing director of the secure storage systems firm Origin Storage, puts it: "There have been hacks of several corporates in recent weeks. Regardless of what caused these incursions, it is now clear that the database security systems in active use on both sides of the Atlantic are no longer sufficient."

Or, to put it another way: right now, the bad guys are winning.

Jason Stamper is technology correspondent of NS and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

Getty
Show Hide image

How Donald Trump is slouching towards the Republican nomination

There was supposed to be a ceiling above which Trump’s popular support could not climb.

In America, you can judge a crowd by its merchandise. Outside the Connecticut Convention Centre in Hartford, frail old men and brawny moms are selling “your Trump 45 football jerseys”, “your hats”, “your campaign buttons”. But the hottest item is a T-shirt bearing the slogan “Hillary sucks . . . but not like Monica!” and, on the back: “Trump that bitch!” Inside, beyond the checkpoint manned by the Transportation Security Administration and the secret service (“Good!” the man next to me says, when he sees the agents), is a family whose three kids, two of them girls, are wearing the Monica shirt.

Other people are content with the shirts they arrived in (“Waterboarding – baptising terrorists with freedom” and “If you don’t BLEED red, white and blue, take your bitch ass home!”). There are 80 chairs penned off for the elderly but everyone else is standing: guys in motorcycle and military gear, their arms folded; aspiring deal-makers, suited, on cellphones; giggling high-school fatsos, dressed fresh from the couch, grabbing M&M’s and Doritos from the movie-theatre-style concession stands. So many baseball hats; deep, bellicose chants of “Build the wall!” and “USA!”. (And, to the same rhythm, “Don-ald J!”)

A grizzled man in camouflage pants and combat boots, whose T-shirt – “Connecticut Militia III%” – confirms him as a member of the “patriot” movement, is talking to a zealous young girl in a short skirt, who came in dancing to “Uptown Girl”.

“Yeah, we were there for Operation American Spring,” he says. “Louis Farrakhan’s rally of hate . . .”

“And you’re a veteran?” she asks. “Thank you so much!”

Three hours will pass. A retired US marine will take the rostrum to growl, “God bless America – hoo-rah!”; “Uptown Girl” will play many more times (much like his speeches, Donald J’s playlist consists of a few items, repeated endlessly), before Trump finally looms in and asks the crowd: “Is this the greatest place on Earth?”

There was supposed to be a ceiling above which Trump’s popular support could not climb. Only a minority within a minority of Americans, it was assumed, could possibly be stupid enough to think a Trump presidency was a good idea. He won New Hampshire and South Carolina with over 30 per cent of the Republican vote, then took almost 46 per cent in Nevada. When he cleaned up on Super Tuesday in March, he was just shy of 50 per cent in Massachusetts; a week later, he took 47 per cent of the votes in Mississippi.

His rivals, who are useless individually, were meant to co-operate with each other and the national party to deny him the nomination. But Trump won four out of the five key states being contested on “Super-Duper Tuesday” on 15 March. Then, as talk turned to persuading and co-opting his delegates behind the scenes, Trump won New York with 60 per cent.

Now, the campaign is trying to present Trump as more “presidential”. According to his new manager, Paul Manafort, this requires him to appear in “more formal settings” – without, of course, diluting “the unique magic of Trump”. But whether or not he can resist denouncing the GOP and the “corrupt” primary system, and alluding to violence if he is baulked at at the convention, the new Trump will be much the same as the old.

Back in Hartford: “The Republicans wanna play cute with us, right? If I don’t make it, you’re gonna have millions of people that don’t vote for a Republican. They’re not gonna vote at all,” says Trump. “Hopefully that’s all, OK? Hopefully that’s all, but they’re very, very angry.”

This anger, which can supposedly be turned on anyone who gets in the way, has mainly been vented, so far, on the protesters who disrupt Trump’s rallies. “We’re not gonna be the dummies that lose all of our jobs now. We’re gonna be the smart ones. Oh, do you have one over there? There’s one of the dummies . . .”

There is a frenzied fluttering of Trump placards, off to his right. “Get ’em out! . . . Don’t hurt ’em – see how nice I am? . . . They really impede freedom of speech and it’s a disgrace. But the good news is, folks, it won’t be long. We’re just not taking it and it won’t be long.”

It is their removal by police, at Trump’s ostentatious behest, that causes the disruption, rather than the scarcely audible protesters. He seems to realise this, suddenly: “We should just let ’em . . . I’ll talk right over them, there’s no problem!” But it’s impossible to leave the protesters where they are, because it would not be safe. His crowd is too vicious.

Exit Trump, after exactly half an hour, inclusive of the many interruptions. His people seem uplifted but, out on the street, they are ambushed by a large counter-demonstration, with a booming drum and warlike banners and standards (“Black Lives Matter”; an image of the Virgin of Guadalupe, holding aloft Trump’s severed head). Here is the rest of the world, the real American world: young people, beautiful people, more female than male, every shade of skin colour. “F*** Donald Trump!” they chant.

After a horrified split-second, the Trump crowd, massively more numerous, rallies with “USA!” and – perplexingly, since one of the main themes of the speech it has just heard was the lack of jobs in Connecticut – “Get a job!” The two sides then mingle, unobstructed by police. Slanging matches break out that seem in every instance to humiliate the Trump supporter. “Go to college!” one demands. “Man, I am in college, I’m doin’ lovely!”

There is no violence, only this: some black boys are dancing, with liquid moves, to the sound of the drum. Four young Trump guys counter by stripping to their waists and jouncing around madly, their skin greenish-yellow under the street lights, screaming about the building of the wall. There was no alcohol inside; they’re drunk on whatever it is – the elixir of fascism, the unique magic of Trump. It’s a hyper but not at all happy drunk.

As with every other moment of the Trump campaign so far, it would have been merely some grade of the cringeworthy – the embarrassing, the revolting, the pitiful – were Trump not slouching closer and closer, with each of these moments, to his nomination. 

This article first appeared in the 28 April 2016 issue of the New Statesman, The new fascism