Sony PlayStation hack: welcome to the modern world

The cyber-intrusion highlights a worrying trend. Are the bad guys winning?

News that Sony has brought in external investigators after the personal information of more than 100 million Sony online gamers was compromised in hacker attacks highlights a sombre reality: not even one of the world's most sophisticated technology companies can outwit the hackers in 2011.

Online gamers' disappointment at being denied access to Sony's PlayStation Network and Qriocity service while the hacks were investigated – robbing them of the privilege of being able to blast each other to bits in cyberspace – quickly turned to anger as Sony announced just what sort of information the hackers are thought to have gained access to. As the company put it:

We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility.

At least one lawsuit has already been launched in the US by a PSN user who claims Sony did not do enough to protect the private data of its customers, and the attorney generals for four US states have begun looking into the attack.

Here in the UK, the Information Commissioner, Christopher Graham, appears to be taking a strong stance for a change. He told BBC Radio 4's You and Yours programme that the matter looked like "a very significant breach of data protection law", though he will only be able to hit Sony with his potential fines of up to £500,000 if at least some of the compromised PSN data was stored in the UK.

Even then, while fines are all well and good, locked stable doors and bolting horses come to mind. Fining Sony will do nothing to reduce the risk of identity theft or fraud now faced by users of the PSN or Qriocity services, who Sony has kindly suggested should "remain vigilant to review your account statements and to monitor your credit or similar types of reports".

Missing and action

Identity theft is a real and growing problem. According to CIFAS, the UK's fraud prevention service, identity fraud increased by almost 10 per cent in the first nine months of 2010 compared to the same period in 2009. The number of victims of impersonation rose by 18.4 per cent.

It's easy to blame corporations like Sony for not investing in adequate security measures. But the hacking of servers run by the security firm RSA in March showx just how capable the bad guys – the hackers – are today.

RSA is not just a security specialist. Its authentication technology is specifically geared towards keeping the bad guys out of corporate networks, yet it still had to own up to a severe breach of its defences which could have compromised the security of authentication systems used by 40 million employees to access sensitive networks, both corporate and government.

The UK government has by no means an unblemished security record. In November 2007 two disks holding the personal details of all families in the UK with a child under the age of 16 went missing. The Child Benefit data on them included name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. The then chancellor, Alistair Darling, said there was no evidence that the data had gone to criminals, but urged people to monitor their bank accounts for unusual activity.

In September 2008, the Insolvency Service said the names, addresses and bank details of up to 400 directors of 122 firms were lost after four laptops were stolen. That same month, the Service Personnel and Veterans Agency lost three USB portable hard drives with details of 50,500 staff. A month later, the Ministry of Defence said that a hard drive being held by a contractor, containing 1.7 million records, was missing.

Hacked off

Insider threats and good old-fashioned carelessness are nothing new, and won't stop until people stop being human. Encryption and data loss prevention (DLP) technologies have come a long way, but there is no such thing as "100 per cent secure", and no technology in the world can prevent a malicious insider with the right level of access privileges from helping himself to a little sensitive data.

Yet the Sony and RSA hacks are more worrying, if anything, than a lost or stolen memory stick or laptop. These are the ominous signs that the bad guys - increasingly so, it seems - are outsmarting what should be some of the most secure defences.

As Andy Cordial, managing director of the secure storage systems firm Origin Storage, puts it: "There have been hacks of several corporates in recent weeks. Regardless of what caused these incursions, it is now clear that the database security systems in active use on both sides of the Atlantic are no longer sufficient."

Or, to put it another way: right now, the bad guys are winning.

Jason Stamper is technology correspondent of NS and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

Getty
Show Hide image

The deafening killer - why noise will be the next great pollution scandal

A growing body of evidence shows that noise can have serious health impacts too. 

Our cities are being poisoned by a toxin that surrounds us day and night. It eats away at our brains, hurts our hearts, clutches at our sleep, and gnaws at the quality of our daily lives.

Hardly a silent killer, it gets short shrift compared to the well-publicised terrors of air pollution and sugars food. It is the dull, thumping, stultifying drum-beat of perpetual noise.

The score that accompanies city life is brutal and constant. It disrupts the everyday: The coffee break ruined by the screech of a line of double decker buses braking at the lights. The lawyer’s conference call broken by drilling as she makes her way to the office. The writer’s struggle to find a quiet corner to pen his latest article.

For city-dwellers, it’s all-consuming and impossible to avoid. Construction, traffic, the whirring of machinery, the neighbour’s stereo. Even at home, the beeps and buzzes made by washing machines, fridges, and phones all serve to distract and unsettle.

But the never-ending noisiness of city life is far more than a problem of aesthetics. A growing body of evidence shows that noise can have serious health impacts too. Recent studies have linked noise pollution to hearing loss, sleep deprivation, hypertension, heart disease, brain development, and even increased risk of dementia.

One research team compared families living on different stories of the same building in Manhattan to isolate the impact of noise on health and education. They found children in lower, noisier floors were worse at reading than their higher-up peers, an effect that was most pronounced for children who had lived in the building for longest.

Those studies have been replicated for the impact of aircraft noise with similar results. Not only does noise cause higher blood pressure and worsens quality of sleep, it also stymies pupils trying to concentrate in class.

As with many forms of pollution, the poorest are typically the hardest hit. The worst-off in any city often live by busy roads in poorly-insulated houses or flats, cheek by jowl with packed-in neighbours.

The US Department of Transport recently mapped road and aircraft noise across the United States. Predictably, the loudest areas overlapped with some of the country’s most deprived. Those included the south side of Atlanta and the lowest-income areas of LA and Seattle.

Yet as noise pollution grows in line with road and air traffic and rising urban density, public policy has turned a blind eye.

Council noise response services, formally a 24-hour defence against neighbourly disputes, have fallen victim to local government cuts. Decisions on airport expansion and road development pay scant regard to their audible impact. Political platforms remain silent on the loudest poison.

This is odd at a time when we have never had more tools at our disposal to deal with the issue. Electric Vehicles are practically noise-less, yet noise rarely features in the arguments for their adoption. Just replacing today’s bus fleet would transform city centres; doing the same for taxis and trucks would amount to a revolution.

Vehicles are just the start. Millions were spent on a programme of “Warm Homes”; what about “Quiet Homes”? How did we value the noise impact in the decision to build a third runway at Heathrow, and how do we compensate people now that it’s going ahead?

Construction is a major driver of decibels. Should builders compensate “noise victims” for over-drilling? Or could regulation push equipment manufacturers to find new ways to dampen the sound of their kit?

Of course, none of this addresses the noise pollution we impose on ourselves. The bars and clubs we choose to visit or the music we stick in our ears. Whether pumping dance tracks in spin classes or indie rock in trendy coffee shops, people’s desire to compensate for bad noise out there by playing louder noise in here is hard to control for.

The Clean Air Act of 1956 heralded a new era of city life, one where smog and grime gave way to clear skies and clearer lungs. That fight still goes on today.

But some day, we will turn our attention to our clogged-up airwaves. The decibels will fall. #Twitter will give way to twitter. And every now and again, as we step from our homes into city life, we may just hear the sweetest sound of all. Silence.

Adam Swersky is a councillor in Harrow and is cabinet member for finance. He writes in a personal capacity.