Hackers Who Hit Sony Now Breach Nintendo's U.S. Website

[jeffro11]

Wow look! Someone with an opinion! Good for you!

OK heres the deal with hackers of this caliber. These people are not typical angst teens; these people are typically software developers and/or security analysts. A lot of their "work" which many deem illegal is to hack systems. Many times to get a job like a security analyst/specialist is to gain notoriety by doing just this. Hack systems.

Without these hackers proving system are never bullet proof we would be lead to believe were safe. Everyone in this world takes everything for granted. We are not safe, we will never be... But we can be SAFER. This point is KEY

This forum software were using right now, phpBB, has been hacked countless times. EACH time it happens and the exploit is released (yeah, the hackers typically release the information on how they "got in") the exploit gets patched. This is a good thing. Sure it fucking sucks if its your company/website or whatever you have. But if it weren't for these people your "secure" software would be be like a cheese grater.

Opinion time:
Now on the flip-side.... As for releasing sensitive information, this group should be chastised. There is a fine line between doing harm and helping create a safer experience for all. They have crossed it. But don't color all the "hackers" with the same color. It's unfair.

[YoshiEgg25]

If they were truly simply trying to prove Sony's vulnerability, there are other, LEGAL, ways of voicing this concern. These people were not trying to help anyone but themselves. Granted, Sony's apparent lack of effective security and their seemingly poor response to the crisis are bad marks against them to be sure. But to try and downplay the ILLEGAL and malicious nature of what these hackers did by pointing out the silver lining is not only wrong, but its a pretty tired argument that's been tried too many times already.

You make it sound so cut and dry. You can tell a company it's not secure until you're blue in the face, but it won't believe you until it's been breached.

Same thing with my dad's job as an environmental consultant; you can tell the companies that they need to have a professional to get their EPA licenses, but they'll use someone in-house that isn't trained to deal with the EPA until they go after them for not having the right license.

[Segatari2002]

Wow look! Someone with an opinion! Good for you!

Can't help but think this first sentence was meant to come across with a little bit of that "biting sarcasm" that people like to throw around when the feel strongly about a certain topic. To this I'll just point how ironic it is that so many people are perfect defenders of free speech until the moment they are actually faced with an opinion different than their own. And you are entitled to your opinion sir but I didn't speak down and condescending to you or anyone else and therefore don't really see the purpose of speaking to me in that manner.

But on to the rest of your argument, if I may...

OK heres the deal with hackers of this caliber. These people are not typical angst teens; these people are typically software developers and/or security analysts. A lot of their "work" which many deem illegal is to hack systems. Many times to get a job like a security analyst/specialist is to gain notoriety by doing just this. Hack systems.

I didn't say they were "typical angst teens", quite the opposite in fact. I know that the skills it took to invade a network as vast and complex as Sony's took a considerable amount of skill and talent to do so. But it's not work and it's not just something I "deem" illegal. IT IS ILLEGAL. Theses people, whoever they are, broke into a network that they had not built, they had not maintained, and they had not payed for! Yes that's right, I said it! None of the users of the PSN payed for its construction. The system was built and payed for by Sony! All you get when you choose "accept" on that EULA is a right to LIMITED access. Basically you get to use the network in whatever way Sony deems agreeable for you to do so. And if your attacking this network when you do not work as a security analyst for the parent company, THAT'S NOT WORK. Name one other job in the whole world that requires you to first break the law on your own time to secure the job interview. And as for notoriety, I'm sure we've all heard a story about some hacker, somewhere who first hacked a system, and was then offered a job at the company to help with their security, but it doesn't change the criminal element of the act. Frank Abagnale Jr. had a rather fruitful career as a analyst helping the F.B.I. catch some of the last century's most elusive money forgers. Remember how he learned his craft? He was the money forger the feds caught first. Doesn't change his criminal acts into non criminal acts, he still had to do his jail time for breaking the law just like everybody else.

Without these hackers proving system are never bullet proof we would be lead to believe were safe. Everyone in this world takes everything for granted. We are not safe, we will never be... But we can be SAFER. This point is KEY

I'm not so sure I like the path this train of thought leads too. Are you suggesting that because NO system is ever 100% foolproof, that we should therefore ENCOURAGE individuals to attack these systems for their own purposes, just to show how weak they are? I hate to use such a tired cliche as this next one, but by that logic...Because a terrorist armed with a bomb could possibly get through security, we should encourage more of them to try it.

This forum software were using right now, phpBB, has been hacked countless times. EACH time it happens and the exploit is released (yeah, the hackers typically release the information on how they "got in") the exploit gets patched. This is a good thing. Sure it fucking sucks if its your company/website or whatever you have. But if it weren't for these people your "secure" software would be be like a cheese grater.

Let's be real candid here. I have a hard time believing these people had my best interests at heart. They are not releasing the info of how they attacked the systems so that people will wake up and see how vulnerable it is. THEY ARE BRAGGING! These are people, who for whatever reason, have decided that the most enjoyable and fulfilling thing they can do with their time and obvious intelligence, is to systematically break and destroy another persons creation and hard work. So the system is flawed as it stands. You know what flaws it even more? When it has to be taken offline completely due to these types of attacks. Now a system that needed some tweaks and service but was otherwise functioning, is instead nonexistent. And quit trying to elevate these types to the level of some sort of folk hero. They weren't doing this to help improve Sony, they were doing it for their own purposes and advances. Their are whole companies in this world whose sole job is to review and attempt to break online networks to ensure they are secure. Those are the people who are constructively using their talent to improve things for the rest of us. Not the one who did it just to prove that they could. Or worse, to somehow personally gain from the information they illegally had access too. When I signed the EULA, I was consenting that SONY had a right to view the information I provided, not everyone who happened to have a computer and some sort of self righteous cause.

[AppleQueso]

Uh, you realize that pretty much all of us agree that the PSN hackers defeated any 'cause' they might've had by releasing the private info they took, right? We're not defending these specific hackers, we're trying to inform you that not all hackers =/= the PSN guys and identity thieves.

Companies are dense, really dense. They won't fix a severely flawed security system until it's actually broken into, doesn't matter how much you try and simply tell them why it's vulnerable. It has to be demonstrated, otherwise they usually won't consider it any kind of real concern.

Their are whole companies in this world whose sole job is to review and attempt to break online networks to ensure they are secure. Those are the people who are constructively using their talent to improve things for the rest of us.

What these companies do is called hacking. It's how security systems are built.

[equalsign]

You guys, this is a totally different group than was responsible for the PSN hack. Since we don't know who did the PSN hack I guess it could be them, but they haven't said so. If it was them, they probably would've laid low since if whoever did that is found they'll be pretty screwed. Read the article and follow the links. Kotaku used a misleading headline. They hacked the Sony Pictures and Sony BMG websites. It's fine to be upset with them if that's how you feel, but there's no reason to unleash to PSN hack rage yet.

[AppleQueso]

LulzSec are idiots anyway. Probably one of the most obnoxious groups I'm aware of. Who the fuck still says "Lulz"?

[Segatari2002]

Uh, you realize that pretty much all of us agree that the PSN hackers defeated any 'cause' they might've had by releasing the private info they took, right? We're not defending these specific hackers, we're trying to inform you that not all hackers =/= the PSN guys and identity thieves.

I didn't say all hackers = the PSN guys and identity thieves. But I am saying that hacking is illegal no matter what the purpose is. And yes I know that the word hacking gets used to describe the lawful kind of internet intrusion work I spoke of, but that's a matter of choosing the right words. Internet security is amazing work and I hope more people get into it so we can be safer. Hacking is a dirty underhanded way of gaining access to something that isn't yours in the first place.

And I know a little something about big companies being dense. I used to work for the federal government. But that still doesn't justify breaking the law in this case. Unless lives are at stake, there isn't a justifiable reason for it.

And let me just state, for the record, I am not talking down to anyone. I am merely stating my ideals and principles on this subject.

[Erik_Twice]

Companies are dense, really dense. They won't fix a severely flawed security system until it's actually broken into, doesn't matter how much you try and simply tell them why it's vulnerable.

And? If I don't want to fix it, it's my problem. You still have no right to break into my network and hack it, be it a little or a lot. It's that simple.


And there's no "deem ilegal", it IS illegal.



@Segatari2002

There's quite a bit of controversy concerning the terms but it seems like everyone here is using "hacking" to mean "breaking in". You can hack your own system, in the same way you can crash your own car to see how well it resists the impact.

The problem is not breaking security systems, the problem is breaking someone's else security systems.

[equalsign]

Who the fuck still says "Lulz"?

Best point of the thread.

[dsheinem]

[ But I am saying that hacking is illegal no matter what the purpose is.

NO. Not all hacking is illegal. In addition, not all things that are deemed illegal are necessarily morally wrong. Many protestors in history have been arrested, imprisoned, or killed for illegally but peacefully challenging the wrongs in society or exposing corruption by those in power. I am not saying Lulz is on par with Martin Luther King Jr. or something, but groups like Hacktivismo who use hacking tools to create secure internet software for users in countries with strict censorship and regulation (like China) are certainly worth celebrating, even if they are doing "illegal" things along the way.

I posted this before in an attempt to clarify things in the PSN thread and I may as well do it again. Some of you know that I research and write about hacking and hacktivism professionally. This is from a handout I give when I discuss hacking at a conference or in a lecture:

Basic Questions
*What is hacktivism?

A couple of useful definitions, mostly taken from The Jargon File (http://catb.org/~esr/jargon/)
Hacker: 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming….7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

Hacker Ethic: 1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source code and facilitating access to information and to computing resources wherever possible. 2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.

Cracker: One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker.

Hacktivism: Politically-motivated computer hacking with aims of improving social conditions, digital security, or both.

The attack on Sony was pretty much just straight up cracking. At this point, Lulz's actions are somewhere between cracking and hactkivism (cracktivism), as it seems their goals are simply to alert Nintendo and the public about security flaws, not to steal information for profit (as the Sony group did).

Please enlighten me as to what a hacker has done to improve my life, be speciific. I'm not being an ass, i'm curious what exactly you mean?

Others have started to tackle this already, but hackers are responsible for improvements in hardware, software, and security dating back to the middle of the 20th Century. Not all hacking is illegal, nor is it all malicious. Stealing veteran's affairs records or credit card info? That's both. Creating software to extend the capabilities of a system? That's neither. Breaking DRM to gain open access to files you paid for? That's illegal but hardly malicious. I would strongly recommend Steve Levy's book to learn about this history.