Sony Reels from Multiple Hacker Attacks This may very well be a story with which

Question

Sony Reels from Multiple Hacker Attacks

This may very well be a story with which you are personally familiar. Between April 17, 2011, and April 19, 2011, the Sony PlayStation Network (PSN) was hacked. Personally identifiable information (PII) on some 77 million users was compromised. On April 20, Sony announced that it was taking down the PSN site, preventing owners of PlayStation 3 and PlayStation Portable consoles from participating in any online activities on the PSN network. What followed is a story you cannot make up.

The outage lasted for approximately 23 days, until May 15, when Sony began bringing some gaming services back online on a country-by-country basis starting with North America. During the 23-day outage, Sony postured, hoping to downplay the significance of the breach. At first, Sony understated the number of user records compromised. Periodically, Sony stated that it had the situation under control, that it had developed a clear and concise strategy for bringing services back online, and that things would be up and running within a few days.

In the end, Sony admitted that its PlayStation Network had been the target of one of the largest data breaches ever. It offered free game time for returning customers and other perks. It even announced that it was paying for $1 million in identity theft insurance for each of its compromised users. The insurance was to last for 12 months and include Internet surveillance and complete identity repair in the event of identity theft and fraudulent use. Sony estimated that the cost of the PSN outage would be $177 million.

Lawsuits quickly followed. On April 27, 2011, Kristopher Johns filed a class-action lawsuit on behalf of all PlayStation users. His lawsuit alleged many things including: (1) Sony failed to encrypt data, (2) Sony failed to provide prompt and adequate warnings of a security breach to users, and (3) Sony created unreasonable delays in bringing PSN services back online. A similar lawsuit was filed in Canada by Natasha Maksimovic. She sought $1 billion (Canadian dollars) in damages which included free credit monitoring and identity theft insurance. The lawsuit contained the following quote: “If you can't trust a huge multinational corporation like Sony to protect your private information, who can you trust? It appears to me that Sony focuses more on protecting its games than its PlayStation users.”

But Sony's hacker troubles didn't end there. On May 3, 2011, in the middle of attempting to bring its PSN services back online, Sony Online Entertainment was hacked. With this breach, another 24.6 million user records were compromised. Sony stated that it believed the two hacks were related. Then, on June 2, 2011, the SonyPictures.com Web site was hacked, further compromising unencrypted password and personally identifiable information.42,43,44,45,46,47

Questions

Page 253

Do some research on the Sony PSN debacle. What are the new cost estimates for the incident? How many customers have left Sony because of the incident? Have there been any reports of fraudulent use of identities obtained from the hack? Has Sony's PlayStation Network been hacked again?

Gaming and virtual services on the Internet, like Sony's PSN, World of Warcraft, and Second Life, boast millions of users. For each user, the service must store credit card information and personally identifiable information. What must these organizations do to protect the private information of their customers? Is it even reasonable to assume that any organization can have protection measures in place to stop the world's best hackers?

If an extremely intelligent hacker is caught by a law enforcement agency, should that hacker be prosecuted and sent to jail? Is there perhaps a way that the hacker might be “turned” for the good of the digital world? What would that be?

Every survey taken of businesses regarding data breaches has found that many businesses are reluctant to publicly announce a data breach. Further, most businesses will downplay the significance of the breach. Why do organizations behave like this? What is there to gain by not operating in a transparent fashion? Is this an ethical issue, a legal issue, or both?

What's your personal identity theft story? Has someone used your credit card fraudulently? How many phishing e-mails have you received in the last year? How often do you check your credit report?

Explanation / Answer

Question:- Do some research on the Sony PSN debacle. What are the new cost estimates for the incident? How many customers have left Sony because of the incident? Have there been any reports of fraudulent use of identities obtained from the hack? Has Sony’s PlayStation Network been hacked again?

Answer:- About a sum of $170 million was the estimated cost for Sony in 2011 when Sony PSN was hacked. Most of the customers were planning to leave Sony PSN due to huge data breach which was restored after a long time of 23 days. Almost 9% of total Sony’s customers were having the decision of leaving Sony PSN service and they opted other gaming services for example Wii online gaming services, Xbox Live. There was no report in which any kind of fraudulent credit card was used or any identity fraud was conducted related to Sony data hack. In fact, in the year 2014, the company again witnessed the incidences of hacking after the rejection of service drop down their servers. The company maintained that there was no incident of customer data breach after 2014 hack.

Question:- Gaming and virtual services on the Internet, like Sony’s PSN, World of Warcraft, and Second Life, boast millions of users. For each user, the service must store credit card information and personally identifiable information. What must these organizations do to protect the private information of their customers? Is it even reasonable to assume that any organization can have protection measures in place to stop the world’s best hackers?

It was quite shocking to know that server encryption method was not used by some of the organizations despite no actual cost incurred in this activity. The company has only to enable this service, In fact, I came to my notice that Sony has provided hypertext transfer protocol on its PSN network as it prompted me before the credentials and facilitating me to see anything on the network. In fact, this was also reflected on the web browser. It is very important for the organization to implement the most advanced intrusion preventive methods and firewalls along with many proxies so that any attempt of possible hacking can be neglected. It is not possible for the organizations to stop all types of attacks but at least they can make sure that it is quite tough for the hackers to hack any sort of data.

Question:- If an extremely intelligent hacker is caught by a law enforcement agency, should that hacker be prosecuted and sent to jail? Is there perhaps a way that hacker might be “turned” for the good of the digital world? What would that be?

I think if law enforcement agencies catch any hacker then the talent of the hacker must be used in order to bring down the other black hat hackers. In fact, a settlement can be facilitated by these agencies to become the white hacker to assist these agencies in order to catch black hat hacker. This is a good strategy as many countries use the hackers to hack many official and government websites he country lacks the sufficient number of white hat hackers and thus these people should not be prosecuted for minor hacks. In fact, their talent can be used.

Question:- According to each and every survey taken of businesses regarding data breaches, each one states that many businesses are reluctant to publicly announce a data breach. Further, most businesses will downplay the significance of the breach. Why do organizations do this? What is there to gain by not operating in a transparent fashion? Is this an ethical issue, a legal issue, or both?

The attempts are made by the organization to avoid any kind of data breaches from leaking as when this news goes to the public then almost all think that something very bad is about to happen. This also leads a negative customer relationship with the organization as most of the customer can question the ability of the company to protect their data. These types of data breach are not given due significance by the firms as in most of the cases, these data breaches do not result in any sort of harm to the customer’s personal data. If there is no major suffering for Sony from such a major data hacking then they can try to downplay it as they were trying to do so initially.

Question:- What’s your personal identity theft story? Has someone used your credit card fraudulently? How many phishing e-mails have you received in the last year? How often do you check your credit report?

I was lucky that I did not face any sort of data hacking. None of my credit cards were used fraudulently. Although a lot of phishing emails are received by me on daily basis on my Yahoo and other email accounts. I think the server of Yahoo gets mass phishing email in comparison to others. I never try to read these emails as many can be identified quite easily. In fact, I try to inform the whole of my family about how to be cautious with these phishing emails. The credit reports are examined at least once a month. The services of Credit Karma can be used which provides free of cost services about credit score.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.