I’m not really sure I could call myself a fan boy of any technology or company any more. Sure there are there are some companies who’s products I really look forward to but if they do something completely out of line I won’t jump to their defense, instead choosing to openly criticize them in the hopes that they will get better. Still I like to make known which companies I may look upon with a rose tint just so that anyone reading these posts knows what they’re getting themselves into. One of these such companies is Sony who I’ve been a long time fan of but have still criticized them them when I’ve felt they’ve done me wrong.
Today I’ll be doing that once again.
As you’re probably already aware recently the Playstation Network (PSN), the online network that allows PS3 owners to play with each other and buy digital content, was compromised by an external entity. The attackers appear to have downloaded all account and credit card information stored on Sony’s servers prompting them to shut down the service for an unknown amount of time. The breach is of such a large scale that it has received extensive coverage in both online and traditional news outlets, raising questions about how such a breach could occur and what safeguards Sony actually has to prevent such an event occurring.
Initially there was little information as to what this breach actually entailed. Sony had chosen to shutdown the PSN to prevent any further breaches and left customers in the dark as to the reason for this happening. It took them a week to notify the general public that there had been a breach and another 4 days to contact customers directly. Details were still scant on the issue until Sony sent an open letter to Congress detailing their current level of knowledge on the breach. Part of the letter hinted that the hacktivist group Anonymous may have played a part in the breach as well but did not blame them directly for the breach. More details have made themselves public since then.
It has also recently come to light that the servers that Sony was using for the PSN were running out-dated versions of the popular Apache web server and lacked even the most rudimentary security provisions that you’d expect an online service to have. This information was also public knowledge several months before the breach occurred with posts on Sony’s forums detailing the PSN servers status. As a long time system administrator I find it extremely ludicrous that the servers were able to operate in such a fashion and I’m pretty sure I know where to lay the blame.
Whilst Anonymous aren’t behind this attack they may have unwittingly provided cover for part of the operation. Their planned DDoS on the PSN servers did go ahead and would’ve provided a timely distraction for any would be attacker looking to exploit the network. Realistically they wouldn’t have been able to get much of the data out at this point (or so I assume, Sony’s servers could have shrugged off the DDoS) but it would have given them ample opportunity to set up the system for the data dump in the second breach that occurred a few days later.
No the blame here lays squarely with those in charge, namely the PSN architects and executives. The reason I say this is simple, an engineer worth his salt wouldn’t allow servers to run unpatched without strict security procedures in place. To build something on the scale of the PSN requires at least a modicum of expertise so I can’t believe that they would build a system like that unless they were instructed to do so. I believe this stems from Sony’s belief that the PS3 was unhackable and as such could be trusted as a secure endpoint. Security 101 teaches you though that any client can’t be trusted with the data that it sends you however and this explains why Sony became so paranoid when even the most modest of hacks showed the potential for the PS3 to be exploited. In the end it was Sony’s superiority complex that did them in, pretending like their castle was impregnable.
The fallout from this incident will be long and wide reaching and Sony has a helluva lot of work to do if they’re going to fully recover from this damage. Whilst they’re doing the right thing in offering some restitution to everyone who was affected it will still take them a long time to rebuild all the good will that they’ve burned on this incident. Hopefully though this teaches them some valuable lessons on security and they’ll stop thinking they’re atop the impregnable ivory tower. In the end it will be worth it for Sony, if they choose to learn from their mistakes.
It really was only a matter of time until the collective hive mind of Anonymous got whipped up into a fury over the latest censorship news in Australia. What with our strange stance on certain female bodily functions and minimum restrictions on their bust sizes to even being so bold as to ask the almighty Google themselves to censor Youtube (and comparing us to China in the process, seriously Conroy are you that bonkers?). The media is already in a tizzy over all these issues but of course the stand alone complex that is Anonymous will take any opportunity to strike at the heart of the beast and they did so with Operation Titstorm yesterday morning:
Several Australian government websites were slowly recovering Wednesday hours after the online prankster group Anonymous unleashed a massive distributed denial-of-service attack to protest the country’s evolution toward internet censorship.
The group, which previously brought down Scientology’s websites has also undertaken a host of other online pranks. It dubbed the new attack “Operation Titstorm” to protest the government’s move to require the filtering of pornography that uses adult actors if they appear underage. Violent material targeting children is also to be censored.
“No government should have the right to refuse its citizens access to information solely because they perceive it to be unwanted,” the e-mail said. “The Australian government will learn that one does not mess with our porn. No one messes with our access to perfectly legal (or illegal) content for any reason.”
It was just over 5 months ago that Anonymous launched their first attack against the government and to be honest my opinions on the attacks haven’t changed. Whilst this certaintly has accomplished the goal of getting more attention on the issue using such nefarious means is both childish and damaging to people who are fighting the course through legitimate channels. Luckily many of the media outlets only go so far as to say the attackers called themselves Anonymous and list their various pranks. Heaven help us if a real journalist did some investigation and made the connection back to 4chan and all the inaccurate connections that implies.
What did suprise me though was the reaction at my workplace, which spurred a quite intelligent discussion about the matter. Don’t get me wrong we’re all quite tech savvy but my reaction amongs the general populace when it comes to talking about the Internet filter in Australia is usually one of either misinformation or complete disdain. When the proposal was first introduced I spent a good hour explaining to the in-laws how damaging it would be. With 2 of them being members of the Australia Federal Police force it was even harder as they have had to deal with real world implications of what the filter would attempt to stop. To their credit though once the facts were laid out to them (I think the tipping point was how easy it was to circumvent) they did come around and are now at least questioning what benefit the filter will provide.
The sad thing is that an attack like this generated more press in a day than most of the No Clean Feed campaigns have done in their entire lifetime. I still believe that the grass roots approach is the best legal method of garnering attention but when a collective hive mind can flood a couple servers and in doing so the newspapers as well it makes you look at all the effort put into these legitimate campaigns with a twinge of frustration. Sure our initial volleys certaintly did damage to the proposal (by all means it was meant to be implemented now) but few of us made waves comparable to that of Operation Titstorm.
I can’t condone these attacks yet I feel that I also can’t condem them either. The more publicity the Internet Filter gets the more likely it is to go down in flames however every one of these attacks is yet another rhetorical weapon to use in the fight to get it implemented. Only time will tell whether the end justified the means in this case and I hope our fight won’t suffer because of it.
That won’t stop me from giggling at the name though 🙂
As many people know I’ve been a long time opponent of the Internet filter. In fact if you wind back the clock to when I created this blog you’ll see that it was originally created as a place to collate my thoughts and actions on the issue. Whilst the majority of the opposition to the filter has been clear and reasonable it would seem that the time has finally come when the vigilantes come out of the woodwork and start wrecking all the solid work we have been doing:
The Federal Government is investigating reports a computer hacker managed to temporarily shut down the Prime Minister’s website.
Kevin Rudd’s site, www.pm.gov.au, was brought down for a short time last night due to what is described as a denial of service attack.
The hacker, apparently known by the nickname Anonymous, posted warnings that government websites would be targeted in protest against its plans to filter the Internet.
The Government is considering ways to block websites carrying material it believes is offensive.
The move has attracted widespread criticism, largely because of fears the filtering system will slow Internet speeds.
The first bit of stupid I’d like to point out here is that whilst the “hacker” was identified as operating under the name Anonymous the media failed to properly recognise that he/she was probably acting as part of the online group with the same name. Although they do quote people who allude to them being a group later on most news outlets have just been repeating the first few lines. They have voiced their disapproval for the Internet filter before and due to their spontaneous order like affiliation they are unpredictable in the action that they take. It would then seem that one member identifying with their principals decided to take matters into his own hands and try to make a point about the issue, albeit with the completely wrong methods.
Whilst I can appreciate the passion and dedication that the hacker/s must have felt in order to attempt something on this magnitude I can not condone their methods. The unfortunate truth about their actions is that it has done nothing to further the cause to have the filter abandoned and has only served to bring a small amount of news to the front pages saying that the prime minister’s website was attacked. Judging by the attack itself I can hazard a guess that the attacker is either from outside Australia or not current with news on the filter, as it is essentially dying on the vine. We still need to be vigilant to make sure that the government does not try to resurrect the policy under a different name however the filter as it was proposed is being swept away in the hopes it can die without taking any politicians with it. Unfortunate as I would’ve liked to have the sacrificial lamb to be Conroy for fervently supporting this legislation.
Acts like this do nothing to serve the cause and only help to strengthen the opposition’s resolve. The out pouring of support from other countries, like the UK naming Conroy as the Internet Villain of the Year, does far more to help than what amounts to petty vandalism of a government site. If they want to put their 1337 |-|a©Kz0r skills into practice maybe they should look to more persuasive ways, like google bombing Conroy. But that would be too much effort now wouldn’t it? 😛
It was fun to see the stupid explosion when they collided though 🙂