Sony PlayStation hack: welcome to the modern world

The cyber-intrusion highlights a worrying trend. Are the bad guys winning?

News that Sony has brought in external investigators after the personal information of more than 100 million Sony online gamers was compromised in hacker attacks highlights a sombre reality: not even one of the world's most sophisticated technology companies can outwit the hackers in 2011.

Online gamers' disappointment at being denied access to Sony's PlayStation Network and Qriocity service while the hacks were investigated – robbing them of the privilege of being able to blast each other to bits in cyberspace – quickly turned to anger as Sony announced just what sort of information the hackers are thought to have gained access to. As the company put it:

We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility.

At least one lawsuit has already been launched in the US by a PSN user who claims Sony did not do enough to protect the private data of its customers, and the attorney generals for four US states have begun looking into the attack.

Here in the UK, the Information Commissioner, Christopher Graham, appears to be taking a strong stance for a change. He told BBC Radio 4's You and Yours programme that the matter looked like "a very significant breach of data protection law", though he will only be able to hit Sony with his potential fines of up to £500,000 if at least some of the compromised PSN data was stored in the UK.

Even then, while fines are all well and good, locked stable doors and bolting horses come to mind. Fining Sony will do nothing to reduce the risk of identity theft or fraud now faced by users of the PSN or Qriocity services, who Sony has kindly suggested should "remain vigilant to review your account statements and to monitor your credit or similar types of reports".

Missing and action

Identity theft is a real and growing problem. According to CIFAS, the UK's fraud prevention service, identity fraud increased by almost 10 per cent in the first nine months of 2010 compared to the same period in 2009. The number of victims of impersonation rose by 18.4 per cent.

It's easy to blame corporations like Sony for not investing in adequate security measures. But the hacking of servers run by the security firm RSA in March showx just how capable the bad guys – the hackers – are today.

RSA is not just a security specialist. Its authentication technology is specifically geared towards keeping the bad guys out of corporate networks, yet it still had to own up to a severe breach of its defences which could have compromised the security of authentication systems used by 40 million employees to access sensitive networks, both corporate and government.

The UK government has by no means an unblemished security record. In November 2007 two disks holding the personal details of all families in the UK with a child under the age of 16 went missing. The Child Benefit data on them included name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. The then chancellor, Alistair Darling, said there was no evidence that the data had gone to criminals, but urged people to monitor their bank accounts for unusual activity.

In September 2008, the Insolvency Service said the names, addresses and bank details of up to 400 directors of 122 firms were lost after four laptops were stolen. That same month, the Service Personnel and Veterans Agency lost three USB portable hard drives with details of 50,500 staff. A month later, the Ministry of Defence said that a hard drive being held by a contractor, containing 1.7 million records, was missing.

Hacked off

Insider threats and good old-fashioned carelessness are nothing new, and won't stop until people stop being human. Encryption and data loss prevention (DLP) technologies have come a long way, but there is no such thing as "100 per cent secure", and no technology in the world can prevent a malicious insider with the right level of access privileges from helping himself to a little sensitive data.

Yet the Sony and RSA hacks are more worrying, if anything, than a lost or stolen memory stick or laptop. These are the ominous signs that the bad guys - increasingly so, it seems - are outsmarting what should be some of the most secure defences.

As Andy Cordial, managing director of the secure storage systems firm Origin Storage, puts it: "There have been hacks of several corporates in recent weeks. Regardless of what caused these incursions, it is now clear that the database security systems in active use on both sides of the Atlantic are no longer sufficient."

Or, to put it another way: right now, the bad guys are winning.

Jason Stamper is technology correspondent of NS and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

Show Hide image

Brexit confusion is scuppering my show – what next?

My week, from spinning records with Baconface, Brexit block and visiting comedy graves.

I am a stand-up comedian, and I am in the process of previewing a new live show, which I hope to tour until early 2018. It was supposed to be about how the digital, free-market society is reshaping the idea of the individual, but we are in the pre-Brexit events whirlpool, and there has never been a worse time to try to assemble a show that will still mean anything in 18 months’ time.



A joke written six weeks ago about dep­orting eastern Europeans, intended to be an exaggeration for comic effect, suddenly just reads like an Amber Rudd speech – or, as James O’Brien pointed out on LBC, an extract from Mein Kampf.

A rude riff on Sarah Vine and 2 Girls 1 Cup runs aground because there are fewer people now who remember Vine than recall the briefly notorious Brazilian video clip. I realise that something that gets a cheer on a Tuesday in Harrogate, or Glasgow, or Oxford, could get me lynched the next night in Lincoln. Perhaps I’ll go into the fruit-picking business. I hear there’s about to be some vacancies.



I sit and stare at blocks of text, wondering how to knit them into a homogeneous whole. But it’s Sunday afternoon, a time for supervising homework and finding sports kit. My 11-year-old daughter has a school project on the Victorians and she has decided to do it on dead 19th-century comedians, as we had recently been on a Music Hall Guild tour of their graves at the local cemetery. I wonder if, secretly, she wished I would join them.

I have found living with the background noise of this project depressing. The headstones that she photographed show that most of the performers – even the well-known Champagne Charlie – barely made it past 40, while the owners of the halls outlived them. Herbert Campbell’s obelisk is vast and has the word “comedian” written on it in gold leaf, but it’s in the bushes and he is no longer remembered. Neither are many of the acts I loved in the 1980s – Johnny Immaterial, Paul Ramone, the Iceman.



I would have liked to do some more work on the live show but, one Monday a month, I go to the studios of the largely volunteer-run arts radio station Resonance FM in Borough, south London. Each Wednesday night at 11pm, the masked Canadian stand-up comedian Baconface presents selections from his late brother’s collection of 1950s, 1960s and 1970s jazz, psychedelia, folk, blues and experimental music. I go in to help him pre-record the programmes.

Baconface is a fascinating character, whom I first met at the Cantaloupes Comedy Club in Kamloops in British Columbia in 1994. He sees the radio show as an attempt to atone for his part in his brother’s death, which was the result of a prank gone wrong involving nudity and bacon, though he is often unable to conceal his contempt for the music that he is compelled to play.

The show is recorded in a small, hot room and Baconface doesn’t change the bacon that his mask is made of very often, so the experience can be quite claustrophobic. Whenever we lose tapes or the old vinyl is too warped to play, he just sits back and utters his resigned, philosophical catchphrase, “It’s all bacon!” – which I now find myself using, as I watch the news, with ­depressing regularity.



After the kids go to sleep, I sit up alone and finally watch The Lady in the Van. Last year, I walked along the street in Camden where it was being filmed, and Alan Bennett talked to me, which was amazing.

About a month later, on the same street, we saw Jonathan Miller skirting some dog’s mess and he told me and the kids how annoyed it made him. I tried to explain to them afterwards who Jonathan Miller was, but to the five-year-old the satire pioneer will always be the Shouting Dog’s Mess Man.



I have the second of the final three preview shows at the intimate Leicester Square Theatre in London before the new show, Content Provider, does a week in big rooms around the country. Today, I was supposed to do a BBC Radio 3 show about improvised music but both of the kids were off school with a bug and I had to stay home mopping up. In between the vomiting, in the psychic shadow of the improvisers, I had something of a breakthrough. The guitarist Derek Bailey, for example, would embrace his problems and make them part of the performance.



I drank half a bottle of wine before going on stage, to give me the guts to take some risks. It’s not a long-term strategy for creative problem-solving, and that way lies wandering around Southend with a pet chicken. But by binning the words that I’d written and trying to repoint them, in the moment, to be about how the Brexit confusion is blocking my route to the show I wanted to write, I can suddenly see a way forward. The designer is in, with samples of a nice coat that she is making for me, intended to replicate the clothing of the central figure in Caspar David Friedrich’s 1818 German masterpiece Wanderer Above a Sea of Fog.



Richard Branson is on the internet and, just as I’d problem-solved my way around writing about it, he’s suggesting that Brexit might not happen. I drop the kids off and sit in a café reading Alan Moore’s new novel, Jerusalem. I am interviewing him about it for the Guardian in two weeks’ time. It’s 1,174 pages long, but what with the show falling apart I have read only 293 pages. Next week is half-term. I’ll nail it. It’s great, by the way, and seems to be about the small lives of undocumented individuals, buffeted by the random events of their times.

Stewart Lee’s show “Content Provider” will be on in London from 8 November. For more details, visit:

This article first appeared in the 27 October 2016 issue of the New Statesman, American Rage